runbot

mirror of https://github.com/odoo/runbot.git synced 2025-04-13 22:00:55 +07:00

History

Xavier Morel 7fc7b78a04 [FIX] runbot_merge: security concern The webhook used the "sender" of the event as comment author, however if the comment is edited by a maintainer github sends a "issue_comment" event with that maintainer as sender. This means a random user could create a comment with a robodoo command, and if a registered reviewer happened to edit the comment the command would suddenly be taken in account. This was not the intention.	2018-09-24 10:06:58 +02:00
..
__init__.py	[FIX] runbot_merge: security concern	2018-09-24 10:06:58 +02:00
git.py	[FIX] runbot_merge: a few warnings	2018-09-03 13:16:36 +02:00

Xavier Morel 7fc7b78a04 [FIX] runbot_merge: security concern

The webhook used the "sender" of the event as comment author, however
if the comment is edited by a maintainer github sends a
"issue_comment" event with that maintainer as sender.

This means a random user could create a comment with a robodoo
command, and if a registered reviewer happened to edit the comment the
command would suddenly be taken in account. This was not the intention.

2018-09-24 10:06:58 +02:00

__init__.py

[FIX] runbot_merge: security concern

2018-09-24 10:06:58 +02:00

git.py

[FIX] runbot_merge: a few warnings

2018-09-03 13:16:36 +02:00