The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.
zeripath [Sat, 30 Oct 2021 09:28:11 +0000 (10:28 +0100)]
Run Migrate in Install rather than just SyncTables (#17475) (#17486)
Backport #17475
The underlying problem in #17328 appears to be that users are re-running the install
page during upgrades. The function that tests and creates the db did not intend for
this and thus instead the migration scripts being run - a simple sync tables occurs.
This then causes a weird partially migrated DB which causes, in this release cycle,
the duplicate column in task table error. It is likely the cause of some weird
partial migration errors in other cycles too.
This PR simply ensures that the migration scripts are also run at this point too.
zeripath [Thu, 28 Oct 2021 03:33:18 +0000 (04:33 +0100)]
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.
This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.
KN4CK3R [Mon, 25 Oct 2021 17:31:15 +0000 (19:31 +0200)]
Fix CSV render error (#17406) (#17431)
Backport #17406.
Closes #17378
Both errors from #17378 were caused by #15175.
Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.
Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.
wxiaoguang [Mon, 25 Oct 2021 09:02:39 +0000 (17:02 +0800)]
Fix markdown checkbox rendering (#17427)
We allow to render empty check list item - [ ], while GitHub doesn't allow.
To make the rendering correct, we need tune the UI (the last PR #17413 uses absolute layout, which makes the empty checkbox item can not be displayed correctly)
wxiaoguang [Sat, 23 Oct 2021 15:30:46 +0000 (23:30 +0800)]
Fix issue markdown bugs (#17413)
* Bug fix: render Markdown `http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test` to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395
zeripath [Thu, 21 Oct 2021 21:50:22 +0000 (22:50 +0100)]
Changelog 1.15.5 (#17392)
* SECURITY
* Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
* Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
* BUGFIXES
* Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
* Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
* Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
* Ensure popup text is aligned left (backport for 1.15) (#17343)
* Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
* Disable core.protectNTFS (#17300) (#17302)
* Use pointer for wrappedConn methods (#17295) (#17296)
* AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
* Handle duplicate keys on GPG key ring (#17242) (#17284)
* Fix SVG side by side comparison link (#17375) (#17391)
zeripath [Thu, 21 Oct 2021 08:37:49 +0000 (09:37 +0100)]
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
Backport #17281
There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.
This means that only ssh-rsa signatures are offered by default.
This PR adds a workaround around this problem.
Fix #17175
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
6543 [Wed, 20 Oct 2021 20:26:48 +0000 (22:26 +0200)]
Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
Repositories owned by private users and organisations and pulls by restricted users
need to have permissions checked. Previously Serv would simply assumed that if the
user could log in and the repository was not private then it would be visible.
Fix #17364
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
zeripath [Wed, 20 Oct 2021 19:45:17 +0000 (20:45 +0100)]
Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
Backport #17304
Downgrade logging statement from Fatal to Error so that errors parsing
U2FRegistration data does not panic; instead, the invalid key will be
skipped and we will attempt to parse the next one, if available.
Signed-off-by: David Jimenez <dvejmz@sgfault.com> Co-authored-by: David Jimenez <dvejmz@users.noreply.github.com>
zeripath [Thu, 14 Oct 2021 16:07:53 +0000 (17:07 +0100)]
Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
Backport #17243
There is an issue with #16508 where it appears that create repo requires that the
repo does not exist. This causes #17241 where an error is reported because of this.
This PR fixes this and also runs update-server-info for mirrors and generated repos.
zeripath [Wed, 13 Oct 2021 20:02:45 +0000 (21:02 +0100)]
Disable core.protectNTFS (#17300) (#17302)
Backport #17300
core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.
The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.
zeripath [Mon, 11 Oct 2021 02:13:10 +0000 (03:13 +0100)]
Handle duplicate keys on GPG key ring (#17242) (#17284)
Backport #17242
It is possible that a keyring can contain duplicate keys on a keyring due to jpegs or
other layers. This currently leads to a confusing error for the user - where we report
a duplicate key insertion.
This PR simply coalesces keys into one key if there are duplicates.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: 6543 <6543@obermui.de>
Norwin [Fri, 8 Oct 2021 17:53:54 +0000 (19:53 +0200)]
don't try to interpret treepath as hash (#17272)
...when path contains no hash-path-separator ('/')
This is a workaround to #17179.
Entering this case when `path` does not contain a '/' does not really
make sense, as that means the tree path is empty, but this case is only
entered for routes that expect a non-empty tree path.
Treepaths like <40-char-dirname>/<filename> will still fail,
but hopefully don't occur that often. A more complete fix that avoids
this case too is outlined in #17185, but too big of a change to backport
6543 [Thu, 7 Oct 2021 20:02:07 +0000 (22:02 +0200)]
CI: migrate from 'plugins/s3:1' to 'woodpeckerci/plugin-s3:latest' (#17234) (#17260)
- this fixes the CI release upload issues, as the docker image for this is freshly built (unlike the mostly unmaintained "official" drone plugins), thus containing current CA certs needed for letsencrypt since 2021-09-31.
- woodpecker is a drone-ci fork maintained partially by @6543. it's API compatible with current drone plugins afaik
Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
Backport #17183
There was a mistake in the template file: `templates/mail/issue/assigned.tmpl`
where the repourl was generated from a non-existent release instead of the issue.
This PR changes this to use the issue but also ensure that the issue repo is loaded.
It also slightly improves the English and the Russian locale string.
Fix #17160
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Nicely handle missing user in collaborations (#17049) (#17166)
Backport #17049
It is possible to have a collaboration in a repository which refers to a no-longer
existing user. This causes the repository transfer to fail with an unusual error.
This PR makes `repo.getCollaborators()` nicely handle the missing user by ghosting
the collaboration but also adds consistency check. It also adds an
Access consistency check.
Fix #17044
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* ENHANCEMENTS
* Add fluid to ui container class to remove margin (#16396) (#16976)
* Add caller to cat-file batch calls (#17082) (#17089)
* BUGFIXES
* Render full plain readme. (#17083) (#17090)
* Upgrade xorm to v1.2.4 (#17059)
* Fix bug of migrate comments which only fetch one page (#17055) (#17058)
* Do not show issue context popup on external issues (#17050) (#17054)
* Decrement Fork Num when converting from Fork (#17035) (#17046)
* Correctly rollback in ForkRepository (#17034) (#17045)
* Fix missing close in WalkGitLog (#17008) (#17009)
* Add prefix to SVG id/class attributes (#16997) (#17000)
* Fix bug of migrated repository not index (#16991) (#16996)
* Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)
* Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977)
* Fix issue with issue default mail template (#16956) (#16975)
* Ensure that rebase conflicts are handled in updates (#16952) (#16960)
* Prevent panic on diff generation (#16950) (#16951)
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Add caller to cat-file batch calls (#17082) (#17089)
Some people still appear to report unclosed cat-files. This PR simply adds the caller
to the process descriptor for the CatFileBatch and CatFileBatchCheck calls.
Correctly rollback in ForkRepository (#17034) (#17045)
Backport #17034
The rollback functionality in
services/repository/repository.go:ForkRepository is incorrect and could
lead to a deadlock as it uses DeleteRepository to delete the rolled-back
repository - a function which creates its own transaction.
This PR adjusts the rollback function to only use RemoveAll as any
database changes will be automatically rolled-back. It also handles
panics and adjusts the Close within WithTx to ensure that if there is a
panic the session will always be closed.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
When the external context is cancelled it is possible for the
GitLogReader to not itself be Closed.
This PR does three things:
1. Instead of adding a plain defer it wraps the `g.Close` in a func as
`g` may change.
2. It adds the missing explicit g.Close - although the defer fix makes
this unnecessary.
3. It passes down the external context as the base context for the
GitLogReader meaning that the cancellation of the external context will
pass down automatically.
Use filename as id/class prefix. (#16997) (#17000)
Currently the svg minifier (`make svg`) rewrites all `id` and `class` attributes in svg files. Every file gets the ids `a, b, ...`. If multiple svgs with ids are used on a page these ids are conflicting and the results are broken images.
This PR adds a prefix (the filename) to every id/class.
Follow up problem: Because we embed svg images there are duplicated ids if one svg image is used multiple times on a page. As those ids refer to the same content it may be no real problem because browser handle that fine.
Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)
if AllowedUserVisibilityModes allow only public & limited, and orgs can be private, a user can create a repo to that organisation whitch will result in an update of the user. On this call the user is validaten and will be rejected since private is not allowed, but its not an user its an valid org ...
Fix issue with issue default mail template (#16956) (#16975)
Backport #16956
The mail template rendering was failing with the error -
`...vices/mailer/mail.go:301:composeIssueCommentMessages() [E] ExecuteTemplate [issue/default/body]: template: issue/default:65:10: executing "issue/default" at <.i18n.Tr>: can't evaluate field i18n in type *models.Comment`
The issue was the template variable i18n is available in the outer scope.
Prevent panic on diff generation (#16950) (#16951)
Backport #16950
The lastLeftIdx should be reset at the same time as creating a new section otherwise
it is possible for a second addition to end up attempting to read a nil entry.
Close storage objects before cleaning (#16934) (#16942)
Backport #16934
Storage.Iterate provides the path and an open object. On windows using
local storage means that the objects will be locked thus preventing clean
from deleting them.
Add unique constraint back into issue_index (#16938)
There is a flaw in #16820 where it was missed that although xorm will
not add a primary key to a table during syncing, it will remove an
unique constraint.
Users upgrading from 1.15.0 to 1.15.1 will therefore lose the unique
constraint that makes this table work unless they run `gitea doctor
recreate-table issue_index`. Postgres helpfully warns about this
situation but MySQL does not.
Main/1.16-dev is not affected by this issue as there is a migration that
does the above recreation by default. Users moving directly to 1.15.1
from 1.14.x or lower are also not affected.
Whilst we could force all users who ran 1.15.0 to do the above
recreate-table call, this PR proposes an alternative: Just add the
unique constraint back in for 1.15.x. This won't have any long term
effects - just some wasted space for the unnecessary index.
* BUGFIXES
* Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
* Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
* Ignore review comment when ref commit is missed (#16905) (#16919)
* Fix wrong attachment removal (#16915) (#16917)
* Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
* Correctly return the number of Repositories for Organizations (#16807) (#16911)
* Test if LFS object is accessible (#16865) (#16904)
* Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* Fix dump and restore respository (#16698) (#16898)
* Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
* Fix wiki raw commit diff/patch view (#16891) (#16892)
* Ensure wiki repos are all closed (#16886) (#16888)
* List limited and private orgs if authenticated on API (#16866) (#16879)
* Simplify split diff view generation and remove JS dependency (#16775) (#16863)
* Ensure that the default visibility is set on the user create page (#16845) (#16862)
* In Render tolerate not being passed a context (#16842) (#16858)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
* Report the correct number of pushes on the feeds (#16811) (#16822)
* Add primary_key to issue_index (#16813) (#16820)
* Prevent NPE on empty commit (#16812) (#16819)
* Fix branch pagination error (#16805) (#16816)
* Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
* Remove spurious / from issues.opened_by (#16793)
* Ensure that template compilation panics are sent to the logs (#16788) (#16792)
* Update caddyserver/certmagic (#16789) (#16790)
Lunny Xiao [Tue, 31 Aug 2021 09:44:14 +0000 (17:44 +0800)]
Fix dump and restore respository (#16698) (#16898)
* Fix dump and restore
* return different error message for get commit
* Fix missing delete release attachment when deleting repository
* Fix ci and add some comments
6543 [Tue, 31 Aug 2021 08:06:01 +0000 (10:06 +0200)]
Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)
Gitea has relied on some slow JS code to match up added and deleted lines on the
diff pages. This can cause a considerable slow down on large diff pages.
This PR makes a small change meaning that the matching up can occur much more simply.
6543 [Sun, 29 Aug 2021 14:25:45 +0000 (16:25 +0200)]
In Render tolerate not being passed a context (#16842) (#16858)
* In Render tolerate not being passed a context
It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.
Fix #16835
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Context to Repo calls for RenderString
All calls from routers can easily add the context - so add it.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
techknowlogick [Thu, 26 Aug 2021 06:30:13 +0000 (02:30 -0400)]
Report the correct number of pushes on the feeds (#16811) (#16822)
* Report the correct number of pushes on the feeds
Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.
Fix #16804
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update templates/user/dashboard/feeds.tmpl
zeripath [Wed, 25 Aug 2021 22:10:15 +0000 (23:10 +0100)]
Add primary_key to issue_index (#16813) (#16820)
Backport #16813
Make the group_id a primary key in issue_index. This already has an
unique index and therefore is a good candidate for becoming a primary
key.
This PR also changes all other uses of this table to add the group_id as
the primary key.
The migration v192 from #16813 has not been backported but Xorm will
work fine with non-primary keyed tables. If a user on 1.15 wishes to
have the correct schema sooner than 1.16 - they can use gitea doctor
recreate-table issue_index and gitea will recreate the table with the
primary key.
Lunny Xiao [Wed, 25 Aug 2021 10:11:54 +0000 (18:11 +0800)]
Fix branch pagination error (#16805) (#16816)
Backport #16805
Fix #16801
Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
zeripath [Mon, 23 Aug 2021 23:50:04 +0000 (00:50 +0100)]
Ensure that template compilation panics are sent to the logs (#16788) (#16792)
Backport #16788
Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.
This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>