]> source.dussan.org Git - gitea.git/log
gitea.git
3 years agoOnly allow webhook to send requests to allowed hosts (#17482) (#17510)
wxiaoguang [Sat, 6 Nov 2021 09:23:43 +0000 (17:23 +0800)]
Only allow webhook to send requests to allowed hosts (#17482) (#17510)

Backport #17482

* Only allow webhook to send requests to allowed hosts (backport #17482)

* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x

3 years agoEscape issue titles in comments list (#17555) (#17556)
zeripath [Fri, 5 Nov 2021 23:20:51 +0000 (23:20 +0000)]
Escape issue titles in comments list (#17555) (#17556)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
3 years agobackport(1.15): Use correct defaultValue for stracktrace (#17557)
Gusted [Fri, 5 Nov 2021 14:55:33 +0000 (15:55 +0100)]
backport(1.15): Use correct defaultValue for stracktrace (#17557)

- Backporting https://github.com/go-gitea/gitea/pull/17552

3 years agoFix zero created time bug on commit api (#17547)
Lunny Xiao [Fri, 5 Nov 2021 06:15:44 +0000 (14:15 +0800)]
Fix zero created time bug on commit api (#17547)

Co-authored-by: zeripath <art27@cantab.net>
3 years agoShow correct "No" icon (#17538)
delvh [Thu, 4 Nov 2021 19:29:37 +0000 (20:29 +0100)]
Show correct "No" icon (#17538)

3 years agoFix database keyword quote problem on migration v161 (#17523)
Lunny Xiao [Wed, 3 Nov 2021 04:33:38 +0000 (12:33 +0800)]
Fix database keyword quote problem on migration v161 (#17523)

* support rerun migration v161

3 years agofix email with + when active (#17518) (#17520)
Lunny Xiao [Tue, 2 Nov 2021 22:52:38 +0000 (06:52 +0800)]
fix email with + when active (#17518) (#17520)

Co-authored-by: zeripath <art27@cantab.net>
3 years agoStop double encoding blame commit messages (#17498) (#17500)
zeripath [Sun, 31 Oct 2021 09:46:51 +0000 (09:46 +0000)]
Stop double encoding blame commit messages (#17498) (#17500)

Backport #17498

The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.

This PR fixes this.

Fix #17492

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoQuote the table name in CountOrphanedObjects (#17487) (#17488)
zeripath [Sat, 30 Oct 2021 10:01:22 +0000 (11:01 +0100)]
Quote the table name in CountOrphanedObjects (#17487) (#17488)

Backport #17487

CountOrphanedObjects needs to quote the table it is joining with as this table may
be `user`.

Fix #17485

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoRun Migrate in Install rather than just SyncTables (#17475) (#17486)
zeripath [Sat, 30 Oct 2021 09:28:11 +0000 (10:28 +0100)]
Run Migrate in Install rather than just SyncTables (#17475) (#17486)

Backport #17475

The underlying problem in #17328 appears to be that users are re-running the install
page during upgrades. The function that tests and creates the db did not intend for
this and thus instead the migration scripts being run - a simple sync tables occurs.

This then causes a weird partially migrated DB which causes, in this release cycle,
the duplicate column in task table error. It is likely the cause of some weird
partial migration errors in other cycles too.

This PR simply ensures that the migration scripts are also run at this point too.

Fix #17328

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix login redirection links (#17473)
qwerty287 [Thu, 28 Oct 2021 13:47:26 +0000 (15:47 +0200)]
Fix login redirection links (#17473)

3 years agoChangelog 1.15.6 (#17457) v1.15.6
zeripath [Thu, 28 Oct 2021 08:11:23 +0000 (09:11 +0100)]
Changelog 1.15.6 (#17457)

* Changelog 1.15.6

Unforunately #17435 is a somewhat critical bug and therefore we should
really release 1.15.6 as soon as possible.

 ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-27

* BUGFIXES
  * Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
  * Fix CSV render error (#17406) (#17431)
  * Read expected buffer size (#17409) (#17430)

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add 17456 and its backport

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add 17464

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add final pr

* Update date

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
3 years agoMake commit-statuses popup show correctly (#17447) (#17466)
wxiaoguang [Thu, 28 Oct 2021 07:42:31 +0000 (15:42 +0800)]
Make commit-statuses popup show correctly (#17447) (#17466)

Backport #17447

Close #17443

3 years agoAdd integration tests for private.NoServCommand and private.ServCommand (#17456)...
zeripath [Thu, 28 Oct 2021 06:07:29 +0000 (07:07 +0100)]
Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)

Backport #17456

modules/private/serv.go has two major functions that are missing testcases to ensure
that Deploy and normal SSH keys work correctly.

This PR adds some basic integration tests for these.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
3 years agoEnsure that restricted users can access repos for which they are members (#17460...
zeripath [Thu, 28 Oct 2021 03:33:18 +0000 (04:33 +0100)]
Ensure that restricted users can access repos for which they are members (#17460) (#17464)

Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoPrevent panic in serv.go with Deploy Keys (#17434) (#17435)
zeripath [Mon, 25 Oct 2021 23:24:29 +0000 (00:24 +0100)]
Prevent panic in serv.go with Deploy Keys (#17434) (#17435)

Backport #17434

Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix CSV render error (#17406) (#17431)
KN4CK3R [Mon, 25 Oct 2021 17:31:15 +0000 (19:31 +0200)]
Fix CSV render error (#17406) (#17431)

Backport #17406.

Closes #17378

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.

Co-authored-by: zeripath <art27@cantab.net>
3 years agoRead expected buffer size (#17409) (#17430)
KN4CK3R [Mon, 25 Oct 2021 16:46:56 +0000 (18:46 +0200)]
Read expected buffer size (#17409) (#17430)

Backport of #17409

* Read expected buffer size.

* Changed name.

3 years agoFix markdown checkbox rendering (#17427)
wxiaoguang [Mon, 25 Oct 2021 09:02:39 +0000 (17:02 +0800)]
Fix markdown checkbox rendering (#17427)

We allow to render empty check list item - [ ], while GitHub doesn't allow.

To make the rendering correct, we need tune the UI (the last PR #17413 uses absolute layout, which makes the empty checkbox item can not be displayed correctly)

3 years agoFix issue markdown bugs (#17413)
wxiaoguang [Sat, 23 Oct 2021 15:30:46 +0000 (23:30 +0800)]
Fix issue markdown bugs (#17413)

* Bug fix: render Markdown `http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test` to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395

# Conflicts:
# modules/markup/html.go

3 years agoChangelog 1.15.5 (#17392) v1.15.5
zeripath [Thu, 21 Oct 2021 21:50:22 +0000 (22:50 +0100)]
Changelog 1.15.5 (#17392)

* SECURITY
  * Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  * Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
* BUGFIXES
  * Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
  * Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
  * Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
  * Ensure popup text is aligned left (backport for 1.15) (#17343)
  * Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
  * Disable core.protectNTFS (#17300) (#17302)
  * Use pointer for wrappedConn methods (#17295) (#17296)
  * AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
  * Handle duplicate keys on GPG key ring (#17242) (#17284)
  * Fix SVG side by side comparison link (#17375) (#17391)

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix SVG side by side comparison link (#17375) (#17391)
zeripath [Thu, 21 Oct 2021 19:38:29 +0000 (20:38 +0100)]
Fix SVG side by side comparison link (#17375) (#17391)

Backport #17375

Define unique names for image tabs in pull requests, in order to toggle tabs correctly when multiple are displayed on one page.

Fixes position of swipe-bar so it does not overlay other UI components when scrolling.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
Co-authored-by: Mario Lubenka <mario.lubenka@googlemail.com>
3 years agoOffer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
zeripath [Thu, 21 Oct 2021 08:37:49 +0000 (09:37 +0100)]
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)

Backport #17281

There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.

This means that only ssh-rsa signatures are offered by default.

This PR adds a workaround around this problem.

Fix #17175

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 years agoFix heatmap test (#17381) (#17383)
Lunny Xiao [Thu, 21 Oct 2021 08:00:41 +0000 (16:00 +0800)]
Fix heatmap test (#17381) (#17383)

Backport #17381

3 years agoUpgrade Bluemonday to v1.0.16 (#17372) (#17374)
6543 [Wed, 20 Oct 2021 20:57:19 +0000 (22:57 +0200)]
Upgrade Bluemonday to v1.0.16 (#17372) (#17374)

3 years agoPrevent NPE in CSV diff rendering when column removed (#17018) (#17377)
Richard Mahn [Wed, 20 Oct 2021 20:55:34 +0000 (14:55 -0600)]
Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)

Backport of #17018

Fixes #16837 if a column is deleted.

3 years agoEnsure correct SSH permissions check for private and restricted users (#17370) (...
6543 [Wed, 20 Oct 2021 20:26:48 +0000 (22:26 +0200)]
Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)

Repositories owned by private users and organisations and pulls by restricted users
need to have permissions checked. Previously Serv would simply assumed that if the
user could log in and the repository was not private then it would be visible.

Fix #17364

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
3 years agoDon't panic if we fail to parse U2FRegistration data (#17304) (#17371)
zeripath [Wed, 20 Oct 2021 19:45:17 +0000 (20:45 +0100)]
Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)

Backport #17304

Downgrade logging statement from Fatal to Error so that errors parsing
U2FRegistration data does not panic; instead, the invalid key will be
skipped and we will attempt to parse the next one, if available.

Signed-off-by: David Jimenez <dvejmz@sgfault.com>
Co-authored-by: David Jimenez <dvejmz@users.noreply.github.com>
3 years agoAllow mocking timeutil (#17354) (#17356)
John Olheiser [Mon, 18 Oct 2021 21:48:23 +0000 (16:48 -0500)]
Allow mocking timeutil (#17354) (#17356)

Signed-off-by: jolheiser <john.olheiser@gmail.com>
3 years agoEnsure popup text is aligned left (#17343)
Mario Lubenka [Sun, 17 Oct 2021 22:57:28 +0000 (00:57 +0200)]
Ensure popup text is aligned left (#17343)

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
3 years agoEnsure that git daemon export ok is created for mirrors (#17243) (#17306)
zeripath [Thu, 14 Oct 2021 16:07:53 +0000 (17:07 +0100)]
Ensure that git daemon export ok is created for mirrors (#17243) (#17306)

Backport #17243

There is an issue with #16508 where it appears that create repo requires that the
repo does not exist. This causes #17241 where an error is reported because of this.

This PR fixes this and also runs update-server-info for mirrors and generated repos.

Fix #17241

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoDisable core.protectNTFS (#17300) (#17302)
zeripath [Wed, 13 Oct 2021 20:02:45 +0000 (21:02 +0100)]
Disable core.protectNTFS (#17300) (#17302)

Backport #17300

core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.

The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.

Fix #17092

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoUse pointer for wrappedConn methods (#17295) (#17296)
zeripath [Tue, 12 Oct 2021 22:45:30 +0000 (23:45 +0100)]
Use pointer for wrappedConn methods (#17295) (#17296)

Backport #17295

Fix #17294

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoBackport of fix for auto registration - PR #17219 (#17292)
Viktor Kuzmin [Tue, 12 Oct 2021 04:02:47 +0000 (08:02 +0400)]
Backport of fix for auto registration - PR #17219 (#17292)

3 years agoHandle duplicate keys on GPG key ring (#17242) (#17284)
zeripath [Mon, 11 Oct 2021 02:13:10 +0000 (03:13 +0100)]
Handle duplicate keys on GPG key ring (#17242) (#17284)

Backport #17242

It is possible that a keyring can contain duplicate keys on a keyring due to jpegs or
other layers. This currently leads to a confusing error for the user - where we report
a duplicate key insertion.

This PR simply coalesces keys into one key if there are duplicates.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
3 years agoChangelog for 1.15.4 v1.15.4
Matti R [Fri, 8 Oct 2021 18:01:42 +0000 (14:01 -0400)]
Changelog for 1.15.4

3 years agoAPI: don't allow merged PRs to be reopened (#17271)
Norwin [Fri, 8 Oct 2021 17:54:26 +0000 (19:54 +0200)]
API: don't allow merged PRs to be reopened (#17271)

3 years agodon't try to interpret treepath as hash (#17272)
Norwin [Fri, 8 Oct 2021 17:53:54 +0000 (19:53 +0200)]
don't try to interpret treepath as hash (#17272)

...when path contains no hash-path-separator ('/')

This is a workaround to #17179.

Entering this case when `path` does not contain a '/' does not really
make sense, as that means the tree path is empty, but this case is only
entered for routes that expect a non-empty tree path.

Treepaths like <40-char-dirname>/<filename> will still fail,
but hopefully don't occur that often. A more complete fix that avoids
this case too is outlined in #17185, but too big of a change to backport

3 years agoFix incorrect repository count on organization tab of dashboard (#17266)
Jimmy Praet [Fri, 8 Oct 2021 09:33:16 +0000 (11:33 +0200)]
Fix incorrect repository count on organization tab of dashboard (#17266)

Fixes #17249

3 years agoFix unwanted team review request deletion (#17257) (#17264)
Jimmy Praet [Thu, 7 Oct 2021 21:58:13 +0000 (23:58 +0200)]
Fix unwanted team review request deletion (#17257) (#17264)

Add missing issue_id = ? to where clause
Fixes #17251

3 years agoCI: migrate from 'plugins/s3:1' to 'woodpeckerci/plugin-s3:latest' (#17234) (#17260)
6543 [Thu, 7 Oct 2021 20:02:07 +0000 (22:02 +0200)]
CI: migrate from 'plugins/s3:1' to 'woodpeckerci/plugin-s3:latest' (#17234) (#17260)

- this fixes the CI release upload issues, as the docker image for this is freshly built (unlike the mostly unmaintained "official" drone plugins), thus containing current CA certs needed for letsencrypt since 2021-09-31.
- woodpecker is a drone-ci fork maintained partially by @6543. it's API compatible with current drone plugins afaik

3 years agoRemove dead badge on README.md (#17261)
6543 [Thu, 7 Oct 2021 19:40:11 +0000 (21:40 +0200)]
Remove dead badge on README.md (#17261)

3 years agoFix broken Activities link in team dashboard (#17255) (#17258)
Jimmy Praet [Thu, 7 Oct 2021 18:58:59 +0000 (20:58 +0200)]
Fix broken Activities link in team dashboard (#17255) (#17258)

Remove '/' suffix from organization dashboard link

Fixes #17250

3 years agoAPI pull's head/base have correct permission(#17214) (#17245)
pricly-yellow [Thu, 7 Oct 2021 09:39:23 +0000 (16:39 +0700)]
API pull's head/base have correct permission(#17214) (#17245)

* for all pull requests API return permissions of caller
* for all webhook return empty permissions

Signed-off-by: Danila Kryukov <pricly_yellow@dismail.de>
* Fix incorrect error handler

Co-authored-by: delvh <dev.lh@web.de>
* Fix wrong assumption in tests

* Change paramenter name to doer to indicate source

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
3 years agoFix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
pricly-yellow [Tue, 5 Oct 2021 18:16:22 +0000 (01:16 +0700)]
Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)

Fix GetPullRequestByIndex by validate index > 1

Signed-off-by: Danila Kryukov <pricly_yellow@dismail.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
3 years agoCheck user instead of organization when creating a repo from a template via API ...
6543 [Fri, 1 Oct 2021 08:16:28 +0000 (10:16 +0200)]
Check user instead of organization when creating a repo from a template via API (#16346) (#17195)

* Check user instead of organization

* Enforce that only admins can copy a repo to another user

Co-authored-by: Ion Jaureguialzo Sarasola <ion@jaureguialzo.com>
3 years agoupgrade xorm to v1.2.5 (#17177) (#17188)
Lunny Xiao [Thu, 30 Sep 2021 06:03:42 +0000 (14:03 +0800)]
upgrade xorm to v1.2.5 (#17177) (#17188)

3 years agofix sprintf verbs in locales (#17187)
Alexey 〒erentyev [Thu, 30 Sep 2021 04:03:21 +0000 (07:03 +0300)]
fix sprintf verbs in locales (#17187)

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
3 years agoFix missing repo link in issue/pull assigned emails (#17183) (#17184)
zeripath [Wed, 29 Sep 2021 23:21:12 +0000 (00:21 +0100)]
Fix missing repo link in issue/pull assigned emails (#17183) (#17184)

Backport #17183

There was a mistake in the template file: `templates/mail/issue/assigned.tmpl`
where the repourl was generated from a non-existent release instead of the issue.

This PR changes this to use the issue but also ensure that the issue repo is loaded.

It also slightly improves the English and the Russian locale string.

Fix #17160

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
3 years agoFix bug of get context user (#17169) (#17172)
Lunny Xiao [Tue, 28 Sep 2021 13:42:43 +0000 (21:42 +0800)]
Fix bug of get context user (#17169) (#17172)

Co-authored-by: 6543 <6543@obermui.de>
3 years agoNicely handle missing user in collaborations (#17049) (#17166)
zeripath [Tue, 28 Sep 2021 06:41:12 +0000 (07:41 +0100)]
Nicely handle missing user in collaborations (#17049) (#17166)

Backport #17049

It is possible to have a collaboration in a repository which refers to a no-longer
existing user. This causes the repository transfer to fail with an unusual error.

This PR makes `repo.getCollaborators()` nicely handle the missing user by ghosting
the collaboration but also adds consistency check. It also adds an
Access consistency check.

Fix #17044

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
3 years agoCreate doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136...
zeripath [Mon, 27 Sep 2021 17:30:11 +0000 (18:30 +0100)]
Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)

Backport #17136

There was a serious issue with the `gitea dump` command in 1.14.3-1.14.6 which led to corruption of the `config` field of the `repo_unit` table.

This PR adds a doctor command to attempt to fix the broken repo_units. Users affected by #16961 should run:

```
gitea doctor --fix --run fix-broken-repo-units
```

Fix #16961

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoAdd Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)
zeripath [Mon, 27 Sep 2021 16:44:22 +0000 (17:44 +0100)]
Add Horizontal scrollbar to inner menu on Chrome (#17086) (#17164)

3 years agoFix wrong i18n keys (#17150) (#17153)
6543 [Sun, 26 Sep 2021 00:25:12 +0000 (02:25 +0200)]
Fix wrong i18n keys (#17150) (#17153)

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3 years agocorrect transaction ending (#17151)
Alexey 〒erentyev [Sat, 25 Sep 2021 15:45:39 +0000 (18:45 +0300)]
correct transaction ending (#17151)

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
3 years agoPrevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
zeripath [Fri, 24 Sep 2021 13:29:47 +0000 (14:29 +0100)]
Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)

Backport #17140

When rendering source in org mode there is a mistake in the highlight code that
causes a panic.

This PR fixes this.

Fix #17139

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoChangelog 1.15.3 (#17091) v1.15.3
zeripath [Mon, 20 Sep 2021 04:02:52 +0000 (05:02 +0100)]
Changelog 1.15.3 (#17091)

## [1.15.3](https://github.com/go-gitea/gitea/releases/tag/v1.15.3) - 2021-09-19

* ENHANCEMENTS
  * Add fluid to ui container class to remove margin (#16396) (#16976)
  * Add caller to cat-file batch calls (#17082) (#17089)
* BUGFIXES
  * Render full plain readme. (#17083) (#17090)
  * Upgrade xorm to v1.2.4 (#17059)
  * Fix bug of migrate comments which only fetch one page (#17055) (#17058)
  * Do not show issue context popup on external issues (#17050) (#17054)
  * Decrement Fork Num when converting from Fork (#17035) (#17046)
  * Correctly rollback in ForkRepository (#17034) (#17045)
  * Fix missing close in WalkGitLog (#17008) (#17009)
  * Add prefix to SVG id/class attributes (#16997) (#17000)
  * Fix bug of migrated repository not index (#16991) (#16996)
  * Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)
  * Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977)
  * Fix issue with issue default mail template (#16956) (#16975)
  * Ensure that rebase conflicts are handled in updates (#16952) (#16960)
  * Prevent panic on diff generation (#16950) (#16951)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 years agoAdd caller to cat-file batch calls (#17082) (#17089)
zeripath [Sun, 19 Sep 2021 16:07:35 +0000 (17:07 +0100)]
Add caller to cat-file batch calls (#17082) (#17089)

Some people still appear to report unclosed cat-files. This PR simply adds the caller
to the process descriptor for the CatFileBatch and CatFileBatchCheck calls.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3 years agoRender full plain readme. (#17083) (#17090)
zeripath [Sun, 19 Sep 2021 14:01:19 +0000 (15:01 +0100)]
Render full plain readme. (#17083) (#17090)

Backport #17083

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
3 years agoFix bug of migrate comments which only fetch one page (#17055) (#17058)
Lunny Xiao [Wed, 15 Sep 2021 18:01:54 +0000 (02:01 +0800)]
Fix bug of migrate comments which only fetch one page (#17055) (#17058)

* Fix bug of migrate comments which only fetch one page

* add next page to trace

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
3 years agoUpgrade xorm to v1.2.4 (#17059)
Lunny Xiao [Wed, 15 Sep 2021 15:27:46 +0000 (23:27 +0800)]
Upgrade xorm to v1.2.4 (#17059)

3 years agoDo not show issue context popup on external issues (#17050) (#17054)
zeripath [Wed, 15 Sep 2021 09:38:20 +0000 (10:38 +0100)]
Do not show issue context popup on external issues (#17050) (#17054)

Backport #17050

The issues pop-up context cannot work for external issues - therefore do not show
these.

Fix #17047

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoCorrectly rollback in ForkRepository (#17034) (#17045)
zeripath [Wed, 15 Sep 2021 05:42:09 +0000 (06:42 +0100)]
Correctly rollback in ForkRepository (#17034) (#17045)

Backport #17034

The rollback functionality in
services/repository/repository.go:ForkRepository is incorrect and could
lead to a deadlock as it uses DeleteRepository to delete the rolled-back
repository - a function which creates its own transaction.

This PR adjusts the rollback function to only use RemoveAll as any
database changes will be automatically rolled-back. It also handles
panics and adjusts the Close within WithTx to ensure that if there is a
panic the session will always be closed.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3 years agoDecrement Fork Num when converting from Fork (#17035) (#17046)
zeripath [Wed, 15 Sep 2021 02:05:47 +0000 (03:05 +0100)]
Decrement Fork Num when converting from Fork (#17035) (#17046)

Backport #17035

When converting repositories from forks to normal the root NumFork needs to be
decremented too.

Fix #17026

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix missing close in WalkGitLog (#17008) (#17009)
zeripath [Fri, 10 Sep 2021 09:46:06 +0000 (10:46 +0100)]
Fix missing close in WalkGitLog (#17008) (#17009)

Backport #17008

When the external context is cancelled it is possible for the
GitLogReader to not itself be Closed.

This PR does three things:

1. Instead of adding a plain defer it wraps the `g.Close` in a func as
`g` may change.
2. It adds the missing explicit g.Close - although the defer fix makes
this unnecessary.
3. It passes down the external context as the base context for the
GitLogReader meaning that the cancellation of the external context will
pass down automatically.

Fix #17007

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoUse filename as id/class prefix. (#16997) (#17000)
KN4CK3R [Thu, 9 Sep 2021 09:47:28 +0000 (11:47 +0200)]
Use filename as id/class prefix. (#16997) (#17000)

Currently the svg minifier (`make svg`) rewrites all `id` and `class` attributes in svg files. Every file gets the ids `a, b, ...`. If multiple svgs with ids are used on a page these ids are conflicting and the results are broken images.

| minified ids | unique ids |
| - | - |
| ![grafik](https://user-images.githubusercontent.com/1666336/132579375-59d3996f-c4e5-43b8-8c8d-82280c90d9e3.png) | ![grafik](https://user-images.githubusercontent.com/1666336/132579413-05bf9285-4e3b-4d0d-8f95-90b212405b05.png) |

This PR adds a prefix (the filename) to every id/class.

Follow up problem: Because we embed svg images there are duplicated ids if one svg image is used multiple times on a page. As those ids refer to the same content it may be no real problem because browser handle that fine.

3 years agoFix bug of migrated repository not index (#16991) (#16996)
6543 [Thu, 9 Sep 2021 06:02:22 +0000 (08:02 +0200)]
Fix bug of migrated repository not index (#16991) (#16996)

Fix #16986, #16152

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3 years agoSkip AllowedUserVisibilityModes validation on update user if it is an organisation...
6543 [Wed, 8 Sep 2021 15:58:00 +0000 (17:58 +0200)]
Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)

if AllowedUserVisibilityModes allow only public & limited, and orgs can be private, a user can create a repo to that organisation whitch will result in an update of the user. On this call the user is validaten and will be rejected since private is not allowed, but its not an user its an valid org ...

Co-authored-by: Alexey 〒erentyev <axifnx@gmail.com>
Co-authored-by: Alexey 〒erentyev <axifnx@gmail.com>
3 years agoFix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971...
Lunny Xiao [Tue, 7 Sep 2021 18:39:05 +0000 (02:39 +0800)]
Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977)

* Fix storage Iterate bug and Add storage doctor to delete garbage attachments

* Close object when used

3 years agoFix issue with issue default mail template (#16956) (#16975)
Prasad Katti [Tue, 7 Sep 2021 02:06:59 +0000 (19:06 -0700)]
Fix issue with issue default mail template (#16956) (#16975)

Backport #16956

The mail template rendering was failing with the error -
`...vices/mailer/mail.go:301:composeIssueCommentMessages() [E] ExecuteTemplate [issue/default/body]: template: issue/default:65:10: executing "issue/default" at <.i18n.Tr>: can't evaluate field i18n in type *models.Comment`

The issue was the template variable i18n is available in the outer scope.

Fix #16877

Co-authored-by: 6543 <6543@obermui.de>
3 years agoAdd fluid to ui container class to remove margin (#16396) (#16976)
silverwind [Tue, 7 Sep 2021 01:37:32 +0000 (03:37 +0200)]
Add fluid to ui container class to remove margin (#16396) (#16976)

Co-authored-by: Stanley Hu <stanthetiger@yahoo.com>
3 years agoEnsure that rebase conflicts are handled in updates (#16952) (#16960)
zeripath [Sun, 5 Sep 2021 16:54:13 +0000 (17:54 +0100)]
Ensure that rebase conflicts are handled in updates (#16952) (#16960)

Backport #16952

PR #16125 did not update the error handlers to handle conflict errors relating
to rebases. This PR adds them.

Fix #16922

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoPrevent panic on diff generation (#16950) (#16951)
zeripath [Sun, 5 Sep 2021 10:17:42 +0000 (11:17 +0100)]
Prevent panic on diff generation (#16950) (#16951)

Backport #16950

The lastLeftIdx should be reset at the same time as creating a new section otherwise
it is possible for a second addition to end up attempting to read a nil entry.

Fix #16943

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoChangelog 1.15.2 (#16940) v1.15.2
zeripath [Fri, 3 Sep 2021 11:50:32 +0000 (12:50 +0100)]
Changelog 1.15.2 (#16940)

## [1.15.2](https://github.com/go-gitea/gitea/releases/tag/v1.15.2) - 2021-09-03

* BUGFIXES
  * Add unique constraint back into issue_index (#16938)
  * Close storage objects before cleaning (#16934) (#16942)

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoClose storage objects before cleaning (#16934) (#16942)
zeripath [Fri, 3 Sep 2021 11:17:07 +0000 (12:17 +0100)]
Close storage objects before cleaning (#16934) (#16942)

Backport #16934

Storage.Iterate provides the path and an open object. On windows using
local storage means that the objects will be locked thus preventing clean
from deleting them.

This PR simply closes the objects early.

Fix #16932

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoAdd unique constraint back into issue_index (#16938)
zeripath [Fri, 3 Sep 2021 09:35:18 +0000 (10:35 +0100)]
Add unique constraint back into issue_index (#16938)

There is a flaw in #16820 where it was missed that although xorm will
not add a primary key to a table during syncing, it will remove an
unique constraint.

Users upgrading from 1.15.0 to 1.15.1 will therefore lose the unique
constraint that makes this table work unless they run `gitea doctor
recreate-table issue_index`.  Postgres helpfully warns about this
situation but MySQL does not.

Main/1.16-dev is not affected by this issue as there is a migration that
does the above recreation by default. Users moving directly to 1.15.1
from 1.14.x or lower are also not affected.

Whilst we could force all users who ran 1.15.0 to do the above
recreate-table call, this PR proposes an alternative: Just add the
unique constraint back in for 1.15.x. This won't have any long term
effects - just some wasted space for the unnecessary index.

Fix #16936

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoChangelog 1.15.1 (#16925) v1.15.1
zeripath [Thu, 2 Sep 2021 17:23:40 +0000 (18:23 +0100)]
Changelog 1.15.1 (#16925)

## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02

* BUGFIXES
  * Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
  * Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
  * Ignore review comment when ref commit is missed (#16905) (#16919)
  * Fix wrong attachment removal (#16915) (#16917)
  * Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
  * Correctly return the number of Repositories for Organizations (#16807) (#16911)
  * Test if LFS object is accessible (#16865) (#16904)
  * Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
  * Fix dump and restore respository (#16698) (#16898)
  * Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
  * Fix wiki raw commit diff/patch view (#16891) (#16892)
  * Ensure wiki repos are all closed (#16886) (#16888)
  * List limited and private orgs if authenticated on API (#16866) (#16879)
  * Simplify split diff view generation and remove JS dependency (#16775) (#16863)
  * Ensure that the default visibility is set on the user create page (#16845) (#16862)
  * In Render tolerate not being passed a context (#16842) (#16858)
  * Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
  * Report the correct number of pushes on the feeds (#16811) (#16822)
  * Add primary_key to issue_index (#16813) (#16820)
  * Prevent NPE on empty commit (#16812) (#16819)
  * Fix branch pagination error (#16805) (#16816)
  * Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
  * Remove spurious / from issues.opened_by (#16793)
  * Ensure that template compilation panics are sent to the logs (#16788) (#16792)
  * Update caddyserver/certmagic (#16789) (#16790)

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoAllow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) ...
zeripath [Thu, 2 Sep 2021 16:34:49 +0000 (17:34 +0100)]
Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)

Backport #16916

Duplicate #15987 to allow access to releases download through BASIC authentication.

Fix #16914

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoPrevent leave changes dialogs due to autofill fields (#16912) (#16920)
zeripath [Thu, 2 Sep 2021 16:00:20 +0000 (17:00 +0100)]
Prevent leave changes dialogs due to autofill fields (#16912) (#16920)

Backport #16912

Add ignore-dirty to /user/settings/account
Add autocomplete="off" to push_mirror_address form on /:owner/:repo/settings

Fix #16861

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoIgnore review comment when ref commit is missed (#16905) (#16919)
Lunny Xiao [Thu, 2 Sep 2021 10:51:32 +0000 (18:51 +0800)]
Ignore review comment when ref commit is missed (#16905) (#16919)

backport #16905

3 years agoFix wrong attachment removal (#16915) (#16917)
wxiaoguang [Thu, 2 Sep 2021 05:50:11 +0000 (13:50 +0800)]
Fix wrong attachment removal (#16915) (#16917)

Backport #16917

3 years agoGitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
zeripath [Wed, 1 Sep 2021 21:52:38 +0000 (22:52 +0100)]
Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)

Backport #16903

Fix bug related to early breaking when migrating reactions.

Co-authored-by: 6543 <6543@obermui.de>
3 years agoCorrectly return the number of Repositories for Organizations (#16807) (#16911)
zeripath [Wed, 1 Sep 2021 17:20:35 +0000 (18:20 +0100)]
Correctly return the number of Repositories for Organizations (#16807) (#16911)

Backport #16807

Calculate and return the number of Repositories on the dashboard
Organization list.

This PR restores some of the logic that was removed in #14032 to
calculate the number of repos on the dashboard orgs list.

Fix #16648
Replaces #16799

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoTest if LFS object is accessible (#16865) (#16904)
6543 [Tue, 31 Aug 2021 15:58:39 +0000 (17:58 +0200)]
Test if LFS object is accessible (#16865) (#16904)

* Test if object is accessible.

* Added more logging.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
3 years ago List limited and private orgs if authenticated on API (#16866) (#16879)
6543 [Tue, 31 Aug 2021 10:49:02 +0000 (12:49 +0200)]
 List limited and private orgs if authenticated on API (#16866) (#16879)

3 years agoFix dump and restore respository (#16698) (#16898)
Lunny Xiao [Tue, 31 Aug 2021 09:44:14 +0000 (17:44 +0800)]
Fix dump and restore respository (#16698) (#16898)

* Fix dump and restore
* return different error message for get commit
* Fix missing delete release attachment when deleting repository
* Fix ci and add some comments

back port #16698

Co-authored-by: zeripath <art27@cantab.net>
3 years agoFix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
6543 [Tue, 31 Aug 2021 08:06:01 +0000 (10:06 +0200)]
Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)

* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)

Co-authored-by: zeripath <art27@cantab.net>
3 years agoFix wiki raw commit diff/patch view (#16891) (#16892)
6543 [Tue, 31 Aug 2021 06:13:08 +0000 (08:13 +0200)]
Fix wiki raw commit diff/patch view (#16891) (#16892)

3 years agoRepare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
6543 [Tue, 31 Aug 2021 03:02:27 +0000 (05:02 +0200)]
Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)

fix pipe leak

3 years agoEnsure wiki repos are all closed (#16886) (#16888)
6543 [Mon, 30 Aug 2021 21:00:45 +0000 (23:00 +0200)]
Ensure wiki repos are all closed (#16886) (#16888)

There are multiple places where wiki git repositories are not properly closed.

This PR ensures they are closed.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
3 years agoSimplify split diff view generation and remove JS dependency (#16775) (#16863)
zeripath [Mon, 30 Aug 2021 15:43:06 +0000 (16:43 +0100)]
Simplify split diff view generation and remove JS dependency (#16775) (#16863)

Backport #16775

Gitea has relied on some slow JS code to match up added and deleted lines on the
diff pages. This can cause a considerable slow down on large diff pages.

This PR makes a small change meaning that the matching up can occur much more simply.

Partial fix #1351

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoEnsure that the default visibility is set on the user create page (#16845) (#16862)
zeripath [Sun, 29 Aug 2021 15:33:13 +0000 (16:33 +0100)]
Ensure that the default visibility is set on the user create page (#16845) (#16862)

Backport #16845

Set the default visibility on the user create page.

Fix #16840

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoIn Render tolerate not being passed a context (#16842) (#16858)
6543 [Sun, 29 Aug 2021 14:25:45 +0000 (16:25 +0200)]
In Render tolerate not being passed a context (#16842) (#16858)

* In Render tolerate not being passed a context

It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.

Fix #16835

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Context to Repo calls for RenderString

All calls from routers can easily add the context - so add it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
3 years agoUpgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources...
zeripath [Sat, 28 Aug 2021 11:16:19 +0000 (12:16 +0100)]
Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)

* Upgrade xorm to v1.2.2 (#16663)

Backport #16663

Fix #16683

* Add test to ensure that dumping of login sources remains correct (#16847)

#16831 has occurred because of a missed regression. This PR adds a simple test to
try to prevent this occuring again.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3 years agoReport the correct number of pushes on the feeds (#16811) (#16822)
techknowlogick [Thu, 26 Aug 2021 06:30:13 +0000 (02:30 -0400)]
Report the correct number of pushes on the feeds (#16811) (#16822)

* Report the correct number of pushes on the feeds

Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.

Fix #16804

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update templates/user/dashboard/feeds.tmpl

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
3 years agoAdd primary_key to issue_index (#16813) (#16820)
zeripath [Wed, 25 Aug 2021 22:10:15 +0000 (23:10 +0100)]
Add primary_key to issue_index (#16813) (#16820)

Backport #16813

Make the group_id a primary key in issue_index. This already has an
unique index and therefore is a good candidate for becoming a primary
key.

This PR also changes all other uses of this table to add the group_id as
the primary key.

The migration v192 from #16813 has not been backported but Xorm will
work fine with non-primary keyed tables. If a user on 1.15 wishes to
have the correct schema sooner than 1.16 - they can use gitea doctor
recreate-table issue_index and gitea will recreate the table with the
primary key.

Fix #16802

Signed-off-by: Andrew Thornton art27@cantab.net
3 years agoPrevent NPE on empty commit (#16812) (#16819)
zeripath [Wed, 25 Aug 2021 12:22:48 +0000 (13:22 +0100)]
Prevent NPE on empty commit (#16812) (#16819)

Backport #16812

Handle completely empty commit as the first commit to a repository.

Fix #16668

Signed-off-by: Andrew Thornton art27@cantab.net
3 years agoFix branch pagination error (#16805) (#16816)
Lunny Xiao [Wed, 25 Aug 2021 10:11:54 +0000 (18:11 +0800)]
Fix branch pagination error (#16805) (#16816)

Backport #16805

Fix #16801

Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.

3 years agoEnsure that template compilation panics are sent to the logs (#16788) (#16792)
zeripath [Mon, 23 Aug 2021 23:50:04 +0000 (00:50 +0100)]
Ensure that template compilation panics are sent to the logs (#16788) (#16792)

Backport #16788

Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.

This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 years agoRemove spurious / from issues.opened_by (#16793)
zeripath [Mon, 23 Aug 2021 22:24:30 +0000 (23:24 +0100)]
Remove spurious / from issues.opened_by (#16793)

Fix #16713

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>