Fix error create comment on outdated file (#13041) (#13042)

* FIX

* more specific

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix repository create/delete event webhooks (#13008) (#13027)

Fix 500 on README in submodule (#13006) (#13016)

If a README file is a symlink to a submodule Gitea the view branch page
will return a 500.

The underlying problem is a missed conversion of an
plumbing.ErrObjectNotFound in git/tree_blob.go.

Fix #12599

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Changelog 1.12.5 (#13002)

* Changelog 1.12.5

Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: techknowlogick <matti@mdranta.net>
* Apply suggestions from code review

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <matti@mdranta.net>

allow U2F with default settings for gitea in subpath (#12990) (#13001)

* allow U2F with default settings for gitea in subpath

* use trim suffix

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

Prevent empty div when editing comment (#12404) (#12991)

* Prevent empty div when editing comment

The template for attachments needs to remove whitespace and return empty when there are no attachments.

Fix #10220

Co-authored-by: zeripath <art27@cantab.net>

Mirror: Update DB on Address-Update too (#12964) (#12967)

* Mirror: Update DB on Address-Update too (#12964)

* Mirror: Update DB on Address-Update too

* new name for function to better describe

* fix lint

Allow extended config on cron settings (#12939) (#12943)

Backport #12939

Fix #12934

Signed-off-by: Andrew Thornton <art27@cantab.net>

Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)

Backport #12577

When adding Avatar email-hash pairs we simply want the DB table to
represent a Set. We don't care if the hash-pair is already present,
so we just simply Insert and ignore the error.

Unfortunately this seems to cause some DBs to log the duplicate
insert to their logs - looking like a bug a in Gitea.

Now, there is no standard way in SQL to say Insert but if there's
an error ignore it. MySQL has INSERT IGNORE, PostgreSQL >= 9.5 has
INSERT ... ON CONFLICT DO NOTHING, but I do not believe that SQLite
or MSSQL have variants.

This PR places the insert in a transaction which we are happy to fail
if there is an error - hopefully this will stop the unnecessary
logging.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix ListUserOrgs (#12910) (#12915)

fix #12891

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>

Update only the repository columns that need updating (#12900) (#12912)

Backport #12900

We should only update is_empty, default_branch and updated time columns
during commitRepoAction and not update other columns as we risk
overwriting incorrect information.

Fix #11823
Fix #10536

Signed-off-by: Andrew Thornton <art27@cantab.net>

Fix panic when adding long comment (#12892) (#12894)

Previous PR #12881 causes out of bounds panic by working on wrong string.

Convert User expose ID each time (#12855) (#12883)

* Convert User expose ID each time (#12855)

* git blame tells me a lot of gitea things happen here around 2018, add header

* move user code int its own file

* expose user id

* adopt things from APIFormat

* fix test

* CI.restart()

* No Refactor

* CI.restart()

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Add size limit for content of comment on action ui (#12881) (#12890)

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix pgsql migration test (#12844) (#12884)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>

Fix [API] CreateRepo missing information (#12848) (#12867)

* Fix [API] [Bug] CreateRepo missing information (#12848)

* Fix [API] [Bug] CreateRepo missing information

* add code comment

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* CI.restart()

* CI.restart()

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>

Support slashes in release tags (#12864) (#12882)

Backport #12864

Fix #12861

Signed-off-by: Andrew Thornton <art27@cantab.net>

Fix migration v111 (#12868)

Escape more things that are passed through str2html (#12622) (#12850)

Backport #12622

* Escape more things that are passed through str2html

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Bloody editors!

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update routers/user/oauth.go

Fix notifications page links (#12838) (#12853)

Signed-off-by: Andrew Thornton <art27@cantab.net>

On Migration respect old DefaultBranch (#12843) (#12858)

* On Migration respect old DefaultBranch

* add DefaultBranch int test set

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

Stop cloning unnecessarily on PR update (#12839) (#12852)

Backport #12839

Fix #12740

Signed-off-by: Andrew Thornton <art27@cantab.net>

Remove double escape on labels addition in comments (#12809) (#12810)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Fix "only mail on mention" bug (#12775) (#12789)

* fix mail mention bug

fix #12774

Signed-off-by: a1012112796 <1012112796@qq.com>
* fix test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix yet another bug with diff file names (#12771) (#12776)

Backport #12771

Following further testing it has become apparent that the diff line
cannot be used to determine filenames for diffs with any sort of predictability
the answer therefore is to use the other lines that are provided with a diff

Fix #12768

Signed-off-by: Andrew Thornton <art27@cantab.net>

gitea dump: include version &  Check InstallLock (#12760) (#12762)

* gitea dump: include version

* Check InstallLock

RepoInit Respect AlternateDefaultBranch (#12746) (#12751)

Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)

* Update Vendor github.com/nfnt/resize

* switch resize algo NearestNeighbor -> Bilinear

[Backport] Fix go1.15 lint error in modules/public/public.go (#12707) (#12708)

* fix go1.15 lint error in modules/public/public.go

* CI.restart()

Changelog for 1.12.4 release (#12687)

Co-authored-by: zeripath <art27@cantab.net>

[Backport] Fix comment broken issue ref dependence (#12651) (#12692)

* deleteIssuesByRepoID: delete related CommentTypeRemoveDependency & CommentTypeAddDependency comments too

* Ignore ErrIssueNotExist on comment.LoadDepIssueDetails()

* CI.restart()

Make default StaticRootPath compile time settable (#12371) (#12652)

Make it possible to compile the default location of StaticRootPath independent from AppWorkPath

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

When reading expired sessions - expire them (#12686) (#12690)

* When reading expired sessions - expire them

Update to latest macaron/session following merge of
https://gitea.com/macaron/session/pulls/11

Also remove old memory provider as 11 updates the memory provider to
make it unnecessary.

Signed-off-by: Andrew Thornton <art27@cantab.net>
* and macaron/session/pulls/12

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

Escape provider name in oauth2 provider redirect (#12650)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>

Mark Cache with ini tag (#12605) (#12611)

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Escape Email in forgot_password.tmpl (#12610) (#12612)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

go1.15 on windows (#12589) (#12593)

We don't support go1.15 on 1.12.x branch, however this will allow users who chose to build with go1.15 on windows to be successful

Fix diff path unquoting (#12554) (#12575)

Backport #12554

* Fix diff path unquoting

services/gitdiff/gitdiff.go whereby there it assumed that the path would
always be quoted on both sides

This PR simplifies the code here and uses fmt.Fscanf to parse the
strings as necessary.

Fix #12546

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add testcase as per @mrsdizzie

Signed-off-by: Andrew Thornton <art27@cantab.net>

Skip SSPI authentication attempts for /api/internal (#12556) (#12559)

Backport #12556

SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.

Fix #11260

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>

Default empty merger list to those with write permissions (#12535) (#12560)

Backport #12535

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

models: break out of loop (#12386) (#12561)

Backport #12386

Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>

Improve HTML escaping helper (#12562)

The previous method did not escape single quotes which under some
circumstances can lead to XSS vulnerabilites and the fact that it
depends on jQuery is also not ideal. Replace it with a lightweight
module.

Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)

* Prevent NPE on commenting on lines with invalidated comments

Only check for a review if we are replying to a previous review.

Prevent the NPE in #12239 by assuming that a comment without a Review is
non-pending.

Fix #12239

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add hack around to show the broken comments

Signed-off-by: Andrew Thornton <art27@cantab.net>

Remove hardcoded ES indexername (#12521) (#12526)

Co-authored-by: Wim <wim@42.be>

Keys should not verify revoked email addresses (#12486) (#12495)

Backport #12486

Fix #6778

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Fix bug preventing transfer to private organization (#12497) (#12501)

* Fix bug preventing transfer to private organization

The code assessing whether a private organization was visible to a user before
allowing transfer was incorrect due to testing membership the wrong way round

This PR fixes this issue and renames the function performing the test to be
clearer.

Further looking at the API for transfer repository - no testing was
performed to ensure that the acting user could actually see the new
owning organization.

Signed-off-by: Andrew Thornton <art27@cantab.net>
* change IsUserPartOfOrg everywhere

Co-authored-by: zeripath <art27@cantab.net>

Do not add prefix on http/https submodule links (#12477) (#12479)

Fix #12345

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

Fix ignored login on compare (#12476) (#12478)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Match GH with Commit page (#12425) (#12431)

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)

* Fix incorrect logging in oauth2.go

Fix #11945

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle ErrAlreadyInQueue in stats indexer

Fix #12380

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fixes type in error message of indexer

Add the missing character in the error message.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lieven Hollevoet <hollie@lika.be>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lieven Hollevoet <hollie@lika.be>

[Vendor] upgrade google/go-github to v32.1.0 (#12361) (#12390)

* upgrate go-github client to v32.1.0

* migrate

Rendoer emoji's of Commit message on feed-page (#12373)

Git 2.28 no longer permits diff with ... on unrelated branches (#12370)

Backport #12364

Signed-off-by: Andrew Thornton <art27@cantab.net>

Changelog v1.12.3 (#12356)

* Changelog v1.12.3

* better description for 12351

* @techknowlogick suggestions

Backport to v1.12 for #12341 - Release date fix (#12351)

* Backport for Issue #12341 PR #12343 - Release date fix

* Adds sleep for comparing times

* Fixes imports

* Fixes tests

Show 404 page when release not found (#12328) (#12332)

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 赵智超 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Backport emoji fixes to 1.12 (#12327)

* Fix emoji detection in certain cases (#12320)

* Fix emoji detection certain cases

Previous tests weren't complicated enough so there were some situations where emojis were't detected properly. Find the earliest occurance in addition to checking for the longest combination.

Fixes #12312

* ok spell bot

Co-authored-by: Lauris BH <lauris@nix.lv>
* Reduce emoji size (#12317)

* Reduce emoji size

Rendering should now pretty much match GitHub with 1.25em. I verified
that emojis don't increase the line height and removed unecessary size
overrides because now all emojis should appear similar in relation to
the font size.

* fix reaction hover

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lauris BH <lauris@nix.lv>

Fix double-indirection bug in logging IDs (#12294) (#12308)

This PR fixes a bug in log.NewColoredIDValue() which led to a double
indirection and incorrect IDs being printed out.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

[ui] Link to pr list page on sidebar when view pr (#12256) (#12263)

Fix #12254

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: 赵智超 <1012112796@qq.com>

Extend Notifications API and return pinned notifications by default (#12164) (#12232)

Backport #12164

This PR extends the notifications API to allow specific notification statuses to be searched for and to allow setting of notifications to statuses other than read.

By default unread and pinned statuses will be returned when querying for notifications - however pinned statuses will not be marked as read.

Close #12152

Signed-off-by: Andrew Thornton art27@cantab.net

Changelog for v1.12.2 (#12214)

* Changelog for v1.12.2

* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update CHANGELOG.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>

Decrease the  num_stars when deleting a repo (#11954) (#12188)

* Decrease the  num_stars when deleting a repo

fix #11949

Signed-off-by: a1012112796 <1012112796@qq.com>
* Add migration

* use batch

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>
* fix lint

* fix lint

* fix ci

* fix ci2

* add doctor

* duplicate code

* fix migration

* fix some nits

* add start

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Fix regression: Gitea commits API again returns commit summaries, not full messages  (#12186) (#12187)

Closes #12185

Co-authored-by: Kristian Antonsen <kristian@derfor.dk>

properly set symbolic-ref HEAD when a repo is created with a non-master default branch (#12135) (#12182)

This fixes an issue I noticed with #10803: when you create a repo with a non-master default branch, gitea doesn't change the remote ref HEAD, so it still points at refs/heads/master. As a result, cloning my repos gives me error messages and doesn't check out the desired default branch, so I need to manually check it out after cloning.

Co-authored-by: xenofem <45297511+xenofem@users.noreply.github.com>

Trim to 255 runes instead of bytes (#12150)

* Trim to 255 runes instead of bytes

Prevents invalid UTF-8 encoding for Description and Website. Refs #7905

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>

Ensure Subkeys are verified (#12155) (#12168)

Backport #12155

When attempting to verify subkeys the email address verification step
requires checking the emails however, these emails are not stored on
subkeys but instead on the primary key.

This PR will obtain the primaryKey and check against these emails too.

Fix #12128

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Use hash of repo path, ref and entrypath as cache key (#12151) (#12161)

Multiple small admin dashboard fixes (#12153) (#12156)

* Prevent (EXTRA string) comments in Task headers
* Redirect tasks started from monitor page back to monitor
* Fix #12107 - redirects from process cancel should use AppSubUrl
* When wrapping queues set the name correctly

Signed-off-by: Andrew Thornton <art27@cantab.net>

Remove spurious logging (#12139) (#12148)

Backport #12139

Unfortunately #10745 merged a spurious logging message. This PR removes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

templates/repo/empty.tmpl : fix repo setup instructions (#12147)

Co-authored-by: codeberg <codeberg@codeberg.org>
Co-authored-by: zeripath <art27@cantab.net>

 Move EventSource to SharedWorker (#12095) (#12130)

* Move EventSource to SharedWorker (#12095)

Backport #12095

Move EventSource to use a SharedWorker. This prevents issues with HTTP/1.1
open browser connections from preventing gitea from opening multiple tabs.

Also allow setting EVENT_SOURCE_UPDATE_TIME to disable EventSource updating

Fix #11978

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Bugfix for shared event source

For some reason our eslint configuration is not working correctly
and a bug has become apparent when trying to backport this to 1.12.

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Re-fix #12095 again

Unfortunately some of the suggested changes to #12095 introduced
bugs which due to caching behaviour of sharedworkers were not caught
on simple tests.

These are as follows:

* Changing from simple for loop to use includes here:

```js
  register(port) {
    if (!this.clients.includes(port)) return;

    this.clients.push(port);

    port.postMessage({
      type: 'status',
      message: `registered to ${this.url}`,
    });
  }
```

The additional `!` prevents any clients from being added and should
read:

```js
    if (this.clients.includes(port)) return;
```

* Dropping the use of jQuery `$(...)` selection and using DOM
`querySelector` here:

```js
async function receiveUpdateCount(event) {
  try {
    const data = JSON.parse(event.data);

    const notificationCount = document.querySelector('.notification_count');
    if (data.Count > 0) {
      notificationCount.classList.remove('hidden');
    } else {
      notificationCount.classList.add('hidden');
    }

    notificationCount.text() = `${data.Count}`;
    await updateNotificationTable();
  } catch (error) {
    console.error(error, event);
  }
}
```

Requires that `notificationCount.text()` be changed to use `textContent`
instead.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix ui bug in wiki commit page (#12089) (#12125)

* Fix ui bug in wiki commit page

TODO: Maybe we should allow wiki to have its own ``.editorconfig`` file.

Signed-off-by: a1012112796 <1012112796@qq.com>
* fix a small nit

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>

Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)

Backport #11852

When migrating from gitlab, set the baseUrl in NewGitlabDownloader when using an access token or username without password

Fix #11851

Co-authored-by: Gernot Eger <gernot.eger@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Fix gitgraph branch continues after merge (#12044) (#12105)

Backport #12044

* Fix gitgraph branch continues after merge

After fixing the initial problem in #11981 another
problem has come to light...

Fix #11981 (part 2)

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update web_src/js/vendor/gitgraph.js

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

Fix merge section in dark theme (#12086) (#12109)

Backport #12086

* Fix merge section in dark theme

* Fix lint

Ensure BlameReaders close at end of request (#12102) (#12103)

Backport #12102

this was thought to be due to timeouts, however on closer look this
appears to be due to the Close() function of the BlameReader hanging
with a blocked stdout pipe.

This PR fixes this Close function to:

* Cancel the context of the cmd
* Close the StdoutReader - ensuring that the output pipe is closed

Further it makes the context of the `git blame` command a child of the
request context - ensuring that even if Close() is not called, on
cancellation of the Request the blame is command will also be cancelled.

Fixes #11716
Closes #11727

Signed-off-by: Andrew Thornton <art27@cantab.net>

Disable go module when downloading global binaries (#12030) (#12084)

Prevent `go get` from touching `go.mod` and `go.sum` when executing
global binaries during the build process. Once
https://github.com/golang/go/issues/30515 is fixed, we should is
whatever solution is provided there.

Fixes: https://github.com/go-gitea/gitea/pull/12010
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix comments webhook panic backport (#12058)

* Handle HookIssueReviewed action in webhook

* Fix webhook comment handling type cast panic

Disable dropzone's timeout (#12024) (#12032)

Dropzone 4.4 introduced a 30s XHR timeout that will kill any upload
still in progress. This disable that timeout again.

Ref: https://www.dropzonejs.com/#config-timeout
Ref: https://github.com/go-gitea/gitea/pull/10645
Ref: https://xhr.spec.whatwg.org/#the-timeout-attribute
Fixes: https://github.com/go-gitea/gitea/issues/12022
Fixes: https://github.com/go-gitea/gitea/issues/11906
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Changelog for v1.12.1 (#12006)

Handle multiple merges in gitgraph.js (#11996) (#12000)

Backport #11996

There is a bug in web_src/js/vendor/gitgraph.js whereby it fails to
handle multiple merges in a single commit correctly. This PR adds
changes to make this work.

Fix #11981

Signed-off-by: Andrew Thornton <art27@cantab.net>

Add serviceworker.js to KnownPublicEntries (#11992) (#11994)

Fixes a wrong 302 redirect to the login page, see https://github.com/go-gitea/gitea/issues/11989.
Also made it so the reserved username list is extended with those known
entries so we avoid code duplication.

For language detection do not try to analyze big files by content (#11971) (#11975)

Fix scrollable header on dropdowns (#11893) (#11965)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
(cherry picked from commit 1fb783efb0dbb3cb866f37ee6b77a003b636de59)

Changelog v1.12.0 (#11927)

* merge RC-logs

* Update

* Update CHANGELOG.md

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Changelog v1.11.7 (#11953) (#11955)

* Changelog v1.11.7

* Update CHANGELOG.md

Fix commenting on non-utf8 encoded files (#11916) (#11950)

* Add comment on non-unicode line to force fail

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just quote/unquote patch

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>

Use google/uuid to instead satori/go.uuid (#11943) (#11946)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>

Align show/hide outdated button on code review block (#11932) (#11944)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
(cherry picked from commit 6c38f371ea3ed98a2ed0534261f5d175c11c628d)

[Backport] Update to go-git v5.1.0 (#11936) (#11941)

* update go-git 5.0.0 -> v5.1.0

* vendor

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Global default branch setting (#11918) (#11937)

* Global default branch setting (#11918)

* Global default branch setting

* add to app.ini example per @silverwind

* update per @lunny

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Update modules/setting/repository.go

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Use ID or Where to instead directly use Get when load object from database (#11925) (#11934)

Backport #11925

Use ID or Where to instead directly use Get when load object from database

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Update CommitsAhead CommitsBehind on Pull BaseBranch Change too (#11912) (#11915)

* Update CommitsAhead CommitsBehind on Pull BaseBranch Change too (#11912)

* CI.restart()

Invalidate comments when file is shortened (#11882) (#11884)

Backport #11882

Fix #10686

Signed-off-by: Andrew Thornton <art27@cantab.net>

Rework api/user/repos for pagination (#11827) (#11877)

* Add count to `GetUserRepositories` so that pagination can be supported for `/user/{username}/repos`
* Rework ListMyRepos to use models.SearchRepository

ListMyRepos was an odd one. It first fetched all user repositories and then tried to supplement them with accessible map. The end result was that:

* Limit for pagination did not work because accessible repos would always be appended
* The amount of pages was incorrect if one were to calculate it
* When paginating, all accessible repos would be shown on every page

Hopefully it should now work properly. Fixes #11800 and does not require any change on Drone-side as it can properly interpret and act on Link header which we now set.

Co-authored-by: Lauris BH <lauris@nix.lv>
(cherry picked from commit 0159851cc3fa80e4df4908a5e760afa20452f712)

Handle more pathological branch and tag names (#11843) (#11863)

Backport #11843

It's possible to push quite pathological appearing branch names to gitea
using git push gitea reasonable-branch:refs/heads/-- at which point
large parts of the UI will break. Similarly you can git push origin
reasonable-tag:refs/tags/-- which wil return an error.

This PR fixes the problems these cause. It also changes the code from
creating branches to pushing to ensure that branch restoration has to
pass hooks.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Fix search form button overlap (#11840) (#11864)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
(cherry picked from commit 8770bceafa3844a97f35d3f8a35089438bf2f33b)

Add doctor check to set IsArchived false if it is null (partial backport #11853) (#11859)

Partial backport of #11853

Add doctor check to set IsArchived false if it is null.

(Migration change unfortunately not possible to be backported.)

Fix #11824

Signed-off-by: Andrew Thornton <art27@cantab.net>

Prevent panic on empty HOST for mysql (#11850) (#11856)

Backport #11850

Signed-off-by: Andrew Thornton <art27@cantab.net>

Use DEFAULT_PAGING_NUM instead of MAX_RESPONSE_ITEMS in ListOptions (#11831) (#11836)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
(cherry picked from commit 2b2b3e4c3726ef224e87bb444340bebd3a70badb)