wxiaoguang [Sun, 6 Aug 2023 12:11:39 +0000 (20:11 +0800)]
Fix API leaking Usermail if not logged in (#25097) (#26350)
Backport #25097
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.
Giteabot [Fri, 4 Aug 2023 13:44:25 +0000 (21:44 +0800)]
Make git batch operations use parent context timeout instead of default timeout (#26325) (#26330)
Backport #26325 by @wxiaoguang
Fix #26064
Some git commands should use parent context, otherwise it would exit too
early (by the default timeout, 10m), and the "cmd.Wait" waits till the
pipes are closed.
Giteabot [Fri, 4 Aug 2023 03:27:45 +0000 (11:27 +0800)]
Support getting changed files when commit ID is `EmptySHA` (#26290) (#26316)
Backport #26290 by @Zettat123
Fixes #26270.
Co-Author: @wxiaoguang
Thanks @lunny for providing this solution
As
https://github.com/go-gitea/gitea/issues/26270#issuecomment-1661695151
said, at present we cannot get the names of changed files correctly when
the `OldCommitID` is `EmptySHA`. In this PR, the `GetCommitFilesChanged`
method is added and will be used to get the changed files by commit ID.
Fix pull request check list is limited (#26179) (#26245)
Backport #26179 by @CaiCandong
In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.
Don't autosize textarea in diff view (#26233) (#26244)
Backport #26233 by @silverwind
Resizing the comment editor can be a very expensive operation because it
triggers page reflows, which on large PRs can take upwards of seconds to
complete. Disable this mechanism on the diff page only where we know
that the page can get large.
Fixes https://github.com/go-gitea/gitea/issues/26201 for the textarea
editor.
I don't think this can be fixed for EasyMDE because as far as I can
tell, it exposes no option to disable this resizing.
Fixed two incorrect headers for setting the page navigation bar:
* User settings page, should not use the title "`org.settings`"
* Repo settings page, should not use the title "`org.settings`"
Fix access check for org-level project (#26182) (#26223)
Backport #26182 by @Zettat123
Fix #25934
Add `ignoreGlobal` parameter to `reqUnitAccess` and only check global
disabled units when `ignoreGlobal` is true. So the org-level projects
and user-level projects won't be affected by global disabled
`repo.projects` unit.
Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
Backport #26039 by @puni9869
Attemp fix: #25744
Fixing the log level when we delete any repo then we get error hook not
found by id. That should be warn level to reduce the noise in the logs.
I think it would be better if xorm would check for primary key columns
here because updating such columns is bad practice. It looks like if
that auto increment check should do the same.
Fix bugs in LFS meta garbage collection (#26122) (#26157)
Backport #26122 by @Zettat123
This PR
- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection
Fix UI regression of asciinema player (#26159) (#26162)
Backport #26159 by @wolfogre
It was caused by updating `asciinema-player`, the upstream changed the
CSS class prefix:
`https://github.com/asciinema/asciinema-player/commit/40505e479e8ba6833f178a3b7e85503c72491614`
Display deprecated warning in admin panel pages as well as in the log file (#26094) (#26154)
backport #26094
Temporily resolve #25915
Related #25994
This PR includes #26007 's changes but have a UI to prompt administrator
about the deprecated settings as well as the log or console warning.
Then users will have enough time to notice the problem and don't have
surprise like before.
Fix CLI allowing creation of access tokens with existing name (#26071) (#26144)
Backport #26071 by @yardenshoham
We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)
Extract from https://github.com/go-gitea/gitea/pull/26043, just the
padding increase.
Before and After (hard to notice, but it's there):
<img width="427" alt="Screenshot 2023-07-25 at 19 37 12"
src="https://github.com/go-gitea/gitea/assets/115237/9543dcda-eccb-4739-b7dd-06b076108ab4">
<img width="420" alt="Screenshot 2023-07-25 at 19 37 26"
src="https://github.com/go-gitea/gitea/assets/115237/0a9c3724-81a1-4c67-a13b-4b728a51fc3a">
After workflow finished, if you rerun a single job, the workflow status
will become to `Running` which is not correct as no jobs are running in
this workflow.
RPM Registry: Show zypper commands for SUSE based distros as well (#25981) (#26020)
Backport #25981 by @asdil12
After RPM is supported with https://github.com/go-gitea/gitea/pull/23380
let's show the user
how to add the repo and install the RPM via all common package managers.
```
[I] router: completed GET /root/test/issues/posters?&q=%20&_=1689853025011 for [::1]:59271, 200 OK in 127.7ms @ repo/issue.go:3505(repo.IssuePosters)
[I] router: completed GET /root/test/pulls/posters?&q=%20&_=1689853968204 for [::1]:59269, 200 OK in 94.3ms @ repo/issue.go:3509(repo.PullPosters)
```
Fix commit status color on dashboard repolist (#25993) (#25998)
Backport #25993 by @silverwind
Followup to https://github.com/go-gitea/gitea/pull/25935 which has
missed to change the icon on the repolist because the logic is not
shared with templates.
avoid hard-coding height in language dropdown menu (#25986) (#25997)
Backport #25986 by @earl-warren
This commit removes the hard-coded height of 500px, using that as a
max-height instead. The height of items in the dropdown menu, assuming a
default font size of 16px, is 36px, so the old CSS would cause overly
large dropdown menus in instances where less than 14 languages are
offered.
Make pending commit status yellow again (#25935) (#25968)
Backport #25935 by @silverwind
With the introduction of Actions, the pending commit icon has changed
from yellow to grey for Drone integrations which never set the "running"
status, so it stays in "pending" until completion.
I find it better to have this icon colored like on 1.19. Now both the
"pending" and "running" icons look the same, but I guess we could add an
animation to the "running" state similar to GitHub has to it later.
Before:
<img width="339" alt="Screenshot 2023-07-17 at 19 14 19"
src="https://github.com/go-gitea/gitea/assets/115237/2f4886e4-74fd-42ea-b59e-9af8f141bf1f">
After:
<img width="335" alt="Screenshot 2023-07-17 at 19 14 30"
src="https://github.com/go-gitea/gitea/assets/115237/53189642-e72d-47f6-9cbe-f14eda28f730">
Regression: https://github.com/go-gitea/gitea/pull/24805 Closes: #25945
- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests
Skip unuseful error message in dev mode when watching local filesystem (#25919) (#25927)
Backport #25919 by @wxiaoguang
Before, in dev mode, there might be some error logs like:
```
2023/07/17 13:54:51 ...s/assetfs/layered.go:221:WatchLocalChanges() [E] Unable to watch directory .: lstat /data/work/gitea/custom/templates: no such file or directory
```
Because there is no "custom/templates" directory.
After: ignore such error, no such error message anymore.
fix incorrect repo url when changed the case of ownername (#25733) (#25881)
Backport #25733 by @hiifong
When only the casing of the username changes, update the owner name of the repo,
and keep the original logic consistent with other conditions.
example: assume your username is `gitea`, lowercase username is `gitea` too,
repo URL is `.../gitea/{repo}`.
You change your username to `Gitea`, `GiTea` or something like that,
as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`.
this pr keeps the new username consistent with the repo URL.
Make `add line comment` buttons focusable (#25894) (#25896)
Backport #25894 by @sebastian-sauer
Use a real button and add an aria-label.
Additionally, show the button whenever it is focused.
See https://codeberg.org/forgejo/forgejo/issues/998 for explanation.
Our handling of this button is now equal to that of GitHub.
Nothing has changed visually.
This issue comes from the change in #25468.
`LoadProject` will always return at least one record, so we use
`ProjectID` to check whether an issue is linked to a project in the old
code.
As other `issue.LoadXXX` functions, we need to check the return value
from `xorm.Session.Get`.
In recent unit tests, we only test `issueList.LoadAttributes()` but
don't test `issue.LoadAttributes()`. So I added a new test for
`issue.LoadAttributes()` in this PR.
Fix the error message when the token is incorrect (#25701) (#25836)
Backport #25701 by @CaiCandong
we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close #24439
related #22119
Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com> Co-authored-by: Jason Song <i@wolfogre.com>
Fix incorrect oldest sort in project list (#25806) (#25835)
Backport #25806 by @yp05327
sort type `oldest` should be `Asc`.
Added a test for this.
I see we have `SearchOrderBy` in db model, but we are using many
different ways to define the sort type.
~Maybe we can improve this later.~
↑ Improved in this PR
Fix activity type match in `matchPullRequestEvent` (#25746) (#25796)
Backport #25746
Fix #25736
Caused by #24048
Right now we only check the activity type for `pull_request` event when
`types` is specified or there are no `types` and filter. If a workflow
only specifies filters but no `types` like this:
```
on:
pull_request:
branches: [main]
```
the workflow will be triggered even if the activity type is not one of
`[opened, reopened, sync]`. We need to check the activity type in this
case.
Make "install page" respect environment config (#25648) (#25799)
Backport #25648
Replace #25580
Fix #19453
The problem was: when users set "GITEA__XXX__YYY" , the "install page"
doesn't respect it.
So, to make the result consistent and avoid surprising end users, now
the "install page" also writes the environment variables to the config
file.
And, to make things clear, there are enough messages on the UI to tell
users what will happen.
There are some necessary/related changes to `environment-to-ini.go`:
* The "--clear" flag is removed and it was incorrectly written there.
The "clear" operation should be done if INSTALL_LOCK=true
* The "--prefix" flag is removed because it's never used, never
documented and it only causes inconsistent behavior.
The only conflict during backport is "ui divider" in
templates/install.tmpl
Fix WORK_DIR for docker (root) image (#25738) (#25811)
Backport #25738 by @wxiaoguang
Fix #25726
#17846 chose an incorrect WORK_DIR path for docker root image.
Gitea's work-path was already used as the base path for various paths
(like AppDataPath), so, the work-path should be mounted to a volume in a
docker image.
Now, for docker root image, it's unavoidable to mix the
WorkPath/CustomPath/AppDataPath in the same directory ("/data/gitea"),
because some of them have already been mixed.
Some directories in the screenshot are for "CustomPath" , while others
are for "AppDataPath", due to the technical debts in old code:
#23879 introduced a change which prevents read access to packages if a
user is not a member of an organization.
That PR also contained a change which disallows package access if the
team unit is configured with "no access" for packages. I don't think
this change makes sense (at the moment). It may be relevant for private
orgs. But for public or limited orgs that's useless because an
unauthorized user would have more access rights than the team member.
This PR restores the old behaviour "If a user has read access for an
owner, they can read packages".
1. `ctx.Data["Link"]` should use relative URL but not AppURL
2. The `data-params` is incorrect because it doesn't contain "page". JS
can simply use "window.location.search" to construct the AJAX URL
3. The `data-xxx` and `id` in notification_subscriptions.tmpl were
copied&pasted, they don't have affect.
Monaco can not deal with color formats other than 6-digit hex, so we
convert the colors for it via new
[`tinycolor2`](https://github.com/bgrins/TinyColor) dependency (5kB
minzipped).
Also, with the addition of the module, we can replace the existing
`hexToRGBColor` usage, I verified it is compatible with the current
tests before removing the function.
docs: rootless docker ssh's default port is 2222 (#25771) (#25772)
Backport #25771 by @leavesster
---
according `docker/rootless/usr/local/bin/docker-setup.sh` , in rootless
docker setup, ssh port is 2222.
and mysql database case should port same as PostgreSQL port
projects / gitea.git / log