]> source.dussan.org Git - gitea.git/log
gitea.git
12 months agoDont leak private users via extensions (#28023) (#28028)
Giteabot [Mon, 13 Nov 2023 23:03:56 +0000 (07:03 +0800)]
Dont leak private users via extensions (#28023) (#28028)

Backport #28023 by @6543

there was no check in place if a user could see a other user, if you
append e.g. `.rss`

12 months agoFix wrong xorm Delete usage(backport for 1.20) (#28003)
Nanguan Lin [Sun, 12 Nov 2023 12:31:03 +0000 (20:31 +0800)]
Fix wrong xorm Delete usage(backport for 1.20) (#28003)

manually backport for https://github.com/go-gitea/gitea/pull/27995
The conflict is `ctx` and `db.Defaultctx`.

12 months agoRender email addresses as such if followed by punctuation (#27987) (#27991)
Giteabot [Sat, 11 Nov 2023 05:26:27 +0000 (13:26 +0800)]
Render email addresses as such if followed by punctuation (#27987) (#27991)

Backport #27987 by @yardenshoham

Added the following characters to the regular expression for the email:

- ,
- ;
- ?
- !

Also added a test case.

- Fixes #27616

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/c57eac26-f281-43ef-a51d-9c9a81b63efa)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/fc7d5c08-4350-4af0-a7f0-d1444d2d75af)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
12 months agoRemove duplicated button in Install web page (#27941)
Nanguan Lin [Tue, 7 Nov 2023 09:22:30 +0000 (17:22 +0800)]
Remove duplicated button in Install web page (#27941)

Fix #27934
Regression #25648

12 months agoUnify two factor check (#27915) (#27939)
KN4CK3R [Mon, 6 Nov 2023 22:06:21 +0000 (23:06 +0100)]
Unify two factor check (#27915) (#27939)

Backport of #27915

Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.

12 months agoFix DownloadFunc when migrating releases (#27887) (#27889)
Giteabot [Fri, 3 Nov 2023 08:29:30 +0000 (16:29 +0800)]
Fix DownloadFunc when migrating releases (#27887) (#27889)

Backport #27887 by @Zettat123

We should not use `asset.ID` in DownloadFunc because DownloadFunc is a
closure.

https://github.com/go-gitea/gitea/blob/1bf5527eac6b947010c8faf408f6747de2a2384f/services/migrations/gitea_downloader.go#L284-L295

A similar bug when migrating from GitHub has been fixed in #14703. This
PR fixes the bug when migrating from Gitea and GitLab.

Co-authored-by: Zettat123 <zettat123@gmail.com>
12 months agoFix http protocol auth (#27875) (#27878)
Lunny Xiao [Thu, 2 Nov 2023 20:38:08 +0000 (04:38 +0800)]
Fix http protocol auth (#27875) (#27878)

backport #27875

12 months agoFix package webhook (#27839) (#27854)
Giteabot [Tue, 31 Oct 2023 10:26:06 +0000 (18:26 +0800)]
Fix package webhook (#27839) (#27854)

Backport #27839 by @lunny

Fix #23742

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
13 months agoRevert "fix orphan check for deleted branch (#27310) (#27320)" (#27763)
Lunny Xiao [Tue, 24 Oct 2023 05:58:11 +0000 (13:58 +0800)]
Revert "fix orphan check for deleted branch (#27310) (#27320)" (#27763)

Because branch table is created until 1.21
Fix #27508

13 months agoFix label render containing invalid HTML (#27752) (#27761)
Giteabot [Tue, 24 Oct 2023 01:39:17 +0000 (09:39 +0800)]
Fix label render containing invalid HTML (#27752) (#27761)

Backport #27752 by @earl-warren

- The label HTML contained a quote that wasn't being closed.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1651

(cherry picked from commit e2bc2c9a1fff482c49dbeb3a51e4e1c698bf506c)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
13 months agoFix org team endpoint (#27721) (#27729)
Giteabot [Sun, 22 Oct 2023 11:45:16 +0000 (19:45 +0800)]
Fix org team endpoint (#27721) (#27729)

Backport #27721 by @lng2020

Fix #27711

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
13 months agoAdapt `.changelog.yml` to new labeling system (#27701) (#27708)
Giteabot [Fri, 20 Oct 2023 12:36:39 +0000 (20:36 +0800)]
Adapt `.changelog.yml` to new labeling system (#27701) (#27708)

Backport #27701 by @delvh

Otherwise, it is not possible anymore to generate changelogs.

Co-authored-by: delvh <dev.lh@web.de>
13 months agoSupport allowed hosts for webhook to work with proxy (#27655) (#27674)
Giteabot [Wed, 18 Oct 2023 13:07:20 +0000 (21:07 +0800)]
Support allowed hosts for webhook to work with proxy (#27655) (#27674)

Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
13 months agoFix poster is not loaded in get default merge message (#27657) (#27665)
Giteabot [Tue, 17 Oct 2023 16:20:23 +0000 (00:20 +0800)]
Fix poster is not loaded in get default merge message (#27657) (#27665)

Backport #27657 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
13 months agoFix 404 when deleting Docker package with an internal version (#27615) (#27629)
Giteabot [Sun, 15 Oct 2023 10:08:01 +0000 (18:08 +0800)]
Fix 404 when deleting Docker package with an internal version (#27615) (#27629)

Backport #27615 by @lng2020

close #27601
The Docker registry has an internal version, which leads to 404

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
13 months agoFix attachment download bug (#27486) (#27570)
Giteabot [Wed, 11 Oct 2023 02:38:50 +0000 (10:38 +0800)]
Fix attachment download bug (#27486) (#27570)

Backport #27486 by @lunny

Fix #27204

This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
13 months agoAvoid run change title process when the title is same (#27467) (#27557)
yp05327 [Tue, 10 Oct 2023 07:01:24 +0000 (16:01 +0900)]
Avoid run change title process when the title is same (#27467) (#27557)

Backport #27467 manually.

13 months agoFix mermaid flowchart margin issue (#27503) (#27517)
silverwind [Sun, 8 Oct 2023 13:32:42 +0000 (15:32 +0200)]
Fix mermaid flowchart margin issue (#27503) (#27517)

Backport https://github.com/go-gitea/gitea/pull/27503 to 1.20

Fixes: https://github.com/go-gitea/gitea/issues/27435
Related: https://github.com/mermaid-js/mermaid/issues/4907

<img width="924" alt="image"

src="https://github.com/go-gitea/gitea/assets/115237/494a1d2e-4c56-48d0-9843-82a5e5aa977e">

13 months agoFix panic in storageHandler (#27446) (#27478)
Giteabot [Fri, 6 Oct 2023 14:51:04 +0000 (22:51 +0800)]
Fix panic in storageHandler (#27446) (#27478)

Backport #27446 by @sryze

storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).

Example CURL command to trigger the panic:

```
curl -I "http://yourhost/gitea//avatars/a"
```

Fixes #27409

---

Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.

Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)

Co-authored-by: Sergey Zolotarev <sryze@outlook.com>
13 months agoWhen comparing with an non-exist repository, return 404 but 500 (#27437) (#27441)
Giteabot [Wed, 4 Oct 2023 14:27:42 +0000 (22:27 +0800)]
When comparing with an non-exist repository, return 404 but 500 (#27437) (#27441)

Backport #27437 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
13 months agoAdd 1.20.5 changelog (#27404) v1.20.5
Lunny Xiao [Tue, 3 Oct 2023 12:53:35 +0000 (20:53 +0800)]
Add 1.20.5 changelog (#27404)

13 months agoFix bug of review request number (#27406)
Lunny Xiao [Tue, 3 Oct 2023 08:08:12 +0000 (16:08 +0800)]
Fix bug of review request number (#27406)

Manually backport #27104 without tests because too many conflicted files
to backport it completely.

13 months agoFix git 2.11 error when checking IsEmpty (#27393) (#27396)
Giteabot [Mon, 2 Oct 2023 15:30:04 +0000 (23:30 +0800)]
Fix git 2.11 error when checking IsEmpty (#27393) (#27396)

Backport #27393 by @wxiaoguang

Fix #27389

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
13 months agoAllow get release download files and lfs files with oauth2 token format (#26430)...
Giteabot [Sun, 1 Oct 2023 11:54:15 +0000 (19:54 +0800)]
Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)

Backport #26430 by @lunny

Fix #26165
Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
13 months agoAdd logs for data broken of comment review (#27326) (#27344)
Giteabot [Fri, 29 Sep 2023 05:31:10 +0000 (13:31 +0800)]
Add logs for data broken of comment review (#27326) (#27344)

Backport #27326 by @lunny

Fix #27306

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
13 months agofix orphan check for deleted branch (#27310) (#27320)
Giteabot [Thu, 28 Sep 2023 03:16:05 +0000 (11:16 +0800)]
fix orphan check for deleted branch (#27310) (#27320)

Backport #27310 by @earl-warren

- Modify the deleted branch orphan check to check for the new table
instead.
- Regression from 6e19484f4d3bf372212f2da462110a1a8c10cbf2
- Resolves https://codeberg.org/forgejo/forgejo/issues/1522

(cherry picked from commit c1d888686fe445e4edecb9d835c5b3893b574b75)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
13 months agoFix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
Giteabot [Mon, 25 Sep 2023 07:02:08 +0000 (15:02 +0800)]
Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)

Backport #27203 by @Nabapadma-sarker

Fixes #27202

Co-authored-by: Nabapadma-sarker <nabapadmacse1991@gmail.com>
13 months agoFix z-index on markdown completion (#27237) (#27242)
Giteabot [Mon, 25 Sep 2023 01:10:46 +0000 (09:10 +0800)]
Fix z-index on markdown completion (#27237) (#27242)

Backport #27237 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/27230
Co-authored-by: silverwind <me@silverwind.io>
13 months agoFix z-index on markdown completion (#27237) (#27238)
Giteabot [Sun, 24 Sep 2023 23:37:58 +0000 (07:37 +0800)]
Fix z-index on markdown completion (#27237) (#27238)

Backport #27237 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/27230
Co-authored-by: silverwind <me@silverwind.io>
13 months agoUpdate database-preparation and add note re: MariaDB (#27232) (#27235)
Giteabot [Sun, 24 Sep 2023 21:27:15 +0000 (05:27 +0800)]
Update database-preparation and add note re: MariaDB (#27232) (#27235)

Backport #27232 by @techknowlogick

update DB docs per feedback.
https://gitea.com/gitea/gitea-docusaurus/issues/69

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
14 months agoQuote table `release` in sql queries (#27205) (#27219)
KN4CK3R [Sat, 23 Sep 2023 22:48:50 +0000 (00:48 +0200)]
Quote table `release` in sql queries (#27205) (#27219)

Backport of #27205

Fixes #27174

`release` is a reserved keyword in MySql. I can't reproduce the issue on
my setup and we have a test for that code but it seems there can be
setups where it fails.

14 months agoFix release URL in webhooks (#27182) (#27184)
Giteabot [Thu, 21 Sep 2023 23:59:27 +0000 (07:59 +0800)]
Fix release URL in webhooks (#27182) (#27184)

Backport #27182 by @jolheiser

Resolves #27180

`URL` points to the API URL, `HTMLURL` points to the web page.

Notably, however, for PRs they are the same URL. I switched them to use
HTMLURL to match the rest of the codebase terminology.

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
14 months agoFix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167)
Giteabot [Thu, 21 Sep 2023 20:23:33 +0000 (04:23 +0800)]
Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167)

Backport #27150 by @memphis88

Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694,
this addresses the team creation not returning the organization
information in the response.

This fix is connected to the
[issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27)
discovered in the terraform provider.
Moreover, the
[documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam)
suggests that the response body should include the `organization` field
(currently being `null`).

Co-authored-by: Dionysios Kakouris <1369451+memphis88@users.noreply.github.com>
14 months agoFix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27162)
Giteabot [Thu, 21 Sep 2023 10:14:59 +0000 (18:14 +0800)]
Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27162)

Backport #27150 by @memphis88

Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694,
this addresses the team creation not returning the organization
information in the response.

This fix is connected to the
[issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27)
discovered in the terraform provider.
Moreover, the
[documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam)
suggests that the response body should include the `organization` field
(currently being `null`).

Co-authored-by: Dionysios Kakouris <1369451+memphis88@users.noreply.github.com>
14 months agoFix successful return value for `SyncAndGetUserSpecificDiff` (#27152) (#27156)
Giteabot [Wed, 20 Sep 2023 22:58:13 +0000 (06:58 +0800)]
Fix successful return value for `SyncAndGetUserSpecificDiff` (#27152) (#27156)

Backport #27152 by @delvh

A function should not return an error when it is successful.
Otherwise, things like
https://discord.com/channels/322538954119184384/322538954119184384/1153705341620600833
happen…

Co-authored-by: delvh <dev.lh@web.de>
14 months agoImprove actions docs related to `pull_request` event (#27126) (#27145)
Giteabot [Wed, 20 Sep 2023 09:49:58 +0000 (17:49 +0800)]
Improve actions docs related to `pull_request` event (#27126) (#27145)

Backport #27126 by @Zettat123

Related to #27039

The `ref` property in Gitea Actions is different from GitHub Actions.
This PR improves the documentation to explain the difference.

Co-authored-by: Zettat123 <zettat123@gmail.com>
14 months agofix pagination for followers and following (#27127) (#27138)
Giteabot [Tue, 19 Sep 2023 16:03:01 +0000 (00:03 +0800)]
fix pagination for followers and following (#27127) (#27138)

Backport #27127 by @earl-warren

- Use the correct total amount for pagination. Thereby correctly show
the pagination bare when there's more than one page of
followers/followings.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1477

(cherry picked from commit c1a136318be3bf72511bed108f2d67f2cf34e1b8)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
14 months agoservices/wiki: Close() after error handling (#27129) (#27137)
Giteabot [Tue, 19 Sep 2023 15:13:23 +0000 (23:13 +0800)]
services/wiki: Close() after error handling (#27129) (#27137)

Backport #27129 by @earl-warren

Refs: https://codeberg.org/forgejo/forgejo/pulls/1385

Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
(cherry picked from commit 589e7d346f51de4a0e2c461b220c8cad34133b2f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
14 months agoFix issue templates when blank isses are disabled (#27061) (#27082)
Giteabot [Thu, 14 Sep 2023 15:39:34 +0000 (23:39 +0800)]
Fix issue templates when blank isses are disabled (#27061) (#27082)

Backport #27061 by @JakobDev

Fixes #27060

Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
14 months agoLoad reviewer before sending notification (#27063) (#27064)
sebastian-sauer [Wed, 13 Sep 2023 20:32:58 +0000 (22:32 +0200)]
Load reviewer before sending notification (#27063) (#27064)

Fixes #27035

14 months agoFix context cache bug & enable context cache for dashabord commits' authors(#26991...
Lunny Xiao [Wed, 13 Sep 2023 07:15:00 +0000 (15:15 +0800)]
Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)

backport #26991

Unfortunately, when a system setting hasn't been stored in the database,
it cannot be cached.
Meanwhile, this PR also uses context cache for push email avatar display
which should avoid to read user table via email address again and again.

According to my local test, this should reduce dashboard elapsed time
from 150ms -> 80ms .

14 months agoUse secure cookie for HTTPS sites (#26999) (#27013)
wxiaoguang [Mon, 11 Sep 2023 09:59:00 +0000 (17:59 +0800)]
Use secure cookie for HTTPS sites (#26999) (#27013)

Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

14 months agoCorrect the database.LOG_SQL default value in config cheat sheet (#26997) (#27002)
Infinoid [Mon, 11 Sep 2023 01:43:42 +0000 (21:43 -0400)]
Correct the database.LOG_SQL default value in config cheat sheet (#26997) (#27002)

This is a manual backport of #26997 to v1.20.

14 months agoFix INI parsing for value with trailing slash (#26995) (#27001)
Giteabot [Sun, 10 Sep 2023 18:52:25 +0000 (02:52 +0800)]
Fix INI parsing for value with trailing slash (#26995) (#27001)

Backport #26995 by @wxiaoguang

Fix #26977 (a temp fix)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
14 months agoFix changelog typo (#26973) v1.20.4
Lunny Xiao [Fri, 8 Sep 2023 08:35:37 +0000 (16:35 +0800)]
Fix changelog typo (#26973)

14 months ago1.20.4 changelog (#26966)
techknowlogick [Fri, 8 Sep 2023 04:17:00 +0000 (00:17 -0400)]
1.20.4 changelog (#26966)

14 months agoImprove LDAP group config documentation (#21227) (#26921)
techknowlogick [Wed, 6 Sep 2023 02:41:10 +0000 (22:41 -0400)]
Improve LDAP group config documentation (#21227) (#26921)

backport #21227

author @svenseeberg

Co-authored-by: Sven Seeberg <mail@sven-seeberg.de>
Co-authored-by: Giteabot <teabot@gitea.io>
14 months agoupdate footer link to new landing page (#26916) (#26919)
techknowlogick [Tue, 5 Sep 2023 19:06:35 +0000 (15:06 -0400)]
update footer link to new landing page (#26916) (#26919)

Backport #26916

14 months agoUpdate documents to fix some links (#26885) (#26888)
Giteabot [Sun, 3 Sep 2023 19:37:42 +0000 (03:37 +0800)]
Update documents to fix some links (#26885) (#26888)

Backport #26885 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
14 months agoUpdate docs about attachment path (#26883) (#26884)
CaiCandong [Sun, 3 Sep 2023 18:45:37 +0000 (02:45 +0800)]
Update docs about attachment path (#26883) (#26884)

Backport #26883
This change was caused by #26271, for configuration as below:
```
[attachment]
ENABLE = true
PATH = data/attachments
MAX_SIZE = 100
MAX_FILES = 5
```
Before #26271, the resolved path is ${AppWorkPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/attachments`)
After #26271, the resolved path is ${AppDataPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/data/attachments`)

Fix https://github.com/go-gitea/gitea/issues/26864 Follow
https://github.com/go-gitea/gitea/pull/26271

14 months agoFix wrong review requested number (#26784) (#26880)
Giteabot [Sun, 3 Sep 2023 10:37:07 +0000 (18:37 +0800)]
Fix wrong review requested number (#26784) (#26880)

Backport #26784 by @lng2020

Fix the wrong review requested number mentioned by #18808 .
Fix #18808
Before:

![ksnip_20230829-140750](https://github.com/go-gitea/gitea/assets/70063547/0af2055b-6f16-4699-a944-c7186831d7f9)
After:

![ksnip_20230829-141817](https://github.com/go-gitea/gitea/assets/70063547/16633264-20ba-45e3-bfbb-a495ed76a45b)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
14 months agoRedirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues...
Giteabot [Fri, 1 Sep 2023 15:14:54 +0000 (23:14 +0800)]
Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (#26813) (#26847)

Backport #26813 by @JakobDev

You can currently visit `{repo}/issues/new` and create a blank issue,
even if it's disabled. This PR fixes this,

Fixes https://codeberg.org/forgejo/forgejo/issues/1356

Co-authored-by: JakobDev <jakobdev@gmx.de>
14 months agoAvoid double-unescaping of form value (#26853) (#26863)
wxiaoguang [Fri, 1 Sep 2023 13:15:00 +0000 (21:15 +0800)]
Avoid double-unescaping of form value (#26853) (#26863)

Backport #26853

The old `prepareQueryArg` did double-unescaping of form value.

14 months agoFix verifyCommits error when push a new branch (#26664) (#26810)
Giteabot [Thu, 31 Aug 2023 15:29:55 +0000 (23:29 +0800)]
Fix verifyCommits error when push a new branch (#26664) (#26810)

Backport #26664 by @CaiCandong

> ### Description
> If a new branch is pushed, and the repository has a rule that would
require signed commits for the new branch, the commit is rejected with a
500 error regardless of whether it's signed.
>
> When pushing a new branch, the "old" commit is the empty ID
(0000000000000000000000000000000000000000). verifyCommits has no
provision for this and passes an invalid commit range to git rev-list.
Prior to 1.19 this wasn't an issue because only pre-existing individual
branches could be protected.
>
> I was able to reproduce with
[try.gitea.io/CraigTest/test](https://try.gitea.io/CraigTest/test),
which is set up with a blanket rule to require commits on all branches.

Fix #25565
Very thanks to @Craig-Holmquist-NTI for reporting the bug and suggesting
an valid solution!

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
14 months agoSync tags when adopting repos (#26816) (#26834)
Giteabot [Thu, 31 Aug 2023 02:15:28 +0000 (10:15 +0800)]
Sync tags when adopting repos (#26816) (#26834)

Backport #26816 by @Zettat123

Fixes #26138

Sync the tags into database when adopting repos

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
14 months agocheck blocklist for emails when adding them to account (#26812) (#26831)
Giteabot [Thu, 31 Aug 2023 00:52:19 +0000 (08:52 +0800)]
check blocklist for emails when adding them to account (#26812) (#26831)

Backport #26812 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
14 months agoFix context filter has no effect in dashboard (#26695) (#26811)
yp05327 [Wed, 30 Aug 2023 11:14:54 +0000 (20:14 +0900)]
Fix context filter has no effect in dashboard (#26695) (#26811)

Backport #26695

14 months agoInclude the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)
js6pak [Wed, 30 Aug 2023 06:25:34 +0000 (08:25 +0200)]
Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)

Backport #26759

Co-authored-by: Jason Song <i@wolfogre.com>
14 months agoAdd fix incorrect can_create_org_repo for org owner team (#26683) (#26791)
Giteabot [Tue, 29 Aug 2023 21:26:40 +0000 (05:26 +0800)]
Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791)

Backport #26683 by @yp05327

Related to: #8312 #26491

In migration v109, we only added a new column `CanCreateOrgRepo` in Team
table, but not initial the value of it.
This may cause bug like #26491.

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
14 months agoFix some slice append usages (#26778) (#26798)
Giteabot [Tue, 29 Aug 2023 16:13:24 +0000 (00:13 +0800)]
Fix some slice append usages (#26778) (#26798)

Backport #26778 by @harryzcy

Co-authored-by: Chongyi Zheng <git@zcy.dev>
Co-authored-by: delvh <dev.lh@web.de>
14 months agoFix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785...
Giteabot [Tue, 29 Aug 2023 10:06:05 +0000 (18:06 +0800)]
Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790)

Backport #26785 by @CaiCandong

## Description
Sometimes, we need to use an upstream mirror repository to update the
current development repository, but mirror repositories are prohibited
from PR. It should not appear in `merge to,` but it can appear in `pull
from.`
Fix #24585 #26193 #26781
Related #24183

Many thanks to @apnote  for assisting me in reproducing this bug!

## ScreenShot
---
### Before

<img
src="https://github.com/go-gitea/gitea/assets/50507092/3d76c376-1f54-45b9-80c9-6ba8319d6a9a"
width="400px">

<img
src="https://github.com/go-gitea/gitea/assets/50507092/fbfd9f7f-421f-4a2e-9a3e-f2958bbf3312"
width="400px">

### After

<img
src="https://github.com/go-gitea/gitea/assets/50507092/e6984524-4f61-4310-b795-4d8598bd8963"
width="400px">

<img
src="https://github.com/go-gitea/gitea/assets/50507092/04065b44-78d7-4721-bf31-0f1674150727"
width="400px">

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
14 months agoImprove the "bug report" template and "support options" document (#26753) (#26780)
Giteabot [Mon, 28 Aug 2023 23:57:21 +0000 (07:57 +0800)]
Improve the "bug report" template and "support options" document (#26753) (#26780)

Backport #26753 by @wxiaoguang

* `/help/support` is a better document than
`/administration/logging-config` for bug reporting
* Improve `support.en-us.md`
    * Move/add detailed contents into `Advanced Bug Report Tips` section
    * Merge `Chinese Support` section into `Support Options`

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
14 months ago Use docs.gitea.com instead of docs.gitea.io (#26769)
Lunny Xiao [Mon, 28 Aug 2023 11:58:16 +0000 (19:58 +0800)]
 Use docs.gitea.com instead of docs.gitea.io (#26769)

backport #26739

14 months agoFix Page Not Found error (#26768)
xpume [Mon, 28 Aug 2023 10:07:38 +0000 (18:07 +0800)]
Fix Page Not Found error (#26768)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
14 months agoFix bug for ctx usage (#26763)
Lunny Xiao [Mon, 28 Aug 2023 04:20:31 +0000 (12:20 +0800)]
Fix bug for ctx usage (#26763)

Fix #26684
Backport #26762

14 months agoFix incorrect "tabindex" attributes (#26733) (#26734)
wxiaoguang [Sat, 26 Aug 2023 02:44:17 +0000 (10:44 +0800)]
Fix incorrect "tabindex" attributes (#26733) (#26734)

Backport #26733 manually

Co-authored-by: Giteabot <teabot@gitea.io>
14 months agoFix link in mirror docs (#26719) (#26732)
Giteabot [Fri, 25 Aug 2023 17:14:43 +0000 (01:14 +0800)]
Fix link in mirror docs (#26719) (#26732)

Backport #26719 by @silverwind

Fix hash fragment in this link

Co-authored-by: silverwind <me@silverwind.io>
14 months agoAdd matrix to support (#26382) (#26722)
Giteabot [Fri, 25 Aug 2023 05:55:53 +0000 (13:55 +0800)]
Add matrix to support (#26382) (#26722)

Backport #26382 by @jolheiser

This PR adds our matrix space to the support options and alphabetizes
the list.

I also considered adding our Mastodon, however that isn't as suitable as
the other options because it's just whoever has access to the account vs
a community chat/forum.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
15 months agoMake issue template field template access correct template data (#26698) (#26709)
Giteabot [Thu, 24 Aug 2023 11:40:55 +0000 (19:40 +0800)]
Make issue template field template access correct template data (#26698) (#26709)

Backport #26698 by @wxiaoguang

Regression of #23092, the `{{$field := .}}` was missing during that
refactoring.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoBackport line height fix (#26708)
wxiaoguang [Thu, 24 Aug 2023 10:39:09 +0000 (18:39 +0800)]
Backport line height fix (#26708)

Backport the `line-height: normal`, because #26520 was backported

15 months agoPrefer variables over subprocesses (#26690) (#26693)
Giteabot [Wed, 23 Aug 2023 12:53:44 +0000 (20:53 +0800)]
Prefer variables over subprocesses (#26690) (#26693)

Backport #26690 by @thomas-mc-work

… because it doesn't require a separate shell, spawning a process which
cost unnecessary resources and takes time.

Co-authored-by: Thomas McWork <thomas.mc.work@posteo.de>
15 months agoadd mfa doc (#26654) (#26674)
Giteabot [Wed, 23 Aug 2023 01:57:01 +0000 (09:57 +0800)]
add mfa doc (#26654) (#26674)

Backport #26654 by @lunny

copy and modified from #14572

> Whilst debating enforcing MFA within our team, I realised there isn't
a lot of context to the side effects of enabling it. Most of us use Git
over HTTP and would need to add a token.

I plan to add another PR that adds a sentence to the UI about needing to
generate a token when enabling MFA if HTTP is to be used.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
15 months agoupdate config docs url (#26640) (#26642)
Giteabot [Mon, 21 Aug 2023 18:15:14 +0000 (02:15 +0800)]
update config docs url (#26640) (#26642)

Backport #26640 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
15 months agoFix unable to display individual-level project (#26198) (#26636)
Giteabot [Mon, 21 Aug 2023 17:38:06 +0000 (01:38 +0800)]
Fix unable to display individual-level project (#26198) (#26636)

Backport #26198 by @CaiCandong

As title

Before:

![image](https://github.com/go-gitea/gitea/assets/50507092/94afc3bf-5597-4151-a59b-5632840ffa21)

After:

![image](https://github.com/go-gitea/gitea/assets/50507092/df81aa0b-98a6-477d-a270-2e45b3dca0fc)

fix #26189

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
15 months agoUse correct minio error (#26634) (#26639)
Giteabot [Mon, 21 Aug 2023 16:51:30 +0000 (00:51 +0800)]
Use correct minio error (#26634) (#26639)

Backport #26634 by @delvh

Previously, `err` was defined above, checked for `err == nil` and used
nowhere else.
Hence, the result of `convertMinioErr` would always be `nil`.
This leads to a NPE further down the line.
That is not intentional, it should convert the error of the most recent
operation, not one of its predecessors.

Found through
https://discord.com/channels/322538954119184384/322538954119184384/1143185780206993550.

Co-authored-by: delvh <dev.lh@web.de>
15 months agofix reopen logic for agit flow pull request (#26399) (#26613)
a1012112796 [Mon, 21 Aug 2023 13:13:34 +0000 (21:13 +0800)]
fix reopen logic for agit flow pull request (#26399) (#26613)

Backport #26399

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Giteabot <teabot@gitea.io>
15 months agoAdd `branch_filter` to hooks API endpoints (#26599) (#26632)
Giteabot [Mon, 21 Aug 2023 12:17:19 +0000 (20:17 +0800)]
Add `branch_filter` to hooks API endpoints (#26599) (#26632)

Backport #26599 by @yardenshoham

We now include the branch filler in the response.

- Closes #26591

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
15 months agoIgnore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
Giteabot [Mon, 21 Aug 2023 06:19:43 +0000 (14:19 +0800)]
Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)

Backport #26597 by @wxiaoguang

Fix #26526

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoSet errwriter for urfave/cli v1 (#26616)
John Olheiser [Mon, 21 Aug 2023 04:02:40 +0000 (23:02 -0500)]
Set errwriter for urfave/cli v1 (#26616)

Resolves #26615

15 months agoUpdate 1.20.3 changelog (#26609) (#26610) v1.20.3
Giteabot [Sun, 20 Aug 2023 19:25:55 +0000 (03:25 +0800)]
Update 1.20.3 changelog (#26609) (#26610)

Backport #26609 by @delvh

Co-authored-by: delvh <dev.lh@web.de>
15 months agoUse "input" event instead of "keyup" event for migration form (#26602) (#26605)
Giteabot [Sun, 20 Aug 2023 15:29:16 +0000 (23:29 +0800)]
Use "input" event instead of "keyup" event for migration form (#26602) (#26605)

Backport #26602 by @wxiaoguang

Otherwise, "pasted" content won't update the UI.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoDo not use deprecated log config options by default (#26592) (#26600)
Giteabot [Sun, 20 Aug 2023 08:11:57 +0000 (16:11 +0800)]
Do not use deprecated log config options by default (#26592) (#26600)

Backport #26592 by @wxiaoguang

Simplify the log config

* Remove unnecessary `ROUTER` config, it defaults to the `MODE`.
* `XORM` config was deprecated

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoFix project filter bugs (#26490) (#26558)
CaiCandong [Sat, 19 Aug 2023 10:21:45 +0000 (18:21 +0800)]
Fix project filter bugs (#26490) (#26558)

Backport  #26490

related: #26012

1. missing project filter on the issue page.

https://github.com/go-gitea/gitea/blob/1e76a824bcd71acd59cdfb2c4547806bc34b3d86/modules/indexer/issues/dboptions.go#L11-L15
2. incorrect SQL condition: some issue does not belong to a project but
exists on the project_issue table.

https://github.com/go-gitea/gitea/blob/f5dbac9d36f1678b928bee04e85fbd045c725698/models/issues/issue_search.go#L233

![before](https://github.com/go-gitea/gitea/assets/50507092/1dcde39e-3e2f-4151-b2c6-4d67bf493c2f)

![after](https://github.com/go-gitea/gitea/assets/50507092/badfb81f-056d-4a2f-9838-1cba9c15768d)

15 months agoAdd minimum polyfill to support "relative-time-element" in PaleMoon (#26575) (#26578)
Giteabot [Fri, 18 Aug 2023 09:54:52 +0000 (17:54 +0800)]
Add minimum polyfill to support "relative-time-element" in PaleMoon (#26575) (#26578)

Backport #26575 by @wxiaoguang

Close #26525

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoFix "issueReposQueryPattern does not match query" (#26556) (#26564)
Giteabot [Thu, 17 Aug 2023 13:13:00 +0000 (21:13 +0800)]
Fix "issueReposQueryPattern does not match query" (#26556) (#26564)

Backport #26556 by @wolfogre

Fix
`https://github.com/go-gitea/gitea/pull/26545#discussion_r1295734340`

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoSync repo's IsEmpty status correctly (#26517) (#26560)
Giteabot [Thu, 17 Aug 2023 05:12:14 +0000 (13:12 +0800)]
Sync repo's IsEmpty status correctly (#26517) (#26560)

Backport #26517 by @wxiaoguang

Close #26509

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoFix typo of RunerOwnerID (#26508) (#26528)
Giteabot [Wed, 16 Aug 2023 06:28:39 +0000 (14:28 +0800)]
Fix typo of RunerOwnerID (#26508) (#26528)

Backport #26508 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
15 months agoFix NuGet search endpoints (#25613) (#26499)
KN4CK3R [Wed, 16 Aug 2023 06:01:20 +0000 (08:01 +0200)]
Fix NuGet search endpoints (#25613) (#26499)

Backport of #25613

Fixes #25564
Fixes #23191

- Api v2 search endpoint should return only the latest version matching
the query
- Api v3 search endpoint should return `take` packages not package
versions

15 months agoFix dark theme highlight for "NameNamespace" (#26519) (#26527)
Giteabot [Tue, 15 Aug 2023 23:31:29 +0000 (07:31 +0800)]
Fix dark theme highlight for "NameNamespace" (#26519) (#26527)

Backport #26519 by @wxiaoguang

The color is taken from "Name"

Before:

![image](https://github.com/go-gitea/gitea/assets/2114189/b94d7521-770c-4e14-a63b-f30c44fe883f)

After:

![image](https://github.com/go-gitea/gitea/assets/2114189/d99c1f13-a0c0-4dc8-82ab-bfdd451e46ec)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoUse `hidden` over `clip` for text truncation (#26520) (#26522)
Giteabot [Tue, 15 Aug 2023 13:34:08 +0000 (21:34 +0800)]
Use `hidden` over `clip` for text truncation (#26520) (#26522)

Backport #26520 by @silverwind

Avoid browser bugs:

- Firefox not cutting off -
https://github.com/go-gitea/gitea/pull/26354#issuecomment-1678456052
- Safari not showing ellipsis -
https://github.com/go-gitea/gitea/pull/26354#issuecomment-1678812801

Co-authored-by: silverwind <me@silverwind.io>
15 months agoSet "type=button" for editor's toolbar buttons (#26510) (#26518)
Giteabot [Tue, 15 Aug 2023 12:10:50 +0000 (20:10 +0800)]
Set "type=button" for editor's toolbar buttons (#26510) (#26518)

Backport #26510 by @wxiaoguang

The editor usually is in a form, so the buttons should have
"type=button", avoid conflicting with the form's submit.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoDetect ogg mime-type as audio or video (#26494) (#26505)
Giteabot [Tue, 15 Aug 2023 03:15:26 +0000 (11:15 +0800)]
Detect ogg mime-type as audio or video (#26494) (#26505)

Backport #26494 by @wxiaoguang

"ogg" is just a "container" format for audio and video.

Golang's `DetectContentType` only reports "application/ogg" for
potential ogg files.

Actually it could do more "guess" to see whether it is a audio file or a
video file.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoUse `object-fit: contain` for oauth2 custom icons (#26493) (#26498)
Giteabot [Mon, 14 Aug 2023 16:56:15 +0000 (00:56 +0800)]
Use `object-fit: contain` for oauth2 custom icons (#26493) (#26498)

Backport #26493 by @wxiaoguang

It works for various sizes.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoMove dropzone progress bar to bottom to show filename when uploading (#26492) (#26497)
Giteabot [Mon, 14 Aug 2023 15:55:18 +0000 (23:55 +0800)]
Move dropzone progress bar to bottom to show filename when uploading (#26492) (#26497)

Backport #26492 by @wxiaoguang

1. Make the "filename" visible
2. Avoiding UI flicker when the uploading is completing

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoFix storage path logic especially for relative paths (#26441) (#26481)
Giteabot [Mon, 14 Aug 2023 02:38:18 +0000 (10:38 +0800)]
Fix storage path logic especially for relative paths (#26441) (#26481)

Backport #26441 by @lunny

This PR rewrites the function `getStorage` and make it more clear.

Include tests from #26435, thanks @earl-warren

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
15 months agoAdd ThreadID parameter for Telegram webhooks (#25996) (#26480)
Giteabot [Mon, 14 Aug 2023 00:55:17 +0000 (08:55 +0800)]
Add ThreadID parameter for Telegram webhooks (#25996) (#26480)

Backport #25996

Telegram has recently implemented threads (channels) for group chats.

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: neveraskedtoexist <matikot415@gmail.com>
15 months agoClose stdout correctly for "git blame" (#26470) (#26473)
Giteabot [Sun, 13 Aug 2023 08:00:28 +0000 (16:00 +0800)]
Close stdout correctly for "git blame" (#26470) (#26473)

Backport #26470 by @wxiaoguang

Close stdout correctly for "git blame", otherwise the failed "git blame"
would cause the request hanging forever.

And "os.Stderr" should never (seldom) be used as git command's stderr
(there seems some similar problems in code, they could be fixed later).

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoRemove last newline from config file (#26468) (#26471)
Giteabot [Sat, 12 Aug 2023 16:19:33 +0000 (00:19 +0800)]
Remove last newline from config file (#26468) (#26471)

Backport #26468 by @wxiaoguang

When users put the secrets into a file (GITEA__sec__KEY__FILE), the
newline sometimes is different to avoid (eg: echo/vim/...)

So the last newline could be removed when reading, it makes the users
easier to maintain the secret files.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
15 months agoCheck first if minio bucket exists before trying to create it (#26420) (#26465)
Giteabot [Sat, 12 Aug 2023 09:00:51 +0000 (17:00 +0800)]
Check first if minio bucket exists before trying to create it (#26420) (#26465)

Backport #26420 by @lunny

For some reason, the permission of the client_id and secret may cannot
create bucket, so now we will check whether bucket does exist first and
then try to create a bucket if it doesn't exist.

Try to fix #25984

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
15 months agoAvoiding accessing undefined tributeValues #26461 (#26462)
wxiaoguang [Sat, 12 Aug 2023 08:30:29 +0000 (16:30 +0800)]
Avoiding accessing undefined tributeValues #26461  (#26462)

Backport #26461