Issue template addition: Are you using Gitea behind CloudFlare? (#14098)
* chore: are you using Gitea behind CloudFlare
since more often than not CF appears to serve stale cache and cause
troubles, I'd argue it might be helpful to ask about it in this here
issue template
* implement suggestion: change question to comment
* as per @techknowlogick's suggestion
* chore: edit comment
* implement @mrsdizzie's suggestion
* as the comment grows, rather span multiple lines
* Gitea --> gitea to match case used in the rest of the template
zeripath [Thu, 18 Feb 2021 01:32:14 +0000 (01:32 +0000)]
Remove NULs byte arrays passed to PostProcess (#14587)
PostProcess is supposed to be parsing and handling HTML
fragments, but on fuzzing it appears that there is a weird
issue with NUL elements that could cause a memory address
error in downstream libraries.
The simplest solution is to strip out the weird NULs - they
should not be there in any case and would be stripped out
anyway.
zeripath [Wed, 17 Feb 2021 19:32:47 +0000 (19:32 +0000)]
Use cat-file --batch in GetLanguageStats (#14685)
* Use cat-file --batch in GetLanguageStats
This PR moves to using a single cat-file --batch in GetLanguageStats
significantly reducing the number of processes spawned during language stat
processing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update modules/git/repo_language_stats_nogogit.go
zeripath [Tue, 16 Feb 2021 03:03:32 +0000 (03:03 +0000)]
Add fullTextSearch to dropdowns by default (#14694)
This PR adds `fullTextSearch: 'exact'` to most dropdown
invocations meaning that if there is a search box for the
dropdown it will automatically do a fullTextSearch looking
for the provided fragment instead of starting at the beginning
We should consider changing other places that use
`fullTextSearch: true` to `'exact'` because these will be using a
fuzzy-textual search that doesn't necessarily return the
expected results.
Allow blocking some email domains from registering an account (#14667)
Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account.
The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that.
The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful.
zeripath [Sun, 14 Feb 2021 14:51:00 +0000 (14:51 +0000)]
Fix broken spans in diffs (#14678)
Gitea runs diff on highlighted code fragment for each line in order to provide
code highlight diffs. Unfortunately this diff algorithm is not aware that span tags
and entities are atomic and cannot be split.
The current fixup code makes some attempt to fix these broken tags however, it cannot
handle situations where a tag is split over multiple blocks.
This PR provides a more algorithmic fixup mechanism whereby spans and entities are
completely coalesced into their respective blocks.
This may result in a incompletely reduced diff but - it will definitely prevent the
broken entities and spans that are currently possible.
As a result of this fixup several inconsistencies were discovered in our testcases
and these were also fixed.
zeripath [Sat, 13 Feb 2021 19:41:53 +0000 (19:41 +0000)]
Prevent template renderer from rendering error (#14646)
When there is a panic during template rendering unrolled/render
will automatically render the error. This leads to the
panic being displayed in the page and not a 500 page
vnkmpf [Fri, 12 Feb 2021 01:29:07 +0000 (02:29 +0100)]
Fix truncated organization names (#14655)
* Fix truncated organization names
Previous ellipsis implementation hid vertical overflow - image + descent line of letters.
Organization visibility in select on dashboard was not always visible.
This commit extracts classes which don't make collisions with other items on page.
Anton Khimich [Thu, 11 Feb 2021 19:53:41 +0000 (14:53 -0500)]
Fix PATCH /repos/{owner}/{repo} panic (#14637)
* Fix a runtime error when modifying a repository through API call
Using the `PATCH /repos/{owner}/{repo}` endpoint and attempting to
modify `default_branch` on an empty repository will cause a
panic. This commit adds a check for a nil pointer before attempting
to dereference it.
* Apply suggestions from code review
* Apply suggestions from code review
* Ensure that the git repository is loaded
If you change the default branch for a repository you must change it in
git too. Therefore you must open the repository before changing the
default branch.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow empty repos to have their default branches changed
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
vnkmpf [Thu, 11 Feb 2021 18:28:51 +0000 (19:28 +0100)]
Make fileheader sticky in diffs (#14616)
* Make fileheader sticky #12552
* Remove sticky filenames when width is 480px or less
On mobile phone sticky filename is hidden due to the combination
of many possible widths and lengths.
* Fix text color for .markdown-info
* Fix visual of sticky diff box on 480px or less
- Hide arrow for select buttons.
- Fix changes, additions and deletions.
With flexbox they look very broken.
This commit hides some words to, so the result is:
"123 changed files 987 additions 456 deletions"
- center text in buttons
This mod introduces DISABLE_WEB_HOOKS parameter in [security] section
of app.ini (by default set to false). If set to true it disables web
hooks feature. Any existing undelivered web hook tasks will be cancelled.
Any existing web hook definitions will be left untouched in db but
its delivery tasks will be ignored.
zeripath [Wed, 10 Feb 2021 07:00:57 +0000 (07:00 +0000)]
HasPreviousCommit causes recursive load of commits unnecessarily (#14598)
This PR improves HasPreviousCommit to prevent the automatic and recursive loading
of previous commits using git merge-base --is-ancestor and git rev-list
zeripath [Sun, 7 Feb 2021 21:04:58 +0000 (21:04 +0000)]
Remove spurious DataAsync Error logging (#14599)
Breaking the pipe is a valid way of killing a piped command and any error from
a broken cat-file batch command should be passed back up to the writer any way
therefore specifically logging it is unnecessary.
Farid AYOUJIL [Fri, 5 Feb 2021 20:10:40 +0000 (21:10 +0100)]
Add Content-Length header to HEAD requests (#14542)
* Add Content-Length header to HEAD requests
This change adds the header Content-Length to HEAD HTTP requests.
The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.
This along with PR #14541, makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."
This should also respond to issues #8030 and #14532.
* This change adds the header Content-Length to HEAD HTTP requests
Pass the Size of the content as a parameter to ServeData() instead of
calculating it using ioutil.ReadAll(reader) --> this call is dangerous
and can result in a denial of service.
Anton Khimich [Thu, 4 Feb 2021 09:16:21 +0000 (04:16 -0500)]
Fix gpg key deletion (#14561)
* Fix GPG key deletion when user is deleted
Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.
* Format added code in models/user.go
* Create a new function for listing GPG keys and apply it
Create a new function `listGPGKeys` and replace a previous use
of `ListGPGKeys`. Thanks to @6543 for the patch.
Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca> Co-authored-by: 6543 <6543@obermui.de>
zeripath [Sat, 30 Jan 2021 15:24:25 +0000 (15:24 +0000)]
Set the name Mapper in migrations (#14526)
Migrations currently uses the default Xorm mapper which is
not the same as the mapper Gitea actually uses.
This means that there is a difference between the struct
parsing and mapping to database tables in migrations as
compared to normal Sync2.
This was the cause for the catastrophic problem in v168 -
untagged fields are not mapped in the same way in migrations
as compared to outside of migrations.
This is also likely the cause of some weird subtle failures
in other migrations as any untagged field may not be being
mapped exactly the same way.
This PR suggests that we ensure that the mapper is set at
the start of the migrations code - but also enforces a strict
clean mapper between each migration.
projects / gitea.git / log