]> source.dussan.org Git - gitea.git/log
gitea.git
2 years agoFix broken when no commits and default branch is not master (#18424)
Lunny Xiao [Fri, 28 Jan 2022 06:48:18 +0000 (14:48 +0800)]
Fix broken when no commits and default branch is not master (#18424)

* Fix broken when no commits and default branch is not master

* Fix IsEmpty check

* Improve codes

2 years agoOnly view milestones from current repo (#18414) (#18418)
zeripath [Wed, 26 Jan 2022 22:09:35 +0000 (22:09 +0000)]
Only view milestones from current repo (#18414) (#18418)

Backport #18414

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix restore without topic failure (#18387) (#18401)
Lunny Xiao [Wed, 26 Jan 2022 03:16:13 +0000 (11:16 +0800)]
Fix restore without topic failure (#18387) (#18401)

Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix commit's time (#18375) (#18409)
Gusted [Tue, 25 Jan 2022 21:50:02 +0000 (21:50 +0000)]
Fix commit's time (#18375) (#18409)

- Backport of #18375

2 years agoFix mermaid import (it uses ESModule now) (#18382)
wxiaoguang [Mon, 24 Jan 2022 13:40:51 +0000 (21:40 +0800)]
Fix mermaid import (it uses ESModule now) (#18382)

2 years agoUpdate to go/text 0.3.7 (#18336)
zeripath [Wed, 19 Jan 2022 20:44:01 +0000 (20:44 +0000)]
Update to go/text 0.3.7 (#18336)

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoBackport: Upgrade EasyMDE 2.16.1 (package-lock.json) (#18301)
wxiaoguang [Mon, 17 Jan 2022 10:32:26 +0000 (18:32 +0800)]
Backport: Upgrade EasyMDE 2.16.1 (package-lock.json) (#18301)

* Upgrade EasyMDE 2.16.1
* Update CodeMirror 5.65.0
* Update caniuse-lite (suggested by npm)

2 years agoUpgrade EasyMDE to 2.16.1 (#18279)
wxiaoguang [Sat, 15 Jan 2022 11:18:30 +0000 (19:18 +0800)]
Upgrade EasyMDE to 2.16.1 (#18279)

2 years agoChangelog for 1.15.10 (#18274) v1.15.10
Richard Mahn [Fri, 14 Jan 2022 18:48:42 +0000 (13:48 -0500)]
Changelog for 1.15.10 (#18274)

[1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14

* BUGFIXES
  * Fix inconsistent PR comment counts (#18260) (#18261)
  * Fix release link broken (#18252) (#18253)
  * Fix update user from site administration page bug (#18250) (#18251)
  * Set HeadCommit when creating tags (#18116) (#18173)
  * Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
  * Fix purple color in suggested label colors (#18241) (#18242)
* SECURITY
  * Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)

2 years agoFix release link broken (#18253)
Lunny Xiao [Fri, 14 Jan 2022 01:49:25 +0000 (09:49 +0800)]
Fix release link broken (#18253)

* Fix release link broken

* Fix unsupported compare

* Fix another place

2 years agofix regression from #16075 (#18261)
Norwin [Thu, 13 Jan 2022 16:13:08 +0000 (17:13 +0100)]
fix regression from #16075 (#18261)

we don't want reviews to count towards comments, as this needs changes
in other components as well (eg repo stats cron job, etc).

2 years agoFix update user bug (#18251)
Lunny Xiao [Wed, 12 Jan 2022 14:10:03 +0000 (22:10 +0800)]
Fix update user bug (#18251)

2 years agoFix purple color in suggested label colors (#18242)
silverwind [Tue, 11 Jan 2022 18:12:51 +0000 (10:12 -0800)]
Fix purple color in suggested label colors (#18242)

This looks like a typo that was introduced when these colors were added,
causing what is supposed to be purple show up as green.

2 years agoFix mermaid rendering in milestone dashboard (#18214)
silverwind [Sat, 8 Jan 2022 16:59:36 +0000 (08:59 -0800)]
Fix mermaid rendering in milestone dashboard (#18214)

Fixes: https://github.com/go-gitea/gitea/issues/18200
2 years agoBump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
zeripath [Fri, 7 Jan 2022 22:26:14 +0000 (22:26 +0000)]
Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)

Updates to latest mermaid.

Backport #18198

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoSet HeadCommit when creating tags. (#18116) (#18173)
Lunny Xiao [Tue, 4 Jan 2022 01:22:10 +0000 (09:22 +0800)]
Set HeadCommit when creating tags. (#18116) (#18173)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoUse correct translation key for error messages due to max repo limits (#18135 & ...
Gusted [Sun, 2 Jan 2022 02:39:23 +0000 (02:39 +0000)]
Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)

- Backport #18135
- Backport #18153

2 years agoFix wrong redirect on org labels (#18128) (#18134) v1.15.9
Lunny Xiao [Thu, 30 Dec 2021 16:08:42 +0000 (00:08 +0800)]
Fix wrong redirect on org labels (#18128) (#18134)

* Fix wrong redirect on org labels (#18128)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoDoc: add missing bug fix to changelog (#18133)
DuckDuckWhale [Thu, 30 Dec 2021 15:42:25 +0000 (07:42 -0800)]
Doc: add missing bug fix to changelog (#18133)

2 years agoChangelog v1.15.9 (#18115)
zeripath [Thu, 30 Dec 2021 05:03:04 +0000 (05:03 +0000)]
Changelog v1.15.9 (#18115)

* BUGFIXES
  * Revert "Fix delete u2f keys bug (#18042)" (#18107)
  * Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
  * Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
  * Reset locale on login (#17734) (#18100)
  * Correctly handle failed migrations (#17575) (#18099)
  * Instead of using routerCtx just escape the url before routing (#18086) (#18098)
  * Quote references to the user table in consistency checks (#18072) (#18073)
  * Add NotFound handler (#18062) (#18067)
  * Ensure that git repository is closed before transfer (#18049) (#18057)
  * Use common sessioner for API and web routes (#18114)
* TRANSLATION
  * Fix code search result hint on zh-CN (#18053)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix: unstable sort skips/duplicates issues across pages (#18095)
DuckDuckWhale [Wed, 29 Dec 2021 11:44:34 +0000 (03:44 -0800)]
Fix: unstable sort skips/duplicates issues across pages (#18095)

When viewing issues in sorted order, some issues are duplicated across
pages and some are missing.  This is caused by the lack of tie-breakers
in database queries, making pagination inconsistent.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoUse common sessioner for API and web routes (#18114)
zeripath [Tue, 28 Dec 2021 22:15:01 +0000 (22:15 +0000)]
Use common sessioner for API and web routes (#18114)

* Use common sessioner for API and web routes

Since the regenerate session ID PR some users of the memory session provider have been
reporting difficulties with getting API results.

I am uncertain as to why this is happening - but I think that the sessioner being
created twice may be a potential cause for this. Therefore this PR attempts to move
this out to a common sessioner as it is in 1.16.

Fix #18070

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update routers/init.go

2 years agoMigrating wiki don't require token, so we should move it out of the require form...
Lunny Xiao [Mon, 27 Dec 2021 01:33:32 +0000 (09:33 +0800)]
Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)

* Migrating wiki don't require token, so we should move it out of the require form

* Fix lint

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoRevert "Fix delete u2f keys bug (#18042)" (#18107)
Lunny Xiao [Sun, 26 Dec 2021 14:57:00 +0000 (22:57 +0800)]
Revert "Fix delete u2f keys bug (#18042)" (#18107)

This reverts commit 91f5be889af4081b05d63aadecb1373689e1f57c.

2 years agoInstead of using routerCtx just escape the url before routing (#18086) (#18098)
zeripath [Sun, 26 Dec 2021 10:32:04 +0000 (10:32 +0000)]
Instead of using routerCtx just escape the url before routing (#18086) (#18098)

Backport #18086

A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing #18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.

Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.

Fix #17938
Fix #18060
Replace #18062
Replace #17997

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoPrevent NPE if gitea uploader fails to open url (#18080) (#18101)
zeripath [Sun, 26 Dec 2021 09:22:10 +0000 (09:22 +0000)]
Prevent NPE if gitea uploader fails to open url (#18080) (#18101)

Backport #18080

If http.Get() returns an error return nil and err before attempting to
use the broken file.

Thanks to walker xiong for spotting this bug.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoCorrectly handle failed migrations (#17575) (#18099)
zeripath [Sat, 25 Dec 2021 15:45:51 +0000 (15:45 +0000)]
Correctly handle failed migrations (#17575) (#18099)

* Correctly handle failed migrations

There is a bug in handling failed migrations whereby the migration task gets decoupled
from the migration repository. This leads to a failure of the task to get deleted with
the repository and also leads to the migration failed page resulting in a ISE.

This PR removes the zeroing out of the task id from the migration but also makes
the migration handler tolerate missing tasks much nicer.

Fix #17571

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoReset locale on login (#17734) (#18100)
zeripath [Sat, 25 Dec 2021 13:31:23 +0000 (13:31 +0000)]
Reset locale on login (#17734) (#18100)

Backport #17734

When logging in reset the user's locale to ensure that it matches their
preferred locale.

Fix #15612

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoQuote references to the user table in consistency checks (#18072) (#18073)
zeripath [Wed, 22 Dec 2021 23:29:05 +0000 (23:29 +0000)]
Quote references to the user table in consistency checks (#18072) (#18073)

Backport #18072

Although #17487 ensured that the table was quoted in the join it missed that the
query part of the check also needed to be quoted.

Fix #17485

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoAdd NotFound handler (#18062) (#18067)
zeripath [Wed, 22 Dec 2021 15:26:37 +0000 (15:26 +0000)]
Add NotFound handler (#18062) (#18067)

Backport #18062

PR #17997 means that urls with terminal '/' are no longer immediately mapped
to the url without a terminal slash. However, it has revealed that the NotFound handler
appears to have been lost.

This PR adds back in a NotFound handler that simply redirects to a path without the
terminal slash or runs the NotFound handler.

Fix #18060

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoEnsure that git repository is closed before transfer (#18049) (#18057)
zeripath [Tue, 21 Dec 2021 18:27:46 +0000 (18:27 +0000)]
Ensure that git repository is closed before transfer (#18049) (#18057)

Backport #18049

Repository Transfer requires that the repository directory is renamed - which
is not possible on Windows if the git repository is open.

Fix #17885

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix code search result hint on zh-CN (#18053)
Lunny Xiao [Tue, 21 Dec 2021 08:08:06 +0000 (16:08 +0800)]
Fix code search result hint on zh-CN (#18053)

2 years agoUpdate Changelog (#18047) v1.15.8
zeripath [Tue, 21 Dec 2021 03:12:46 +0000 (03:12 +0000)]
Update Changelog (#18047)

2 years agoFix delete u2f keys bug (#18042)
Lunny Xiao [Mon, 20 Dec 2021 20:53:25 +0000 (04:53 +0800)]
Fix delete u2f keys bug (#18042)

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoMove POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
zeripath [Mon, 20 Dec 2021 20:53:08 +0000 (20:53 +0000)]
Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)

Backport #18045

The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.

Fix #18037

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoReset Session ID on login (#18018) (#18041)
zeripath [Mon, 20 Dec 2021 20:06:54 +0000 (20:06 +0000)]
Reset Session ID on login (#18018) (#18041)

Backport #18018

When logging in the SessionID should be reset and the session cleaned up.

Also logs the user in on completion of linking account

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoPrevent off-by-one error on comments on newly appended lines (#18029) (#18035)
zeripath [Mon, 20 Dec 2021 16:38:58 +0000 (16:38 +0000)]
Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)

* Prevent off-by-one error on comments on newly appended lines (#18029)

Backport #18029

There was a bug in CutDiffAroundLine whereby if a file without a terminal new line
has a patch which appends lines to it and a comment is placed on one of those lines
the comment diff will be a line out of place.

This fixes CutDiffAroundLine to simply ignore the missing terminal newline - however,
we should really improve this rendering to add a marker to say that there was a
previously missing terminal newline.

Fix #17875

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoChangelog 1.15.8 (#18026)
zeripath [Mon, 20 Dec 2021 10:32:07 +0000 (10:32 +0000)]
Changelog 1.15.8 (#18026)

## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-19

* BUGFIXES
  * Reset locale on login (#18023) (#18025)
  * Fix reset password email template (#17025) (#18022)
  * Fix outType on gitea dump (#18000) (#18016)
  * Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
  * Fix rename notification bug (#18011)
  * Prevent double decoding of % in url params  (#17997) (#18001)
  * Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
  * Prevent deadlock in create issue (#17970) (#17982)
* TESTING
  * Use non-expiring key. (#17984) (#17985)

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update CHANGELOG.md

Co-authored-by: 6543 <6543@obermui.de>
2 years agoStop printing 03d after escaped characters in logs (#18030) (#18034)
zeripath [Sun, 19 Dec 2021 21:35:29 +0000 (21:35 +0000)]
Stop printing 03d after escaped characters in logs (#18030) (#18034)

Backport #18030

Strangely a weird bug was present in the log escaping code whereby any escaped
character would gain 03d - this was due to a mistake in the format string where
it should have read %03o but read instead %o03d. This has led to spurious 03d
trailing characters on these escaped characters!

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoReset locale on login (#18023) (#18025)
zeripath [Sun, 19 Dec 2021 15:04:31 +0000 (15:04 +0000)]
Reset locale on login (#18023) (#18025)

Backport #18023

Although we reset the locale in a number of places there were several ways of logging in that were missing the same code.

Fix #18020

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoFix reset password email template (#17025) (#18022)
zeripath [Sat, 18 Dec 2021 22:55:26 +0000 (22:55 +0000)]
Fix reset password email template (#17025) (#18022)

2 years agobackport: fix outType on gitea dump (#18016)
Gusted [Sat, 18 Dec 2021 01:55:24 +0000 (02:55 +0100)]
backport: fix outType on gitea dump (#18016)

- Backport from #18000

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoFix rename notification bug (#18011)
Lunny Xiao [Fri, 17 Dec 2021 23:59:08 +0000 (07:59 +0800)]
Fix rename notification bug (#18011)

2 years agoEnsure complexity, minlength and ispwned are checked on password setting (#18005...
zeripath [Fri, 17 Dec 2021 21:24:59 +0000 (21:24 +0000)]
Ensure complexity, minlength and ispwned are checked on password setting (#18005) (#18015)

Backport #18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoPrevent hang in git cat-file if the repository is not a valid repository (Partial...
zeripath [Fri, 17 Dec 2021 02:08:00 +0000 (02:08 +0000)]
Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)

* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991)

Unfortunately it appears that if git cat-file is run in an invalid
repository it will hang until stdin is closed. This will result in
deadlocked /pulls pages and dangling git cat-file calls if a broken
repository is tried to be reviewed or pulls exists for a broken
repository.

Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix compilation bug

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add the missing directories to the testrepos

* fixup! Add the missing directories to the testrepos

* and ensure that all of the other places have the objects directories too

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoPrevent double decoding of % in url params (#17997) (#18001)
zeripath [Thu, 16 Dec 2021 23:03:20 +0000 (23:03 +0000)]
Prevent double decoding of % in url params  (#17997) (#18001)

2 years agoPrevent deadlock in create issue (#17970) (#17982)
zeripath [Wed, 15 Dec 2021 02:06:40 +0000 (02:06 +0000)]
Prevent deadlock in create issue (#17970) (#17982)

2 years agoUse non-expiring key. (#17984) (#17985)
KN4CK3R [Tue, 14 Dec 2021 22:42:03 +0000 (23:42 +0100)]
Use non-expiring key. (#17984) (#17985)

2 years agoChangelog for v1.15.7 (#17871) v1.15.7
Lunny Xiao [Thu, 2 Dec 2021 20:16:33 +0000 (04:16 +0800)]
Changelog for v1.15.7 (#17871)

* Changelog for v1.15.7

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoCheck if column exist before rename if exist, just return with no error (#17870)...
Lunny Xiao [Thu, 2 Dec 2021 17:12:11 +0000 (01:12 +0800)]
Check if column exist before rename if exist, just return with no error (#17870) (#17882)

* Check if column exist before rename if exist, just return with no error

* Also check if errors column exist

* Add comment for migration

* Fix sqlite test

2 years agofix 500 error while use a reserved name in org rename (#17878) (#17881)
a1012112796 [Thu, 2 Dec 2021 11:52:08 +0000 (19:52 +0800)]
fix 500 error while use a reserved name in org rename (#17878) (#17881)

fix #17876

Signed-off-by: a1012112796 <1012112796@qq.com>
2 years agoFix user primary email changed (#17840)
Lunny Xiao [Sun, 28 Nov 2021 11:04:44 +0000 (19:04 +0800)]
Fix user primary email changed (#17840)

3 years agoUse correct user on releases (#17818)
Gusted [Fri, 26 Nov 2021 07:06:26 +0000 (07:06 +0000)]
Use correct user on releases (#17818)

- Backport #17806

3 years agoFixed commit count (#17698) (#17790)
KN4CK3R [Thu, 25 Nov 2021 23:21:56 +0000 (00:21 +0100)]
Fixed commit count (#17698) (#17790)

* Fixed commit count (#17698)

Added "Tag" label.
Unified branch, tag and commit name.

* Keep 1.15 behaviour.

* Removed locale change.

3 years agoPreserve color when inverting emojis (#17799)
silverwind [Wed, 24 Nov 2021 14:43:22 +0000 (06:43 -0800)]
Preserve color when inverting emojis (#17799)

Fixes: https://github.com/go-gitea/gitea/issues/17795
3 years agobackport: use correct sender on title change (#17792)
Gusted [Wed, 24 Nov 2021 08:53:18 +0000 (08:53 +0000)]
backport: use correct sender on title change (#17792)

3 years agoFix close issue but time watcher still running (#17761)
Lunny Xiao [Tue, 23 Nov 2021 12:05:44 +0000 (20:05 +0800)]
Fix close issue but time watcher still running (#17761)

* Fix bug

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
3 years agoReturn 400 but not 500 when request archive with wrong format (#17691) (#17700)
Lunny Xiao [Fri, 19 Nov 2021 16:31:29 +0000 (00:31 +0800)]
Return 400 but not 500 when request archive with wrong format (#17691) (#17700)

* Return 400 but not 500 when request archive with wrong format (#17691)
* Remove bundle because it's not in this version

3 years agoFix Migrate Description - backport (#17727)
99rgosse [Fri, 19 Nov 2021 09:52:47 +0000 (10:52 +0100)]
Fix Migrate Description - backport (#17727)

3 years agoFix bug when project board get open issue number (#17703) (#17726)
Lunny Xiao [Fri, 19 Nov 2021 06:28:37 +0000 (14:28 +0800)]
Fix bug when project board get open issue number (#17703) (#17726)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 years agoFix bug when read mysql database max lifetime (#17682) (#17690)
Lunny Xiao [Wed, 17 Nov 2021 13:28:41 +0000 (21:28 +0800)]
Fix bug when read mysql database max lifetime (#17682) (#17690)

3 years agoBackport #17649, fix database deadlock when update issue labels (#17665)
wxiaoguang [Wed, 17 Nov 2021 05:32:31 +0000 (13:32 +0800)]
Backport  #17649, fix database deadlock when update issue labels (#17665)

3 years agoFix golangci-lint warnings (#17598 et al) (#17668)
Gusted [Tue, 16 Nov 2021 20:38:49 +0000 (20:38 +0000)]
Fix golangci-lint warnings (#17598 et al) (#17668)

Backport #17598
Backport #17606
Backport #17608
Backport #17609

- Since https://gitea.com/gitea/test-env/pulls/10 the golangci-lint has been upgraded and is erroring about new warnings in the code, this PR fixes those warnings.

3 years agoFix bug on detect issue/comment writer (#17592)
Lunny Xiao [Tue, 9 Nov 2021 08:00:40 +0000 (16:00 +0800)]
Fix bug on detect issue/comment writer (#17592)

3 years agobackport(1.15): Fix stats upon searching issues (#17578)
Gusted [Mon, 8 Nov 2021 21:14:57 +0000 (22:14 +0100)]
backport(1.15): Fix stats upon searching issues (#17578)

- Backport of https://github.com/go-gitea/gitea/pull/17566

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
3 years agoRemove appSubUrl from pasted images (#17572) (#17588)
zeripath [Mon, 8 Nov 2021 20:28:10 +0000 (20:28 +0000)]
Remove appSubUrl from pasted images (#17572) (#17588)

Backport #17572

* Remove appSubUrl from pasted images

Since we fixed the url base for the links in repositories we no longer need to add
the appsuburl to pasted image links.

Fix #17057

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agobackport(1.15): make `ParsePatch` more robust (#17580)
Gusted [Mon, 8 Nov 2021 03:28:16 +0000 (04:28 +0100)]
backport(1.15): make `ParsePatch` more robust (#17580)

- Backport of https://github.com/go-gitea/gitea/pull/17573

3 years agoOnly allow webhook to send requests to allowed hosts (#17482) (#17510)
wxiaoguang [Sat, 6 Nov 2021 09:23:43 +0000 (17:23 +0800)]
Only allow webhook to send requests to allowed hosts (#17482) (#17510)

Backport #17482

* Only allow webhook to send requests to allowed hosts (backport #17482)

* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x

3 years agoEscape issue titles in comments list (#17555) (#17556)
zeripath [Fri, 5 Nov 2021 23:20:51 +0000 (23:20 +0000)]
Escape issue titles in comments list (#17555) (#17556)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
3 years agobackport(1.15): Use correct defaultValue for stracktrace (#17557)
Gusted [Fri, 5 Nov 2021 14:55:33 +0000 (15:55 +0100)]
backport(1.15): Use correct defaultValue for stracktrace (#17557)

- Backporting https://github.com/go-gitea/gitea/pull/17552

3 years agoFix zero created time bug on commit api (#17547)
Lunny Xiao [Fri, 5 Nov 2021 06:15:44 +0000 (14:15 +0800)]
Fix zero created time bug on commit api (#17547)

Co-authored-by: zeripath <art27@cantab.net>
3 years agoShow correct "No" icon (#17538)
delvh [Thu, 4 Nov 2021 19:29:37 +0000 (20:29 +0100)]
Show correct "No" icon (#17538)

3 years agoFix database keyword quote problem on migration v161 (#17523)
Lunny Xiao [Wed, 3 Nov 2021 04:33:38 +0000 (12:33 +0800)]
Fix database keyword quote problem on migration v161 (#17523)

* support rerun migration v161

3 years agofix email with + when active (#17518) (#17520)
Lunny Xiao [Tue, 2 Nov 2021 22:52:38 +0000 (06:52 +0800)]
fix email with + when active (#17518) (#17520)

Co-authored-by: zeripath <art27@cantab.net>
3 years agoStop double encoding blame commit messages (#17498) (#17500)
zeripath [Sun, 31 Oct 2021 09:46:51 +0000 (09:46 +0000)]
Stop double encoding blame commit messages (#17498) (#17500)

Backport #17498

The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.

This PR fixes this.

Fix #17492

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoQuote the table name in CountOrphanedObjects (#17487) (#17488)
zeripath [Sat, 30 Oct 2021 10:01:22 +0000 (11:01 +0100)]
Quote the table name in CountOrphanedObjects (#17487) (#17488)

Backport #17487

CountOrphanedObjects needs to quote the table it is joining with as this table may
be `user`.

Fix #17485

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoRun Migrate in Install rather than just SyncTables (#17475) (#17486)
zeripath [Sat, 30 Oct 2021 09:28:11 +0000 (10:28 +0100)]
Run Migrate in Install rather than just SyncTables (#17475) (#17486)

Backport #17475

The underlying problem in #17328 appears to be that users are re-running the install
page during upgrades. The function that tests and creates the db did not intend for
this and thus instead the migration scripts being run - a simple sync tables occurs.

This then causes a weird partially migrated DB which causes, in this release cycle,
the duplicate column in task table error. It is likely the cause of some weird
partial migration errors in other cycles too.

This PR simply ensures that the migration scripts are also run at this point too.

Fix #17328

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix login redirection links (#17473)
qwerty287 [Thu, 28 Oct 2021 13:47:26 +0000 (15:47 +0200)]
Fix login redirection links (#17473)

3 years agoChangelog 1.15.6 (#17457) v1.15.6
zeripath [Thu, 28 Oct 2021 08:11:23 +0000 (09:11 +0100)]
Changelog 1.15.6 (#17457)

* Changelog 1.15.6

Unforunately #17435 is a somewhat critical bug and therefore we should
really release 1.15.6 as soon as possible.

 ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-27

* BUGFIXES
  * Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
  * Fix CSV render error (#17406) (#17431)
  * Read expected buffer size (#17409) (#17430)

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add 17456 and its backport

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add 17464

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add final pr

* Update date

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
3 years agoMake commit-statuses popup show correctly (#17447) (#17466)
wxiaoguang [Thu, 28 Oct 2021 07:42:31 +0000 (15:42 +0800)]
Make commit-statuses popup show correctly (#17447) (#17466)

Backport #17447

Close #17443

3 years agoAdd integration tests for private.NoServCommand and private.ServCommand (#17456)...
zeripath [Thu, 28 Oct 2021 06:07:29 +0000 (07:07 +0100)]
Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)

Backport #17456

modules/private/serv.go has two major functions that are missing testcases to ensure
that Deploy and normal SSH keys work correctly.

This PR adds some basic integration tests for these.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
3 years agoEnsure that restricted users can access repos for which they are members (#17460...
zeripath [Thu, 28 Oct 2021 03:33:18 +0000 (04:33 +0100)]
Ensure that restricted users can access repos for which they are members (#17460) (#17464)

Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoPrevent panic in serv.go with Deploy Keys (#17434) (#17435)
zeripath [Mon, 25 Oct 2021 23:24:29 +0000 (00:24 +0100)]
Prevent panic in serv.go with Deploy Keys (#17434) (#17435)

Backport #17434

Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix CSV render error (#17406) (#17431)
KN4CK3R [Mon, 25 Oct 2021 17:31:15 +0000 (19:31 +0200)]
Fix CSV render error (#17406) (#17431)

Backport #17406.

Closes #17378

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.

Co-authored-by: zeripath <art27@cantab.net>
3 years agoRead expected buffer size (#17409) (#17430)
KN4CK3R [Mon, 25 Oct 2021 16:46:56 +0000 (18:46 +0200)]
Read expected buffer size (#17409) (#17430)

Backport of #17409

* Read expected buffer size.

* Changed name.

3 years agoFix markdown checkbox rendering (#17427)
wxiaoguang [Mon, 25 Oct 2021 09:02:39 +0000 (17:02 +0800)]
Fix markdown checkbox rendering (#17427)

We allow to render empty check list item - [ ], while GitHub doesn't allow.

To make the rendering correct, we need tune the UI (the last PR #17413 uses absolute layout, which makes the empty checkbox item can not be displayed correctly)

3 years agoFix issue markdown bugs (#17413)
wxiaoguang [Sat, 23 Oct 2021 15:30:46 +0000 (23:30 +0800)]
Fix issue markdown bugs (#17413)

* Bug fix: render Markdown `http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test` to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395

# Conflicts:
# modules/markup/html.go

3 years agoChangelog 1.15.5 (#17392) v1.15.5
zeripath [Thu, 21 Oct 2021 21:50:22 +0000 (22:50 +0100)]
Changelog 1.15.5 (#17392)

* SECURITY
  * Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  * Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
* BUGFIXES
  * Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
  * Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
  * Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
  * Ensure popup text is aligned left (backport for 1.15) (#17343)
  * Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
  * Disable core.protectNTFS (#17300) (#17302)
  * Use pointer for wrappedConn methods (#17295) (#17296)
  * AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
  * Handle duplicate keys on GPG key ring (#17242) (#17284)
  * Fix SVG side by side comparison link (#17375) (#17391)

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoFix SVG side by side comparison link (#17375) (#17391)
zeripath [Thu, 21 Oct 2021 19:38:29 +0000 (20:38 +0100)]
Fix SVG side by side comparison link (#17375) (#17391)

Backport #17375

Define unique names for image tabs in pull requests, in order to toggle tabs correctly when multiple are displayed on one page.

Fixes position of swipe-bar so it does not overlay other UI components when scrolling.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
Co-authored-by: Mario Lubenka <mario.lubenka@googlemail.com>
3 years agoOffer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
zeripath [Thu, 21 Oct 2021 08:37:49 +0000 (09:37 +0100)]
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)

Backport #17281

There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.

This means that only ssh-rsa signatures are offered by default.

This PR adds a workaround around this problem.

Fix #17175

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 years agoFix heatmap test (#17381) (#17383)
Lunny Xiao [Thu, 21 Oct 2021 08:00:41 +0000 (16:00 +0800)]
Fix heatmap test (#17381) (#17383)

Backport #17381

3 years agoUpgrade Bluemonday to v1.0.16 (#17372) (#17374)
6543 [Wed, 20 Oct 2021 20:57:19 +0000 (22:57 +0200)]
Upgrade Bluemonday to v1.0.16 (#17372) (#17374)

3 years agoPrevent NPE in CSV diff rendering when column removed (#17018) (#17377)
Richard Mahn [Wed, 20 Oct 2021 20:55:34 +0000 (14:55 -0600)]
Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)

Backport of #17018

Fixes #16837 if a column is deleted.

3 years agoEnsure correct SSH permissions check for private and restricted users (#17370) (...
6543 [Wed, 20 Oct 2021 20:26:48 +0000 (22:26 +0200)]
Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)

Repositories owned by private users and organisations and pulls by restricted users
need to have permissions checked. Previously Serv would simply assumed that if the
user could log in and the repository was not private then it would be visible.

Fix #17364

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
3 years agoDon't panic if we fail to parse U2FRegistration data (#17304) (#17371)
zeripath [Wed, 20 Oct 2021 19:45:17 +0000 (20:45 +0100)]
Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)

Backport #17304

Downgrade logging statement from Fatal to Error so that errors parsing
U2FRegistration data does not panic; instead, the invalid key will be
skipped and we will attempt to parse the next one, if available.

Signed-off-by: David Jimenez <dvejmz@sgfault.com>
Co-authored-by: David Jimenez <dvejmz@users.noreply.github.com>
3 years agoAllow mocking timeutil (#17354) (#17356)
John Olheiser [Mon, 18 Oct 2021 21:48:23 +0000 (16:48 -0500)]
Allow mocking timeutil (#17354) (#17356)

Signed-off-by: jolheiser <john.olheiser@gmail.com>
3 years agoEnsure popup text is aligned left (#17343)
Mario Lubenka [Sun, 17 Oct 2021 22:57:28 +0000 (00:57 +0200)]
Ensure popup text is aligned left (#17343)

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
3 years agoEnsure that git daemon export ok is created for mirrors (#17243) (#17306)
zeripath [Thu, 14 Oct 2021 16:07:53 +0000 (17:07 +0100)]
Ensure that git daemon export ok is created for mirrors (#17243) (#17306)

Backport #17243

There is an issue with #16508 where it appears that create repo requires that the
repo does not exist. This causes #17241 where an error is reported because of this.

This PR fixes this and also runs update-server-info for mirrors and generated repos.

Fix #17241

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoDisable core.protectNTFS (#17300) (#17302)
zeripath [Wed, 13 Oct 2021 20:02:45 +0000 (21:02 +0100)]
Disable core.protectNTFS (#17300) (#17302)

Backport #17300

core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.

The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.

Fix #17092

Signed-off-by: Andrew Thornton <art27@cantab.net>
3 years agoUse pointer for wrappedConn methods (#17295) (#17296)
zeripath [Tue, 12 Oct 2021 22:45:30 +0000 (23:45 +0100)]
Use pointer for wrappedConn methods (#17295) (#17296)

Backport #17295

Fix #17294

Signed-off-by: Andrew Thornton <art27@cantab.net>