]> source.dussan.org Git - gitea.git/log
gitea.git
2 years agoFix possible panic when repository is empty (#20509) (#20527) release/v1.16
6543 [Thu, 28 Jul 2022 19:02:53 +0000 (21:02 +0200)]
Fix possible panic when repository is empty (#20509) (#20527)

2 years agoFix org label open count, including close count issue (#20365)
Tyrone Yeh [Thu, 14 Jul 2022 02:41:56 +0000 (10:41 +0800)]
Fix org label open count, including close count issue (#20365)

2 years agoChangelog for 1.16.9 (update) (#20341) v1.16.9
6543 [Tue, 12 Jul 2022 18:26:27 +0000 (20:26 +0200)]
Changelog for 1.16.9 (update) (#20341)

* Changelog for 1.16.9 (update)

* update security section

2 years agoHide notify mail setting ui if not enabled (#20138) (#20337)
Lunny Xiao [Tue, 12 Jul 2022 17:13:31 +0000 (01:13 +0800)]
Hide notify mail setting ui if not enabled (#20138) (#20337)

Backport #20138

2 years agoAdd write check for creating Commit status (#20332) (#20334)
Gusted [Tue, 12 Jul 2022 12:52:20 +0000 (12:52 +0000)]
Add write check for creating Commit status (#20332) (#20334)

- Backport #20332
  - Add write code checks for creating new commit status
  - Regression from #5314
  - Resolves #20331

2 years agoEnsure that drone tags 1.16.x and 1.16 on push to v1.16.x tag (#20304)
zeripath [Mon, 11 Jul 2022 09:15:43 +0000 (10:15 +0100)]
Ensure that drone tags 1.16.x and 1.16 on push to v1.16.x tag (#20304)

We need pushes to v1.16.9 to create tags to 1.16.9 and 1.16 but not 1 or latest.

We have previously adjusted the manifest to remove the latest tag, and have removed
auto_tags so that 1 does not get tagged but in doing so we also stopped 1.16 being
tagged. So here we just state the that we tag x.yy in addition to x.yyz*.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoOnly show Followers that current user can access (#20220) (#20253)
zeripath [Wed, 6 Jul 2022 01:47:16 +0000 (02:47 +0100)]
Only show Followers that current user can access (#20220) (#20253)

Backport #20220

Users who are following or being followed by a user should only be
displayed if the viewing user can see them.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoCheck for permission when fetching user controlled issues (#20133) (#20196)
Gusted [Fri, 1 Jul 2022 15:39:10 +0000 (17:39 +0200)]
Check for permission when fetching user controlled issues (#20133) (#20196)

* Check if project has the same repository id with issue when assign project to issue

* Check if issue's repository id match project's repository id

* Add more permission checking

* Remove invalid argument

* Fix errors

* Add generic check

* Remove duplicated check

* Return error + add check for new issues

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoCI: disable auto_tag (#20062)
6543 [Tue, 21 Jun 2022 22:51:27 +0000 (00:51 +0200)]
CI: disable auto_tag (#20062)

2 years agoRelease page show all tags in compare dropdown (#20070) (#20071)
6543 [Tue, 21 Jun 2022 18:09:24 +0000 (20:09 +0200)]
Release page show all tags in compare dropdown (#20070) (#20071)

Backport #20070

Just get all tags when creating the compare dropdown. (Also updates the changelog.)
Fix #19936

2 years agoChangelog for 1.16.9 (#20059)
zeripath [Mon, 20 Jun 2022 20:09:09 +0000 (21:09 +0100)]
Changelog for 1.16.9 (#20059)

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoCI: disable push to latest docker tag (#20025)
6543 [Sat, 18 Jun 2022 19:02:25 +0000 (21:02 +0200)]
CI: disable push to latest docker tag (#20025)

2 years agofix permission check for delete tag (#19985) (#20001)
a1012112796 [Fri, 17 Jun 2022 21:52:47 +0000 (05:52 +0800)]
fix permission check for delete tag (#19985) (#20001)

fix #19970

by the way, fix some error response about protected tags.

Signed-off-by: a1012112796 <1012112796@qq.com>
2 years agoOnly log non ErrNotExist errors in git.GetNote (#19884) (#19905)
Lunny Xiao [Tue, 7 Jun 2022 13:39:08 +0000 (21:39 +0800)]
Only log non ErrNotExist errors in git.GetNote  (#19884) (#19905)

* Fix GetNote

* Only log errors if the error is not ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2 years agouse exact search instead of fuzzy search for branch filter dropdown (#19893)
wxiaoguang [Sun, 5 Jun 2022 08:10:30 +0000 (16:10 +0800)]
use exact search instead of fuzzy search for branch filter dropdown (#19893)

2 years agoSet Setpgid on child git processes (#19865) (#19881)
zeripath [Sat, 4 Jun 2022 03:39:15 +0000 (04:39 +0100)]
Set Setpgid on child git processes (#19865) (#19881)

2 years agoEnsure responses are context.ResponseWriters (#19843) (#19859)
zeripath [Fri, 3 Jun 2022 21:38:29 +0000 (22:38 +0100)]
Ensure responses are context.ResponseWriters (#19843) (#19859)

* Ensure responses are context.ResponseWriters (#19843)

Backport #19843

In order for web.Wrap to be able to detect if a response has been written
we need to wrap any non-context.ResponseWriters as a such. Otherwise
responses will be incorrectly detected as non-written to and handlers can
double run.

In the case of GZip this handler will change the response to a non-context.RW
and this failure to correctly detect response writing causes fallthrough and
a NPE.

Fix #19839

Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agogit 2.36 is needed for safe.directory = '*' to work (#19876)
singuliere [Fri, 3 Jun 2022 17:33:18 +0000 (19:33 +0200)]
git 2.36 is needed for safe.directory = '*' to work (#19876)

2 years agoFix count bug (#19850)
Lunny Xiao [Wed, 1 Jun 2022 22:18:04 +0000 (06:18 +0800)]
Fix count bug (#19850)

* Fix count bug

* Fix bug

* Fix test

2 years agoFix raw endpoint PDF file headers (#19825) (#19826)
Lauris BH [Sat, 28 May 2022 15:40:03 +0000 (18:40 +0300)]
Fix raw endpoint PDF file headers (#19825) (#19826)

2 years agoMake WIP prefixes case insensitive, e.g. allow `Draft` as a WIP prefix (#19780) ...
Ondřej Čertík [Thu, 26 May 2022 15:55:26 +0000 (09:55 -0600)]
Make WIP prefixes case insensitive, e.g. allow `Draft` as a WIP prefix (#19780) (#19811)

Backport #19780

The issue was that only the actual title was converted to uppercase, but
not the prefix as specified in `WORK_IN_PROGRESS_PREFIXES`. As a result,
the following did not work:

    WORK_IN_PROGRESS_PREFIXES=Draft:,[Draft],WIP:,[WIP]

One possible workaround was:

    WORK_IN_PROGRESS_PREFIXES=DRAFT:,[DRAFT],WIP:,[WIP]

Then indeed one could use `Draft` (as well as `DRAFT`) in the title.
However, the link `Start the title with DRAFT: to prevent the pull request
from being merged accidentally.` showed the suggestion in uppercase; so
it is not possible to show it as `Draft`. This PR fixes it, and allows
to use `Draft` in `WORK_IN_PROGRESS_PREFIXES`.

Fixes #19779.

Co-authored-by: zeripath <art27@cantab.net>
2 years agoPrevent NPE when cache service is disabled (#19703) (#19783)
zeripath [Wed, 25 May 2022 11:49:59 +0000 (12:49 +0100)]
Prevent NPE when cache service is disabled (#19703) (#19783)

Backport #19703

The cache service can be disabled - at which point ctx.Cache will be nil
and the use of it will cause an NPE.

The main part of this PR is that the cache is used for restricting
resending of activation mails and without this we cache we cannot
restrict this. Whilst this code could be re-considered to use the db and
probably should be, I think we can simply disable this code in the case
that the cache is disabled.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoFix NotificationUnreadCount (#19802)
Lunny Xiao [Wed, 25 May 2022 04:38:21 +0000 (12:38 +0800)]
Fix NotificationUnreadCount (#19802)

2 years agoDetect truncated utf-8 characters at the end of content as still representing utf...
zeripath [Sat, 21 May 2022 14:26:08 +0000 (15:26 +0100)]
Detect truncated utf-8 characters at the end of content as still representing utf-8 (#19773) (#19774)

Backport #19773

Our character detection algorithm can potentially incorrectly detect utf-8 as iso-8859-x
if there is a truncated character at the end of the partially read file.

This PR changes the detection algorithm to truncated utf8 characters at the end of the
buffer.

Fix #19743

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years ago[doctor] pq: syntax error at or near "." quote user table name (#19765) (#19770)
silentcodeg [Sat, 21 May 2022 00:00:52 +0000 (02:00 +0200)]
[doctor] pq: syntax error at or near "." quote user table name (#19765) (#19770)

Backport #19765

2 years agoFix bug (#19757)
Lunny Xiao [Thu, 19 May 2022 22:03:52 +0000 (06:03 +0800)]
Fix bug (#19757)

2 years agoAdd changelog for v1.16.8 (#19724) v1.16.8
Lunny Xiao [Mon, 16 May 2022 17:27:23 +0000 (01:27 +0800)]
Add changelog for v1.16.8 (#19724)

* Add changelog for v1.16.8

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix issue overview for teams (#19652) (#19653)
Gusted [Mon, 16 May 2022 09:48:16 +0000 (09:48 +0000)]
Fix issue overview for teams (#19652) (#19653)

- Backport #19652
  - Don't use hacky solution to limit to the correct RepoID's, instead use current code to handle these limits. The existing code is more correct than the hacky solution.
  - Resolves #19636

2 years agoDelete user related oauth stuff on user deletion too (#19677) (#19680)
6543 [Thu, 12 May 2022 11:32:48 +0000 (13:32 +0200)]
Delete user related oauth stuff on user deletion too (#19677) (#19680)

Backport (#19677)

* delete user related oauth stuff on user deletion too

* extend doctor check-db-consistency

* make it build for v1.16.x

2 years agoFix oauth setting list bug (#19681)
Lunny Xiao [Wed, 11 May 2022 13:05:58 +0000 (21:05 +0800)]
Fix oauth setting list bug (#19681)

2 years agoFix new release from tags list UI (#19670) (#19673)
Lunny Xiao [Tue, 10 May 2022 20:55:28 +0000 (04:55 +0800)]
Fix new release from tags list UI (#19670) (#19673)

2 years ago[doctor] Add check/fix for bogus action rows (#19656) (#19669)
singuliere [Tue, 10 May 2022 13:05:34 +0000 (14:05 +0100)]
[doctor] Add check/fix for bogus action rows (#19656) (#19669)

Co-authored-by: Loïc Dachary <loic@dachary.org>
Conflicts:
models/consistency_test.go
 trivial context conflict.

2 years agoRevert "Add finalizers to ensure that repos are closed and blobreaders are closed...
Lunny Xiao [Mon, 9 May 2022 11:03:44 +0000 (19:03 +0800)]
Revert "Add finalizers to ensure that repos are closed and blobreaders are closed (#19495) (#19496)" (#19659)

This reverts commit 88da50674fbffb5cb339d61503d2b89aecfc1823.

because it caused a memleak

2 years agoGetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
singuliere [Sun, 8 May 2022 13:05:40 +0000 (14:05 +0100)]
GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)

Co-authored-by: Loïc Dachary <loic@dachary.org>
(cherry picked from commit b536b65189319544939da9b6537919a4fc838d71)

Conflicts:
        models/action_test.go
  The GetFeeds function does not have a Context argument in 1.16.
models/action.go
  The SQL statement is essentially the same in 1.16 but
  structured differently. The Join() was copied and the
      created_unix field prefixed with `action`.
models/action_list.go
  in 1.16 the loadRepoOwner method did not exist and
  it was done in the RetrieveFeeds method of web/feed/profile.go.
          The safeguard to skip when act.Repo == nil was moved there.

2 years agoOnly show accessible teams in dashboard dropdown list (#19642) (#19645)
Jimmy Praet [Sat, 7 May 2022 15:50:34 +0000 (17:50 +0200)]
Only show accessible teams in dashboard dropdown list (#19642) (#19645)

Fixes #19637

2 years agoSet safe dir for git operations in .drone.yml CI (#19641) (#19643)
techknowlogick [Fri, 6 May 2022 18:09:54 +0000 (14:09 -0400)]
Set safe dir for git operations in .drone.yml CI (#19641) (#19643)

Our drone by necessity runs on git repositories not owned by the drone process. Unfortunately this means that git operations and thence CI builds will fail without the `safe.directory` option being set.

See: https://drone.gitea.io/go-gitea/gitea/54632/2/8

2 years agoPrevent NPE when checking repo units if the user is nil (#19625) (#19630)
zeripath [Fri, 6 May 2022 10:01:08 +0000 (12:01 +0200)]
Prevent NPE when checking repo units if the user is nil (#19625) (#19630)

Backport #19625

CheckRepoUnitUser should tolerate nil users.

Fix #19613

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoCall MultipartForm.RemoveAll when request finishes (#19606) (#19607)
wxiaoguang [Thu, 5 May 2022 14:13:59 +0000 (22:13 +0800)]
Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)

2 years agoMake .cs highlighting legible on dark themes (#19604) (#19605)
Eekle [Wed, 4 May 2022 10:45:00 +0000 (11:45 +0100)]
Make .cs highlighting legible on dark themes (#19604) (#19605)

2 years agoAvoid MoreThanOne Error (#19557) (#19591)
99rgosse [Tue, 3 May 2022 12:36:58 +0000 (14:36 +0200)]
Avoid MoreThanOne Error (#19557) (#19591)

Backport #19557

2 years agoFix sending empty notifications (#19589) (#19590)
Gusted [Tue, 3 May 2022 02:28:12 +0000 (02:28 +0000)]
Fix sending empty notifications (#19589) (#19590)

- Backport #19589
  - Don't send empty notifications on read notifications API.

2 years agoAdd finalizers to ensure that repos are closed and blobreaders are closed (#19495...
zeripath [Mon, 2 May 2022 12:44:45 +0000 (13:44 +0100)]
Add finalizers to ensure that repos are closed and blobreaders are closed (#19495) (#19496)

It may be prudent to add runtime finalizers to the git.Repository and
git.blobReader objects to absolutely ensure that these are both properly
cancelled, cleaned and closed out.

This commit is a backport of an extract from #19448

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoignore DNS error when doing migration allow/block check (#19567)
wxiaoguang [Mon, 2 May 2022 05:11:45 +0000 (13:11 +0800)]
ignore DNS error when doing migration allow/block check (#19567)

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoAdd Changelog v1.16.7 (#19575) v1.16.7
6543 [Mon, 2 May 2022 03:41:09 +0000 (05:41 +0200)]
Add Changelog v1.16.7 (#19575)

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoDont overwrite err with nil (part #19572) (#19574)
6543 [Sun, 1 May 2022 23:54:20 +0000 (01:54 +0200)]
Dont overwrite err with nil (part #19572) (#19574)

* Dont overwrite err with nil (part #19572)

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoMigration: only write commit-graph if wiki clone was successfull (#19563) (#19568)
6543 [Sat, 30 Apr 2022 22:22:42 +0000 (00:22 +0200)]
Migration: only write commit-graph if wiki clone was successfull (#19563) (#19568)

2 years agoRespect DefaultUserIsRestricted system default when creating new user (#19310 ) ...
Jimmy Praet [Sat, 30 Apr 2022 13:00:14 +0000 (15:00 +0200)]
Respect DefaultUserIsRestricted system default when creating new user (#19310 ) (#19560)

2 years agoDon't error when branch's commit doesn't exist (#19547) (#19548)
Gusted [Fri, 29 Apr 2022 10:25:19 +0000 (10:25 +0000)]
Don't error when branch's commit doesn't exist (#19547) (#19548)

- Backport #19547
  - If one of the branches no longer exists, don't throw an error, it's possible that the branch was destroyed during the process. Simply skip it and disregard it.
  - Resolves #19541

2 years agoSupport `hostname:port` to pass host matcher's check (#19543) (#19544)
wxiaoguang [Thu, 28 Apr 2022 17:41:58 +0000 (01:41 +0800)]
Support `hostname:port` to pass host matcher's check (#19543) (#19544)

Backport #19543
hostmatcher: split the hostname from the hostname:port string, use the correct hostname to do the match.

2 years agoPrevent intermittent race in attribute reader close (#19537) (#19539)
zeripath [Thu, 28 Apr 2022 15:00:01 +0000 (16:00 +0100)]
Prevent intermittent race in attribute reader close (#19537) (#19539)

Backport #19537

There is a potential rare race possible whereby the c.running channel could
be closed twice. Looking at the code I do not see a need for this c.running
channel and therefore I think we can remove this. (I think the c.running
might have been some attempt to prevent a hang but the use of os.Pipes should
prevent that.)

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix 64-bit atomic operations on 32-bit machines (#19531) (#19532)
Gusted [Wed, 27 Apr 2022 15:32:28 +0000 (15:32 +0000)]
Fix 64-bit atomic operations on 32-bit machines (#19531) (#19532)

- Backport #19531
  - Doing 64-bit atomic operations on 32-bit machines is a bit tricky by golang, as they can only be done under certain set of conditions(https://pkg.go.dev/sync/atomic#pkg-note-BUG).
  - This PR fixes such case whereby the conditions weren't met, it moves the int64 to the first field of the struct, which will 64-bit operations happening on this property on 32-bit machines.
  - Resolves #19518

2 years agoFix migrate release from github (#19510) (#19523)
Lunny Xiao [Wed, 27 Apr 2022 12:46:00 +0000 (20:46 +0800)]
Fix migrate release from github (#19510) (#19523)

* Fix migrate release from github

* Fix bug

2 years agoWhen view _Siderbar or _Footer, just display once (#19501) (#19522)
Lunny Xiao [Wed, 27 Apr 2022 12:04:53 +0000 (20:04 +0800)]
When view _Siderbar or _Footer, just display once (#19501) (#19522)

Co-authored-by: zeripath <art27@cantab.net>
2 years agoPrevent dangling archiver goroutine (#19516) (#19526)
zeripath [Wed, 27 Apr 2022 08:05:52 +0000 (09:05 +0100)]
Prevent dangling archiver goroutine (#19516) (#19526)

Backport #19516

Within doArchive there is a service goroutine that performs the
archiving function.  This goroutine reports its error using a `chan
error` called `done`. Prior to this PR this channel had 0 capacity
meaning that the goroutine would block until the `done` channel was
cleared - however there are a couple of ways in which this channel might
not be read.

The simplest solution is to add a single space of capacity to the
goroutine which will mean that the goroutine will always complete and
even if the `done` channel is not read it will be simply garbage
collected away.

(The PR also contains two other places when setting up the indexers
which do not leak but where the blocking of the sending goroutine is
also unnecessary and so we should just add a small amount of capacity
and let the sending goroutine complete as soon as it can.)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoUnset git author/committer variables when running integration tests (#19512) (#19519)
techknowlogick [Tue, 26 Apr 2022 23:23:54 +0000 (19:23 -0400)]
Unset git author/committer variables when running integration tests (#19512) (#19519)

TestAPIGitTag (and likely others) will fail if the running environment contains
GIT_AUTHOR_NAME and other env variables like it.

This PR simply unsets these when running the integration tests.

Fix #14247

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix blame page select range error and some typos (#19503)
Lunny Xiao [Tue, 26 Apr 2022 19:19:52 +0000 (03:19 +0800)]
Fix blame page select range error and some typos (#19503)

Partially back port from #19500 and fix two typos.

2 years agoAdd notags to fetch (#19487) (#19490)
6543 [Mon, 25 Apr 2022 18:26:17 +0000 (20:26 +0200)]
Add notags to fetch (#19487) (#19490)

* Add notags to fetch (#19487)

* gofumpt

2 years agoUser specific repoID or xorm builder conditions for issue search (#19475) (#19476)
6543 [Mon, 25 Apr 2022 13:28:47 +0000 (15:28 +0200)]
User specific repoID or xorm builder conditions for issue search (#19475) (#19476)

2 years ago[doctor] authorized-keys: fix displayed check name (backport #19464) (#19484)
Pilou [Mon, 25 Apr 2022 11:45:18 +0000 (13:45 +0200)]
[doctor] authorized-keys: fix displayed check name (backport #19464) (#19484)

The registered check name is authorized-keys, not authorized_keys.

2 years agoMark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
Gusted [Fri, 22 Apr 2022 19:07:57 +0000 (19:07 +0000)]
Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)

* Mark TemplateLoading error as "UnprocessableEntity" (#19445)

- Backport #19445
  - Don't return Internal Server error if the user provide incorrect label template, instead return UnprocessableEntity.
  - Resolves #19399

- dep: upgrade: github.com/gogs/chardet

2 years agoPrevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
6543 [Fri, 22 Apr 2022 15:58:50 +0000 (17:58 +0200)]
Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)

If an `os/exec.Command` is passed non `*os.File` as an input/output, go
will create `os.Pipe`s and wait for their closure in `cmd.Wait()`.  If
the code following this is responsible for closing `io.Pipe`s or other
handlers then on process death from context cancellation the `Wait` can
hang.

There are two possible solutions:

1. use `os.Pipe` as the input/output as `cmd.Wait` does not wait for these.
2. create a goroutine waiting on the context cancellation that will close the inputs.

This PR provides the second option - which is a simpler change that can
be more easily backported.

Closes #19448

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoSet correct PR status on 3way on conflict checking (#19457) (#19458)
Gusted [Fri, 22 Apr 2022 01:11:42 +0000 (01:11 +0000)]
Set correct PR status on 3way on conflict checking (#19457) (#19458)

- Backport #19457
  - When 3-way merge is enabled for conflict checking, it has a new interesting behavior that it doesn't return any error when it found a conflict, so we change the condition to not check for the error, but instead check if conflictedfiles is populated, this fixes a issue whereby PR status wasn't correctly on conflicted PR's.
  - Refactor the mergeable property(which was incorrectly set and lead me this bug) to be more maintainable.
  - Add a dedicated test for conflicting checking, so it should prevent future issues with this.
  - Ref: Fix the latest error for https://gitea.com/gitea/go-sdk/pulls/579

Co-authored-by: zeripath <art27@cantab.net>
2 years agoRepoAssignment ensure to close before overwrite (#19449) (#19460)
6543 [Thu, 21 Apr 2022 16:55:44 +0000 (18:55 +0200)]
RepoAssignment ensure to close before overwrite (#19449) (#19460)

* check if GitRepo already open and close if

* Only run RepoAssignment once

2 years agoAdd Changelog v1.16.6 (#19339) v1.16.6
6543 [Wed, 20 Apr 2022 23:33:50 +0000 (01:33 +0200)]
Add Changelog v1.16.6 (#19339)

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoWhen dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
6543 [Wed, 20 Apr 2022 22:26:03 +0000 (00:26 +0200)]
When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)

* When dumping trim the standard suffices instead of a random suffix

Instead of using the `path.Ext()` to trim the last "extension" suffix, just iterate
through the supported suffices and trim those.

Fix #19424

Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix enum with to have correct supported types only

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix DELETE request for non-existent public key (#19443) (#19444)
Gusted [Wed, 20 Apr 2022 22:24:56 +0000 (22:24 +0000)]
Fix DELETE request for non-existent public key (#19443) (#19444)

- Backport #19443
  - Add a return for the first "block" of errors, which fixes the double error messages.
  - Add a return for `externallyManaged`.
  - Resolves #19398

Co-authored-by: 6543 <6543@obermui.de>
2 years agoDon't panic on `ErrEmailInvalid` (#19441) (#19442)
Gusted [Wed, 20 Apr 2022 22:24:07 +0000 (22:24 +0000)]
Don't panic on `ErrEmailInvalid` (#19441) (#19442)

- Backport #19441
  - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics.
  - Resolves #19397

Co-authored-by: 6543 <6543@obermui.de>
2 years agoAdd uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients...
6543 [Wed, 20 Apr 2022 18:54:36 +0000 (20:54 +0200)]
Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430) (#19438)

Older git clients need uploadpack.allowAnySHA1InWant if partial cloning is allowed.

Fix #19118

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoWarn on SSH connection for incorrect configuration (#19317) (#19437)
6543 [Wed, 20 Apr 2022 17:18:23 +0000 (19:18 +0200)]
Warn on SSH connection for incorrect configuration (#19317) (#19437)

Backport #19317

- Warn on SSH connection for incorrect configuration
- When `setting.RepoRootPath` cannot be found(most likely due to
incorrect configuration) show "Gitea: Incorrect configuration" on the
client-side to help easier with debugging the problem.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoAPI: Search Issues, dont show 500 if filter result in empty list (#19244) (#19436)
6543 [Wed, 20 Apr 2022 16:30:42 +0000 (18:30 +0200)]
API: Search Issues, dont show 500 if filter result in empty list (#19244) (#19436)

Backport #19244

* remove error who is none

* use setupSessionNoLimit instead of setupSessionWithLimit when no pagination

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoWhen updating mirror repo intervals by API reschedule next update too (#19429) (...
zeripath [Wed, 20 Apr 2022 14:04:26 +0000 (15:04 +0100)]
When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)

Backport #19429

When a mirror repo interval is updated by the UI it is rescheduled with that interval
however the API does not do this. The API also lacks the enable_prune option.

This PR adds this functionality in to the API Edit Repo endpoint.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix nil error when some pages are rendered outside request context (#19428)
wxiaoguang [Tue, 19 Apr 2022 23:30:16 +0000 (07:30 +0800)]
Fix nil error when some pages are rendered outside request context (#19428)

2 years agoOnly request write when necessary (#18657) (#19422)
Lunny Xiao [Tue, 19 Apr 2022 16:10:24 +0000 (00:10 +0800)]
Only request write when necessary (#18657) (#19422)

* Only request write when necessary

- Only request write for `INTERNAL_TOKEN_URI` when no token was found.
- Resolves #18655

* Fix perm

* Update setting.go

* Update setting.go

* Update setting.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix double blob-hunk on diff page (#19404) (#19405)
Gusted [Fri, 15 Apr 2022 03:27:04 +0000 (03:27 +0000)]
Fix double blob-hunk on diff page (#19404) (#19405)

- Don't show the blob-hunk twice on diff page
- Backport #19404

2 years agogo get -u crypto (#19388)
techknowlogick [Wed, 13 Apr 2022 02:45:58 +0000 (22:45 -0400)]
go get -u crypto (#19388)

2 years agoUpdate locale_ru-RU.ini (#19383) (#19387)
Vasiliy Bukharev [Wed, 13 Apr 2022 00:15:03 +0000 (03:15 +0300)]
Update locale_ru-RU.ini (#19383) (#19387)

Signed-off-by: bvp <bvp-yar@ya.ru>
2 years ago Don't allow merging PR's which are being conflict checked (#19357) (#19358)
Gusted [Tue, 12 Apr 2022 16:38:41 +0000 (18:38 +0200)]
 Don't allow merging PR's which are being conflict checked (#19357) (#19358)

* Don't allow merging PR's which are being conflict checked (#19357)

- Backport of #19357
  - When a PR is still being conflict checked, don't allow the PR to be merged(the merge button could already be visible before e.g. a new commit was pushed to the PR).
  - Resolves #19352

* Update error message

2 years agoFix middleware function's placements for `/user/...` (#19377) (#19378)
Gusted [Tue, 12 Apr 2022 03:06:07 +0000 (05:06 +0200)]
Fix middleware function's placements for `/user/...` (#19377) (#19378)

- Backport #19377
  - Add reqSignIn to `/user/task/{task}` as it specific to a logged in user currently not-logged in user could cause a NPE.
  - Remove `/user/active` reqSignIn middleware, because when you want to active a account you're not "signed in" so it doesn't make sense to add that middleware.

2 years agoDisable service worker by default (#18914) (#19342)
silverwind [Thu, 7 Apr 2022 18:08:24 +0000 (20:08 +0200)]
Disable service worker by default (#18914) (#19342)

The service worker causes a lot of issues with JS errors after instance
upgrades while not bringing any real performance gain over regular HTTP
caching.

Disable it by default for this reason. Maybe later we can remove it
completely, as I simply see no benefit in having it.

2 years agoFix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
wxiaoguang [Wed, 6 Apr 2022 15:47:58 +0000 (23:47 +0800)]
Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)

There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date.

2 years agoRevert the minimal golang version requirement from 1.17 to 1.16 and add a warning...
Lunny Xiao [Tue, 5 Apr 2022 17:32:24 +0000 (01:32 +0800)]
Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319)

* Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile

* Apply suggestions from code review

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* 1.16

* Update modules/util/net.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>
* correct bool conditional

yay tests for catching this :)

* Update hostmatcher.go

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoRestore user autoregistration with email addresses (#19261) (#19312)
zeripath [Sun, 3 Apr 2022 00:36:47 +0000 (01:36 +0100)]
Restore user autoregistration with email addresses (#19261) (#19312)

Backport #19261

Unfortunately #18789 disabled autoregistration using email addresses as they would
be shortcut to email address does not exist.

This PR attempts to restore autoregistration by allowing an unknown email address
to percolate through to the autoregistration path of UserSignin.

Fix #19256

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoPerformance improvement for add team user when org has more than 1000 repositories...
Lunny Xiao [Fri, 1 Apr 2022 08:36:12 +0000 (16:36 +0800)]
Performance improvement for add team user when org has more than 1000 repositories (#19227) (#19289)

2 years agoMove checks for pulls before merge into own function (#19271) (#19277)
6543 [Thu, 31 Mar 2022 14:57:13 +0000 (16:57 +0200)]
Move checks for pulls before merge into own function (#19271) (#19277)

Backport #19271

Fix:
* The API does ignore issue dependencies where Web does not
* The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests
* Default merge message is crafted a bit different between API and Web if not set on specific cases ...

2 years agoUse full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235)...
zeripath [Tue, 29 Mar 2022 20:19:57 +0000 (21:19 +0100)]
Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236)

* Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235)

Strangely #19038 appears to relate to an issue whereby a tag appears to
be listed in `git show-ref --tags` but then does not appear when `git
show-ref --tags -- short_name` is called.

As a solution though I propose to stop the second call as it is
unnecessary and only likely to cause problems.

I've also noticed that the tags calls are wildly inefficient and aren't using the common cat-files - so these have been added.

I've also noticed that the git commit-graph is not being written on mirroring - so I've also added writing this to the migration which should improve mirror rendering somewhat.

Fix #19038

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* fix rebase relict

Co-authored-by: 6543 <6543@obermui.de>
2 years agoGranular webhook events in editHook (#19251) (#19257)
John Olheiser [Tue, 29 Mar 2022 16:26:51 +0000 (11:26 -0500)]
Granular webhook events in editHook (#19251) (#19257)

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2 years agoOnly send webhook events to active system webhooks and only deliver to active hooks...
zeripath [Tue, 29 Mar 2022 12:12:56 +0000 (13:12 +0100)]
Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)

Backport #19234

There is a bug in the system webhooks whereby the active state is not checked when
webhooks are prepared and there is a bug that deactivating webhooks do not prevent
queued deliveries.

* Only add SystemWebhooks to the prepareWebhooks list if they are active
* At the time of delivery if the underlying webhook is not active mark it
as "delivered" but with a failed delivery so it does not get delivered.

Fix #19220

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoCheck go and nodejs version by go.mod and package.json (#19197) (#19254)
wxiaoguang [Tue, 29 Mar 2022 07:32:38 +0000 (15:32 +0800)]
Check go and nodejs version by go.mod and package.json (#19197) (#19254)

* Check go and nodejs version by go.mod and package.json
* Update Go official site URL

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: gesangtome <gesangtome@foxmail.com>
2 years agoFix clone url JS error for the empty repo page (#19209)
wxiaoguang [Tue, 29 Mar 2022 03:04:29 +0000 (11:04 +0800)]
Fix clone url JS error for the empty repo page (#19209)

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoUse goproxy.io instead of goproxy.cn (#19242) (#19246)
6543 [Tue, 29 Mar 2022 01:22:55 +0000 (03:22 +0200)]
Use goproxy.io instead of goproxy.cn (#19242) (#19246)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoPrevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)
zeripath [Sun, 27 Mar 2022 23:01:53 +0000 (00:01 +0100)]
Prevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)

Backport #19225
Backport #19229

The RepoIndexerTest is failing with considerable frequency due to a race inherrent in
its design. This PR adjust this test to avoid the reliance on waiting for the populate
repo indexer to run and forcibly adds the repo to the queue. It then flushes the queue.

It may be worth separating out the tests somewhat by testing the Index function
directly away from the queue however, this forceful method should solve the current
problem.

Fix #19162

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoTouch mirrors on even on fail to update (#19217) (#19233)
zeripath [Sun, 27 Mar 2022 21:08:28 +0000 (22:08 +0100)]
Touch mirrors on even on fail to update (#19217) (#19233)

Backport #19217

If a mirror fails to be synchronised it should be pushed to the bottom of the queue
of the awaiting mirrors to be synchronised. At present if there LIMIT number of
broken mirrors they can effectively prevent all other mirrors from being synchronized
as their last_updated time will remain earlier than other mirrors.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoHide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)
Lunny Xiao [Sun, 27 Mar 2022 17:21:59 +0000 (01:21 +0800)]
Hide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)

* Hide sensitive content on admin panel progress monitor (#19218)

Sanitize urls within git process descriptions.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
* Do not include global arguments in process manager (#19226)

Backport #19226

The git command by default adds a number of global arguments. These are not
helpful to be displayed in the process manager and so should be skipped for
default process descriptions.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2 years agoBump goldmark to v1.4.11 (#19201) (#19203)
Robert Kaussow [Thu, 24 Mar 2022 15:47:40 +0000 (16:47 +0100)]
Bump goldmark to v1.4.11 (#19201) (#19203)

* Bump goldmark to v1.4.11

* fix go.sum

Signed-off-by: Andrew Thornton <art27@cantab.net>
* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2 years agoChangelog for 1.16.5 (#19189) v1.16.5
zeripath [Thu, 24 Mar 2022 00:13:52 +0000 (00:13 +0000)]
Changelog for 1.16.5 (#19189)

* Changelog for 1.16.5

 ## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/1.16.5) - 2022-03-23

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoFix showing issues in your repositories (#18916) (#19191)
6543 [Wed, 23 Mar 2022 23:36:38 +0000 (00:36 +0100)]
Fix showing issues in your repositories (#18916) (#19191)

- Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository.
- Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options).
- Resolves #18913

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoPrevent redirect to Host (2) (#19175) (#19186)
zeripath [Wed, 23 Mar 2022 20:01:23 +0000 (20:01 +0000)]
Prevent redirect to Host (2) (#19175) (#19186)

Backport #19175

Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.

Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`

Reference #9678

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix compare link in active feeds for new branch (#19149) (#19185)
zeripath [Wed, 23 Mar 2022 19:04:50 +0000 (19:04 +0000)]
Fix compare link in active feeds for new branch (#19149) (#19185)

Backport #19149

When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly.

Therefore when creating the compare link for new branches:

1. Attempt to get the parent of the first commit and use that as the basis
for the compare link.
2. If this is not possible make a comparison to the default branch
3. Finally if that is not possible simply do not show a compare link.

However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch.

Fix #19144

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
2 years agoRedirect .wiki/* ui link to /wiki (#18831) (#19184)
zeripath [Wed, 23 Mar 2022 16:46:08 +0000 (16:46 +0000)]
Redirect .wiki/* ui link to /wiki (#18831) (#19184)

Backport #18831

Redirect .wiki/* ui link to /wiki

fix #18590

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
2 years agoPrevent start panic due to missing DotEscape function
Andrew Thornton [Wed, 23 Mar 2022 16:08:27 +0000 (16:08 +0000)]
Prevent start panic due to missing DotEscape function

Unfortunately #19169 causing a panic at startup in prod mode. This was hidden by dev
mode because the templates are compiled dynamically there. The issue is that DotEscape
is not in the original FuncMap at the time of compilation which causes a panic.

Ref #19169

Signed-off-by: Andrew Thornton <art27@cantab.net>