summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Changelog for v1.14.5 (#16450)v1.14.5zeripath2021-07-161-0/+12
| | | | | | | Once #16449 is merged I think we should release 1.14.5. There are a couple of security fixes and the broken #16268 is annoying enough that we should just release things. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix crash following ldap authentication update (#16447) (#16449)zeripath2021-07-151-2/+2
| | | | | | | | | | | Backport #16447 Unfortunately #16268 contained a terrible error, whereby there was a double indirection taken when unmarshalling the source data. This fatally breaks authentication configuration reading. Fix #16342 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Retry rename on lock induced failures (#16435) (#16439)zeripath2021-07-158-14/+42
| | | | | | | | | | | | | | | | | Backport #16435 Due to external locking on Windows it is possible for an os.Rename to fail if the files or directories are being used elsewhere. This PR simply suggests retrying the rename again similar to how we handle the os.Remove problems. Fix #16427 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Validate issue index before querying DB (#16406) (#16410)Norwin2021-07-121-0/+3
|
* Replace `plugins/docker` with `techknowlogick/drone-docker`in ci (#16407) ↵65432021-07-121-5/+5
| | | | | | | (#16409) * plugins/docker -> techknowlogick/drone-docker * It is multi-arch
* Update bluemonday to v1.0.15 (#16379) (#16380)65432021-07-09174-11868/+14480
| | | | | * Update bluemonday to v1.0.15 (#16379) * Fix TESTS
* Redirect on bad CSRF instead of presenting bad page (#14937) (#16378)65432021-07-083-5/+31
| | | | | | | | The current CSRF handler is a bit harsh with bad CSRF tokens on webpages I think we can be a little kinder and redirect to base page with a flash error Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Hide mirror passwords on repo settings page (#16022) (#16355)Kyle D2021-07-073-2/+12
|
* Changelog for v1.14.4 (#16348)v1.14.4Lunny Xiao2021-07-061-0/+13
|
* Fix error message if user not exist (#16343)65432021-07-051-1/+1
| | | Co-authored-by: Sergey Dryabzhinsky <sergey@rusoft.ru>
* Fix relative links in postprocessed images (#16334) (#16340)zeripath2021-07-042-1/+28
| | | | | | | | | | | * Fix relative links in postprocessed images (#16334) If a pre-post-processed file contains relative img tags these need to be updated and joined correctly with the prefix. Finally, the node attributes need to be updated. Fix #16308 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Fix list_options GetStartEnd (#16303) (#16305)65432021-06-301-1/+1
| | | | | end is start + pageSize and not start + page Co-authored-by: sebastian-sauer <sauer.sebastian@gmail.com>
* Fix API to return author for author on commits(#16276) (#16277)65432021-06-271-2/+2
|
* Handle misencoding of login_source cfg in mssql (#16268) (#16275)zeripath2021-06-272-20/+21
| | | | | | | | | | | | | | Backport #16268 Unfortunately due a bug in xorm (see https://gitea.com/xorm/xorm/pulls/1957) updating loginsources on MSSQL causes them to become corrupted. (#16252) Whilst waiting for the referenced PR to be merged and to handle the corrupted loginsources correctly we need to add a wrapper to the `FromDB()` methods to look for and ignore the misplaced BOMs that have been added. Fix #16252 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fixed issues not updated by commits (#16254) (#16261)KN4CK3R2021-06-261-4/+5
| | | `UpdateIssuesCommit` may get called with fewer commits because of `FeedMaxCommitNum` and therefore may miss some commands.
* Improve efficiency in FindRenderizableReferenceNumeric and getReference ↵zeripath2021-06-261-6/+8
| | | | | | | | | | | | | | | | | (#16251) (#16255) * Improve efficiency in FindRenderizableReferenceNumeric and getReferences (#16251) * The Fuzzer is running on a non-repo urlprefix which is incorrect for RenderRaw * Make FindRenderizableReferenceNumeric and getReferences more efficient Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> * as per comment on original pr Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Use html.Parse rather than html.ParseFragment (#16223) (#16225)65432021-06-221-17/+14
| | | | | | | | | | * Use html.Parse rather than html.ParseFragment There have been a few issues with html.ParseFragment - just use html.Parse instead. * Skip document node Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Update milestone counters on new issue (#16183) (#16224)KN4CK3R2021-06-224-56/+39
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* reqOrgMembership calls need to be preceded by reqToken (#16198) (#16219)zeripath2021-06-212-3/+7
| | | | | | | | | | | Backport #16198 ReqOrgMembership calls need to be preceded by reqToken Fix #16192 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Changelog v1.14.3 (#16131)v1.14.365432021-06-181-0/+50
| | | | Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: zeripath <art27@cantab.net>
* Fix some API bugs (#16184) (#16190)65432021-06-185-5/+13
| | | | | | | | | * Fix some API bugs (#16184) * Repository object only count releases as releases (fix #16144) * EditOrg respect RepoAdminChangeTeamAccess option (fix #16013) * adjut to v1.14
* Encrypt migration credentials at rest (#15895) (#16187)zeripath2021-06-173-5/+69
| | | | | | | | | | Backport #15895 Storing these credentials is a liability. * Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue) - security in depth: helps when attacker has access to DB only, but not app.ini * Delete all credentials (even encrypted) from the task table, once the migration is done, for safety - security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini
* Run processors on whole of text (#16155) (#16185)zeripath2021-06-173-319/+414
| | | | | | | | | | | | Backport #16155 There is an inefficiency in the design of our processors which means that Emoji and other processors run in order n^2 time. This PR forces the processors to process the entirety of text node before passing back up. The fundamental inefficiency remains but it should be significantly ameliorated. Signed-off-by: Andrew Thornton <art27@cantab.net>
* issue-keyword class is being incorrectly stripped off spans (#16163) (#16172)zeripath2021-06-161-5/+2
| | | | | | | | Backport #16163 Bluemonday sanitizer regexp rules are not additive, so the addition of the icons, emojis and chroma syntax policy has led to this being stripped. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Only check access tokens if they are likely to be tokens (#16164) (#16171)zeripath2021-06-161-1/+7
| | | | | | | | | | | Backprt #16164 Gitea will currently check every if every password is an access token even though most passwords are not and cannot be access tokens. By creation access tokens are 40 byte hexadecimal strings therefore only these should be checked. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Removable media support (#16138)Andrei Yankovich2021-06-121-3/+3
| | | | Add support removable media for snap version of gitia. for get more info about removable media interface see the snapcraft [documentation](https://snapcraft.io/docs/removable-media-interface)
* Set self-adjusting deadline for connection writing (#16068) (#16123)zeripath2021-06-115-34/+75
| | | | | | | | | | | | | | | | | | | In #16055 it appears that the simple 5s deadline doesn't work for large file writes. Now we can't - or at least shouldn't just set no deadline as go will happily let these connections block indefinitely. However, what seems reasonable is to set some minimum rate we expect for writing. This PR suggests the following algorithm: * Every write has a minimum timeout of 5s (adjustable at compile time.) * If there has been a previous write - then consider its previous deadline, add half of the minimum timeout + 2s per kb about to written. * If that new deadline is after the minimum timeout use that. Fix #16055 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Fix language switch for install page (#16043) (#16128)a10121127962021-06-102-1/+10
| | | Signed-off-by: a1012112796 <1012112796@qq.com>
* Fix bug on getIssueIDsByRepoID (#16119) (#16124)Lunny Xiao2021-06-102-1/+9
| | | | | * Fix bug on getIssueIDsByRepoID * Add test
* Fix data URI scramble (#16098) (#16118)65432021-06-092-8/+20
| | | | | | | | | | | * Fix data URI scramble (#16098) * Removed unused method. * No prefix for data uris. * Added test to prevent regressions. Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Fix http path bug (#16117) (#16120)65432021-06-093-0/+131
| | | | | | | | | | * Fix http path bug * Add missed request * add tests Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Merge all deleteBranch as one function and also fix bug when delete branch ↵Lunny Xiao2021-06-074-146/+111
| | | | | | | | | don't close related PRs (#16067) (#16097) * Fix bug when delete branch don't close related PRs * Merge all deletebranch as one method Co-authored-by: Lauris BH <lauris@nix.lv>
* api: fix overly strict edit pr permissions (#15900) (#16081)65432021-06-061-1/+1
| | | | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Norwin <noerw@users.noreply.github.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* git migration: don't prompt interactively for clone credentials (#15902) ↵65432021-06-061-2/+8
| | | | | | | | | | | | (#16082) * don't prompt interactively for clone credentials * apply GIT_TERMINAL_PROMPT=0 to all git cmds Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Norwin <noerw@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix case change in ownernames (#16045) (#16050)zeripath2021-06-033-1/+36
| | | | | | | | Backport #16045 If you change the case of a username the change needs to be propagated to their repositories. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add missing SameSite settings for the i_like_gitea cookie (#16037) (#16039)zeripath2021-05-313-0/+3
| | | | | | | | | | | | Backport #16037 The i_like_gitea cookie appears to be missing the SameSite settings. I think they were present at some point but may have been removed in a merge. This PR ensures that they are set. Fix #15972 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Don't manipulate input params in email notification (#16011) (#16033)Jimmy Praet2021-05-313-5/+12
| | | Backport #16011
* Fix setting of SameSite on cookies (#15989) (#15991)techknowlogick2021-05-271-3/+3
| | | | | | | | | | Fix #15972 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* follow redirect when fetching theme archive (#15986) (#15990)techknowlogick2021-05-261-1/+1
|
* Remove branch URL before IssueRefURL (#15970)fnetX (aka fralix)2021-05-251-1/+1
| | | | | | | | Revert change for account / org dashboard where IssueRefURLs do not contain the full repo URL (case RepoLink is not true) Co-authored-by: Norwin <noerw@users.noreply.github.com> Co-authored-by: Norwin <noerw@users.noreply.github.com>
* fix layout of milestone view (#15940)Tomás Warynyca2021-05-221-6/+6
|
* Restore PAM user autocreation functionality (#15825) (#15867)zeripath2021-05-196-1/+24
| | | | | | | | | | | | | | | | | | | | Backport #15825 * Restore PAM user autocreation functionality PAM autoregistration of users currently fails due to email invalidity. This PR adds a new setting to PAM to allow an email domain to be set or just sets the email to the noreply address and if that fails falls back to uuid@localhost Fix #15702 Signed-off-by: Andrew Thornton <art27@cantab.net> * As per KN4CKER Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* remove unimplemented searchbar from project view (#15905)Norwin2021-05-171-3/+0
|
* Move sans-serif fallback font higher than emoji fonts (#15855) (#15892)zeripath2021-05-161-1/+1
| | | | | | | | | | | | | | | | | | | Backport #15855 The Tor browser does not use the system-ui font and no other fonts in the stack match its default fonts. In fact it is possible that it will in future only match generic fonts. This means that all rendering will first try the emoji fonts before falling back to the sans-serif font for glyphs. In this case has the emoji fall back fonts for Tor contains empty glyphs for numbers - in order to protect privacy - and leads to numbers being rendered as empty glyphs. This is clearly not ideal and whilst we could use the Arimo font - as I state above I suspect that Tor will eventually ban detecting this and we should instead move the sans-serif font higher in the stack so that it matches before the emoji fonts. Partial fix of #15844 Signed-off-by: Andrew Thornton <art27@cantab.net>
* GitHub: migrate draft releases too (#15884) (#15888)65432021-05-162-34/+31
| | | | | * GitHub: migrate draft releases too * refactor
* Close the gitrepo when deleting the repository (#15876) (#15887)65432021-05-164-0/+14
| | | | | Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Upgrade xorm to v1.1.0 (#15869) (#15885)Lunny Xiao2021-05-1555-423/+1291
|
* Fix bound address/port for caddy's certmagic library (see #15848) (#15859) ↵zeripath2021-05-151-1/+6
| | | | | | (#15878) Co-authored-by: Blake Miner <miner.blake@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Fix blame row height alignment (#15863) (#15883)Norwin2021-05-151-1/+5
| | | | | | | * fix blame row alignment on firefox * fix blame row alignment in chrome * fix blame row alignment in safari Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix error message when saving generated LOCAL_ROOT_URL config (#15880) (#15882)Naohisa Murakami2021-05-151-1/+1
| | | | Backport of #15880.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-04 21:01:40 +0000