summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove the netgo tag for Windows build (#22467)wxiaoguang2023-01-161-2/+2
| | | | | | | | | | | | | Fix #22370 and more. Before Go 1.19, the `netgo` tag for Windows does nothing. But Go 1.19 rewrite the net package code for Windows DNS, and there is a bug: * https://github.com/golang/go/issues/57757 This PR just removes the `netgo` tag for Windows build, then the Gitea for Windows can have the old DNS behavior.
* Fix Operator does not exist bug on explore page with ↵zeripath2023-01-161-2/+7
| | | | | | | | | | | | | | | ONLY_SHOW_RELEVANT_REPOS (#22454) There is a mistake in the code for SearchRepositoryCondition where it tests topics as a string. This is incorrect for postgres where topics is cast and stored as json. topics needs to be cast to text for this to work. (For some reason JSON_ARRAY_LENGTH does not work, so I have taken the simplest solution of casting to text and doing a string comparison.) Ref https://github.com/go-gitea/gitea/pull/21962#issuecomment-1379584057 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Fix environments for KaTeX and error reporting (#22453)zeripath2023-01-161-2/+4
| | | | | | | | | | | | | | In #22447 it was noticed that display environments were not working correctly. This was due to the setting displayMode not being set. Further it was noticed that the error was not being displayed correctly. This PR fixes both of these issues by forcibly setting the displayMode setting and corrects an error in displayError. Fix #22447 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Supports wildcard protected branch (#20825)Lunny Xiao2023-01-1639-814/+1217
| | | | | | | | | | | | | | | | | This PR introduce glob match for protected branch name. The separator is `/` and you can use `*` matching non-separator chars and use `**` across separator. It also supports input an exist or non-exist branch name as matching condition and branch name condition has high priority than glob rule. Should fix #2529 and #15705 screenshots <img width="1160" alt="image" src="https://user-images.githubusercontent.com/81045/205651179-ebb5492a-4ade-4bb4-a13c-965e8c927063.png"> Co-authored-by: zeripath <art27@cantab.net>
* Prevent panic on looking at api "git" endpoints for empty repos (#22457)zeripath2023-01-151-1/+1
| | | | | | | | | The API endpoints for "git" can panic if they are called on an empty repo. We can simply allow empty repos for these endpoints without worry as they should just work. Fix #22452 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Restore previous official review when an official review is deleted (#22449)Jimmy Praet2023-01-152-9/+58
| | | | | Fix #22406 Co-authored-by: Lauris BH <lauris@nix.lv>
* Add support for incoming emails (#22056)KN4CK3R2023-01-1426-39/+1525
| | | | | | | | | | | | | | | | | | | | | | | | | | | | closes #13585 fixes #9067 fixes #2386 ref #6226 ref #6219 fixes #745 This PR adds support to process incoming emails to perform actions. Currently I added handling of replies and unsubscribing from issues/pulls. In contrast to #13585 the IMAP IDLE command is used instead of polling which results (in my opinion 😉) in cleaner code. Procedure: - When sending an issue/pull reply email, a token is generated which is present in the Reply-To and References header. - IMAP IDLE waits until a new email arrives - The token tells which action should be performed A possible signature and/or reply gets stripped from the content. I added a new service to the drone pipeline to test the receiving of incoming mails. If we keep this in, we may test our outgoing emails too in future. Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix stylesheet HTML snippet for external renderers documentation (#22435)Sascha Bannier2023-01-131-1/+1
| | | | | | | | | The documentation is missing the rel attribute. Neither Firefox nor Chrome did use the linked file as CSS if rel="stylesheet" is not set. The problem is described in issue #22434. Co-authored-by: silverwind <me@silverwind.io>
* Log STDERR of external renderer when it fails (#22442)Jonathan Tran2023-01-131-1/+4
| | | | | | When using an external renderer, STDOUT is expected to be HTML. But anything written to STDERR is currently ignored. In cases where the renderer fails, I would like to log any error messages that the external program outputs to STDERR.
* Fix error when calculate the repository size (#22392)Lunny Xiao2023-01-135-18/+42
| | | | | | | | Fix #22386 `GetDirectorySize` moved as `getDirectorySize` because it becomes a special function which should not be put in `util`. Co-authored-by: Jason Song <i@wolfogre.com>
* clarify "open issues" text for labels (#22431)crystal2023-01-131-1/+1
| | | see also https://codeberg.org/Codeberg/Community/issues/877
* Restore function to "Show more" buttons (#22399)zeripath2023-01-134-3/+30
| | | | | | | | | | | | | | | There was a serious regression in #21012 which broke the Show More button on the diff page, and the show more button was also broken on the file tree too. This PR fixes this by resetting the pageData.diffFiles as the vue watched value and reattachs a function to the show more button outside of the file tree view. Fix #22380 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Continue GCing other repos on error in one repo (#22422)zeripath2023-01-131-3/+5
| | | | | | | | | | | | | The current code propagates all errors up to the iteration step meaning that a single malformed repo will prevent GC of other repos. This PR simply stops that propagation. Fix #21605 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* improve explore relevancy note (#22421)crystal2023-01-122-7/+1
| | | makes the explore relevancy note much prettier on most themes
* fix: don't replace err variable in nested check (#22416)John Olheiser2023-01-121-2/+2
| | | | | | We can use `:=` to make `err` local to the if-scope instead of overwriting the `err` in outer scope. Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add more packages to denylist (#22412)Jason Song2023-01-121-1/+2
| | | | | | | | | | | | | | | After this, we can remove [`denylist_imports`](https://gitea.com/gitea/gitea-vet/src/branch/master/checks/denylisted-imports.go#L13) in gitea-vet ([gitea-vet/pulls/23](https://gitea.com/gitea/gitea-vet/pulls/23)). ```go deniedImports = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"} ``` However, we needn't keep `gitea.com/gitea/go-crypto` any longer, it's gone and can't be imported again. Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* fix wrong theme class when logged out if default theme is changed (#22408)crystal2023-01-121-1/+1
| | | | | If you don't use the `auto` theme as the default, the `<html>` tag has `theme-auto` as it's class when users are logged out. This PR changes it to use the correct theme class for the default theme when logged out.
* Update golang deps (#22410)techknowlogick2023-01-124-163/+195
| | | | Note, hashicorp's LRU has been updated to v2 which supports generics but this was left out as it is a more involved upgrade.
* Replace deprecated Webauthn library (#22400)techknowlogick2023-01-118-462/+59
| | | | | Fix #22052 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Allow HOST has no port (#22280)Lunny Xiao2023-01-113-5/+57
| | | | | | | Fix #22274 This PR will allow `HOST` without port. Then a default port will be given in future steps.
* Improve utils of slices (#22379)Jason Song2023-01-1122-182/+228
| | | | | | | | | | | | | | | | | | | - Move the file `compare.go` and `slice.go` to `slice.go`. - Fix `ExistsInSlice`, it's buggy - It uses `sort.Search`, so it assumes that the input slice is sorted. - It passes `func(i int) bool { return slice[i] == target })` to `sort.Search`, that's incorrect, check the doc of `sort.Search`. - Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string, []string)` to `SliceContains[T]([]T, T)`. - Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string, []string)` to `SliceSortedEqual[T]([]T, T)`. - Add `SliceEqual[T]([]T, T)` as a distinction from `SliceSortedEqual[T]([]T, T)`. - Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to `SliceRemoveAll[T]([]T, T) []T`. - Add `SliceContainsFunc[T]([]T, func(T) bool)` and `SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use. - Add comments to explain why not `golang.org/x/exp/slices`. - Add unit tests.
* cgo cross-compile for freebsd (#22397)techknowlogick2023-01-101-1/+8
| | | | | Provide pre-compiled cgo binaries for freebsd Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Fix typo (#22396)delvh2023-01-101-1/+1
| | | DEFAUlT -> DEFAULT
* fix: omit avatar_url in discord payload when empty (#22393)John Olheiser2023-01-101-1/+1
| | | | | | | | | | Fixes #22391 This field is optional for Discord, however when it exists in the payload it is now validated. Omitting it entirely just makes Discord use the default for that webhook, which is set on the Discord side. Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Fix "remember this device" case (#22388)Yarden Shoham2023-01-101-1/+1
| | | | | In the title case, it should be "Remember This Device" Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
* Don't display stop watch top bar icon when disabled and hidden when click ↵Lunny Xiao2023-01-092-0/+3
| | | | | | | | | | | other place (#22374) Fix #22286 When timetracking is disabled, the stop watch top bar icon should be hidden. When the stop watch recording popup, it should be allowed to hide with some operation. Now click any place on this page will hide the popup window.
* Fix halfCommitter and WithTx (#22366)Jason Song2023-01-092-5/+124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Related to #22362. I overlooked that there's always `committer.Close()`, like: ```go ctx, committer, err := db.TxContext(db.DefaultContext) if err != nil { return nil } defer committer.Close() // ... if err != nil { return nil } // ... return committer.Commit() ``` So the `Close` of `halfCommitter` should ignore `commit and close`, it's not a rollback. See: [Why `halfCommitter` and `WithTx` should rollback IMMEDIATELY or commit LATER](https://github.com/go-gitea/gitea/pull/22366#issuecomment-1374778612). Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Don't lookup mail server when using sendmail (#22300)Lunny Xiao2023-01-091-14/+17
| | | Fix #22287
* Update index.de-de.md (#22363)ahab2023-01-091-5/+5
| | | | | | | Some minor changes related to the language. Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move fuzz tests into tests/fuzz (#22376)Khaled Yakdan2023-01-091-1/+1
| | | | | | This puts the fuzz tests in the same directory as other tests and eases the integration in OSS-Fuzz Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Remove satori/go.uuid (#22375)Jason Song2023-01-092-3/+2
| | | | `github.com/satori/go.uuid` is no longer used, so the `replace` is not needed now
* Use context parameter in models/git (#22367)Jason Song2023-01-0941-176/+179
| | | | | | | | | After #22362, we can feel free to use transactions without `db.DefaultContext`. And there are still lots of models using `db.DefaultContext`, I think we should refactor them carefully and one by one. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Replace `can not` with `cannot` (#22372)delvh2023-01-081-14/+14
| | | Fixes #22371.
* Fix set system setting failure once it cached (#22333)Lunny Xiao2023-01-082-13/+20
| | | | | | | | Unfortunately, #22295 introduced a bug that when set a cached system setting, it will not affect. This PR make sure to remove the cache key when updating a system setting. Fix #22332
* Bump json5 from 1.0.1 to 1.0.2 (#22365)dependabot[bot]2023-01-081-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/releases">json5's releases</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>). This has been backported to v1. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/298">#298</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's changelog</a>.</em></p> <blockquote> <h3>Unreleased [<a href="https://github.com/json5/json5/tree/main">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.3...HEAD">diff</a>]</h3> <h3>v2.2.3 [<a href="https://github.com/json5/json5/tree/v2.2.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3">diff</a>]</h3> <ul> <li>Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/299">#299</a>)</li> </ul> <h3>v2.2.2 [<a href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li> </ul> <h3>v2.2.1 [<a href="https://github.com/json5/json5/tree/v2.2.1">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1">diff</a>]</h3> <ul> <li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/266">#266</a>)</li> </ul> <h3>v2.2.0 [<a href="https://github.com/json5/json5/tree/v2.2.0">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0">diff</a>]</h3> <ul> <li>New: Accurate and documented TypeScript declarations are now included. There is no need to install <code>@types/json5</code>. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/236">#236</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/244">#244</a>)</li> </ul> <h3>v2.1.3 [<a href="https://github.com/json5/json5/tree/v2.1.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3">diff</a>]</h3> <ul> <li>Fix: An out of memory bug when parsing numbers has been fixed. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/228">#228</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/229">#229</a>)</li> </ul> <h3>v2.1.2 [<a href="https://github.com/json5/json5/tree/v2.1.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2">diff</a>]</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/json5/json5/commit/a62db1e51e1031d92ac260f5bb38bbed1fdbc754"><code>a62db1e</code></a> 1.0.2</li> <li><a href="https://github.com/json5/json5/commit/e0c23fe458a77c0b2cdb271376be5d8d0908133c"><code>e0c23fe</code></a> docs: update CHANGELOG for v1.0.2</li> <li><a href="https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972"><code>62a6540</code></a> fix: add <strong>proto</strong> to objects and arrays</li> <li>See full diff in <a href="https://github.com/json5/json5/compare/v1.0.1...v1.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-gitea/gitea/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Always reuse transaction (#22362)Jason Song2023-01-0811-42/+104
|
* make /{username}.png redirect to user/org avatar (#22356)crystal2023-01-061-1/+1
| | | | | fix #22355 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove old HookEventType (#22358)Jason Song2023-01-062-98/+35
| | | Supplement to #22256.
* Fix unstable emoji sort (#22346)KN4CK3R2023-01-052-1468/+1472
| | | Without the second sort every generate run produces a different result.
* Rewrite fuzzers to native Go harnesses (#22313)AdamKorcz2023-01-052-50/+38
|
* Update Emoji dataset to Unicode 14 (#22342)isla w2023-01-043-306/+527
| | | | | | | | | | | | | | Gitea emoji dataset was out of date because it gets manually built and hasn't been rebuilt since it was added. This means Gitea doesn't recognize some newer emoji or changes to existing ones. After changing the max unicode version to 14 I just ran: `go run build/generate-emoji.go` This should address the initial issue seen in #22153 where Gitea doesn't recognize a standard alias used elsewhere when importing content. 14 is the latest supported version from the upstream source as 15 is not widely supported (in their opinion) yet
* fix gravatar disable bug (#22336)Lunny Xiao2023-01-041-1/+1
|
* fix: update settings table on install (#22326)John Olheiser2023-01-031-4/+7
| | | | | Related to #22325 Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Use git command instead of exec.Cmd in blame (#22098)Lunny Xiao2023-01-032-156/+39
| | | | | extract from #18147 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Display error log when a modified template has an error so that it could ↵Lunny Xiao2023-01-031-2/+9
| | | | | | | | | recovery when the error fixed (#22261) A drawback is the previous generated template has been cached, so you cannot get error in the UI but only from log Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: delvh <dev.lh@web.de>
* Add deprecated warning for DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR (#22318)Kyle D2023-01-031-2/+2
|
* Unify hashing for avatar (#22289)Gusted2023-01-024-11/+32
| | | | | | | | | | | - Unify the hashing code for repository and user avatars into a function. - Use a sane hash function instead of MD5. - Only require hashing once instead of twice(w.r.t. hashing for user avatar). - Improve the comment for the hashing code of why it works. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Yarden Shoham <hrsi88@gmail.com>
* fix: code search title translation (#22285)John Olheiser2023-01-021-1/+1
| | | | | | | | | | | | | `code.title` isn't an existing translation. `explore.code` is the translation used for the tab, which I think matches closely enough for this instead of a brand new translation. Open to feedback on whether a new translation would be preferred instead. Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* Update Gmail mailer configuration (#22291)James Liu2023-01-021-3/+6
| | | | | | | | | | | | | This PR updates the `[mailer]` configuration snippet for Gmail: - The `HELO_HOSTNAME` isn't required. - The `USER` must not include the @gmail domain. - `HOST` needs to be supplied, and the SMTP port number needs to be appended to the URL. I also added a note about the requirement to use App passwords instead of your Google account password directly. Co-authored-by: delvh <dev.lh@web.de>
* Fix due date rendering the wrong date in issue (#22302)Yarden Shoham2023-01-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | Previously, the last minute of the chosen date caused bad timezone rendering. For example, I chose January 4th, 2023. ### Before ```html <time data-format="date" datetime="Wed, 04 Jan 2023 23:59:59 +0000">January 5, 2023</time> ``` ### After ```html <time data-format="date" datetime="2023-01-04">January 4, 2023</time> ``` --- Closes #21999 Signed-off-by: Yarden Shoham <hrsi88@gmail.com>