| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
backport #28213
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
|
| |
|
|
|
|
|
|
|
|
| |
Backport of #27915
Fixes #27819
We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #27887 by @Zettat123
We should not use `asset.ID` in DownloadFunc because DownloadFunc is a
closure.
https://github.com/go-gitea/gitea/blob/1bf5527eac6b947010c8faf408f6747de2a2384f/services/migrations/gitea_downloader.go#L284-L295
A similar bug when migrating from GitHub has been fixed in #14703. This
PR fixes the bug when migrating from Gitea and GitLab.
Co-authored-by: Zettat123 <zettat123@gmail.com>
|
| |
|
|
|
|
|
|
| |
Backport #27839 by @lunny
Fix #23742
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #27655 by @wolfogre
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.
But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.
This PR fixes it by:
- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
Co-authored-by: Jason Song <i@wolfogre.com>
|
| |
|
|
|
| |
Backport #27657 by @lunny
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport #27486 by @lunny
Fix #27204
This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
| |
Backport #27467 manually.
|
| |
|
|
|
|
|
|
|
|
| |
(#26430) (#27378)
Backport #26430 by @lunny
Fix #26165
Fix #25257
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
| |
Backport #27203 by @Nabapadma-sarker
Fixes #27202
Co-authored-by: Nabapadma-sarker <nabapadmacse1991@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport #27182 by @jolheiser
Resolves #27180
`URL` points to the API URL, `HTMLURL` points to the web page.
Notably, however, for PRs they are the same URL. I switched them to use
HTMLURL to match the rest of the codebase terminology.
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Backport #27152 by @delvh
A function should not return an error when it is successful.
Otherwise, things like
https://discord.com/channels/322538954119184384/322538954119184384/1153705341620600833
happen…
Co-authored-by: delvh <dev.lh@web.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport #27129 by @earl-warren
Refs: https://codeberg.org/forgejo/forgejo/pulls/1385
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
(cherry picked from commit 589e7d346f51de4a0e2c461b220c8cad34133b2f)
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
|
| |
|
|
|
|
|
|
| |
backport #21227
author @svenseeberg
Co-authored-by: Sven Seeberg <mail@sven-seeberg.de>
Co-authored-by: Giteabot <teabot@gitea.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport #26816 by @Zettat123
Fixes #26138
Sync the tags into database when adopting repos
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
|
| |
|
|
|
| |
Backport #26812 by @techknowlogick
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
| |
Backport #26778 by @harryzcy
Co-authored-by: Chongyi Zheng <git@zcy.dev>
Co-authored-by: delvh <dev.lh@web.de>
|
| |
|
|
| |
Fix #26684
Backport #26762
|
| |
|
|
|
|
|
|
|
|
| |
Backport #26599 by @yardenshoham
We now include the branch filler in the response.
- Closes #26591
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
|
| |
|
|
|
|
|
| |
Backport #26517 by @wxiaoguang
Close #26509
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
| |
Backport #26493 by @wxiaoguang
It works for various sizes.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
| |
Backport #25996
Telegram has recently implemented threads (channels) for group chats.
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: neveraskedtoexist <matikot415@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Backport #26259
This PR will introduce a transaction on creating pull request so that if
some step failed, it will rollback totally. And there will be no dirty
pull request exist.
Co-authored-by: Giteabot <teabot@gitea.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #26401 by @yardenshoham
Add webhook events for pull request review requests
- Fixes #26371
- Added support for the "Pull request review requested" and "Pull
request review request removed" webhook events.
- Updated the `getPullRequestPayloadInfo` function in `general.go` to
handle these new webhook events.
# Before
# After
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
|
| |
|
|
|
|
|
|
|
|
| |
Backport #26392 by @wxiaoguang
Fix #26389
And complete an old TODO: `ctx.Params does un-escaping,..., which is
incorrect.`
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
IssueIndex (#26279) (#26368)
Backport #26279 by @wxiaoguang
Close #26277
Fix #26285
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #26352
Now, you don't need to be a git expert anymore to know what these numbers mean.
## Before
## After
or when the mode actually changed:
|
| |
|
|
|
|
|
|
|
|
| |
Backport #25097
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
|
| |
|
|
|
|
|
| |
Backport #26332 by @KN4CK3R
Fixes #26313
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #26179 by @CaiCandong
In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.
fixed #25990
Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
(#26211)
Backport #26039 by @puni9869
Attemp fix: #25744
Fixing the log level when we delete any repo then we get error hook not
found by id. That should be warn level to reduce the noise in the logs.
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
automatically (#25882) (#26158)
Fix #25858
Backport #25882
The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.
<img width="1006" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">
<img width="1021" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport #26122 by @Zettat123
This PR
- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection
Co-authored-by: Zettat123 <zettat123@gmail.com>
|
| |
|
|
| |
Co-authored-by: Peter Verraedt <peter.verraedt@gmail.com>
|
| |
|
|
|
|
|
| |
Backport #25955 by @wxiaoguang
Try to fix #25952
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #25733 by @hiifong
When only the casing of the username changes, update the owner name of the repo,
and keep the original logic consistent with other conditions.
example: assume your username is `gitea`, lowercase username is `gitea` too,
repo URL is `.../gitea/{repo}`.
You change your username to `Gitea`, `GiTea` or something like that,
as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`.
this pr keeps the new username consistent with the repo URL.
Before:
After:
Co-authored-by: hiifong <i@hiif.ong>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #25701 by @CaiCandong
we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close #24439
related #22119
Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: Jason Song <i@wolfogre.com>
|
| |
|
|
|
|
|
| |
Backport #25639 by @lunny
Fix #25257
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
template (#25779) (#25809)
Backport #25779 by @wxiaoguang
Related #22669. Close #25177
After the fix:
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
| |
Same perl replacement as https://github.com/go-gitea/gitea/pull/25686
but for 1.20 to ease future backporting.
|
| |
|
|
|
|
|
|
|
| |
(#25414) (#25660)
Backport #25414 by @lunny
Fix #24498
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #25560 by @wolfogre
Fix #25451.
Bugfixes:
- When stopping the zombie or endless tasks, set `LogInStorage` to true
after transferring the file to storage. It was missing, it could write
to a nonexistent file in DBFS because `LogInStorage` was false.
- Always update `ActionTask.Updated` when there's a new state reported
by the runner, even if there's no change. This is to avoid the task
being judged as a zombie task.
Enhancement:
- Support `Stat()` for DBFS file.
- `WriteLogs` refuses to write if it could result in content holes.
Co-authored-by: Jason Song <i@wolfogre.com>
|
| |
|
|
|
|
|
|
|
| |
Backport #25497 by @lunny
Fix #14304
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
|
| |
|
|
|
|
|
| |
Partial backport of #25430
Not a bug, but worth backporting for efficiency.
Signed-off-by: jolheiser <john.olheiser@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #25388 by @wolfogre
The old code generates `structs.Repository.Permissions` with only
`access.Permission.AccessMode`, however, it should check the units too,
or the value could be incorrect. For example,
`structs.Repository.Permissions.Push` could be false even the doer has
write access to code unit.
Should fix
https://github.com/renovatebot/renovate/issues/14059#issuecomment-1047961128
(Not reported by it, I just found it when I was looking into this bug)
---
Review tips:
The major changes are
- `modules/structs/repo.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-870406f6857117f8b03611c43fca0ab9ed6d6e76a2d0069a7c1f17e8fa9092f7
- `services/convert/repository.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-7736f6d2ae894c9edb7729a80ab89aa183b888a26a811a0c1fdebd18726a7101
And other changes are passive.
Co-authored-by: Jason Song <i@wolfogre.com>
|
| |
|
|
|
|
|
|
|
| |
Backport #25425 by @Zettat123
Fixes #21169
Change `localhost` to `localhost.local`
Co-authored-by: Zettat123 <zettat123@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #24936
If enabled show a clickable label in the comment. A click on the label
opens the Conversation tab with the comment focussed - there you're able
to view the old diff (or original diff the comment was created on).
**Screenshots**
When resolved and outdated:
Option to enable/disable this (stored in user settings - default is
disabled):
fixes #24913
Co-authored-by: silverwind <me@silverwind.io>
|
| |
|
|
|
|
| |
TBH, I don't see much difference from `Remove "CHARSET" config option
for MySQL, always use "utf8mb4"` #25413
Close #25413
|
| |
|
|
|
|
|
| |
Backport #25405 by @lunny
As title.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport #25278 by @Zettat123
Fix #21072
Username Attribute is not a required item when creating an
authentication source. If Username Attribute is empty, the username
value of LDAP user cannot be read, so all users from LDAP will be marked
as inactive by mistake when synchronizing external users.
This PR improves the sync logic, if username is empty, the email address
will be used to find user.
Co-authored-by: Zettat123 <zettat123@gmail.com>
|
