Commit Graph

11959 Commits

Author SHA1 Message Date
zeripath
3a77465e4e
Prevent double decoding of % in url params (#17997) (#18001) 2021-12-16 18:03:20 -05:00
zeripath
fc8c23edb7
Prevent deadlock in create issue (#17970) (#17982) 2021-12-14 21:06:40 -05:00
KN4CK3R
31df892059
Use non-expiring key. (#17984) (#17985) 2021-12-14 17:42:03 -05:00
Lunny Xiao
9879e23c57
Changelog for v1.15.7 (#17871)
* Changelog for v1.15.7

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-12-02 21:16:33 +01:00
Lunny Xiao
56a3b50136
Check if column exist before rename if exist, just return with no error (#17870) (#17882)
* Check if column exist before rename if exist, just return with no error

* Also check if errors column exist

* Add comment for migration

* Fix sqlite test
2021-12-02 18:12:11 +01:00
a1012112796
9a8532d928
fix 500 error while use a reserved name in org rename (#17878) (#17881)
fix #17876

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-12-02 19:52:08 +08:00
Lunny Xiao
d29a0fc3be
Fix user primary email changed (#17840) 2021-11-28 12:04:44 +01:00
Gusted
04517e17d6
Use correct user on releases (#17818)
- Backport #17806
2021-11-26 07:06:26 +00:00
KN4CK3R
3a222ee416
Fixed commit count (#17698) (#17790)
* Fixed commit count (#17698)

Added "Tag" label.
Unified branch, tag and commit name.

* Keep 1.15 behaviour.

* Removed locale change.
2021-11-26 00:21:56 +01:00
silverwind
add85f5a85
Preserve color when inverting emojis (#17799)
Fixes: https://github.com/go-gitea/gitea/issues/17795
2021-11-24 22:43:22 +08:00
Gusted
76ad83f05e
backport: use correct sender on title change (#17792) 2021-11-24 03:53:18 -05:00
Lunny Xiao
714ecd9f1e
Fix close issue but time watcher still running (#17761)
* Fix bug

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-11-23 20:05:44 +08:00
Lunny Xiao
a08856606e
Return 400 but not 500 when request archive with wrong format (#17691) (#17700)
* Return 400 but not 500 when request archive with wrong format (#17691)
* Remove bundle because it's not in this version
2021-11-20 00:31:29 +08:00
99rgosse
7be2d7b136
Fix Migrate Description - backport (#17727) 2021-11-19 17:52:47 +08:00
Lunny Xiao
6f3596e33c
Fix bug when project board get open issue number (#17703) (#17726)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-11-19 14:28:37 +08:00
Lunny Xiao
0305a73633
Fix bug when read mysql database max lifetime (#17682) (#17690) 2021-11-17 21:28:41 +08:00
wxiaoguang
6cd1ccef3d
Backport #17649, fix database deadlock when update issue labels (#17665) 2021-11-17 13:32:31 +08:00
Gusted
ea0fe83888
Fix golangci-lint warnings (#17598 et al) (#17668)
Backport #17598 
Backport #17606 
Backport #17608 
Backport #17609

- Since https://gitea.com/gitea/test-env/pulls/10 the golangci-lint has been upgraded and is erroring about new warnings in the code, this PR fixes those warnings.
2021-11-16 20:38:49 +00:00
Lunny Xiao
1cec7f5ab5
Fix bug on detect issue/comment writer (#17592) 2021-11-09 16:00:40 +08:00
Gusted
1cb1101d44
backport(1.15): Fix stats upon searching issues (#17578)
- Backport of https://github.com/go-gitea/gitea/pull/17566

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-11-08 23:14:57 +02:00
zeripath
653dff4e57
Remove appSubUrl from pasted images (#17572) (#17588)
Backport #17572

* Remove appSubUrl from pasted images

Since we fixed the url base for the links in repositories we no longer need to add
the appsuburl to pasted image links.

Fix #17057

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-08 20:28:10 +00:00
Gusted
b661bbaed7
backport(1.15): make ParsePatch more robust (#17580)
- Backport of https://github.com/go-gitea/gitea/pull/17573
2021-11-08 11:28:16 +08:00
wxiaoguang
20ae184967
Only allow webhook to send requests to allowed hosts (#17482) (#17510)
Backport #17482

* Only allow webhook to send requests to allowed hosts (backport #17482)

* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x
2021-11-06 09:23:43 +00:00
zeripath
15b44496ec
Escape issue titles in comments list (#17555) (#17556)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-05 23:20:51 +00:00
Gusted
0d0ff5e32a
backport(1.15): Use correct defaultValue for stracktrace (#17557)
- Backporting https://github.com/go-gitea/gitea/pull/17552
2021-11-05 22:55:33 +08:00
Lunny Xiao
f25f7c592f
Fix zero created time bug on commit api (#17547)
Co-authored-by: zeripath <art27@cantab.net>
2021-11-05 14:15:44 +08:00
delvh
e8cf04bad7
Show correct "No" icon (#17538) 2021-11-04 15:29:37 -04:00
Lunny Xiao
251fdaaf41
Fix database keyword quote problem on migration v161 (#17523)
* support rerun migration v161
2021-11-03 06:33:38 +02:00
Lunny Xiao
f572fb906f
fix email with + when active (#17518) (#17520)
Co-authored-by: zeripath <art27@cantab.net>
2021-11-03 00:52:38 +02:00
zeripath
9340269d84
Stop double encoding blame commit messages (#17498) (#17500)
Backport #17498

The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.

This PR fixes this.

Fix #17492

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-31 17:46:51 +08:00
zeripath
34650b925b
Quote the table name in CountOrphanedObjects (#17487) (#17488)
Backport #17487

CountOrphanedObjects needs to quote the table it is joining with as this table may
be `user`.

Fix #17485

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-30 12:01:22 +02:00
zeripath
718e0db12e
Run Migrate in Install rather than just SyncTables (#17475) (#17486)
Backport #17475

The underlying problem in #17328 appears to be that users are re-running the install
page during upgrades. The function that tests and creates the db did not intend for
this and thus instead the migration scripts being run - a simple sync tables occurs.

This then causes a weird partially migrated DB which causes, in this release cycle,
the duplicate column in task table error. It is likely the cause of some weird
partial migration errors in other cycles too.

This PR simply ensures that the migration scripts are also run at this point too.

Fix #17328

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-30 10:28:11 +01:00
qwerty287
6110ddc280
Fix login redirection links (#17473) 2021-10-28 21:47:26 +08:00
zeripath
c7d8181a70
Changelog 1.15.6 (#17457)
* Changelog 1.15.6

Unforunately #17435 is a somewhat critical bug and therefore we should
really release 1.15.6 as soon as possible.

 ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-27

* BUGFIXES
  * Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
  * Fix CSV render error (#17406) (#17431)
  * Read expected buffer size (#17409) (#17430)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add 17456 and its backport

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add 17464

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add final pr

* Update date

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-28 16:11:23 +08:00
wxiaoguang
548ae3eb98
Make commit-statuses popup show correctly (#17447) (#17466)
Backport #17447

Close #17443
2021-10-28 08:42:31 +01:00
zeripath
2c383d812d
Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)
Backport #17456

modules/private/serv.go has two major functions that are missing testcases to ensure
that Deploy and normal SSH keys work correctly.

This PR adds some basic integration tests for these.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-10-28 14:07:29 +08:00
zeripath
ef12b8de80
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 11:33:18 +08:00
zeripath
dd1ba34ee5
Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
Backport #17434

Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-26 01:24:29 +02:00
KN4CK3R
1fbdf96c34
Fix CSV render error (#17406) (#17431)
Backport #17406.

Closes #17378 

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.

Co-authored-by: zeripath <art27@cantab.net>
2021-10-25 18:31:15 +01:00
KN4CK3R
5159055278
Read expected buffer size (#17409) (#17430)
Backport of #17409

* Read expected buffer size.

* Changed name.
2021-10-25 17:46:56 +01:00
wxiaoguang
06da10b9a1
Fix markdown checkbox rendering (#17427)
We allow to render empty check list item - [ ], while GitHub doesn't allow.

To make the rendering correct, we need tune the UI (the last PR #17413 uses absolute layout, which makes the empty checkbox item can not be displayed correctly)
2021-10-25 17:02:39 +08:00
wxiaoguang
175ebc6f88
Fix issue markdown bugs (#17413)
* Bug fix: render Markdown `http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test` to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395

# Conflicts:
#	modules/markup/html.go
2021-10-23 23:30:46 +08:00
zeripath
3aecea2e6e
Changelog 1.15.5 (#17392)
* SECURITY
  * Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  * Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
* BUGFIXES
  * Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
  * Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
  * Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
  * Ensure popup text is aligned left (backport for 1.15) (#17343)
  * Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
  * Disable core.protectNTFS (#17300) (#17302)
  * Use pointer for wrappedConn methods (#17295) (#17296)
  * AutoRegistration is supposed to be working with disabled registration (backport) (#17292)
  * Handle duplicate keys on GPG key ring (#17242) (#17284)
  * Fix SVG side by side comparison link (#17375) (#17391)

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-21 23:50:22 +02:00
zeripath
cae8c63517
Fix SVG side by side comparison link (#17375) (#17391)
Backport #17375

Define unique names for image tabs in pull requests, in order to toggle tabs correctly when multiple are displayed on one page.

Fixes position of swipe-bar so it does not overlay other UI components when scrolling.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

Co-authored-by: Mario Lubenka <mario.lubenka@googlemail.com>
2021-10-21 20:38:29 +01:00
zeripath
8ace5c1161
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
Backport #17281

There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.

This means that only ssh-rsa signatures are offered by default.

This PR adds a workaround around this problem.

Fix #17175

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-10-21 16:37:49 +08:00
Lunny Xiao
a87b813955
Fix heatmap test (#17381) (#17383)
Backport #17381
2021-10-21 09:00:41 +01:00
6543
3baeec745c
Upgrade Bluemonday to v1.0.16 (#17372) (#17374) 2021-10-20 16:57:19 -04:00
Richard Mahn
befb6bea22
Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
Backport of #17018

Fixes #16837 if a column is deleted.
2021-10-20 22:55:34 +02:00
6543
79f0b1a50b
Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)
Repositories owned by private users and organisations and pulls by restricted users
need to have permissions checked. Previously Serv would simply assumed that if the
user could log in and the repository was not private then it would be visible.

Fix #17364

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-10-20 22:26:48 +02:00
zeripath
79a3d277e5
Don't panic if we fail to parse U2FRegistration data (#17304) (#17371)
Backport #17304

Downgrade logging statement from Fatal to Error so that errors parsing
U2FRegistration data does not panic; instead, the invalid key will be
skipped and we will attempt to parse the next one, if available.

Signed-off-by: David Jimenez <dvejmz@sgfault.com>

Co-authored-by: David Jimenez <dvejmz@users.noreply.github.com>
2021-10-20 21:45:17 +02:00