Commit Graph

16978 Commits

Author SHA1 Message Date
Lunny Xiao
65d96725bb
Fix possible renderer security problem(#30136) (#30315)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-09 00:24:35 +02:00
Giteabot
4588c7b705
Close file in the Upload func (#30262) (#30269)
Co-authored-by: guangwu <guoguangwu@magic-shield.com>
2024-04-03 15:20:18 +00:00
Giteabot
47de6e3b54
Add -u git to docs when using docker exec with root installation (#29314) (#30264)
Backport #29314 by @scribblemaniac

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this
part of the issue was ever added to the documentation.

Co-authored-by: scribblemaniac <scribblemaniac@users.noreply.github.com>
2024-04-03 13:44:11 +00:00
Giteabot
5123ed3191
Fixes #27605: inline math blocks can't be preceeded/followed by alphanumerical characters (#30175) (#30250)
Backport #30175 by @jmlt2002

- Inline math blocks couldn't be preceeded or succeeded by
alphanumerical characters due to changes introduced in PR #21171.
Removed the condition that caused this (precedingCharacter condition)
and added a new exit condition of the for-loop that checks if a specific
'$' was escaped using '\' so that the math expression can be rendered as
intended.
- Additionally this PR fixes another bug where math blocks of the type
'$xyz$abc$' where the dollar sign was not escaped by the user, generated
an error (shown in the screenshots below)
- Altered the tests to accomodate for the changes

Former behaviour (from try.gitea.io):

![image](https://github.com/go-gitea/gitea/assets/114936010/8f0cbb21-321d-451c-b871-c67a8e1e9235)

Fixed behaviour (from my local build):

![image](https://github.com/go-gitea/gitea/assets/114936010/5c22687c-6f11-4407-b5e7-c14b838bc20d)

(Edit) Source code for the README.md file:
```
$x$ -$x$ $x$-

a$xa$ $xa$a 1$xb$ $xb$1

$a a$b b$

a$b $a a$b b$

$a a\$b b$
```

Signed-off-by: João Tiago <joao.leal.tintas@tecnico.ulisboa.pt>
Co-authored-by: João Tiago <114936010+jmlt2002@users.noreply.github.com>
2024-04-03 06:06:39 +00:00
Giteabot
9f2a1a55e6
Add -u git to docs when using docker exec with root installation (#29314) (#30258)
Backport #29314 by @scribblemaniac

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this
part of the issue was ever added to the documentation.

Co-authored-by: scribblemaniac <scribblemaniac@users.noreply.github.com>
2024-04-03 01:44:13 -04:00
Giteabot
935bfe6445
Fix missing 0 prefix of GPG key id (#30245) (#30247)
Backport #30245 by @KN4CK3R

Fixes #30235

If the key id "front" byte has a single digit, `%X` is missing the 0
prefix.
` 38D1A3EADDBEA9C` instead of
`038D1A3EADDBEA9C`
When using the `IssuerFingerprint` slice `%X` is enough but I changed it
to `%016X` too to be consistent.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-04-02 16:13:07 +00:00
Giteabot
2ac78c75d0
Include encoding in signature payload (#30174) (#30181)
Backport #30174 by @KN4CK3R

Fixes #30119

Include the encoding in the signature payload.

before

![grafik](https://github.com/go-gitea/gitea/assets/1666336/01ab94a3-8af5-4d6f-be73-a10b65a15421)

after

![grafik](https://github.com/go-gitea/gitea/assets/1666336/3a37d438-c70d-4d69-b178-d170e74aa683)

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-04-01 09:47:11 +08:00
YR Chen
b1dae9f2c8
Move from max( id ) to max( index ) for latest commit statuses (#30076) (#30155)
Backport https://github.com/go-gitea/gitea/pull/30076.

This PR replaces the use of `max( id )`, and instead using ``max(
`index` )`` for determining the latest commit status. Building business
logic over an `auto_increment` primary key like `id` is risky and
there’re already plenty of discussions on the Internet.

There‘s no guarantee for `auto_increment` values to be monotonic,
especially upon failures or with a cluster. In the specific case, we met
the problem of commit statuses being outdated when using TiDB as the
database. As [being
documented](https://docs.pingcap.com/tidb/stable/auto-increment),
`auto_increment` values assigned to an `insert` statement will only be
monotonic on a per server (node) basis.

Closes #30074.
2024-03-28 16:29:38 +00:00
yp05327
7bffb923ce
Load attachments for code comments (#30124) (#30126)
backport #30124
2024-03-27 16:06:23 +08:00
yp05327
0c10c3a282
Fix gitea doctor will remove repo-avatar files when execute command storage-archives (#30094) (#30120)
backport #30094
2024-03-27 10:09:17 +08:00
Lunny Xiao
09a5067c0c
Fix possible data race on tests (#30093) (#30108)
backport #30093
2024-03-26 16:49:48 +01:00
yp05327
a0f89ba8c7
Fix duplicate migrated milestones (#30102) (#30105)
backport #30102
2024-03-26 20:58:56 +08:00
yp05327
6d47b63be2
Fix panic for fixBrokenRepoUnits16961 (#30068) (#30100)
backport #30068
2024-03-26 18:20:03 +08:00
silverwind
8dccea02f2
Update katex to 0.16.10 (#30089)
https://github.com/KaTeX/KaTeX/releases/tag/v0.16.10

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-03-26 02:42:37 +01:00
silverwind
03f29db46d
Fix incorrect SVGs (#30087)
Just the SVG fixes from https://github.com/go-gitea/gitea/pull/30086 for
v1.21 branch.
2024-03-26 00:10:24 +00:00
Lunny Xiao
d6b0d0e9c0
Release of 1.21.10 (#30073)
The main reason for this release is to fix a bug #29997
2024-03-26 00:46:08 +01:00
Lunny Xiao
087aed7096
Fix Add/Remove WIP on pull request title failure (#29999) (#30066)
Fix #29997
Backport #29999
2024-03-25 10:26:05 +01:00
Giteabot
78795dd566
Fix misuse of TxContext (#30061) (#30062)
Backport #30061 by @wolfogre

Help #29999, or its tests cannot pass.

Also, add some comments to clarify the usage of `TxContext`.

I don't check all usages of `TxContext` because there are too many
(almost 140+). It's a better idea to replace them with `WithTx` instead
of checking them one by one. However, that may be another refactoring
PR.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-03-25 07:22:09 +00:00
Giteabot
e321b8a849
Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org (#30013) (#30035)
Backport #30013 by @DrMaxNix

This PR adds `setting.Service.DefaultOrgMemberVisible` value to dataset
of user when the initial org creator is being added to the created org.

Fixes #30012.

Co-authored-by: DrMaxNix <mail@drmaxnix.de>
2024-03-24 06:38:31 +01:00
wxiaoguang
2172b38d50
Escape paths for find file correctly (#30026) (#30031)
Backport #30026
2024-03-23 17:21:57 +01:00
wxiaoguang
01f736f68c
Remove duplicate option in admin screen and now-unused translation keys (#28492) (#30024)
Backport #28492
Fix #30019

Co-authored-by: The Magician <142242365+TheMagician23@users.noreply.github.com>
2024-03-23 15:56:19 +01:00
Giteabot
688107651c
Small refactors in anchors.js (#29947) (#30003)
Backport #29947 by @silverwind

Some minor refactors, remove unnecessary `:is` selector and move the
`:target` check out of the function. Might as well backport for the rare
browser that does not support `:is`.

Co-authored-by: silverwind <me@silverwind.io>
2024-03-22 15:02:05 +01:00
wxiaoguang
24c66c5096
Fix manual merge form and 404 page templates (#30000)
Partially backport #29985, fix some template errors.

* fix the manual-merge form
* fix the 404 page
2024-03-22 19:42:41 +08:00
Lunny Xiao
e1e88f9ad1
Add changelog for 1.21.9 (#29971)
Co-authored-by: Jason Song <i@wolfogre.com>
2024-03-22 12:32:44 +08:00
Giteabot
f91b4dd959
Fix bugs in rerunning jobs (#29955) (#29983)
Backport #29955 by @Zettat123

Fix #28761
Fix #27884
Fix #28093

## Changes

### Rerun all jobs
When rerun all jobs, status of the jobs with `needs` will be set to
`blocked` instead of `waiting`. Therefore, these jobs will not run until
the required jobs are completed.

### Rerun a single job
When a single job is rerun, its dependents should also be rerun, just
like GitHub does
(https://github.com/go-gitea/gitea/issues/28761#issuecomment-2008620820).
In this case, only the specified job will be set to `waiting`, its
dependents will be set to `blocked` to wait the job.

### Show warning if every job has `needs`
If every job in a workflow has `needs`, all jobs will be blocked and no
job can be run. So I add a warning message.

<img
src="https://github.com/go-gitea/gitea/assets/15528715/88f43511-2360-465d-be96-ee92b57ff67b"
width="480px" />

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-22 03:57:10 +00:00
Lunny Xiao
6ef986d474
Performance improvements for pull request list page (#29900) (#29972)
This PR will avoid load pullrequest.Issue twice in pull request list
page. It will reduce x times database queries for those WIP pull
requests.

Partially fix #29585
Backport #29900
2024-03-22 09:58:04 +08:00
Lunny Xiao
c03b1e2854
Fix the bug that user may logout if GetUserByID return unknow error (#29964)
backport #29962

This PR fixed a bug when the user switching pages too fast, he will
logout automatically.

The reason is that when the error is context cancelled, the previous
code think user hasn't login then the session will be deleted. Now it
will return the errors but not think it's not login.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-21 14:30:55 +00:00
HEREYUA
3ff3c5ba78
Solving the issue of UI disruption when the review is deleted without refreshing (#29951) (#29968)
backport #29951
2024-03-21 15:03:01 +01:00
Giteabot
58a0ba711d
Fix and rewrite markup anchor processing (#29931) (#29946)
Backport #29931 by @lunny

Fix #29877

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-03-21 01:09:08 +02:00
wxiaoguang
b4a6c6fd7a
Fix loadOneBranch panic (#29938) (#29939)
Backport #29938

Try to fix #29936

Far from ideal, but still better than panic.
2024-03-20 22:31:32 +08:00
Lunny Xiao
3fd15aeff2
Add cache for dashbaord commit status (#29932)
backport #29444
2024-03-20 10:34:40 +00:00
Giteabot
0873088223
Show Actions post step when it's running (#29926) (#29928)
Backport #29926 by @wolfogre

The post step was always waiting, even if all steps were done. Then,
once the task was done, the post step became success immediately.

Before:

<img width="915" alt="xnip_240320_120228"
src="https://github.com/go-gitea/gitea/assets/9418365/00347430-f998-4c43-917a-bf6dd6d0e333">

After:

<img width="905" alt="xnip_240320_120443"
src="https://github.com/go-gitea/gitea/assets/9418365/a419b111-17c2-4029-a022-c761cc419091">

Co-authored-by: Jason Song <i@wolfogre.com>
2024-03-20 06:25:11 +00:00
Lunny Xiao
ff27ca32ca
Notify reviewers added via CODEOWNERS (#29842) (#29902)
backport #29842

Co-authored-by: Jimmy Praet <jimmy.praet@telenet.be>
2024-03-20 06:02:24 +00:00
Giteabot
eb302deb18
Fix the wrong default value of ENABLE_OPENID_SIGNIN on docs (#29925) (#29927)
Backport #29925 by @lunny

Fix #29923

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-20 05:08:24 +00:00
yp05327
aae96cc62b
Fix invalid link of the commit status when ref is tag (#29752) (#29908)
Backport #29752

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-20 04:36:32 +00:00
Lunny Xiao
5f7b6b55a5
Only do counting when count_only=true for repo dashboard (#29884) (#29905)
Ref: #29878
Backport #29884

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-20 11:02:35 +08:00
Giteabot
408c92938b
Fix PR creation via api between branches of same repo with head field namespaced (#26986) (#29857)
Backport #26986 by @norohind

Fix #20175

Current implementation of API does not allow creating pull requests
between branches of the same
repo when you specify *namespace* (owner of the repo) in `head` field in
http request body.

---------

Co-authored-by: norohind <60548839+norohind@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-20 09:38:30 +08:00
wxiaoguang
b9dd5dd471
Fix template error when comment review doesn't exist (#29888) (#29889)
Backport #29888
2024-03-19 15:00:01 +08:00
Lunny Xiao
440be51a45
Fix bug on template (#29887)
Caused by #29807
Fix #29886
2024-03-18 15:24:07 +00:00
Giteabot
00ea9af8e1
Editor error message misleading due to re-used key. (#29859) (#29876)
Backport #29859 by @buckybytes

The error message:

`editor.file_changed_while_editing = The file contents have changed
since you started editing. <a target="_blank" rel="noopener noreferrer"
href="%s">Click here</a> to see them or <strong>Commit Changes
again</strong> to overwrite them.`

Is re-used in inappropriate contexts. The link in the key goes to a 404
when the key is used in a situation where the file contents have not
changed.

Added two new keys to differentiate commit id mismatch and push out of
date conditions.

Co-authored-by: buckybytes <158571971+buckybytes@users.noreply.github.com>
2024-03-18 14:45:43 +08:00
Giteabot
c044510ca8
Fix user id column case (#29863) (#29867)
Backport #29863 by @lng2020

Sometimes the column name is case-sensitive and it may cause 500.

Co-authored-by: Nanguan Lin <nanguanlin6@gmail.com>
2024-03-17 13:51:15 +00:00
Lunny Xiao
85f31eb643
Fix codeowner detected diff base branch to mergebase (#29783) (#29807)
Fix #29763
Backport #29783 

This PR fixes 2 problems with CodeOwner in the pull request.
- Don't use the pull request base branch but merge-base as a diff base
to detect the code owner.
- CodeOwner detection in fork repositories will be disabled because
almost all the fork repositories will not change CODEOWNERS files but it
should not be used on fork repositories' pull requests.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-17 02:40:06 +01:00
Giteabot
8242c3c88c
fix double border and border-radius on empty action steps (#29845) (#29850)
Backport #29845 by @silverwind

Before, double border-bottom and incorrect border-radius:

<img width="914" alt="Screenshot 2024-03-16 at 14 46 31"
src="https://github.com/go-gitea/gitea/assets/115237/6ea63c42-754c-420c-a0f5-c889a8507d9f">

After, both fixed:

<img width="917" alt="Screenshot 2024-03-16 at 14 45 59"
src="https://github.com/go-gitea/gitea/assets/115237/9d3f2dba-6b22-441d-8e99-5809d5f1f1c0">

Co-authored-by: silverwind <me@silverwind.io>
2024-03-16 18:16:45 +01:00
6543
0cbbcf20e3
Make meilisearch do exact search for issues (#29740 & #29671) (#29846)
Backport https://github.com/go-gitea/gitea/pull/29740 (based on #29671
...)
2024-03-16 17:01:40 +01:00
Giteabot
47dc4598a3
Fix for attribute not pointing to the ID of the color picker (#29813) (#29815)
Backport #29813 by @yardenshoham

It didn't include the word picker.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-03-15 13:33:46 +00:00
silverwind
817d5e4d30
Use Temporal.PlainDate for absolute dates (#29804) (#29808)
Backport https://github.com/go-gitea/gitea/pull/29804.

Use the upcoming
[Temporal.PlainDate](https://tc39.es/proposal-temporal/docs/plaindate.html)
via polyfill. If there is any remaining bugs in `<absolute-date>` this
will iron them out. I opted for the lightweight polyfill because both
seem to achieve our goal of localizeable absolute dates.

- With
[`@js-temporal/polyfill`](https://www.npmjs.com/package/@js-temporal/polyfill)
chunk size goes from 81.4 KiB to 274 KiB
- With
[`temporal-polyfill`](https://www.npmjs.com/package/temporal-polyfill)
chunk size goes from 81.4 KiB to 142 KiB

Also see [this
table](https://github.com/fullcalendar/temporal-polyfill?tab=readme-ov-file#comparison-with-js-temporalpolyfill)
for more comparisons of these polyfills. Soon there will be
[treeshakable
API](https://github.com/fullcalendar/temporal-polyfill?tab=readme-ov-file#tree-shakable-api)
as well which will further reduce size.
2024-03-15 11:20:42 +01:00
Lunny Xiao
31ab839a65
Update Chroma to v2.13.0 (#29732) (#29805)
Backport #29732 

This adds new lexers and includes some fixes. See
https://github.com/alecthomas/chroma/releases/tag/v2.13.0 for the full
changelog.

Co-authored-by: JakobDev <jakobdev@gmx.de>
2024-03-15 16:45:10 +08:00
Giteabot
df23ec0f8b
Fix Safari spinner rendering (#29801) (#29802)
Backport #29801 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/29041
Fixes: https://github.com/go-gitea/gitea/pull/29713

Any of the `width: *-content` properties seem to workaround this Webkit
bug, this one seemed most suitable.

Before:
<img width="184" alt="Screenshot 2024-03-14 at 22 29 58"
src="https://github.com/go-gitea/gitea/assets/115237/6effc5f0-bc64-4752-be74-9c43b3974407">

After:
<img width="177" alt="Screenshot 2024-03-14 at 22 30 30"
src="https://github.com/go-gitea/gitea/assets/115237/5de244d7-6b46-428e-957c-4b10f53e2441">

Co-authored-by: silverwind <me@silverwind.io>
2024-03-14 22:08:59 +00:00
Giteabot
e0a9a921af
Support GITEA_I_AM_BEING_UNSAFE_RUNNING_AS_ROOT env (#29788) (#29791)
Backport #29788 by @wolfogre

I was trying to run unit tests for Gitea on act runner, by using `make
test`.

It failed with log:

```
2024/03/14 03:09:26 ...s/setting/setting.go:180:loadRunModeFrom() [F] Gitea is not supposed to be run as root. Sorry. If you need to use privileged TCP ports please instead use setcap and the `cap_net_bind_service` permission
```

So it will be convenient to skip by setting environment, since it's OK
to use root user in job containers.

It's not a bug, but I want to backport it to v1.21 since it doesn't
break anything.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-14 10:02:37 +00:00
Giteabot
e03cf66e8b
Fix missing translation on milestons (#29785) (#29789)
Backport #29785 by @lunny

Caused by #26569
Fix #29778

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-14 09:21:04 +01:00