Commit Graph

10448 Commits

Author SHA1 Message Date
Lunny Xiao
c0320065b6
Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one (#14673) (#14675)
* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one

* Add a warning on document

Co-authored-by: zeripath <art27@cantab.net>
2021-02-13 21:19:33 +01:00
zeripath
a1b74c5509
Allow org labels to be set with issue templates (#14593) (#14647)
Backport #14593

Fix #13688

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-02-13 19:34:47 +01:00
zeripath
101fb0d7e2
Do not assume all 40 char strings are SHA1s (#14624) (#14648)
Backport #14624

GetCommit() assumes that all 40 char strings are SHA1s. This leads to an
error if you try to do a PR on a branch which is 40 characters long.

This PR attempts the SHA first - and if it fails will switch to using rev-parse.

Fix #14470

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-14 01:25:47 +08:00
zeripath
82637c240a
Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989) (#14607)
Backport #13989

Fix #13984

Fix #14566

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-08 09:25:30 +08:00
6543
d0174d45ed
Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
* Fix bug about ListOptions and stars/watchers pagnation

* fix unit test
2021-02-05 21:11:15 +00:00
Anton Khimich
da7a525c5c
Fix GPG key deletion during account deletion (#14561) (#14569)
Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.

Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
2021-02-04 21:28:48 +01:00
6543
014313134f
Changelog v1.13.2 (#14535) 2021-02-02 01:11:05 +02:00
Stefan
7dddf2186b
configure internal ssh server w/ macs and ciphers, backport of #14523 (#14530) 2021-01-30 21:57:31 +02:00
6543
446c06b817
Set the name Mapper in migrations (#14526) (#14529)
Migrations currently uses the default Xorm mapper which is
not the same as the mapper Gitea actually uses.

This means that there is a difference between the struct
parsing and mapping to database tables in migrations as
compared to normal Sync2.

This was the cause for the catastrophic problem in v168 -
untagged fields are not mapped in the same way in migrations
as compared to outside of migrations.

This is also likely the cause of some weird subtle failures
in other migrations as any untagged field may not be being
mapped exactly the same way.

This PR suggests that we ensure that the mapper is set at
the start of the migrations code - but also enforces a strict
clean mapper between each migration.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-30 21:47:11 +02:00
Lunny Xiao
9569607abb
Fix wiki preview (#14515)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-29 22:37:20 +08:00
6543
8ff4f82e05
update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497) 2021-01-28 23:14:57 +08:00
6543
2595c70868
ChangeUserName: rename user files back on DB issue (#14447) 2021-01-25 01:36:16 +02:00
6543
00dc35e2de
Fix migration v141 (#14387) (#14388)
* Fix mig 141

* temporary fix dump
2021-01-23 13:33:03 +02:00
zeripath
841efac895
ensure timeout error is shown on u2f timeout (#14417) (#14431)
Backport #14417

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2021-01-23 05:11:57 +01:00
6543
dd827d6f2f
Fix lfs preview bug (#14428) (#14433)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-23 03:55:52 +01:00
6543
4d2a6c40f8
[Backport] Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
* Enhance Ghost comment mitigation Settings (#14392)

* refactor models.DeleteComment and delete related reactions too

* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser

* Resolve Fixme & fix potential deadlock

* rm refactor

* make diff eaven less
2021-01-23 10:03:29 +08:00
6543
fb274ec54b
Prevent panic on fuzzer provided string (#14405) (#14409)
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-20 20:47:30 +02:00
6543
0c3f95034a
Use path not filepath in routers/editor (#14390) (#14396)
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-19 17:00:13 +08:00
6543
4583caa077
Removed invalid form tag (#14391) (#14395)
introduced by #5073

Co-authored-by: KN4CK3R <KN4CK3R@users.noreply.github.com>
2021-01-19 07:12:04 +02:00
6543
cf20ebc8ba
Check if label template exist first (#14384) (#14389) 2021-01-19 00:27:33 +02:00
Norwin
5ee09d3c81
check release publisher exists (#14375)
fixes #14365
was silently fixed in the feature PR #12096 for v1.14
2021-01-18 14:14:27 +01:00
Kyungmin Bae
e846b712fc
Use Request.URL.RequestURI() for fcgi (#14312) (#14347)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-15 20:26:45 +08:00
Lunny Xiao
49d113945f
Use ServerError provided by Context (#14333) (#14345)
... instead of InternalServerError by macaron
2021-01-15 17:36:30 +08:00
Norwin
096aa18249
Fix edit-label form init (#14337) 2021-01-14 15:03:16 +02:00
a1012112796
bf853db450
fix mailIssueCommentBatch for pull request (#14252) (#14296)
fix #14250

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-01-11 08:46:19 +08:00
6543
fb656b5124
Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
* Add secure/httpOnly attributes to the lang cookie (#9690) (#14279)

* apply to InitLocales() too

Co-authored-by: Timo Gurr <timo.gurr@gmail.com>
2021-01-07 15:35:02 +01:00
Nuno Silva
4be59eb5d9
Render links for commit hashes followed by comma (#14224) (#14227)
Regex test cases: https://regex101.com/r/mVbPxM/2/

fixes #14223
2021-01-03 17:58:39 +01:00
Jimmy Praet
450b32c1a1
Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-03 15:44:40 +02:00
6543
06673cbccb
Fix avatar bugs (#14217) (#14220)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-02 20:21:39 -05:00
zeripath
2fd708a397
Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
Backport #14131

Unfortunately every connection to postgres requires that the search path is
set appropriately.

This PR shadows the postgres driver to ensure that as soon as a connection
is open, the search_path is set appropriately.

Fix #14088

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-02 18:58:53 +01:00
Lunny Xiao
7a0a133d7c
Fix dashboard issues labels filter bug (#14210) (#14214) 2021-01-02 18:08:04 +01:00
Lunny Xiao
17022f8b62
When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-02 18:52:36 +08:00
a1012112796
5568dd6475
fix branch selector on new issue page (#14194) (#14207)
fix #14185

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-01 16:14:49 +02:00
zeripath
58c105d4bf
Check for notExist on profile repository page (#14197) (#14203)
Backport #14197

Fix #14189
2020-12-31 21:03:56 +08:00
Lunny Xiao
afa7f22dd8
Add changelog for v1.13.1 (#14172)
* Add changelog for v1.13.1

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-28 12:36:22 -05:00
Lunny Xiao
182be90655
Fix bug of link query order on markdown render (#14156) (#14171)
* Fix bug of link query order on markdown render

* Fix bluemonday bug and fix one wrong test

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: 6543 <6543@obermui.de>
2020-12-28 12:08:55 -05:00
6543
4a738a8f16
Migration: drop too long repo topics (#14152) (#14155)
* Migration: drop to long repo topics

* Update modules/migrations/gitea_uploader.go
2020-12-26 21:57:06 -05:00
zeripath
206b66a184
Fix escaping issue in diff (#14154)
Ensure that linecontent is escaped before passing to template.HTML

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-26 22:15:42 +00:00
Daniil Pankratov
205be63bc1
Fix creation OAuth2 auth source from CLI. (#14146)
Fix #8356
2020-12-25 20:02:52 +08:00
zeripath
bf1441b1e1
Ensure that search term and page are not lost on adoption page-turn (#14133) (#14143)
Backport #14133

Fix #14111

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-24 21:54:15 +00:00
6543
fae18bdac0
more test case for STORAGE_TYPE overrides (and fixes) (#14096) (#14104)
Signed-off-by: 胡玮文 <huww98@outlook.com>

Co-authored-by: 胡玮文 <huww98@outlook.com>
2020-12-22 09:13:57 +02:00
6543
661e3e2bdc
Fix storage config implementation (#14091) (#14095)
The design is very flexible, but not implemented correctly.
This commit fixes several issues:
* Costom storage type stated in https://docs.gitea.io/en-us/config-cheat-sheet/#storage-storage
  not working
* [storage.attachments], [storage.minio] section not respected

Signed-off-by: 胡玮文 <huww98@outlook.com>

Co-authored-by: 胡玮文 <huww98@outlook.com>
2020-12-22 00:56:18 +02:00
techknowlogick
70038719bf
dep: update crypto. info: https://golangtutorial.dev/news/fix-in-crypto-package/ (#14078) 2020-12-21 14:02:40 +08:00
silverwind
55d7e53d99
Fix panic in BasicAuthDecode (#14046) (#14048)
* Fix panic in BasicAuthDecode

If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.

* Update BasicAuthDecode()

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-19 00:19:43 +08:00
6543
96d41287e5
[API] GetCombinedCommitStatusByRef always return json & swagger doc fixes (#14047)
* Fix swagger docs

* always return json
2020-12-18 13:38:47 +00:00
6543
df11075389
HotFix: Hide private partisipation in Orgs (#13994) (#14031)
* HotFix: Hide private partisipation in Orgs

Co-authored-by: zeripath <art27@cantab.net>
2020-12-17 22:32:24 +01:00
zeripath
b8a2cd9f40
Always wait for the cmd to finish (#14006) (#14039)
Backport #14006

After cancelling the context we still need to wait for the
command to finish otherwise zombie processes may occur

Fix #13987
2020-12-17 21:06:51 +01:00
mrsdizzie
4f296f7436
Don't use simpleMDE editor on mobile devices for 1.13 (#14029)
* Don't use simpleMDE editor on mobile devices

simpleMDE doesn't work properly on mobile devices -- We've replaced it with the slightly more working easyMDE in 1.14 but since that change can't be backported to 1.13 we will just disable the editor on mobile here.

* make isMobile function per code review -- disable simpleMDE for code review and replies

* Fix issue with plain text and wiki

Co-authored-by: silverwind <me@silverwind.io>
2020-12-17 17:39:12 +01:00
6543
78b9ef3586
Add emoji in label to project boards (#13978) (#14021)
* Update view.tmpl

Added rendering of emoji to project label

* Add RenderEmojiPlain to the title and remove has-emoji

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Rakshith Ravi <rakshith.ravi@gmx.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-16 15:15:58 -05:00
Cirno the Strongest
90dfe445c2
Send webhook when tag is removed via Web UI (#14015) (#14019)
* Send webhook when tag is removed via Web UI

* Stray code (cherry picked from commit 53308de0bf)

* Fix for 1.13
2020-12-16 18:24:02 +01:00