The current CSRF handler is a bit harsh with bad CSRF tokens on webpages
I think we can be a little kinder and redirect to base page with a flash error
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
* Fix relative links in postprocessed images (#16334)
If a pre-post-processed file contains relative img tags these need to be updated
and joined correctly with the prefix. Finally, the node attributes need to be updated.
Fix#16308
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* Improve efficiency in FindRenderizableReferenceNumeric and getReferences (#16251)
* The Fuzzer is running on a non-repo urlprefix which is incorrect for RenderRaw
* Make FindRenderizableReferenceNumeric and getReferences more efficient
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* as per comment on original pr
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Use html.Parse rather than html.ParseFragment
There have been a few issues with html.ParseFragment - just use html.Parse instead.
* Skip document node
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
* Fix some API bugs (#16184)
* Repository object only count releases as releases (fix#16144)
* EditOrg respect RepoAdminChangeTeamAccess option (fix#16013)
* adjut to v1.14
Backport #15895
Storing these credentials is a liability.
* Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue)
- security in depth: helps when attacker has access to DB only, but not app.ini
* Delete all credentials (even encrypted) from the task table, once the migration is done, for safety
- security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini
Backport #16155
There is an inefficiency in the design of our processors which means that Emoji
and other processors run in order n^2 time.
This PR forces the processors to process the entirety of text node before passing
back up. The fundamental inefficiency remains but it should be significantly
ameliorated.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16163
Bluemonday sanitizer regexp rules are not additive, so the addition of the icons,
emojis and chroma syntax policy has led to this being stripped.
Signed-off-by: Andrew Thornton <art27@cantab.net>
In #16055 it appears that the simple 5s deadline doesn't work for large
file writes. Now we can't - or at least shouldn't just set no deadline
as go will happily let these connections block indefinitely. However,
what seems reasonable is to set some minimum rate we expect for writing.
This PR suggests the following algorithm:
* Every write has a minimum timeout of 5s (adjustable at compile time.)
* If there has been a previous write - then consider its previous
deadline, add half of the minimum timeout + 2s per kb about to written.
* If that new deadline is after the minimum timeout use that.
Fix#16055
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* Fix data URI scramble (#16098)
* Removed unused method.
* No prefix for data uris.
* Added test to prevent regressions.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #15825
* Restore PAM user autocreation functionality
PAM autoregistration of users currently fails due to email invalidity.
This PR adds a new setting to PAM to allow an email domain to be set
or just sets the email to the noreply address and if that fails falls
back to uuid@localhost
Fix#15702
Signed-off-by: Andrew Thornton <art27@cantab.net>
* As per KN4CKER
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15831
In #15826 it has become apparent that there are a few occasions when a response can
hang during writing, and because there is no timeout go will happily just block
interminably. This PR adds a fixed 5 second timeout to all writes to a connection.
Fix#15826
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15862
Fixes http: superfluous response.WriteHeader call from code.gitea.io/gitea/modules/context.(*Response).WriteHeader (response.go:67)
* Looking again we don't need this writeHeader as all of our downstream
implementations will always do it for us
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15835
Unfortunately some old repositories can have tags with empty Tagger, Commit
or Author. Go-Git variants will always have empty values for these whereas
the native git variant leaves them at nil. The simplest solution is just to
always have these set to empty Signatures.
v156 migration also makes the incorrect assumption that these cannot be empty.
Therefore add some handling to this and add logging and adjust broken
logging elsewhere in this migration.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Backport #15733
* Queue manager FlushAll can loop rapidly - add delay
Add delay within FlushAll to prevent rapid loop when workers are busy
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per lunny
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move restore repo to internal router and invoke from command to avoid open the same db file or queues files
* Follow @zeripath's review
* set no timeout for resotre repo private request
* make restore repo cancelable
This PR is another in the vein of queue improvements. It suggests an
exponential backoff for bytefifo queues to reduce the load from queue
polling. This will mostly be useful for redis queues.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Set GIT_DIR correctly if it is not set
* Expand out templates
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
* Defer closing the gitrepo until the end of the wrapped context functions (#15653)
Backport #15653
There was a mistake in #15372 where deferral of gitrepo close occurs before it should.
This PR fixes this.
Backport #15749
* Drop back to use IsAnInteractiveSession for SVC
There is an apparent permission change problem when using
IsWindowsService to determine if the SVC manager should be
used.
This PR simply drops back to using IsAnInteractiveSession as
this does not change behaviour.
Fix#15454
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Yes staticcheck I know this is deprecated
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just leave me alone lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Fix bug where repositories with capital letters in their names appear unadopted.
Fix#15755
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* fix some ui bug about draft release
- should not show draft release in tag list because
it will't create real tag
- still show draft release without tag and commit message
for draft release instead of 404 error
- remove tag load for attachement links because it's useless
Signed-off-by: a1012112796 <1012112796@qq.com>
* add test code
* fix test
That's because has added a new release in relaese test database.
* fix dropdown link for draft release
Backport #15698
There is a bug setting the redis db in the common nosql manager whereby the db path
always fails.
This PR fixes this.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15455
* Improve performance when there are multiple commits in the last commit cache
* read refs directly if we can
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #15546
Backport #15583#15546 doesn't completely fix this problem because the error returned is an ObjectNotExist
error not a BranchNotExist error.
Add test for ErrObjectNotExist too
Fix#15257
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix lfs management find (#15537)
Fix#15236
* Do not do 40byte conversion within ParseTreeLine
* Missed a to40ByteSHA
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
* Remove space
Co-authored-by: Andrew Thornton <art27@cantab.net>
Backport #15452Fix#14793.
The previous implementation used the first return value of matcher.Match, which is the chosen language tag but may contain extensions such as de-DE-u-rg-chzzzz.
As mentioned in the documentation of language package, matcher.Match also returns the index of the supported tags, so I think it is better to use it rather than manipulate the returned language tag.
Co-authored-by: Naohisa Murakami <tiqwab.ch90@gmail.com>
Backport #15432
There is a weird gotcha with GetTagCommitID that because it uses git rev-list
can cause an ambiguous argument error.
This PR simply makes tags use the same code as branches.
Signed-off-by: Andrew Thornton <art27@cantab.net>