Backport #12622
* Escape more things that are passed through str2html
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Bloody editors!
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update routers/user/oauth.go
* On Migration respect old DefaultBranch
* add DefaultBranch int test set
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Backport #12771
Following further testing it has become apparent that the diff line
cannot be used to determine filenames for diffs with any sort of predictability
the answer therefore is to use the other lines that are provided with a diff
Fix#12768
Signed-off-by: Andrew Thornton <art27@cantab.net>
Make it possible to compile the default location of StaticRootPath independent from AppWorkPath
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* When reading expired sessions - expire them
Update to latest macaron/session following merge of
https://gitea.com/macaron/session/pulls/11
Also remove old memory provider as 11 updates the memory provider to
make it unnecessary.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* and macaron/session/pulls/12
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Backport #12554
* Fix diff path unquoting
services/gitdiff/gitdiff.go whereby there it assumed that the path would
always be quoted on both sides
This PR simplifies the code here and uses fmt.Fscanf to parse the
strings as necessary.
Fix#12546
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add testcase as per @mrsdizzie
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #12556
SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.
Fix#11260
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
The previous method did not escape single quotes which under some
circumstances can lead to XSS vulnerabilites and the fact that it
depends on jQuery is also not ideal. Replace it with a lightweight
module.
* Prevent NPE on commenting on lines with invalidated comments
Only check for a review if we are replying to a previous review.
Prevent the NPE in #12239 by assuming that a comment without a Review is
non-pending.
Fix#12239
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add hack around to show the broken comments
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix bug preventing transfer to private organization
The code assessing whether a private organization was visible to a user before
allowing transfer was incorrect due to testing membership the wrong way round
This PR fixes this issue and renames the function performing the test to be
clearer.
Further looking at the API for transfer repository - no testing was
performed to ensure that the acting user could actually see the new
owning organization.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* change IsUserPartOfOrg everywhere
Co-authored-by: zeripath <art27@cantab.net>
* Fix incorrect logging in oauth2.go
Fix#11945
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle ErrAlreadyInQueue in stats indexer
Fix#12380
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fixes type in error message of indexer
Add the missing character in the error message.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lieven Hollevoet <hollie@lika.be>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lieven Hollevoet <hollie@lika.be>
* Fix emoji detection in certain cases (#12320)
* Fix emoji detection certain cases
Previous tests weren't complicated enough so there were some situations where emojis were't detected properly. Find the earliest occurance in addition to checking for the longest combination.
Fixes#12312
* ok spell bot
Co-authored-by: Lauris BH <lauris@nix.lv>
* Reduce emoji size (#12317)
* Reduce emoji size
Rendering should now pretty much match GitHub with 1.25em. I verified
that emojis don't increase the line height and removed unecessary size
overrides because now all emojis should appear similar in relation to
the font size.
* fix reaction hover
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
This PR fixes a bug in log.NewColoredIDValue() which led to a double
indirection and incorrect IDs being printed out.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Backport #12164
This PR extends the notifications API to allow specific notification statuses to be searched for and to allow setting of notifications to statuses other than read.
By default unread and pinned statuses will be returned when querying for notifications - however pinned statuses will not be marked as read.
Close#12152
Signed-off-by: Andrew Thornton art27@cantab.net
This fixes an issue I noticed with #10803: when you create a repo with a non-master default branch, gitea doesn't change the remote ref HEAD, so it still points at refs/heads/master. As a result, cloning my repos gives me error messages and doesn't check out the desired default branch, so I need to manually check it out after cloning.
Co-authored-by: xenofem <45297511+xenofem@users.noreply.github.com>
