* Enhance Ghost comment mitigation Settings (#14392)
* refactor models.DeleteComment and delete related reactions too
* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser
* Resolve Fixme & fix potential deadlock
* rm refactor
* make diff eaven less
* Prevent panic on fuzzer provided string
The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Placate lint
* placate lint again
Signed-off-by: Andrew Thornton <art27@cantab.net>
* minor cleanup
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Backport #14131
Unfortunately every connection to postgres requires that the search path is
set appropriately.
This PR shadows the postgres driver to ensure that as soon as a connection
is open, the search_path is set appropriately.
Fix#14088
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix bug of link query order on markdown render
* Fix bluemonday bug and fix one wrong test
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
The design is very flexible, but not implemented correctly.
This commit fixes several issues:
* Costom storage type stated in https://docs.gitea.io/en-us/config-cheat-sheet/#storage-storage
not working
* [storage.attachments], [storage.minio] section not respected
Signed-off-by: 胡玮文 <huww98@outlook.com>
Co-authored-by: 胡玮文 <huww98@outlook.com>
* Fix panic in BasicAuthDecode
If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.
* Update BasicAuthDecode()
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
* Don't use simpleMDE editor on mobile devices
simpleMDE doesn't work properly on mobile devices -- We've replaced it with the slightly more working easyMDE in 1.14 but since that change can't be backported to 1.13 we will just disable the editor on mobile here.
* make isMobile function per code review -- disable simpleMDE for code review and replies
* Fix issue with plain text and wiki
Co-authored-by: silverwind <me@silverwind.io>
* Update view.tmpl
Added rendering of emoji to project label
* Add RenderEmojiPlain to the title and remove has-emoji
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Rakshith Ravi <rakshith.ravi@gmx.com>
Co-authored-by: zeripath <art27@cantab.net>
Backport #13981#13882 has revealed that the refname of an action is actually only a
refname pattern and necessarily a branch. For examplem pushing to
refs/heads/master will result in action with refname refs/heads/master
but pushing to master will result in a refname master.
The simplest solution to providing a fix here is to trim the prefix
therefore this PR proposes this.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
`ctx.Error` requires that templates are available for this to
render the error page otherwise there will be a panic at this
time.
This was fixed in #13164 but was not completely backported.
Fix#13971
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #13966
`user.HashPassword` may potentially - and in fact now likely does - change
the `passwd_hash_algo` therefore whenever the `passwd` is updated, this
also needs to be updated.
Fix#13832
Thanks @fblaese for the hint
Signed-off-by: Andrew Thornton <art27@cantab.net>
The default branch in wikis must be master - therefore forcibly set the HEAD
to master.
Fix#13846
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
fix dst refspec error in 'Push back to upstream' when base branch have
same name with a tag.
fix#13851
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
