Backport #18086
A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing #18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.
Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.
Fix#17938Fix#18060
Replace #18062
Replace #17997
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18080
If http.Get() returns an error return nil and err before attempting to
use the broken file.
Thanks to walker xiong for spotting this bug.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Correctly handle failed migrations
There is a bug in handling failed migrations whereby the migration task gets decoupled
from the migration repository. This leads to a failure of the task to get deleted with
the repository and also leads to the migration failed page resulting in a ISE.
This PR removes the zeroing out of the task id from the migration but also makes
the migration handler tolerate missing tasks much nicer.
Fix#17571
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #17734
When logging in reset the user's locale to ensure that it matches their
preferred locale.
Fix#15612
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18072
Although #17487 ensured that the table was quoted in the join it missed that the
query part of the check also needed to be quoted.
Fix#17485
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18018
When logging in the SessionID should be reset and the session cleaned up.
Also logs the user in on completion of linking account
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent off-by-one error on comments on newly appended lines (#18029)
Backport #18029
There was a bug in CutDiffAroundLine whereby if a file without a terminal new line
has a patch which appends lines to it and a comment is placed on one of those lines
the comment diff will be a line out of place.
This fixes CutDiffAroundLine to simply ignore the missing terminal newline - however,
we should really improve this rendering to add a marker to say that there was a
previously missing terminal newline.
Fix#17875
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #18030
Strangely a weird bug was present in the log escaping code whereby any escaped
character would gain 03d - this was due to a mistake in the format string where
it should have read %03o but read instead %o03d. This has led to spurious 03d
trailing characters on these escaped characters!
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991)
Unfortunately it appears that if git cat-file is run in an invalid
repository it will hang until stdin is closed. This will result in
deadlocked /pulls pages and dangling git cat-file calls if a broken
repository is tried to be reviewed or pulls exists for a broken
repository.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix compilation bug
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add the missing directories to the testrepos
* fixup! Add the missing directories to the testrepos
* and ensure that all of the other places have the objects directories too
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Backport #17482
* Only allow webhook to send requests to allowed hosts (backport #17482)
* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x
Backport #17460
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.
This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.
The PR also adds a testcase.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17406.
Closes#17378
Both errors from #17378 were caused by #15175.
Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.
Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.
Co-authored-by: zeripath <art27@cantab.net>
Backport #17281
There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.
This means that only ssh-rsa signatures are offered by default.
This PR adds a workaround around this problem.
Fix#17175
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Backport #17243
There is an issue with #16508 where it appears that create repo requires that the
repo does not exist. This causes #17241 where an error is reported because of this.
This PR fixes this and also runs update-server-info for mirrors and generated repos.
Fix#17241
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17300
core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.
The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.
Fix#17092
Signed-off-by: Andrew Thornton <art27@cantab.net>
...when path contains no hash-path-separator ('/')
This is a workaround to #17179.
Entering this case when `path` does not contain a '/' does not really
make sense, as that means the tree path is empty, but this case is only
entered for routes that expect a non-empty tree path.
Treepaths like <40-char-dirname>/<filename> will still fail,
but hopefully don't occur that often. A more complete fix that avoids
this case too is outlined in #17185, but too big of a change to backport
Backport #17049
It is possible to have a collaboration in a repository which refers to a no-longer
existing user. This causes the repository transfer to fail with an unusual error.
This PR makes `repo.getCollaborators()` nicely handle the missing user by ghosting
the collaboration but also adds consistency check. It also adds an
Access consistency check.
Fix#17044
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #17136
There was a serious issue with the `gitea dump` command in 1.14.3-1.14.6 which led to corruption of the `config` field of the `repo_unit` table.
This PR adds a doctor command to attempt to fix the broken repo_units. Users affected by #16961 should run:
```
gitea doctor --fix --run fix-broken-repo-units
```
Fix#16961
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17140
When rendering source in org mode there is a mistake in the highlight code that
causes a panic.
This PR fixes this.
Fix#17139
Signed-off-by: Andrew Thornton <art27@cantab.net>
Some people still appear to report unclosed cat-files. This PR simply adds the caller
to the process descriptor for the CatFileBatch and CatFileBatchCheck calls.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix bug of migrate comments which only fetch one page
* add next page to trace
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Backport #17050
The issues pop-up context cannot work for external issues - therefore do not show
these.
Fix#17047
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17034
The rollback functionality in
services/repository/repository.go:ForkRepository is incorrect and could
lead to a deadlock as it uses DeleteRepository to delete the rolled-back
repository - a function which creates its own transaction.
This PR adjusts the rollback function to only use RemoveAll as any
database changes will be automatically rolled-back. It also handles
panics and adjusts the Close within WithTx to ensure that if there is a
panic the session will always be closed.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #17035
When converting repositories from forks to normal the root NumFork needs to be
decremented too.
Fix#17026
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17008
When the external context is cancelled it is possible for the
GitLogReader to not itself be Closed.
This PR does three things:
1. Instead of adding a plain defer it wraps the `g.Close` in a func as
`g` may change.
2. It adds the missing explicit g.Close - although the defer fix makes
this unnecessary.
3. It passes down the external context as the base context for the
GitLogReader meaning that the cancellation of the external context will
pass down automatically.
Fix#17007
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16934
Storage.Iterate provides the path and an open object. On windows using
local storage means that the objects will be locked thus preventing clean
from deleting them.
This PR simply closes the objects early.
Fix#16932
Signed-off-by: Andrew Thornton <art27@cantab.net>
