1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-15 22:54:24 +00:00
Commit Graph

9685 Commits

Author SHA1 Message Date
6543
e0ae0b3b94
[Backport] Prohibit automatic downgrades (#13108) (#13111)
* Prohibit automatic downgrades

* do not only log, print to stderr too

* Update models/migrations/migrations.go

* Update models/migrations/migrations.go

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>

* a nit

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
2020-10-12 21:24:43 +03:00
6543
f9942add50
Backport Migration Option AuthToken (#13101)
fix #13085

Backport #12862
Backport Parts of #12672
2020-10-12 07:14:02 +01:00
zeripath
d4af0df967
Fix attachments list in edit comment (#13036) (#13097)
Backport #13036

#11141 broke the appearance of dropzone attachments when editting
comments causing poorly updating lists.

This PR fixes this.

Fix #12583

Signed-off-by: Andrew Thornton art27@cantab.net

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-12 00:05:21 -04:00
6543
e1ed2a76b1
Migration Tool: Backport GitLab Label Color Normalizer (#12793) (#13100)
fix bug mentioned in #13085

backport of #12793
2020-10-11 21:56:51 +01:00
zeripath
2bd7feed37
Log the underlying panic in runMigrateTask (#13096) (#13098)
Backport #13096

If there is a panic during runMigrateTask we should capture and log the underlying
panic error.

This PR ensures that the panic is logged and captured as part of the task message.

Fix #13095

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-11 14:51:33 -04:00
zeripath
a0a77c9401
Fix deadlock when deleting team user (#13093)
Backport #13092

`models.getUserRepoPermission(...)` calls `HasOrgVisible` which
uses `models.x` potentially outside of the transaction `e` provided
as an argument to `getUserRepoPermission`.

This PR switches to use `hasOrgVisible(e, ...)`.

Fix #12983

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-10 22:48:20 +03:00
6543
40a7660038
Fix error create comment on outdated file (#13041) (#13042)
* FIX

* more specific

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-06 14:38:08 +08:00
James Lakin
b05e178138
Fix repository create/delete event webhooks (#13008) (#13027) 2020-10-04 17:42:03 -04:00
techknowlogick
96918a442b
Fix 500 on README in submodule (#13006) (#13016)
If a README file is a symlink to a submodule Gitea the view branch page
will return a 500.

The underlying problem is a missed conversion of an
plumbing.ErrObjectNotFound in git/tree_blob.go.

Fix #12599

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-02 10:39:14 -04:00
John Olheiser
aa1d9ef6cb
Changelog 1.12.5 (#13002)
* Changelog 1.12.5

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: techknowlogick <matti@mdranta.net>

* Apply suggestions from code review

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
2020-10-01 13:35:22 -05:00
techknowlogick
20a75f86a1
allow U2F with default settings for gitea in subpath (#12990) (#13001)
* allow U2F with default settings for gitea in subpath

* use trim suffix

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-01 13:22:49 -04:00
techknowlogick
c1c5e00d20
Prevent empty div when editing comment (#12404) (#12991)
* Prevent empty div when editing comment

The template for attachments needs to remove whitespace and return empty when there are no attachments.

Fix #10220

Co-authored-by: zeripath <art27@cantab.net>
2020-10-01 09:25:57 +08:00
6543
3e279dfb0b
Mirror: Update DB on Address-Update too (#12964) (#12967)
* Mirror: Update DB on Address-Update too (#12964)

* Mirror: Update DB on Address-Update too

* new name for function to better describe

* fix lint
2020-09-28 21:52:13 +02:00
zeripath
e9346fc4a9
Allow extended config on cron settings (#12939) (#12943)
Backport #12939

Fix #12934

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-25 10:19:20 -05:00
zeripath
b62e13a001
Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
Backport #12577

When adding Avatar email-hash pairs we simply want the DB table to
represent a Set. We don't care if the hash-pair is already present,
so we just simply Insert and ignore the error.

Unfortunately this seems to cause some DBs to log the duplicate
insert to their logs - looking like a bug a in Gitea.

Now, there is no standard way in SQL to say Insert but if there's
an error ignore it. MySQL has INSERT IGNORE, PostgreSQL >= 9.5 has
INSERT ... ON CONFLICT DO NOTHING, but I do not believe that SQLite
or MSSQL have variants.

This PR places the insert in a transaction which we are happy to fail
if there is an error - hopefully this will stop the unnecessary
logging.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-24 18:36:26 -04:00
赵智超
470b195da1
Fix ListUserOrgs (#12910) (#12915)
fix #12891

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-21 01:04:33 -04:00
zeripath
09178300b0
Update only the repository columns that need updating (#12900) (#12912)
Backport #12900

We should only update is_empty, default_branch and updated time columns
during commitRepoAction and not update other columns as we risk
overwriting incorrect information.

Fix #11823
Fix #10536

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-21 09:06:23 +08:00
mrsdizzie
23aae3274a
Fix panic when adding long comment (#12892) (#12894)
Previous PR #12881 causes out of bounds panic by working on wrong string.
2020-09-18 16:45:00 -04:00
6543
a98bf03204
Convert User expose ID each time (#12855) (#12883)
* Convert User expose ID each time (#12855)

* git blame tells me a lot of gitea things happen here around 2018, add header

* move user code int its own file

* expose user id

* adopt things from APIFormat

* fix test

* CI.restart()

* No Refactor

* CI.restart()

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-18 12:56:16 -04:00
赵智超
65aef7b35f
Add size limit for content of comment on action ui (#12881) (#12890)
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-18 19:58:49 +08:00
Lunny Xiao
65ef634d5c
Fix pgsql migration test (#12844) (#12884)
Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-18 16:28:13 +08:00
6543
869fd17b88
Fix [API] CreateRepo missing information (#12848) (#12867)
* Fix [API] [Bug] CreateRepo missing information (#12848)

* Fix [API] [Bug] CreateRepo missing information

* add code comment

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

* CI.restart()

* CI.restart()

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-18 13:58:04 +08:00
zeripath
d624e91c0c
Support slashes in release tags (#12864) (#12882)
Backport #12864

Fix #12861

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-17 15:33:48 -05:00
Lunny Xiao
62a3c847cd
Fix migration v111 (#12868) 2020-09-16 10:37:04 +03:00
zeripath
3a02f0896e
Escape more things that are passed through str2html (#12622) (#12850)
Backport #12622

* Escape more things that are passed through str2html

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Bloody editors!

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

* Update routers/user/oauth.go
2020-09-15 18:43:10 -04:00
zeripath
408db95dc1
Fix notifications page links (#12838) (#12853)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-15 17:53:30 +01:00
6543
6305f07fdc
On Migration respect old DefaultBranch (#12843) (#12858)
* On Migration respect old DefaultBranch

* add DefaultBranch int test set

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-09-15 12:12:07 -04:00
zeripath
ff9d99f63d
Stop cloning unnecessarily on PR update (#12839) (#12852)
Backport #12839

Fix #12740

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-15 13:09:25 +03:00
techknowlogick
37572551d7
Remove double escape on labels addition in comments (#12809) (#12810)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-11 00:56:12 -04:00
赵智超
0ee823be0b
Fix "only mail on mention" bug (#12775) (#12789)
* fix mail mention bug

fix #12774

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-10 11:32:54 +03:00
zeripath
062ea40a79
Fix yet another bug with diff file names (#12771) (#12776)
Backport #12771

Following further testing it has become apparent that the diff line
cannot be used to determine filenames for diffs with any sort of predictability
the answer therefore is to use the other lines that are provided with a diff

Fix #12768

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-09 19:03:54 +01:00
6543
7a25441abe
gitea dump: include version & Check InstallLock (#12760) (#12762)
* gitea dump: include version

* Check InstallLock
2020-09-07 20:44:45 -04:00
6543
dc71d00393
RepoInit Respect AlternateDefaultBranch (#12746) (#12751) 2020-09-06 18:03:50 -04:00
6543
0bb56a413d
Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
* Update Vendor github.com/nfnt/resize

* switch resize algo NearestNeighbor -> Bilinear
2020-09-06 22:14:59 +01:00
6543
2806a312e1
[Backport] Fix go1.15 lint error in modules/public/public.go (#12707) (#12708)
* fix go1.15 lint error in modules/public/public.go

* CI.restart()
2020-09-04 08:28:08 +03:00
techknowlogick
8a51c48eb6
Changelog for 1.12.4 release (#12687)
Co-authored-by: zeripath <art27@cantab.net>
2020-09-03 17:00:13 -04:00
6543
0fa538e552
[Backport] Fix comment broken issue ref dependence (#12651) (#12692)
* deleteIssuesByRepoID: delete related CommentTypeRemoveDependency & CommentTypeAddDependency comments too

* Ignore ErrIssueNotExist on comment.LoadDepIssueDetails()

* CI.restart()
2020-09-03 17:23:36 +08:00
6543
69e4b6910b
Make default StaticRootPath compile time settable (#12371) (#12652)
Make it possible to compile the default location of StaticRootPath independent from AppWorkPath

Co-authored-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-02 19:12:24 -04:00
techknowlogick
0e9dcc9500
When reading expired sessions - expire them (#12686) (#12690)
* When reading expired sessions - expire them

Update to latest macaron/session following merge of
https://gitea.com/macaron/session/pulls/11

Also remove old memory provider as 11 updates the memory provider to
make it unnecessary.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* and macaron/session/pulls/12

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-09-02 18:51:56 -04:00
6543
87f02d90cf
Escape provider name in oauth2 provider redirect (#12650)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-08-30 23:55:19 +01:00
John Olheiser
21cd7ab812
Mark Cache with ini tag (#12605) (#12611)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-08-26 11:53:14 -04:00
John Olheiser
981216c9fe
Escape Email in forgot_password.tmpl (#12610) (#12612)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-08-26 10:12:09 -05:00
techknowlogick
cfbfb73c56
go1.15 on windows (#12589) (#12593)
We don't support go1.15 on 1.12.x branch, however this will allow users who chose to build with go1.15 on windows to be successful
2020-08-24 18:38:47 -04:00
zeripath
4a548a0332
Fix diff path unquoting (#12554) (#12575)
Backport #12554

* Fix diff path unquoting

services/gitdiff/gitdiff.go whereby there it assumed that the path would
always be quoted on both sides

This PR simplifies the code here and uses fmt.Fscanf to parse the
strings as necessary.

Fix #12546

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add testcase as per @mrsdizzie

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-23 16:58:09 +03:00
zeripath
8bf2ee1e02
Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
Backport #12556

SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.

Fix #11260

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-22 17:09:14 -04:00
zeripath
a687980412
Default empty merger list to those with write permissions (#12535) (#12560)
Backport #12535

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-08-22 23:35:56 +03:00
zeripath
1f85815a3b
models: break out of loop (#12386) (#12561)
Backport #12386

Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
2020-08-22 16:22:07 +01:00
silverwind
ee5e5a5093
Improve HTML escaping helper (#12562)
The previous method did not escape single quotes which under some
circumstances can lead to XSS vulnerabilites and the fact that it
depends on jQuery is also not ideal. Replace it with a lightweight
module.
2020-08-22 13:36:56 +01:00
zeripath
03ba12aabf
Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Prevent NPE on commenting on lines with invalidated comments

Only check for a review if we are replying to a previous review.

Prevent the NPE in #12239 by assuming that a comment without a Review is
non-pending.

Fix #12239

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add hack around to show the broken comments

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-21 10:52:20 +03:00
John Olheiser
24ed1b5feb
Remove hardcoded ES indexername (#12521) (#12526)
Co-authored-by: Wim <wim@42.be>
2020-08-18 21:42:22 -04:00