1
1
mirror of https://github.com/go-gitea/gitea synced 2024-12-24 01:24:26 +00:00
Commit Graph

10432 Commits

Author SHA1 Message Date
6543
fb274ec54b
Prevent panic on fuzzer provided string (#14405) (#14409)
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-20 20:47:30 +02:00
6543
0c3f95034a
Use path not filepath in routers/editor (#14390) (#14396)
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-19 17:00:13 +08:00
6543
4583caa077
Removed invalid form tag (#14391) (#14395)
introduced by #5073

Co-authored-by: KN4CK3R <KN4CK3R@users.noreply.github.com>
2021-01-19 07:12:04 +02:00
6543
cf20ebc8ba
Check if label template exist first (#14384) (#14389) 2021-01-19 00:27:33 +02:00
Norwin
5ee09d3c81
check release publisher exists (#14375)
fixes #14365
was silently fixed in the feature PR #12096 for v1.14
2021-01-18 14:14:27 +01:00
Kyungmin Bae
e846b712fc
Use Request.URL.RequestURI() for fcgi (#14312) (#14347)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-15 20:26:45 +08:00
Lunny Xiao
49d113945f
Use ServerError provided by Context (#14333) (#14345)
... instead of InternalServerError by macaron
2021-01-15 17:36:30 +08:00
Norwin
096aa18249
Fix edit-label form init (#14337) 2021-01-14 15:03:16 +02:00
a1012112796
bf853db450
fix mailIssueCommentBatch for pull request (#14252) (#14296)
fix #14250

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-01-11 08:46:19 +08:00
6543
fb656b5124
Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
* Add secure/httpOnly attributes to the lang cookie (#9690) (#14279)

* apply to InitLocales() too

Co-authored-by: Timo Gurr <timo.gurr@gmail.com>
2021-01-07 15:35:02 +01:00
Nuno Silva
4be59eb5d9
Render links for commit hashes followed by comma (#14224) (#14227)
Regex test cases: https://regex101.com/r/mVbPxM/2/

fixes #14223
2021-01-03 17:58:39 +01:00
Jimmy Praet
450b32c1a1
Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-03 15:44:40 +02:00
6543
06673cbccb
Fix avatar bugs (#14217) (#14220)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-02 20:21:39 -05:00
zeripath
2fd708a397
Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
Backport #14131

Unfortunately every connection to postgres requires that the search path is
set appropriately.

This PR shadows the postgres driver to ensure that as soon as a connection
is open, the search_path is set appropriately.

Fix #14088

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-02 18:58:53 +01:00
Lunny Xiao
7a0a133d7c
Fix dashboard issues labels filter bug (#14210) (#14214) 2021-01-02 18:08:04 +01:00
Lunny Xiao
17022f8b62
When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-02 18:52:36 +08:00
a1012112796
5568dd6475
fix branch selector on new issue page (#14194) (#14207)
fix #14185

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-01 16:14:49 +02:00
zeripath
58c105d4bf
Check for notExist on profile repository page (#14197) (#14203)
Backport #14197

Fix #14189
2020-12-31 21:03:56 +08:00
Lunny Xiao
afa7f22dd8
Add changelog for v1.13.1 (#14172)
* Add changelog for v1.13.1

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-28 12:36:22 -05:00
Lunny Xiao
182be90655
Fix bug of link query order on markdown render (#14156) (#14171)
* Fix bug of link query order on markdown render

* Fix bluemonday bug and fix one wrong test

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: 6543 <6543@obermui.de>
2020-12-28 12:08:55 -05:00
6543
4a738a8f16
Migration: drop too long repo topics (#14152) (#14155)
* Migration: drop to long repo topics

* Update modules/migrations/gitea_uploader.go
2020-12-26 21:57:06 -05:00
zeripath
206b66a184
Fix escaping issue in diff (#14154)
Ensure that linecontent is escaped before passing to template.HTML

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-26 22:15:42 +00:00
Daniil Pankratov
205be63bc1
Fix creation OAuth2 auth source from CLI. (#14146)
Fix #8356
2020-12-25 20:02:52 +08:00
zeripath
bf1441b1e1
Ensure that search term and page are not lost on adoption page-turn (#14133) (#14143)
Backport #14133

Fix #14111

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-24 21:54:15 +00:00
6543
fae18bdac0
more test case for STORAGE_TYPE overrides (and fixes) (#14096) (#14104)
Signed-off-by: 胡玮文 <huww98@outlook.com>

Co-authored-by: 胡玮文 <huww98@outlook.com>
2020-12-22 09:13:57 +02:00
6543
661e3e2bdc
Fix storage config implementation (#14091) (#14095)
The design is very flexible, but not implemented correctly.
This commit fixes several issues:
* Costom storage type stated in https://docs.gitea.io/en-us/config-cheat-sheet/#storage-storage
  not working
* [storage.attachments], [storage.minio] section not respected

Signed-off-by: 胡玮文 <huww98@outlook.com>

Co-authored-by: 胡玮文 <huww98@outlook.com>
2020-12-22 00:56:18 +02:00
techknowlogick
70038719bf
dep: update crypto. info: https://golangtutorial.dev/news/fix-in-crypto-package/ (#14078) 2020-12-21 14:02:40 +08:00
silverwind
55d7e53d99
Fix panic in BasicAuthDecode (#14046) (#14048)
* Fix panic in BasicAuthDecode

If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.

* Update BasicAuthDecode()

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-19 00:19:43 +08:00
6543
96d41287e5
[API] GetCombinedCommitStatusByRef always return json & swagger doc fixes (#14047)
* Fix swagger docs

* always return json
2020-12-18 13:38:47 +00:00
6543
df11075389
HotFix: Hide private partisipation in Orgs (#13994) (#14031)
* HotFix: Hide private partisipation in Orgs

Co-authored-by: zeripath <art27@cantab.net>
2020-12-17 22:32:24 +01:00
zeripath
b8a2cd9f40
Always wait for the cmd to finish (#14006) (#14039)
Backport #14006

After cancelling the context we still need to wait for the
command to finish otherwise zombie processes may occur

Fix #13987
2020-12-17 21:06:51 +01:00
mrsdizzie
4f296f7436
Don't use simpleMDE editor on mobile devices for 1.13 (#14029)
* Don't use simpleMDE editor on mobile devices

simpleMDE doesn't work properly on mobile devices -- We've replaced it with the slightly more working easyMDE in 1.14 but since that change can't be backported to 1.13 we will just disable the editor on mobile here.

* make isMobile function per code review -- disable simpleMDE for code review and replies

* Fix issue with plain text and wiki

Co-authored-by: silverwind <me@silverwind.io>
2020-12-17 17:39:12 +01:00
6543
78b9ef3586
Add emoji in label to project boards (#13978) (#14021)
* Update view.tmpl

Added rendering of emoji to project label

* Add RenderEmojiPlain to the title and remove has-emoji

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Rakshith Ravi <rakshith.ravi@gmx.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-16 15:15:58 -05:00
Cirno the Strongest
90dfe445c2
Send webhook when tag is removed via Web UI (#14015) (#14019)
* Send webhook when tag is removed via Web UI

* Stray code (cherry picked from commit 53308de0bf)

* Fix for 1.13
2020-12-16 18:24:02 +01:00
Jimmy Praet
a728d1e046
always use headCommitID for review comment diff (#14011) 2020-12-16 18:50:30 +08:00
zeripath
7f85728cf9
Trim the branch prefix from action.GetBranch (#13981) (#13986)
Backport #13981

 #13882 has revealed that the refname of an action is actually only a
refname pattern and necessarily a branch. For examplem pushing to
refs/heads/master will result in action with refname refs/heads/master
but pushing to master will result in a refname master.

The simplest solution to providing a fix here is to trim the prefix
therefore this PR proposes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
2020-12-14 15:35:40 -05:00
zeripath
d2b308ae35
Ensure template renderer is available before storage handler (#13982)
`ctx.Error` requires that templates are available for this to
render the error page otherwise there will be a panic at this
time.

This was fixed in #13164 but was not completely backported.

Fix #13971

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-14 20:45:33 +08:00
zeripath
8e8e8ee150
Whenever the password is updated ensure that the hash algorithm is too (#13966) (#13967)
Backport #13966

`user.HashPassword` may potentially - and in fact now likely does - change
the `passwd_hash_algo` therefore whenever the `passwd` is updated, this
also needs to be updated.

Fix #13832

Thanks @fblaese for the hint

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-13 01:01:44 +01:00
6543
05ee88e576
Enforce setting HEAD in wiki to master (#13950) (#13961)
The default branch in wikis must be master - therefore forcibly set the HEAD
to master.

Fix #13846

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: zeripath <art27@cantab.net>
2020-12-12 17:21:26 +00:00
Lunny Xiao
0d7cb2323f
Fix feishu webhook caused by API changed (#13937) (#13938)
fix #13858
2020-12-11 16:11:32 +01:00
Lunny Xiao
5cdffc2b0c
log error when login failed (#13903) (#13913)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-09 10:37:15 -05:00
Jimmy Praet
a0101c61a4
Fix Quote Reply button on review diff (#13830) (#13898)
Backport of #13830 

Co-authored-by: 6543 <6543@obermui.de>
2020-12-08 22:12:35 +00:00
a1012112796
c0b1197a64
Fix Pull Merge when tag with same name as base branch exist (#13882) (#13896)
fix dst refspec error in 'Push back to upstream' when base branch have
same name with a tag.

fix #13851
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-08 12:58:44 +01:00
6543
e39ed0b1d9
[API] return original URL of Repositories (#13885) (#13886) 2020-12-08 05:59:19 +01:00
manuelluis
cb24cbc1fc
Fix branch/tag notifications in mirror sync (#13855) (#13862)
Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-05 23:30:28 -05:00
silverwind
584d01cf2c
Fix mermaid chart size (#13865) 2020-12-05 22:13:31 -05:00
mrsdizzie
798fdeae45
Fix crash in short link processor (#13839) (#13841)
Fixes #13819
2020-12-04 04:08:48 +01:00
silverwind
87997cccbb
Update font stack to bootstrap's latest (#13834) (#13837)
Backport #13834
2020-12-04 02:21:34 +01:00
John Olheiser
0d5111c5c3
Make sure email recipients can see issue (#13820) (#13827)
* Initial pass

* Remove over-op

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-12-03 22:37:33 +01:00
Jimmy Praet
10fff12da4
Reply button is not removed when deleting a code review comment (#13824)
Backport #13774
2020-12-03 20:26:47 +00:00