Commit graph

19169 commits

Author SHA1 Message Date
Renovate Bot 23dc779f94 Update dependency mermaid to v10.9.3 [SECURITY] 2024-10-28 06:28:51 +00:00
Earl Warren cc343f27e9 Merge pull request '[v7.0/forgejo] add permission check to 'delete branch after merge'' (#5720) from earl-warren/forgejo:wip-v7.0-delete-branch into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5720
2024-10-28 06:15:56 +00:00
Gusted 5488ec7d96
security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.

(cherry picked from commit 266e0b2ce9)

Conflicts:
	tests/integration/pull_merge_test.go
  trivial context conflict
2024-10-28 06:32:10 +01:00
0ko d9d434217f Merge pull request 'Translation backports to v7' (#5401) from 0ko/forgejo:i18n-backport-20240926-v7 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5401
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-27 12:46:28 +00:00
Codeberg Translate 80f501c9ad [v7.0/forgejo] i18n: update of translations from Codeberg Translate
Backport: https://codeberg.org/forgejo/forgejo/pulls/5309.

Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: aleksi <aleksi@users.noreply.translate.codeberg.org>
Co-authored-by: Vaclovas Intas <Gateway_31@protonmail.com>
Co-authored-by: toasterbirb <toasterbirb@users.noreply.translate.codeberg.org>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5309
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>

(cherry picked from commit 6d57cbe5c8)
(cherry picked from commit 9791010feb)
2024-09-26 22:39:12 +05:00
Codeberg Translate 698b9e3766 [v7.0/forgejo] i18n: update of translations from Codeberg Translate
Backport: https://codeberg.org/forgejo/forgejo/pulls/5231.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Monti <contact@montidaproot.xyz>
Co-authored-by: muhaaliss <muhaaliss@users.noreply.translate.codeberg.org>
Co-authored-by: EssGeeEich <EssGeeEich@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: Marco Ciampa <ciampix@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5231
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>

(cherry picked from commit 2d3fc00d02)
(cherry picked from commit 884b5aab8b)
2024-09-26 22:36:58 +05:00
Codeberg Translate 7d994178c4 [v7.0/forgejo] i18n: update of translations from Codeberg Translate
Backport: https://codeberg.org/forgejo/forgejo/pulls/5182.

Co-authored-by: Vaclovas Intas <Gateway_31@protonmail.com>
Co-authored-by: Monti <contact@montidaproot.xyz>
Co-authored-by: sclu1034 <sclu1034@users.noreply.translate.codeberg.org>
Co-authored-by: Dirk <Dirk@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5182
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>

(cherry picked from commit fb4a8b24cc)
(cherry picked from commit 1fc2e1f02d)
2024-09-26 22:36:04 +05:00
Earl Warren a12e0308da Merge pull request 'Update dependency go to v1.22.7 (v7.0/forgejo)' (#5241) from renovate/v7.0/forgejo-patch-golang-packages into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5241
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-06 22:52:38 +00:00
Earl Warren 7644435aed Merge pull request '[v7.0/forgejo] replace v-html with v-text in branch search inputbox for XSS protection' (#5246) from bp-v7.0/forgejo-bb8796b into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5246
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-06 11:15:13 +00:00
Lunny Xiao bb811ee28a fix: replace v-html with v-text in branch search inputbox
Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
(cherry picked from commit 7eef261c3ebf9bfe37fe0dceb51bde9a79bbaf17)
(cherry picked from commit bb8796b3be)
2024-09-06 10:38:00 +00:00
Renovate Bot a0c1c1fdc7 Update dependency go to v1.22.7 2024-09-06 05:18:52 +00:00
Earl Warren 367ccad622 Merge pull request 'Update dependency webpack to v5.94.0 [SECURITY] (v7.0/forgejo)' (#5201) from renovate/v7.0/forgejo-npm-webpack-vulnerability into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5201
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-09-03 08:36:50 +00:00
Renovate Bot af756c76a7 Update dependency webpack to v5.94.0 [SECURITY] 2024-09-02 06:22:11 +00:00
0ko 08e37d130a Merge pull request '[v7.0/forgejo] i18n: update of translations from Codeberg Translate' (#5181) from bp-v7.0/forgejo-b73fd55 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5181
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-30 19:06:38 +00:00
Codeberg Translate fa7fffdeef i18n: update of translations from Codeberg Translate (#5070)
Translations update from [Codeberg Translate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5070): <!--number 5070 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Xinayder <Xinayder@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Eryk Michalak <gnu.ewm@protonmail.com>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5070
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 45198cef64)
(cherry picked from commit b73fd55374)
2024-08-30 18:28:49 +00:00
Earl Warren 47cd797dd3 Merge pull request '[gitea] week 2024-35-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' (#5113) from earl-warren/wcp/2024-35-v7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5113
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-28 10:30:46 +00:00
Gusted 41f7faf4fe Merge pull request '[v7.0/forgejo] [SEC] Ensure propagation of API scopes for Conan and Container authentication' (#5150) from bp-v7.0/forgejo-5a871f6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5150
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-28 09:55:33 +00:00
Gusted ce10ec2878 [SEC] Ensure propagation of API scopes for Conan and Container authentication
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128

(cherry picked from commit 5a871f6095)
2024-08-28 08:44:58 +00:00
Otto 619fe48af7 Merge pull request 'Backports of #4889 and #4984 to v7' (#5138) from 0ko/forgejo:i18n-backport-20240827-v7 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5138
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-27 17:36:59 +00:00
Earl Warren 4b5f4ec788 Merge pull request '[v7.0/forgejo] fix: correct doctor commands and rename to forgejo' (#5134) from bp-v7.0/forgejo-94af0e5 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5134
Reviewed-by: Otto <otto@codeberg.org>
2024-08-27 06:13:36 +00:00
Codeberg Translate 250bf845bd [v7.0/forgejo] i18n: update of translations from Codeberg Translate
Backport: #4984.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: qui <qui@users.noreply.translate.codeberg.org>
Co-authored-by: hahahahacker2009 <hahahahacker2009@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4984
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit d30be160c9)
(cherry picked from commit 619f2faf98)
2024-08-27 08:29:22 +05:00
0ko 7191018661 [v7.0/forgejo] i18n: update of translations from Codeberg Translate
Backport: #4889.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: dragon <dragon@users.noreply.translate.codeberg.org>
Co-authored-by: hoovad <hoovad@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: zub <zub@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4889
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 17fa75074d)
(cherry picked from commit c13d13f7cc)
2024-08-27 08:27:23 +05:00
Otto Richter 402cf29da6 fix: correct doctor commands and rename to forgejo
The syntax is `doctor check --run` , see https://forgejo.org/docs/latest/admin/command-line/#doctor

(cherry picked from commit 94af0e53e5)
2024-08-27 01:44:00 +00:00
Earl Warren 5df3029bf2
chore(release-notes): weekly cherry-pick week 2024-35-v7.0 2024-08-25 17:49:20 +02:00
Giteabot bf07064e40
add CfTurnstileSitekey context data to all captcha templates (#31874) (#31876)
Backport #31874 by @bohde

In the OpenID flows, the "CfTurnstileSitekey" wasn't populated, which
caused those flows to fail if using Turnstile as the Captcha
implementation.

This adds the missing context variables, allowing Turnstile to be used
in the OpenID flows.

Co-authored-by: Rowan Bohde <rowan.bohde@gmail.com>
(cherry picked from commit 0affb5c775280622b277bba2223c01968bafa8b7)
2024-08-25 17:41:08 +02:00
Otto 3dbe5be281 Merge pull request '[PORT] Fix overflow for images on project cards (gitea#31683)' (#5033) from gusted/forgejo-bp-5029-v7 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5033
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 21:35:23 +00:00
Gusted 9ed7adcbf8
[UI] Remove snapping for images on project cards
Remove the snapping of the images on the projects cards, the images are
way too small to notice that when scrolling you're being snapped to
these images and when you do notice it, it doesn't make sense as you
wouldn't expect it to be snapped.

(cherry picked from commit 0764b7c18b)
2024-08-20 18:34:45 +02:00
Simon Priet 7d133488b7
[PORT] Scroll images in project issues separately from the remaining issue (gitea#31683)
As discussed in https://github.com/go-gitea/gitea/issues/31667 &
https://github.com/go-gitea/gitea/issues/26561, when a card on a Project
contains images, they can overflow the card on its containing column.
This aims to fix this issue via snapping scrollbars.

---
Backport: #5029
Conflict resolution: none
Modification: Remove the snapping of the images on the projects cards, the images are way too small to notice that when scrolling you're being snapped to these images and when you do notice it, it doesn't make sense as you wouldn't expect it to be snapped.

(cherry picked from commit 8e46efef95)
2024-08-20 18:34:11 +02:00
Gusted a84730775a Merge pull request '[PORT] Remove jQuery class from the comment context menu (gitea#30179)' (#5019) from gusted/forgejo-bp-gt-30179 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5019
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:46:11 +00:00
Earl Warren db585f082a Merge pull request '[gitea] week 2024-34-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' (#4999) from earl-warren/wcp/2024-34-v7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4999
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-20 05:43:22 +00:00
Yarden Shoham d6a21fcb79
[PORT] Remove jQuery class from the comment context menu (gitea #30179)
- Switched from jQuery class functions to plain JavaScript
- Tested the comment context menu functionality and it works as before

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: silverwind <me@silverwind.io>

---

Resolves #5016

(cherry picked from commit 66f7d47d2c702bab4ca9bcedc1c0ba9ddfa49a17)
2024-08-20 01:30:51 +02:00
Gusted 684c3106b4 Merge pull request '[v7.0/forgejo] [UI] Fix misalignment of authors for repo acctivity' (#5005) from bp-v7.0/forgejo-72f4130 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5005
Reviewed-by: Otto <otto@codeberg.org>
2024-08-18 20:53:59 +00:00
Gusted a6c74df161 [UI] Fix misalignment of authors for repo acctivity
- Regression of #4571
- We aren't showing the ticks generated by chartjs, because we want to
show the avatar of the person instead. You can't *realy* disable that
tick, so instead I opted to make them transparent in #4571, however they
still affected the generation of ticks so if enough authors were being
shown, for some the ticks were being skipped. Adjust the settings to
make sure they are always being shown.
- Resolves https://codeberg.org/forgejo/forgejo/issues/4982

(cherry picked from commit 72f41306c2)
2024-08-18 20:12:27 +00:00
Earl Warren 6becfc016f
chore(release-notes): weekly cherry-pick week 2024-34-v7.0 2024-08-18 07:11:37 +02:00
Giteabot 64c7687308
Fix panic of ssh public key page after deletion of auth source (#31829) (#31836)
Backport #31829 by @lunny

Fix #31730

This PR rewrote the function `PublicKeysAreExternallyManaged` with a
simple test. The new function removed the loop to make it more readable.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 5fa90ad9bc7fe800d657e909462e5e1caefc7193)
2024-08-18 07:11:32 +02:00
Giteabot 4c5e4e672d
Show lock owner instead of repo owner on LFS setting page (#31788) (#31817)
Backport #31788 by @wolfogre

Fix #31784.

Before:

<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023">

After:

<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02">

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit a39fe5325266f1c079e0e54abc68e6470764eb44)

Conflicts:
	models/git/lfs_lock.go
  trivial context conflict
2024-08-18 07:01:03 +02:00
Zoupers Zou 8e8a07cc15
Fix #31185 try fix lfs download from bitbucket failed (#31201)
Fix #31185

(cherry picked from commit e25d6960b5749fbf7f88ebb6b27878c0459817da)
(cherry picked from commit baad8337f9)
2024-08-18 07:01:03 +02:00
oliverpool 45d96b4765
Add container.FilterSlice function (gitea#30339) (skip using it)
Many places have the following logic:
```go
func (jobs ActionJobList) GetRunIDs() []int64 {
	ids := make(container.Set[int64], len(jobs))
	for _, j := range jobs {
		if j.RunID == 0 {
			continue
		}
		ids.Add(j.RunID)
	}
	return ids.Values()
}
```

this introduces a `container.FilterMapUnique` function, which reduces
the code above to:
```go
func (jobs ActionJobList) GetRunIDs() []int64 {
	return container.FilterMapUnique(jobs, func(j *ActionRunJob) (int64, bool) {
		return j.RunID, j.RunID != 0
	})
}
```
Conflicts:
models/issues/comment_list.go due to premature refactor in #3116

(cherry picked from commit 525accfae6)

Conflicts:
	models/issues/comment_list.go
  only cherry-pick the container.FilterSlice function, for the sake of backporting
2024-08-18 06:55:15 +02:00
Michael Kriese 1a4c399652 Merge pull request '[v7.0/forgejo] fix: Run full PR checks on agit push' (#4950) from bp-v7.0/forgejo-2d05e92 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4950
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-13 19:04:58 +00:00
Michael Kriese 7e847ad879 fix(agit): run full pr checks on force-push
(cherry picked from commit 2d05e922a2)
2024-08-13 18:26:33 +00:00
Earl Warren 44b34ea2ac Merge pull request '[gitea] week 2024-33-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' (#4925) from earl-warren/wcp/2024-33-v7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4925
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-12 21:26:24 +00:00
Giteabot 3e091b9bac
Fix IsObjectExist with gogit (#31790) (#31806)
Backport #31790 by @wolfogre

Fix #31271.

When gogit is enabled, `IsObjectExist` calls
`repo.gogitRepo.ResolveRevision`, which is not correct. It's for
checking references not objects, it could work with commit hash since
it's both a valid reference and a commit object, but it doesn't work
with blob objects.

So it causes #31271 because it reports that all blob objects do not
exist.

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 144648a4afdd93d534875a86c50ec61c860878f3)
2024-08-11 09:41:23 +02:00
Earl Warren 3a18717c6b Merge pull request '[v7.0/forgejo] [BUG] Return blocking errors as JSON errors' (#4917) from bp-v7.0/forgejo-d97cf0e into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4917
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 06:42:40 +00:00
Gusted e988d1a8bb [BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.

(cherry picked from commit d97cf0e854)
2024-08-10 05:53:00 +00:00
Earl Warren 29afb54daf Merge pull request '[v7.0/forgejo] disallow javascript: URI in the repository description' (#4900) from bp-v7.0/forgejo-bb448f3 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4900
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-09 06:58:26 +00:00
Gusted 542281ab9f disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.

(cherry picked from commit bb448f3dc2)
2024-08-09 05:57:13 +00:00
Earl Warren 8373749002 Merge pull request 'i18n: backport of #4568 #4668 and #4783 to v7' (#4882) from 0ko/forgejo:i18n-backport-20240808-v7 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4882
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 09:31:02 +00:00
Codeberg Translate 3625cd66f7 [v7.0/forgejo] i18n: update of translations from Weblate
Backport of https://codeberg.org/forgejo/forgejo/pulls/4783.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: natalie_drowned02 <k_letovskiy02@protonmail.com>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: pswsm <pswsm@users.noreply.translate.codeberg.org>
Co-authored-by: dragon <dragon@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Marco Ciampa <ciampix@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4783
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit abc3364a7b)
(cherry picked from commit 32cf107774)
2024-08-08 13:17:44 +05:00
Codeberg Translate 4038a757b8 [v7.0/forgejo] i18n: Translations update from Weblate
Backport of https://codeberg.org/forgejo/forgejo/pulls/4668.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: lotigara <lotigara@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Anonymous <anonymous@users.noreply.translate.codeberg.org>
Co-authored-by: caesar <caesar@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4668
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 3d3ddd7704)
(cherry picked from commit a7e414b0f1)
2024-08-08 13:16:44 +05:00
Codeberg Translate 91dc82b44c [v7.0/forgejo] i18n: Translations update from Weblate
Backport of https://codeberg.org/forgejo/forgejo/pulls/4568.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: meskobalazs <meskobalazs@users.noreply.translate.codeberg.org>
Co-authored-by: Bálint Gonda <balinteus@gmail.com>
Co-authored-by: Beowulf <Beowulf@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4568
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 7699d85f3b)
(cherry picked from commit 6108a979e5)
2024-08-08 13:15:33 +05:00