Commit graph

12832 commits

Author SHA1 Message Date
wxiaoguang 599ff1c054
Only allow webhook to send requests to allowed hosts (#17482) 2021-11-01 16:39:52 +08:00
zeripath 4e8a81780e
Stop double encoding blame commit messages (#17498)
The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.

This PR fixes this.

Fix #17492

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-31 10:25:24 +02:00
GiteaBot 1ff944f698 [skip ci] Updated licenses and gitignores 2021-10-31 00:25:12 +00:00
Richard Mahn 40c8451b7d
Properly determine CSV delimiter (#17459)
* Fixes #16558 CSV delimiter determiner

* Fixes #16558 - properly determine CSV delmiiter

* Moves quoteString to a new function

* Adds big test with lots of commas for tab delimited csv

* Adds comments

* Shortens the text of the test

* Removes single quotes from regexp as only double quotes need to be searched

* Fixes spelling

* Fixes check of length as it probalby will only be 1e4, not greater

* Makes sample size a const, properly removes truncated line

* Makes sample size a const, properly removes truncated line

* Fixes comment

* Fixes comment

* tests for FormatError() function

* Adds logic to find the limiter before or after a quoted value

* Simplifies regex

* Error tests

* Error tests

* Update modules/csv/csv.go

Co-authored-by: delvh <dev.lh@web.de>

* Update modules/csv/csv.go

Co-authored-by: delvh <dev.lh@web.de>

* Adds comments

* Update modules/csv/csv.go

Co-authored-by: delvh <dev.lh@web.de>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2021-10-30 23:50:40 +08:00
Lunny Xiao 63c0dc89ef
Rename db Engines related functions (#17481)
* Rename db Engines related functions

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-30 22:32:11 +08:00
zeripath 76a3190b8a
Quote the table name in CountOrphanedObjects (#17487)
CountOrphanedObjects needs to quote the table it is joining with as this table may
be `user`.

Fix #17485

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-30 10:17:40 +01:00
GiteaBot f5bb788c4e [skip ci] Updated translations via Crowdin 2021-10-30 00:25:09 +00:00
zeripath e6e3b212b3
Run Migrate in Install rather than just SyncTables (#17475)
* Run Migrate in Install rather than just SyncTables

The underlying problem in #17328 appears to be that users are re-running the install
page during upgrades. The function that tests and creates the db did not intend for
this and thus instead the migration scripts being run - a simple sync tables occurs.

This then causes a weird partially migrated DB which causes, in this release cycle,
the duplicate column in task table error. It is likely the cause of some weird
partial migration errors in other cycles too.

This PR simply ensures that the migration scripts are also run at this point too.

Fix #17328

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-29 09:23:10 +01:00
GiteaBot 9733b60430 [skip ci] Updated translations via Crowdin 2021-10-29 00:25:11 +00:00
zeripath 157de0f1c1
Update docs/config.yaml to 1.15.6 (#17472)
Update the version in docs/config.yaml to 1.15.6

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 21:44:33 +08:00
qwerty287 f46e67b519
Move key forms before list and add cancel button (#17432)
* Move GPG form before list and add cancel button
* Move SSH form before list and add cancel button

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-28 18:55:48 +08:00
qwerty287 54243eed8d
Fix login redirection links (#17451)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-10-28 18:09:25 +08:00
zeripath 141d1a2aa5
Changelog 1.15.6 (#17457) (#17468)
Frontport #17457

 ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-28

* BUGFIXES
  * Prevent panic in serv.go with Deploy Keys (#17434) (#17435)
  * Fix CSV render error (#17406) (#17431)
  * Read expected buffer size (#17409) (#17430)
  * Ensure that restricted users can access repos for which they are members (#17460) (#17464)
  * Make commit-statuses popup show correctly (#17447) (#17466)
* TESTING
  * Add integration tests for private.NoServCommand and private.ServCommand (#17456) (#17463)
2021-10-28 10:22:27 +01:00
zeripath 3fc465ba5e
Fix mispelling of starred as stared (#17465)
There was a recent spelling mistake added to the locale file where stared was used
instead of starred.

This PR changes this to starred.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-28 15:05:00 +08:00
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460)
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 10:54:40 +08:00
wxiaoguang 2b2eb5d0ad
make commit-statuses popup can be shown correctly. (#17447)
Close #17443

Maybe we do not need to backport this PR, the bug doesn't break daily usage.

After the fix, the commit statuses popup can show a lot of lines with scroll bars:

![image](https://user-images.githubusercontent.com/2114189/139026160-f01b484c-6207-494a-a190-a6dd184ceb2b.png)
2021-10-28 02:34:18 +01:00
zeripath 4f00de1458
Add integration tests for private.NoServCommand and private.ServCommand (#17456)
modules/private/serv.go has two major functions that are missing testcases to ensure
that Deploy and normal SSH keys work correctly.

This PR adds some basic integration tests for these.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 08:32:59 +08:00
qwerty287 01fc24c78c
Add appearance section in settings (#17433)
* Add appearance section in settings

* Fix lint

* Fix lint

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-27 23:40:08 +08:00
wxiaoguang 89beceeb9a
Fix a UI error when folding a file content in a commit view (#17446) 2021-10-27 19:11:56 +08:00
David Jimenez a462fcaac8
Show client-side error if wiki page is empty (#17415)
* fix: show client-side error if wiki page is empty

Implement a JS, client-side validation workaround for a bug in the upstream
editor library SimpleMDE which breaks HTML5 client-side validation when
a wiki page is submitted.

This allows native, client-side errors to appear if
the text editor contents are empty.

See upstream bugfix report: https://github.com/sparksuite/simplemde-markdown-editor/issues/324

Signed-off-by: David Jimenez <dvejmz@sgfault.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-27 12:33:22 +08:00
Richard Mahn 8f9ac439ca
Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
* Fixes #16559 - Do not trim leading spaces for tab delimited

* Adds back semicolon delimited test

* Fixes linting

* Adds nolint directive to test because uses strings starting with spaces

Co-authored-by: zeripath <art27@cantab.net>
2021-10-26 16:46:56 -05:00
wxiaoguang 6e2c64f27a
Fix docker rootless build (#17441) 2021-10-26 17:21:01 +01:00
wxiaoguang b428b0f0ed
Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438) 2021-10-26 15:29:48 +03:00
Lunny Xiao 812a9daab9
Upgrade go-github to v39 (#17437) 2021-10-26 08:19:21 +01:00
zeripath 849356deaf
Prevent panic in serv.go with Deploy Keys (#17434)
Unfortunately there was a regression in #17373 which missed that the user is not
for deploy keys. This leads to a panic when pushing with deploy keys.

Fix #17412

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-26 01:24:19 +02:00
zeripath 0277603878
chmod executables when copying to the docker (#17423)
Run chmod on the executables and the entrypoint when copying them to the
docker in dockerfile.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: delvh <dev.lh@web.de>
2021-10-25 20:32:03 +02:00
wxiaoguang 649e1d0dc2
Upgrade webpack to 5.59.1 to resolve the waitFor bug with watch-frontend (#17428)
Webpack < 5.59 has a bug, which makes watch-frontend fail when editing .less files.
2021-10-25 19:54:25 +08:00
wxiaoguang a961666c38
fix markdown checkbox rendering (#17425) 2021-10-25 09:40:38 +02:00
wxiaoguang 7c951fdd4a
In many cases user avatar link should be an absolute URL with http host (#17420) 2021-10-25 13:01:16 +08:00
qwerty287 3676fafdac
Add API to get/edit wiki (#17278)
* Add API to get/edit wiki

* Add swagger docs, various improvements

* fmt

* Fix lint and rm comment

* Add page parameter

* Add pagination to pages

* Add tests

* fmt

* Update func names

* Update error handling

* Update type name

* Fix lint

* Don't delete Home

* Update func name

* Update routers/api/v1/repo/wiki.go

Co-authored-by: delvh <dev.lh@web.de>

* Remove unnecessary check

* Fix lint

* Use English strings

* Update integrations/api_wiki_test.go

Co-authored-by: delvh <dev.lh@web.de>

* Update func and test names

* Remove unsed check and avoid duplicated error reports

* Improve error handling

* Return after error

* Document 404 error

* Update swagger

* Fix lint

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Document file encoding

* fmt

* Apply suggestions

* Use convert

* Fix integration test

* simplify permissions

* unify duplicate key Title/Name

* improve types & return UTC timestamps

* improve types pt.2

- add WikiPageMetaData.LastCommit
- add WikiPageMetaData.HTMLURL
- replace WikiPageMetaData.Updated with .LastCommit.Committer.Created

also delete convert.ToWikiPage(), as it received too many arguments and
only had one callsite anyway. sorry for bad advice earlier 🙃

* WikiPage.Content is base64 encoded

* simplify error handling in wikiContentsByName()

* update swagger

* fix & DRY findWikiRepoCommit() error handling

ListWikiPages() previously wrote error twice when repo wiki didn't exist

* rename Content -> ContentBase64

* Fix test

* Fix tests

* Update var name

* suburl -> sub_url

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Norwin <git@nroo.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-25 11:43:40 +08:00
GiteaBot 843bc9deeb [skip ci] Updated translations via Crowdin 2021-10-25 00:25:06 +00:00
KN4CK3R 44f2c27d28
Fix CSV render error (#17406)
closed #17378 

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.
2021-10-25 00:42:32 +02:00
KN4CK3R f99d50fc9f
Read expected buffer size (#17409)
* Read expected buffer size.

* Changed name.
2021-10-24 22:12:43 +01:00
Kane 932780c2bb
Add HAProxy Config to reverse-proxies.en-us.md (#17407)
* Update reverse-proxies.en-us.md

Addition of HAProxy

* Update reverse-proxies.en-us.md
2021-10-24 17:48:26 +02:00
GiteaBot 07c7100c60 [skip ci] Updated translations via Crowdin 2021-10-24 00:25:14 +00:00
wxiaoguang ff9638839d
Fix issue content history problems, improve UI (#17404)
* Improve: make diff result better, make the HTML element fit the full height in the content history diff dialog
* Bug fix: when edit the main issue, the poster is wrongly set to the issue poster
2021-10-23 22:48:16 +08:00
wxiaoguang 943dc08722
Fix issue content history problems, improve UI (#17404)
* Improve: make diff result better, make the HTML element fit the full height in the content history diff dialog
* Bug fix: when edit the main issue, the poster is wrongly set to the issue poster
2021-10-23 22:47:38 +08:00
wxiaoguang 6c49517cbd
Fix issue markdown bugs (#17411)
* Bug fix: render Markdown http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395
2021-10-23 21:38:12 +08:00
GiteaBot 2a9aefdabb [skip ci] Updated translations via Crowdin 2021-10-23 00:28:47 +00:00
Mashiro 82bf564168
Remove deprecated extendDefaultPlugins method of svgo (#17399) 2021-10-22 22:05:53 +02:00
zeripath d1a056fe52
Frontport Changelog 1.15.5 (#17392) (#17401) 2021-10-22 12:32:08 -04:00
wxiaoguang 406bd3780e
Fix context popup error (#17398)
* Fix context popup error
2021-10-22 22:34:01 +08:00
Nico Schieder 870f5fbc41
Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add groups scope/claim to OICD/OAuth2

Add support for groups claim as part of the OIDC/OAuth2 flow.
Groups is a list of "org" and "org:team" strings to allow clients to
authorize based on the groups a user is part of.

Signed-off-by: Nico Schieder <code@nico-schieder.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-22 17:19:24 +08:00
zeripath af96286f22
Stop sanitizing full name in API (#17396)
The API convert.toUser function makes the incorrect assumption that full names could
be rendered as is without being escaped. It therefore runs the names through
markup.Sanitize which leads to a double escape of user full names. This
pr stops this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-10-22 15:17:35 +08:00
GiteaBot 23d36929bc [skip ci] Updated translations via Crowdin 2021-10-22 00:25:10 +00:00
zeripath 09938ccd99
Re-separate the color translation strings (#17390)
Fix #17384

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-21 23:51:03 +02:00
wxiaoguang a115309f4f
Fix the click behavior for <tr> and <td> with [data-href] (#17388) 2021-10-21 19:19:32 +01:00
wxiaoguang 960c322586
Refactor update checker to use AppState (#17387)
We have the `AppState` module now, it can store app related data easily. We do not need to create separate tables for each feature.

So the update checker can use `AppState` instead of a one-row dedicate table.

And the code of update checker is moved from `models` to `modules`.
2021-10-21 17:10:49 +01:00
Mario Lubenka 67561e79f1
Fix SVG side by side comparison link (#17375)
* Remove swipe-bar z-index

Fixes position of swipe-bar so it does not overlay other UI components when scrolling.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Unique names for image tabs in pull request

Define unique names for image tabs in pull requests, in order to toggle tabs correctly when multiple are displayed on one page.

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-21 18:43:26 +08:00
Lunny Xiao f3c7f10c9f
Fix history count failure (#17351)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-21 18:06:19 +08:00