Commit graph

14114 commits

Author SHA1 Message Date
zeripath 72524adf3f
Ensure that plain files are rendered correctly even when containing ambiguous characters (#22017) (#22160)
Backport #22017

As recognised in #21841 the rendering of plain text files is somewhat
incorrect when there are ambiguous characters as the html code is double
escaped. In fact there are several more problems here.

We have a residual isRenderedHTML which is actually simply escaping the
file - not rendering it. This is badly named and gives the wrong
impression.

There is also unusual behaviour whether the file is called a Readme or
not and there is no way to get to the source code if the file is called
README.

In reality what should happen is different depending on whether the file
is being rendered a README at the bottom of the directory view or not.

1. If it is rendered as a README on a directory - it should simply be
escaped and rendered as `<pre>` text.
2. If it is rendered as a file then it should be rendered as source
code.

This PR therefore does:
1. Rename IsRenderedHTML to IsPlainText
2. Readme files rendered at the bottom of the directory are rendered
without line numbers
3. Otherwise plain text files are rendered as source code.

Replace #21841

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-19 23:51:21 +08:00
Christian Ullrich 2d4083f03c
Do not list active repositories as unadopted (#22034) (#22166)
Backport #22034

This fixes a bug where, when searching unadopted repositories, active
repositories will be listed as well. This is because the size of the
array of repository names to check is larger by one than the
`IterateBufferSize`.

For an `IterateBufferSize` of 50, the original code will pass 51
repository names but set the query to `LIMIT 50`. If all repositories in
the query are active (i.e. not unadopted) one of them will be omitted
from the result. Due to the `ORDER BY` clause it will be the oldest (or
least recently modified) one.

Co-authored-by: Christian Ullrich <christian.ullrich@traditionsa.lu>
2022-12-19 12:48:38 +00:00
zeripath 56bded9d8d
Local storage should not store files as executable (#22162) (#22163)
Backport #22162

The PR #21198 introduced a probable security vulnerability which
resulted in making all storage files be marked as executable.

This PR ensures that these are forcibly marked as non-executable.

Fix #22161

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-12-19 01:12:25 +02:00
silverwind e88218f4be
Fix heatmap first color being unused (#22158)
Backport #22157. vue3-calendar-heatmap has the behaviour that the first
and second colors are mapped to values null and 0, meaning the second
color was not used as intended for values > 0. I think this is a
behaviour change from previous vue2 version that was missed during the
upgrade.

This change makes first and second values the same, so the heatmap can
now use one additional color for meaningful values.
2022-12-18 15:18:07 +02:00
silverwind 4297aced93
Fix margin and alignment in dashboard repolist (#22120) (#22122)
Backport #22120 to 1.18. Seems this has recently regressed, previously,
there was a significant whitespace between icon and text, but it seems
to be gone, so I added the margin.
2022-12-16 20:57:22 +01:00
zeripath dd2343d01f
Correctly handle moved files in apply patch (#22118) (#22135)
Backport #22118

Moved files in a patch will result in git apply returning:

```
error: {filename}: No such file or directory
```

This wasn't handled by the git apply patch code. This PR adds handling
for this.

Fix #22083

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-12-15 08:59:16 +08:00
KN4CK3R 9e49270676
Fix condition for is_internal (#22095) (#22132)
Backport of #22095

I changed it to a static condition because it needs a new version of
xorm which is only available in 1.19. This change is valid because
`SearchLatestVersions` is never called to list internal versions and
there will no change to this behaviour in <1.19.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-12-14 13:38:15 -05:00
zeripath 194b780cd7
Make gitea work using cmd.exe again (#22073) (#22133)
Backport #22073

Gitea will attempt to lookup its location using LookPath however, this
fails on cmd.exe if gitea is in the current working directory.

exec.LookPath will return an exec.ErrDot error which we can test for and
then simply using filepath.Abs(os.Args[0]) to absolute gitea against the
current working directory.

Fix #22063

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-12-14 07:13:16 -06:00
aceArt-GmbH 1409b348c6
Fix sorting admin user list by last login (#22081) (#22107) 2022-12-13 16:37:33 -06:00
Lunny Xiao c36a1bc766
Fix parallel creating commit status bug with tests (#21911) (#21989)
backport #21911 
backport #21998

Co-authored-by: silverwind <me@silverwind.io>
2022-12-13 18:59:18 +08:00
Lunny Xiao 079ef56824
Fix permission check on issue/pull lock (#22113)
backport #22110
2022-12-12 20:59:50 +01:00
KN4CK3R b54c064f89
Workaround for container registry push/pull errors (#21862) (#22068)
Backport of #21862

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-10 02:11:46 +02:00
Jason Song c0ca9c612b
Fix issue/PR numbers (#22037) (#22044)
Backport #22037.

When deleting a closed issue, we should update both `NumIssues`and
`NumClosedIssues`, or `NumOpenIssues`(`= NumIssues -NumClosedIssues`)
will be wrong. It's the same for pull requests.

Releated to #21557.

Alse fixed two harmless problems:

- The SQL to check issue/PR total numbers is wrong, that means it will
update the numbers even if they are correct.
- Replace legacy `num_issues = num_issues + 1` operations with
`UpdateRepoIssueNumbers`.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-07 14:20:12 +08:00
zeripath e39bb2d05a
Handle empty author names (#21902) (#22027)
Backport #21902

Although git does expect that author names should be of the form: `NAME
<EMAIL>` some users have been able to create commits with: `<EMAIL>`

Fix #21900

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-06 21:16:47 +08:00
Michael Kriese ac54331549
Add dumb-init to rootless docker (#22046)
- backport #21775
2022-12-06 19:01:58 +08:00
zeripath 35fc9ad984
Use GhostUser if needed for TrackedTimes (#22021) (#22029)
Backport #22021

When getting tracked times out of the db and loading their attributes
handle not exist errors in a nicer way. (Also prevent an NPE.)

Fix #22006

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-05 14:20:37 +02:00
zeripath 6e4ba04843
Ensure that Chinese punctuation is not ambiguous when locale is Chinese (#22019) (#22030)
Backport #22019

Although there are per-locale fallbacks for ambiguity the locale names
for Chinese do not quite match our locales. This PR simply maps zh-CN on
to zh-hans and other zh variants on to zh-hant.

Ref #20999

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-12-05 17:20:38 +08:00
Lunny Xiao 09794b4259
Fix ListBranches to handle empty case (#21921) (#22024)
Fix #21910
Backport #21921

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-12-04 17:13:11 -05:00
zeripath 757b49ec5e
Do not emit ambiguous character warning on rendered pages (#22016) (#22018)
Backport #22016

The real sensitivity of ambiguous characters is in source code -
therefore warning about them in rendered pages causes too many warnings.
Therefore simply remove the warning on rendered pages.

The escape button will remain available and it is present on the view
source page.

Fix #20999

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-12-04 11:10:54 +00:00
6543 9819a47717
On tag/branch-exist check, dont panic if repo is nil (#21787) (#21788)
backport #21787
2022-12-04 10:29:19 +00:00
zeripath c7770fa502
Use path not filepath in template filenames (#21993) (#22022)
Backport #21993

Paths in git are always separated by `/` not `\` - therefore we should
`path` and not `filepath`

Fix #21987

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-12-04 13:58:58 +08:00
silverwind da956b863b
Multiple improvements for comment edit diff (#21990) (#22007)
Backport #21990

- Use explicit avatar size so when JS copies the HTML, the size gets
copied with it
- Replace icon font use with SVG
- Improve styling and diff rendering
- Sort lists in `svg.js`

Fixes: https://github.com/go-gitea/gitea/issues/21924

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-12-02 15:42:41 -05:00
zeripath 888384a631
Correct the fallbacks for mailer configuration (#21945) (#21953)
Backport #21945

Unfortunately the fallback configuration code for [mailer] that were
added in #18982 are incorrect. When you read a value from an ini section
that key is added. This leads to a failure of the fallback mechanism.
Further there is also a spelling mistake in the startTLS configuration.

This PR restructures the mailer code to first map the deprecated
settings on to the new ones - and then use ini.MapTo to map those on to
the struct with additional validation as necessary.

Ref #21744

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-27 19:45:59 +00:00
silverwind cddceb9dca
Fix markdown anchor re-clicking (#21931) (#21946)
Backport #21931. The hashchange event did not fire on re-click of a
active anchor. Instead, use the click event which always fires.

Fixes: https://github.com/go-gitea/gitea/issues/21680

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-11-27 00:21:13 +08:00
zeripath b56d269cf8
Prevent NPE if trying to restore an already restored deleted branch (#21940) (#21944)
Backport #21940

If a deleted-branch has already been restored, a request to restore it
again will cause a NPE. This PR adds detection for this case, but also
disables buttons when they're clicked in order to help prevent
accidental repeat requests.

Fix #21930

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-25 17:28:03 -06:00
KN4CK3R ff4e292b3f
Add support for HEAD requests in Maven registry (#21834) (#21929)
Backport of #21834

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-25 13:46:28 +02:00
Xinyu Zhou 9ba4ef93ff
Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21928)
Backport #21562

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-11-25 00:02:33 +08:00
techknowlogick 9bccc60cf5
add changelog for 1.18.0-rc1 (#21829)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-24 19:49:22 +08:00
Xinyu Zhou 16772ffde3
Fix flex layout for repo list icons (#21896) (#21920)
Backport #21896

#20241 Added a tooltip, which does not satisfy the flex layout, and the
icons are not aligned

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2022-11-24 00:44:07 -06:00
Xinyu Zhou c844c4ff88
Fix vertical align of committer avatar rendered by email address (#21884) (#21918)
Backport #21884

Committer avatar rendered by `func AvatarByEmail` are not vertical align
as `func Avatar` does.

- Replace literals `ui avatar` and `ui avatar vm` with the constant
`DefaultAvatarClass`

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2022-11-24 10:52:20 +08:00
KN4CK3R f4ec03a4e5
Fix setting HTTP headers after write (#21833) (#21877)
Backport of #21833

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-11-22 09:00:42 +08:00
KN4CK3R b2369830bb
Do not allow Ghost access to limited visible user/org (#21849) (#21876)
Backport of #21849
2022-11-20 19:37:20 +00:00
silverwind ef08998bf6
Color and Style enhancements (#21784, #21799) (#21868)
Backport #21784
Backport #21799

These PRs provide tweaks and simplification to the less/css selectors, simplifying text color selectors and tweak arc-green colors with a follow-up to adjust the timeline 

See the original PRs for more details
2022-11-20 10:47:02 +00:00
Jason Song 7a004ad7eb
Support comma-delimited string as labels in issue template (#21831) (#21873)
Backport #21831.

The [labels in issue YAML templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax)
can be a string array or a comma-delimited string, so a single string
should be valid labels.

The old codes committed in #20987 ignore this, that's why the warning is
displayed:

<img width="618" alt="image" src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png">

Fixes #17877.
2022-11-20 10:44:20 +00:00
Gusted af8b2250c4
Prevent dangling user redirects (#21856) (#21858)
- Backport #21856
- It's possible that the `user_redirect` table contains a user id that
no longer exists.
  - Delete a user redirect upon deleting the user.
- Add a check for these dangling user redirects to check-db-consistency.
2022-11-18 22:25:00 +08:00
Jason Song 8917af8701
Ignore issue template with a special name (#21830) (#21835)
Backport #21830.

A file in `ISSUE_TEMPLATE` with the name `config.yml` shouldn't be
treated as a YAML template, it's for [configuring the template
chooser](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser).

The old code tried to ignore the file, but it didn't work, caused by
#20987. That's why the warning is displayed:

<img width="415" alt="image"

src="https://user-images.githubusercontent.com/9418365/202094067-804c42fe-0e9e-4fc5-bf01-d95fa336f54f.png">

Note that this PR is not an implementation of `config.yml`, there will
be another one to do it.
2022-11-16 14:48:33 -05:00
zeripath 0d25292fbc
Prevent panic in doctor command when running default checks (#21791) (#21807)
Backport #21791

There was a bug introduced in #21352 due to a change of behaviour caused
by #19280. This causes a panic on running the default doctor checks
because the panic introduced by #19280 assumes that the only way
opts.StdOut and opts.Stderr can be set in RunOpts is deliberately.
Unfortunately, when running a git.Command the provided RunOpts can be
set, therefore if you share a common set of RunOpts these two values can
be set by the previous commands.

This PR stops using common RunOpts for the commands in that doctor check
but secondly stops RunCommand variants from changing the provided
RunOpts.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-14 10:58:32 +08:00
Jason Song ac409fcfba
Load GitRepo in API before deleting issue (#21720) (#21796)
Backport #21720.

Fix #20921.

The `ctx.Repo.GitRepo` has been used in deleting issues when the issue
is a PR.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-11-13 00:54:24 -05:00
Gusted df512f77b7
Upgrade golang.org/x/crypto (#21792) (#21793)
- Backport #21792
- Update the crypto dependency to include
6fad3dfc18
  - Resolves #17798
2022-11-12 22:15:21 -06:00
silverwind e4bf9cad1e
Ignore line anchor links with leading zeroes (#21728) (#21776)
Backport #21728
Fixes: https://github.com/go-gitea/gitea/issues/21722

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-11 21:14:16 +08:00
Jason Song 169eeee101
Set last login when activating account (#21731) (#21755)
Backport #21731.

Fix #21698.

Set the last login time to the current time when activating the user
successfully.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-11 01:26:17 -05:00
wxiaoguang 3aacc9b4ac
Revert unrelated changes for SMTP auth (#21767) (#21768)
Backport #21767

The purpose of #18982 is to improve the SMTP mailer, but there were some
unrelated changes made to the SMTP auth in
d60c438694

This PR reverts these unrelated changes, fix #21744

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-10 16:11:56 -05:00
wxiaoguang 87d05d376d
Init git module before database migration (#21764) (#21765)
Backport #21764

Some database migrations depend on the git module.
2022-11-10 14:22:41 +00:00
Lunny Xiao b9dcf991b9
Fix dashboard ignored system setting cache (#21621) (#21759)
backport #21621

This is a performance regression from #18058

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-11-10 19:41:44 +08:00
Xinyu Zhou a2a42cd5de
Fix UI language switching bug (#21597) (#21749)
Backport #21597

Related:
* https://github.com/go-gitea/gitea/pull/21596#issuecomment-1291450224

There was a bug when switching language by AJAX: the irrelevant POST
requests were processed by the target page's handler.

Now, use GET instead of POST. The GET requests should be harmless.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-10 10:14:32 +08:00
Wayne Starr 805a14cc91
Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21730)
Backport (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-11-09 23:02:11 +08:00
Xinyu Zhou 69a54545a8
Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
Backport #21734

fixes: https://github.com/go-gitea/gitea/issues/21733

Uncaught Error: Language id "vs.editor.nullLanguage" is not configured
nor known

Note that this monaco-editor worked fine on 0.33.0 and broke on 0.34.0.
If upstream fixed, remove this code.

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-09 21:19:44 +08:00
Wayne Starr e054f80fe0
Allow local package identifiers for PyPI packages (#21690) (#21727)
Backport (#21690)

Fixes #21683

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-11-09 09:10:06 +08:00
wxiaoguang 89d52922d0
Fix token generation when using INTERNAL_TOKEN_URI (#21669) (#21670)
Backport #21669

Fix https://github.com/go-gitea/gitea/issues/21666
Caused by https://github.com/go-gitea/gitea/pull/19663

Before: when install, the INTERNAL_TOKEN was always generated and saved.
But the internal token may be already there by INTERNAL_TOKEN_URI

After: INTERNAL_TOKEN_URI file must be non-empty. When install, skip
internal token generation if the token exists.
2022-11-03 20:54:25 +00:00
zeripath 3a0d000b94
Fix repository adoption on Windows (#21646) (#21650)
Backport #21646

A bug was introduced in #17865 where filepath.Join is used to join
putative unadopted repository owner and names together. This is
incorrect as these names are then used as repository names - which shoud
have the '/' separator. This means that adoption will not work on
Windows servers.

Fix #21632

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-01 22:32:03 +00:00