Commit graph

18830 commits

Author SHA1 Message Date
0ko 8d3c6251a7 [I18N] English improvements (May 2024)
- `editor.commit_id_not_matching` was reported by https://codeberg.org/kita. I confirmed the meaning on next.forgejo.org.
- `additional_repo_units_hint` was suggested by https://codeberg.org/leana8959.

(cherry picked from commit b11eddfaa8)
2024-05-08 17:09:24 +00:00
Earl Warren 94ce24cf92 Merge pull request '[v7.0/forgejo] fix(security): CVE-2024-24788 malformed DNS message' (#3673) from bp-v7.0/forgejo-f3045f0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3673
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:02:19 +00:00
Earl Warren 696ed328fb fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
(cherry picked from commit f3045f0519)
2024-05-08 14:47:59 +00:00
Earl Warren dd3487dbbf Merge pull request '[v1.22/gitea] week 2024-19 cherry pick v7.0' (#3659) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3659
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:48:50 +00:00
Earl Warren 18249e58be Merge pull request '[v7.0/forgejo] Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed' (#3660) from earl-warren/forgejo:wip-v7.0-chi-binding into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3660
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-07 08:56:40 +00:00
Earl Warren f8a3482cdb
Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed
(cherry picked from commit 58bf120eba)

Conflicts: trivial context conflicts
2024-05-07 08:35:25 +01:00
yp05327 da993b09ad
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 6a4bc0289d)
2024-05-07 08:21:38 +01:00
Kemal Zebari 6ae15bc15e
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
(cherry picked from commit e388822e9d)
2024-05-07 08:17:35 +01:00
Giteabot f30c648037
Ignore useless error message "broken pipe" (#30801) (#30842)
Backport #30801 by wxiaoguang

Fix #30792

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ab2ef1ae49bc5e81d0debac85aee687a64fde8b3)
2024-05-07 08:15:36 +01:00
Giteabot 248a5b8d7a
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6d83f5eddc0f394f6386e80b86a3221f6f4925ff)
2024-05-07 08:14:22 +01:00
Kemal Zebari 5678e9ab20
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 9cd0441cd3)
2024-05-07 08:12:34 +01:00
silverwind a7124df0c5
Add hover outline to heatmap squares (#30828)
Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

(cherry picked from commit 6f89d5e3a0886d02ead732005f593ae003f78f78)
2024-05-07 08:09:44 +01:00
wxiaoguang abf40ee957
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
(cherry picked from commit 4e35e5b8ae)
2024-05-07 07:59:45 +01:00
Earl Warren 7be345f88e Merge pull request '[v7.0/forgejo] Improve repo filter names' (#3641) from bp-v7.0/forgejo-82f7308 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3641
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-05 14:49:03 +00:00
0ko 8b1d84797f [I18N] Improve repo filter names
(cherry picked from commit 82f7308e1b)
2024-05-05 12:15:56 +00:00
Earl Warren ba0ed5823c Merge pull request '[UI] Fix commit messages breaking out of event history' (#3640) from 0ko/forgejo:ui-fix-break-out into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3640
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:12:09 +00:00
0ko e59f92dec8 [UI] Fix commit messages breaking out of event history
Regression of 8b54d38cbe.
This is 7.0 specific path for the issue. The design of this area is not compatible with 8.0, and thus there's no startightforward way to make it look like on 8.0.
2024-05-05 15:40:25 +05:00
forgejo-backport-action 10b919d3ca [v7.0/forgejo] [I18N] Translations update from Weblate (#3631)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3508

Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3631
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-04 19:24:41 +00:00
Earl Warren f45a6cb3b7 Merge pull request '[v7.0/forgejo] FIX gogs migration if gogs is hosted at a subpath' (#3588) from bp-v7.0/forgejo-4a2959b into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3588
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-03 17:17:00 +00:00
Otto 5b6a375d05 Merge pull request '[v7.0/forgejo] Fix text selection color' (#3611) from bp-v7.0/forgejo-787b16a into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3611
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 22:06:17 +00:00
Earl Warren ac34a68a93 Merge pull request 'Port Fix checkbox field markup' (#3592) from 0ko/forgejo:a-commit into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3592
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 18:10:20 +00:00
Earl Warren fcf85b12af Merge pull request '[v7.0/forgejo] UI: Actions: Replace runs list description semicolon' (#3582) from bp-v7.0/forgejo-870a1c8 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3582
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 18:01:28 +00:00
Earl Warren 2949bbcad1 Merge pull request '[v7.0/forgejo] Show repo count in blocked users tab' (#3609) from bp-v7.0/forgejo-d50efa6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3609
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 17:49:17 +00:00
0ko b23d4ec4bb [THEME] fix text selection color
regression of c2280a2009

(cherry picked from commit 787b16a7be)
2024-05-02 17:46:07 +00:00
Panagiotis "Ivory" Vasilopoulos d758633c91 UI: Actions: Replace runs list description semicolon
The current format makes the text look somewhat like this:

```
testing.yml #15065 :Commit 103306f00c pushed by n0toose
```

This looks wrong. We will have to work on that list at a later point
in time anyways, as well as make the way that we separate information
in subheaders in lists like this one more consistent.

However, this should do for now.

This change should make each entry look like this instead:

```
testing.yml #15065 - Commit 103306f00c pushed by n0toose
```

(cherry picked from commit 870a1c85c7)
2024-05-02 17:10:28 +00:00
JakobDev d449fcff0a Show repo count in blocked users tab (#3601)
Fixes #3595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3601
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit d50efa626a)
2024-05-02 17:10:06 +00:00
Earl Warren a7400b1812 Merge pull request 'Upgrade github.com/editorconfig-checker/editorconfig-checker to v2.8.0' (#3610) from earl-warren/forgejo:wip-lint-editorconfig into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3610
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: thefox <thefox@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 17:09:33 +00:00
Earl Warren a6d31a30a2
Upgrade github.com/editorconfig-checker/editorconfig-checker to v2.8.0
Manual backport: https://codeberg.org/forgejo/forgejo/pulls/3181
because it conflicts with a number of evolutions in how the tools are
upgraded in the development branch.
2024-05-02 17:38:26 +01:00
forgejo-backport-action 4b79a98910 Fix inconsistent required field (#3591)
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3591
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-01 19:05:43 +00:00
silverwind b917571d81 Fix checkbox field markup (#30666)
Fixes https://github.com/go-gitea/gitea/issues/30664.

Previous use was not a supported way by fomantic and the misuse only
became visible after the checkbox migration.

(cherry picked from commit 1a2ae64b16f10b8d1e17197d18b9eb373faf58db)
2024-05-01 23:31:42 +05:00
varp0n c91f7d3599 FIX gogs migration if gogs is hosted at a subpath (#3572)
Also add a test for GogsDownloaderFactory.New() to make sure
that the URL of the source repository is parsed correctly.

When the source gogs instance is hosted at a subpath like `https://git.example.com/gogs/<username>/<reponame>` the migration fails.
This PR fixes that.

Co-authored-by: hecker <tomas.hecker@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3572
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: varp0n <tom@gkstn.de>
Co-committed-by: varp0n <tom@gkstn.de>
(cherry picked from commit 4a2959b3ec)
2024-05-01 16:32:17 +00:00
Earl Warren 9d1ffeaf8d Merge pull request '[skip ci] [v7.0/forgejo] docs(release-notes): 7.0.2' (#3586) from earl-warren/forgejo:wip-release-notes-v7.0.2 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3586
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-01 14:35:52 +00:00
Earl Warren 9db70035b1
[skip ci] docs(release-notes): 7.0.2
(cherry picked from commit a050b546b9)
2024-05-01 15:05:28 +02:00
Earl Warren ad0b97c7c2 Merge pull request '[v1.22/gitea] week 2024-18 cherry pick v7.0 (take 2)' (#3580) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3580
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-01 12:36:57 +00:00
Earl Warren 61230e72b5 Merge pull request '[v7.0/forgejo] Fix Issue watching / unwatching on the web ui' (#3585) from algernon/forgejo:backport/v7.0/3562 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3585
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 12:26:04 +00:00
forgejo-backport-action 50b7009603 [v7.0/forgejo] Add inline attachments to comments and prevent double handling of mails (#3566)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3504

If incoming email is configured and an email is sent, inline attachments are currently not added to the comment if it has the `Content-Disposition: inline` instead of `Content-Disposition: attachment` as e.g. with Apple Mail.

This adds inline attachments (`Content-Disposition: inline`) that *have a filename* as attachment to the comment. Other elements with `Content-Disposition: inline` are not attached as attachment to the comment.

In addition, a check has been added to prevent mails from being processed twice.

Fixes #3496

Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3566
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-01 12:19:38 +00:00
Gergely Nagy 36b8e68eee
Add a test case for unsubscribing from an issue
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy f83ae0fad2
tests: Support creating a declarative repo without AutoInit
To be able to easily test cases where the repository does not have any
code, where the git repo itself is completely uninitialized, lets
support a case where the `AutoInit` property is false.

For the sake of backwards compatibility, if the option is not set either
way, it will default to `true`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy 6f35a5ab90
Fix Issue watching / unwatching on the web ui
When subscribing or unsubscribing to/from an issue on the web ui, the
request was posted to a route handled by `repo.IssueWatch`. This
function used `ctx.Req.PostForm.Get()`, erroneously.

`request.PostForm` is *only* available if `request.ParseForm()` has been
called before it. The function in question did not do that. Under some
circumstances, something, somewhere did end up calling `ParseForm()`,
but not in every scenario.

Since we do not need to check for multiple values, the easiest fix here
is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if
necessary.

Fixes #3516.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy 0da02b9213
tests: Let CreateDeclarativeRepoWithOptions create a Wiki too
Add a new member to `DeclarativeRepoOptions`: `WikiBranch`. If
specified, create a Wiki with the given branch, and a single "Home"
page.

This will be used by an upcoming test.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:30:32 +02:00
Gergely Nagy 13892121e6
tests: Refactor CreateDeclarativeRepo
Lets introduce a new helper function,
`CreateDeclarativeRepoWithOptions`! This is almost the same as the
existing `CreateDeclarativeRepo` helper, but instead of taking a list of
random parameters the author thought of at the time of its introduction,
it takes a `DeclarativeRepoOptions` struct, with optional members.

This makes it easier to extend the function, as new members can be added
without breaking or having to update existing callsites, as long as the
newly added members default to compatible values.

`CreateDeclarativeRepo` is then reimplemented on top of the new
function. Callsites aren't updated yet, we can do that organically,
whenever touching code that uses the older function.

No new functionality is introduced just yet, this is merely a refactor.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:29:21 +02:00
Earl Warren ad7bf760ac Merge pull request '[v7.0/forgejo] [I18N] Fix tepository->repository typo' (#3581) from bp-v7.0/forgejo-5ed3ffc into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3581
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-01 07:36:46 +00:00
proton-ab d6597b8f7a [I18N] Fix tepository->repository typo
Signed-off-by: proton-ab <proton_ab@tuta.io>
(cherry picked from commit 5ed3ffc0c8)
2024-05-01 07:00:09 +00:00
Earl Warren 6069fcced6 Merge pull request '[v7.0/forgejo] Fix SQL command with too many placeholders' (#3578) from bp-v7.0/forgejo-33cd844-0d029eb into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3578
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 06:50:49 +00:00
Zettat123 4fa80332e9
Fix duplicate status check contexts (#30660) (#30779)
Backport #30660.

Caused by #30076.

There may be some duplicate status check contexts when setting status
checks for a branch protection rule. The duplicate contexts should be
removed.

Before:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/97f4de2d-4868-47a3-8a99-5a180f9ac0a3"
width="600px" />

After:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/ff7289c5-9793-4090-ba31-e8cb3c85f8a3"
width="600px" />

(cherry picked from commit 99e89e57bc4d2b3a3cd6c3068f818a0c7e8cec28)
2024-05-01 08:34:29 +02:00
6543 2da615c37c
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 022eac4ac8e59f861237cc1e02f7ef117eaf8e30)

Conflicts:
	models/repo/user_repo_test.go
	because there is one less fixture user compared to Gitea
2024-05-01 08:31:47 +02:00
wxiaoguang 78517f80bb
Fix nil dereference on error (#30740) (#30746)
Backport #30740 manually

Co-authored-by: Chongyi Zheng <git@zcy.dev>
(cherry picked from commit d07019f539c475466748fbf730d7f270a92fdb8b)
2024-05-01 08:14:16 +02:00
Earl Warren 16e7af48bd Merge pull request '[v7.0/forgejo] Fix user mention processing' (#3567) from bp-v7.0/forgejo-9a01062 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3567
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 05:37:13 +00:00
Gergely Nagy 275f5326a1 Performance improvement for FindReposLastestCommitStatuses
If `commitstatus_service.FindReposLastestCommitStatuses` receives no
repos in its params, short-circuit, and return early, without performing
any potentially expensive work.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 33cd8446d3)
2024-05-01 05:36:50 +00:00
Gergely Nagy dd8d3f5ebe Fix git_model.FindBranchesByRepoAndBranchName
When a logged in user with no repositories visits their dashboard, it will
display a search box that lists their own repositories.

This is served by the `repo.SearchRepos` handler, which in turn calls
`commitstatus_service.FindReposLastestCommitStatuses()` with an empty
repo list.

That, in turn, will call `git_model.FindBranchesByRepoAndBranchName()`,
with an empty map. With no map, `FindBranchesByRepoAndBranchName()` ends
up querying the entire `branch` table, because no conditions were set
up.

Armed with a gazillion repo & commit shas, we return to
`FindReposLastestCommitStatuses`, and promptly call
`git_model.GetLatestCommitStatusForPairs`, which constructs a monstrous
query with so many placeholders that the database tells us to go
somewhere else, and flips us off. At least on instances the size of
Codeberg. On smaller instances, it will eventually return, and throw
away all the data, and return an empty set, having performed all this
for naught.

We fix this by short-circuiting `FindBranchesByRepoAndBranchName`, and
returning fast if our inputs are empty.

A test case is included.

Fixes #3521.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 0d029ebe6d)
2024-05-01 05:36:50 +00:00