Commit graph

13488 commits

Author SHA1 Message Date
silverwind
1ffc700777
Update default allowed attachment types (#20193)
Synced the list to what is allowed on GitHub currently.
2022-07-01 19:37:52 +08:00
Gusted
0dab13884a
Show scrollbar when necessary (#20142) (#20143)
- Backport #20142
  - Firefox on Windows will unconditionally show scrollbars when you specify `overflow: scroll`. This is bad behavior, as you don't always need the scrollbar. Changing the scroll value to auto fixes this issue and only shows the scrollbar when necessary.
  - Resolves #20139
2022-06-27 13:20:47 +08:00
Gusted
0b7b342ab0
Fix remove file on initial comment (#20127) (#20128)
Backport #20127

Store the file uuid(which is returned by Gitea in the upload file response) onto the file object, so it can be used for the remove feature to specify this file.

Fix #20115
2022-06-25 20:50:23 +01:00
Lunny Xiao
fb5ca1bf64
Fix wrong login requirement routers (#20101) (#20104) 2022-06-24 15:02:22 +08:00
SteveTheEngineer
764e75d9b9
Catch the error before the response is processed by goth. (#20000) (#20102)
The code introduced by #18185 gets the error from response after it was processed by goth.

That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth.
It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed.
This fixes it by handling the error before the request is passed to goth.
2022-06-24 10:05:23 +08:00
Jimmy Praet
05464ac2a5
Dashboard feed respect setting.UI.FeedPagingNum again (#20094) (#20099)
Fixes #20080
2022-06-23 11:51:44 +02:00
Lunny Xiao
dbafb4f4d4
Use correct variable for issue count (#20086) 2022-06-22 11:26:41 -05:00
6543
29ac31628c
Release page show all tags in compare dropdown (#20070) (#20072)
Backport #20070 

Just get all tags when creating the compare dropdown.

Fix #19936
2022-06-21 19:08:25 +01:00
6543
710a1419fa
Changelog v1.17.0-rc1 (#20023)
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-20 15:09:50 +02:00
Gusted
761db4d53e
Disable federation by default (#20045) (#20046)
* Disable federation by default (#20045)

- Backport #20045
  - A Gitea instance should choose whetever they want to federate(as once it has more features also brings extra costs/moderation/unexpected behavior) with other AP/ForgeFed software.

* Fix tests
2022-06-20 14:44:55 +08:00
zeripath
2dc6571085
Simplify and fix migration 216 (#20036)
There appears to be a strange bug whereby the comment_id index can sometimes be missed
or missing from the action table despite the sync2 that should create it in the earlier
part of this migration. However, looking through the code for Sync2 there is no need
for this pre-code to exist and Sync2 should drop/create the indices as necessary.

I think therefore we should simplify the migration to simply be Sync2.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2022-06-20 09:34:54 +08:00
Wim
1823bfde7c
Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
Mysql TEXT has a limit of 64KB, change this to LONGTEXT in mysql only so we can have bigger hook payloads.

Postgresql has unlimited TEXT - https://www.postgresql.org/docs/current/datatype-character.html
Sqlite has unlimited TEXT - https://www.sqlitetutorial.net/sqlite-data-types/#:~:text=The%20maximum%20length%20of%20TEXT,SQLite%20supports%20various%20character%20encodings.

Backport of #20038

Co-authored-by: zeripath <art27@cantab.net>
2022-06-19 22:12:48 +02:00
zeripath
ab9fcb0cf4
Backtick table name in generic orphan check (#20019) (#20037)
Backport #20019

- Resolves #20018
2022-06-19 19:41:12 +01:00
Wim
2a48833f93
Respond with a 401 on git push when password isn't changed yet (#20027)
Fixes #19090

If the user-agent starts with git and user must change password but
hasn't return a 401 with the message.

It must be a 401, git doesn't seem to show the contents of the error message
when we return a 403

Co-authored-by: 6543 <6543@obermui.de>
2022-06-19 20:02:18 +03:00
a1012112796
a4b1967ea3
Fix delete pull head ref for DeleteIssue (#20032) (#20034)
Backport #20032 

In DeleteIssue the PR git head reference should be `/refs/pull/xxx/head` not `/refs/pull/xxx`

Fix #19655

Signed-off-by: a1012112796 <1012112796@qq.com>
2022-06-19 14:37:14 +01:00
wxiaoguang
8733f4b25a
use quoted regexp instead of git fixed-value (#20030)
Backport #20029
2022-06-19 12:55:59 +01:00
6543
a180d945eb
Dump should only copy regular files and symlink regular files (#20015) (#20021)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-06-19 10:05:31 +08:00
Wim
36ccb8829b
Return 404 when tag is broken (#20024)
Fixes #19979
2022-06-18 20:29:29 +02:00
zeripath
870d7f90e7 [skip ci] Updated translations via Crowdin 2022-06-18 13:10:18 +00:00
zeripath
af7cfdee0e [skip ci] Updated translations via Crowdin 2022-06-18 10:11:27 +00:00
zeripath
90f3365d93
Add fgprof pprof profiler (#20005)
fgprof is a sampling Go profiler that allows you to analyze On-CPU as
well as Off-CPU (e.g. I/O) time together.

Go's builtin sampling CPU profiler can only show On-CPU time, but it's
better than fgprof at that. Go also includes tracing profilers that can
analyze I/O, but they can't be combined with the CPU profiler.

fgprof is designed for analyzing applications with mixed I/O and CPU
workloads. This kind of profiling is also known as wall-clock profiling.

Whilst fgprof can cause significant STW latencies in applications with a
lot of goroutines (> 1-10k), these latencies only occur if the profile
is requested - it doesn't cause a delay by simply being available.

The fgprof profile is mounted on
`http://localhost:6060/debug/fgprof?seconds=3`

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-06-18 11:04:52 +01:00
zeripath
7fbf002403 [skip ci] Updated translations via Crowdin 2022-06-18 09:10:16 +00:00
zeripath
5d653cc10d
Improve action table indices (#19472) 2022-06-18 04:46:50 -04:00
zeripath
dd1ed35f75
Add dbconsistency checks for Stopwatches (#20010)
It appears possible that stopwatches can become orphaned or have been orphaned in
the past.

This PR adds Orphan checks for Stopwatches.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-18 11:31:00 +08:00
Mohamed Sekour
fd0d481de8
fix push mirrors URL are no longer displayed on the UI (#20011)
* fix push mirrors URL are no longer displayed on the UI

Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>

* Update modules/templates/helper.go

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-18 11:30:26 +08:00
zeripath
8eefe2af45
Empty log queue on flush and close (#19994)
* Empty log queue on flush and close

It is possible for log events to remain in the buffer off the multichannelledlog
and thus not be logged despite close or flush.

This PR simply adds a function to empty the queue before closing or flushing.
(Except when the logger is paused.)

Reference #19982

Signed-off-by: Andrew Thornton <art27@cantab.net>

* and do similar for ChannelledLog

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-18 10:33:13 +08:00
zeripath
46e50bcbfc [skip ci] Updated translations via Crowdin 2022-06-18 00:10:15 +00:00
zeripath
ae446b13f9
Stop spurious APIFormat stopwatches logs (#20008)
If there are dangling stopwatches with missing issues there will be repeated
logging of Unable to APIFormat stopwatches. These are unhelpful and instead
we should only log if the error is not an issue not exist error.

And we should also prevent an error on missing issue in GetActiveStopwatch too

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-06-17 22:47:15 +01:00
zeripath
5d80feb5a6
Fix CountOrphanedLabels in orphan check (#20009)
gitea doctor --run check-db-consistency is currently broken due to an incorrect
and old use of Count() with a string.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-06-17 22:42:51 +01:00
zeripath
1e9ad8eb21
Write Commit-Graphs in RepositoryDumper (#20004)
When migrating git repositories we should ensure that the commit-graph is written.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2022-06-17 21:19:21 +01:00
zeripath
ea9997a9dd
Add fetch.writeCommitGraph to gitconfig (#20006)
Add fetch.writeCommitGraph to gitconfig to ensure that a commit-graph will be written
on git fetch calls.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-06-17 21:18:35 +01:00
Lunny Xiao
27ba86d283
move agit dependcy (#19998) 2022-06-17 20:17:12 +02:00
wxiaoguang
719eb4a879
Fix a JS error in initRepoCommitLastCommitLoader's entryMap (#19996) 2022-06-17 17:44:35 +08:00
singuliere
a036507204
gitconfig: set safe.directory = * (#19870)
Allow git push to work when networked file systems with mixed
ownership are used with Gitea docker images >= 1.16.6 or Gitea
binaries running alongside git versions published after 04/2022.

There are circumstances independent of Gitea (networked file systems
with various permission systems) by which the git repositories managed
by Gitea may have mixed owners. It is not a behavior that Gitea have
control over nor is it a problem as long as the permissions for Gitea to
operate are correct. Gitea instances have been operating under these
conditions for a number of years.

It is detected as a potential security risk ( see
GHSA-vw2c-22j4-2fh2
) by the most recent git versions. However, Gitea always runs git
commands with a current directory matching the repository on
which it operates. That makes Gitea immune from this security problem
and it is safe to ignore the mixed owner permission check.

This gitconfig modification is done on a file dedicated to the user
exclusively used by Gitea.

Fixes: #19455

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-06-17 06:49:38 +01:00
Lunny Xiao
bdde56c95c
Fix Readme render bug (#19992)
Fix #19988 

Co-authored-by: zeripath <art27@cantab.net>
2022-06-17 06:48:10 +01:00
Lunny Xiao
1e05adfc3e
Delete duplicated update btn on pull request view page (#19993)
Fix #19987
2022-06-17 05:52:06 +01:00
oGi4i
9068c784c8
Use DisplayName() instead of FullName in Oauth provider (#19991)
Use DisplayName() in Oauth as this provides a fallback if FullName is not set.

Closes #19382
2022-06-16 23:29:54 +01:00
a1012112796
e3e06d13af
fix permission check for delete tag (#19985)
fix #19970

by the way, fix some error response about protected tags.

Signed-off-by: a1012112796 <1012112796@qq.com>
2022-06-16 22:03:03 +02:00
wxiaoguang
89b0aac374 [skip ci] Updated translations via Crowdin 2022-06-16 16:10:29 +00:00
wxiaoguang
157b405753
Remove legacy git code (ver < 2.0), fine tune markup tests (#19930)
* clean git support for ver < 2.0

* fine tune tests for markup (which requires git module)

* remove unnecessary comments

* try to fix tests

* try test again

* use const for GitVersionRequired instead of var

* try to fix integration test

* Refactor CheckAttributeReader to make a *git.Repository version

* update document for commit signing with Gitea's internal gitconfig

* update document for commit signing with Gitea's internal gitconfig

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-16 23:47:44 +08:00
Gusted
70ce051f1a [skip ci] Updated translations via Crowdin 2022-06-16 15:10:36 +00:00
Gusted
36127a3336
Don't prevent overflow on y-as (#19978)
- Fomantic tries to prevent overflowing on the `y/x`-as by default on
stackable menu's on mobile screens. We already solve this issue by
forcing overflow on x as and hide it on y as(due to some issues with
other menu's), since https://github.com/go-gitea/gitea/pull/19486.
- However this edge case does require a y-overflow to show the dropdown,
because you cannot easily adjust this with CSS, once you're fiddling
with overflow's (https://stackoverflow.com/a/6433475). However
interesting behavior is noted
https://css-tricks.com/popping-hidden-overflow/ when you remove the
position: relative, it will suddenly work again. Well because this is
the only solution without redesigning dropdowns, I think we can live
with the side-effect of the dropdown items being full-width instead
"relative" width to their parent.
- Resolves #19976

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-16 22:49:22 +08:00
a1012112796
d05fb6f6c9 [skip ci] Updated translations via Crowdin 2022-06-16 14:10:29 +00:00
a1012112796
a6b7c3646a
fix go to file link for mirror repository (#19983)
the `BaseRepo` not always exit, should
use `Repository`.

Signed-off-by: a1012112796 <1012112796@qq.com>
2022-06-16 20:37:13 +08:00
Gusted
e399f0f5b4
Don't buffer doctor logger (#19982)
- We don't need to buffer the logger with a thousand capacity. It's not
a high-throughput logger, this also caused issue whereby the logger
can't keep up with repeated messages being send(somehow they are lost in
the queue?).
- Resolves #19969

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-16 17:10:33 +08:00
Lunny Xiao
b01dce2a6e
Allow render HTML with css/js external links (#19017)
* Allow render HTML with css/js external links

* Fix bug because of filename escape chars

* Fix lint

* Update docs about new configuration item

* Fix bug of render HTML in sub directory

* Add CSP head for displaying iframe in rendering file

* Fix test

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Some improvements

* some improvement

* revert change in SanitizerDisabled of external renderer

* Add sandbox for iframe and support allow-scripts and allow-same-origin

* refactor

* fix

* fix lint

* fine tune

* use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts

* fine tune CSP

* Apply suggestions from code review

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-06-16 11:33:23 +08:00
Gusted
7d1770cd71
Use correct count for NumOpenIssues (#19980)
- Don't specify the field in `Count` instead use `Cols` for this.
- Call `log.Error` when a error occur.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-16 10:51:34 +08:00
Hugo Hoitink
6473bd333a
In code search, get code unit accessible repos in one (main) query (#19764)
* When non-admin users use code search, get code unit accessible repos in one main query

* Modified some comments to match the changes

* Removed unnecessary check for Access Mode in Collaboration table

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-06-16 02:24:10 +03:00
Gusted
881646520e [skip ci] Updated translations via Crowdin 2022-06-15 22:10:15 +00:00
Gusted
f0ce5470e5
Always try to fetch repo for mirrors (#19975)
- Always give a best-effort to fetching the repositories, if even that
fails indeed give a disconnected mirror found error.
- *Partially* resolves #19928

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-06-15 23:58:44 +08:00