Backport #28935 by @silverwind
The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:
- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.
Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.
Co-authored-by: silverwind <me@silverwind.io>
Backport #26745Fixes#26548
This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.
The added tests should ensure the same output for the old and new
behaviour (besides the bug).
We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:
<details>
<summary>Profile</summary>
https://try.gitea.io/KN4CK3R
![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)
</details>
Backport #28719 by wxiaoguang
In #26851, it assumed that `Commit` always exists when
`PageIsDiff==true`.
But for a 404 page, the `Commit` doesn't exist, so the following code
would cause panic because nil value can't be passed as string parameter
to `IsMultilineCommitMessage(string)` (or the StringUtils.Cut in later
PRs)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #28639 by @denyskon
According to [Debian
docs](https://wiki.debian.org/DebianRepository/UseThirdParty):
> The certificate MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded
by apt-key add.
> ...
> If future updates to the certificate will be managed by an apt/dpkg
package as recommended below, then it SHOULD be downloaded into
/usr/share/keyrings using the same filename that will be provided by the
package. If it will be managed locally , it SHOULD be downloaded into
/etc/apt/keyrings instead.
> ...
> A sources.list entry SHOULD have the signed-by option set.
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Backport #28588 by @yardenshoham
It included the hours, minutes, and seconds. By removing these, the date
renders correctly.
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
Backport #28576 by wxiaoguang
Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.
Fix#28575
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #28520 by @framitdavid
There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.
I am submitting these pull requests to ensure that the correct input
field is focused when the user clicks on the label. This change will
also facilitate the writing of tests using Playwright or Testing Library
to retrieve elements based on roles. This PR will also improve
acessibility of this area.
Co-authored-by: David Øvrelid <46874830+framitdavid@users.noreply.github.com>
Backport #28491 by @appleboy
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Backport #28390 by @jackHay22
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
```
HTTP/1.1 200 OK
...
Warning: token and access_token API authentication is deprecated
...
```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`
## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed
## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)
Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
Backport #28359 by @lunny
The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.
Fix#28332
Replace #28333
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #28351 by @KN4CK3R
Fix#28347
As there is no info how to reproduce it, I can't test it.
Fix may be `section_split.tmpl @ 126/130`.
Other changes are "empty check" refactorings.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #27927 by @invliD
When an assignee changed event comment is rendered, most of it is
guarded behind the assignee ID not being 0. However, if it is 0, that
results in quite broken rendering for that comment and the next one.
This can happen, for example, when repository data imported from outside
of Gitea is incomplete.
This PR makes sure comments with an assignee ID of 0 are not rendered at
all.
---
Screenshot before:
<img width="272" alt="Bildschirmfoto 2023-11-05 um 20 12 18"
src="https://github.com/go-gitea/gitea/assets/42910/7d629d76-fee4-4fe5-9e3a-bf524050cead">
The comments in this screenshot are:
1. A regular text comment
2. A user being unassigned
3. A user being assigned
4. The title of the PR being changed
Comments 2 and 3 are rendered without any text, which indents the next
comment and does not leave enough vertical space.
Co-authored-by: Sebastian Brückner <code@nik.dev>
Backport #27892 by @earl-warren
- Remove the set tabindex and instead let the browser figure out the
correct tab order.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1626
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27856
The only conflict is `ThemeName` in `500.tmpl`, it has been resolved
manually by keeping using old
`{{.SignedUser.Theme}}{{else}}{{DefaultTheme}}`
Backport #27592 by @JakobDev
If you set a checkbox as required in a issue form at the moment, the
checkbox is checked and read only, what does not make much sense. With
this PR, the Checkbox actually needs to be checked. The label supports
now also Markdown. This matches GitHub's behaviour.
And yes, I know the CSS is a ugly workaround. It looks like the given
CSS code is part Fomantic and I don't know how to change that. The
Maintainers are free to change that.
![grafik](https://github.com/go-gitea/gitea/assets/15185051/3f35be75-b0b4-42a7-9048-a4970384a035)
Co-authored-by: JakobDev <jakobdev@gmx.de>
Backport #27632 by @wxiaoguang
1. fix#27631 , and add samples to devtest page
2. fix incorrect color for "ui dropdown button" when hover
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>