Commit graph

15967 commits

Author SHA1 Message Date
Lunny Xiao
dfd511faf3
Fix comment permissions (#28213) (#28217)
backport #28213 

This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-26 07:21:41 +08:00
Giteabot
41b2d0be93
Fix no ActionTaskOutput table waring (#28149) (#28151)
Backport #28149 by @yp05327

Reproduce:
- Create a new Gitea instance
- Register a runner
- Create a repo and add a workflow
- Check the log, you will see warnings:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f1278e0-114b-48bc-8113-8ba1404d9975)
It comes from:

![image](https://github.com/go-gitea/gitea/assets/18380374/c2807831-e137-4229-9536-87f6114c8a5b)

The reason is that we forgot registering `ActionTaskOutput` model.
So `action_table_output` table will be missing in your db.

Co-authored-by: yp05327 <576951401@qq.com>
2023-11-21 22:23:30 +08:00
John Olheiser
4d5854b216
Update docs for docusaurus v3 (#28127)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-11-20 00:24:36 -05:00
Giteabot
439e071acf
Restricted users only see repos in orgs which their team was assigned to (#28025) (#28050)
Backport #28025 by @6543


---
*Sponsored by Kithara Software GmbH*

Co-authored-by: 6543 <m.huber@kithara.com>
2023-11-14 16:44:38 +01:00
Giteabot
69ea554e23
Dont leak private users via extensions (#28023) (#28028)
Backport #28023 by @6543

there was no check in place if a user could see a other user, if you
append e.g. `.rss`
2023-11-14 00:03:56 +01:00
Nanguan Lin
c077a084d7
Fix wrong xorm Delete usage(backport for 1.20) (#28003)
manually backport for https://github.com/go-gitea/gitea/pull/27995
The conflict is `ctx` and `db.Defaultctx`.
2023-11-12 14:31:03 +02:00
Giteabot
dfd960f22a
Render email addresses as such if followed by punctuation (#27987) (#27991)
Backport #27987 by @yardenshoham

Added the following characters to the regular expression for the email:

- ,
- ;
- ?
- !

Also added a test case.

- Fixes #27616 

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/c57eac26-f281-43ef-a51d-9c9a81b63efa)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/fc7d5c08-4350-4af0-a7f0-d1444d2d75af)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-11-11 13:26:27 +08:00
Nanguan Lin
2978b435bb
Remove duplicated button in Install web page (#27941)
Fix #27934 
Regression #25648
2023-11-07 09:22:30 +00:00
KN4CK3R
00705da102
Unify two factor check (#27915) (#27939)
Backport of #27915

Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
2023-11-06 23:06:21 +01:00
Giteabot
4a48370d91
Fix DownloadFunc when migrating releases (#27887) (#27889)
Backport #27887 by @Zettat123

We should not use `asset.ID` in DownloadFunc because DownloadFunc is a
closure.

1bf5527eac/services/migrations/gitea_downloader.go (L284-L295)

A similar bug when migrating from GitHub has been fixed in #14703. This
PR fixes the bug when migrating from Gitea and GitLab.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-11-03 08:29:30 +00:00
Lunny Xiao
1dedf9bba0
Fix http protocol auth (#27875) (#27878)
backport #27875
2023-11-02 21:38:08 +01:00
Giteabot
2147bfde05
Fix package webhook (#27839) (#27854)
Backport #27839 by @lunny

Fix #23742

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-31 11:26:06 +01:00
Lunny Xiao
a1c232cae3
Revert "fix orphan check for deleted branch (#27310) (#27320)" (#27763)
Because branch table is created until 1.21
Fix #27508
2023-10-24 05:58:11 +00:00
Giteabot
63512cd15d
Fix label render containing invalid HTML (#27752) (#27761)
Backport #27752 by @earl-warren

- The label HTML contained a quote that wasn't being closed.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1651

(cherry picked from commit e2bc2c9a1f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-10-24 09:39:17 +08:00
Giteabot
71803d33e3
Fix org team endpoint (#27721) (#27729)
Backport #27721 by @lng2020

Fix #27711

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
2023-10-22 13:45:16 +02:00
Giteabot
a954cc3fb9
Adapt .changelog.yml to new labeling system (#27701) (#27708)
Backport #27701 by @delvh

Otherwise, it is not possible anymore to generate changelogs.

Co-authored-by: delvh <dev.lh@web.de>
2023-10-20 14:36:39 +02:00
Giteabot
ca4418eff1
Support allowed hosts for webhook to work with proxy (#27655) (#27674)
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:20 +02:00
Giteabot
80c0c88152
Fix poster is not loaded in get default merge message (#27657) (#27665)
Backport #27657 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-17 18:20:23 +02:00
Giteabot
171950a0d4
Fix 404 when deleting Docker package with an internal version (#27615) (#27629)
Backport #27615 by @lng2020

close #27601
The Docker registry has an internal version, which leads to 404

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
2023-10-15 12:08:01 +02:00
Giteabot
7b96f71bc7
Fix attachment download bug (#27486) (#27570)
Backport #27486 by @lunny

Fix #27204

This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:38:50 +02:00
yp05327
e6d1afaee3
Avoid run change title process when the title is same (#27467) (#27557)
Backport #27467 manually.
2023-10-10 09:01:24 +02:00
silverwind
1d4c193df5
Fix mermaid flowchart margin issue (#27503) (#27517)
Backport https://github.com/go-gitea/gitea/pull/27503 to 1.20

Fixes: https://github.com/go-gitea/gitea/issues/27435
Related: https://github.com/mermaid-js/mermaid/issues/4907

<img width="924" alt="image"

src="https://github.com/go-gitea/gitea/assets/115237/494a1d2e-4c56-48d0-9843-82a5e5aa977e">
2023-10-08 15:32:42 +02:00
Giteabot
4ffa683820
Fix panic in storageHandler (#27446) (#27478)
Backport #27446 by @sryze

storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).

Example CURL command to trigger the panic:

```
curl -I "http://yourhost/gitea//avatars/a"
```

Fixes #27409

---

Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.

Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)

Co-authored-by: Sergey Zolotarev <sryze@outlook.com>
2023-10-06 16:51:04 +02:00
Giteabot
973b7f6298
When comparing with an non-exist repository, return 404 but 500 (#27437) (#27441)
Backport #27437 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-04 14:27:42 +00:00
Lunny Xiao
4126aad4aa
Add 1.20.5 changelog (#27404) 2023-10-03 12:53:35 +00:00
Lunny Xiao
5c96a2be87
Fix bug of review request number (#27406)
Manually backport #27104 without tests because too many conflicted files
to backport it completely.
2023-10-03 08:08:12 +00:00
Giteabot
acedf0f702
Fix git 2.11 error when checking IsEmpty (#27393) (#27396)
Backport #27393 by @wxiaoguang

Fix #27389

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-02 23:30:04 +08:00
Giteabot
23139aa27b
Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
Backport #26430 by @lunny

Fix #26165
Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-01 19:54:15 +08:00
Giteabot
b6b71c78c4
Add logs for data broken of comment review (#27326) (#27344)
Backport #27326 by @lunny

Fix #27306

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-09-29 13:31:10 +08:00
Giteabot
2138661dae
fix orphan check for deleted branch (#27310) (#27320)
Backport #27310 by @earl-warren

- Modify the deleted branch orphan check to check for the new table
instead.
- Regression from 6e19484f4d
- Resolves https://codeberg.org/forgejo/forgejo/issues/1522

(cherry picked from commit c1d888686f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-09-28 11:16:05 +08:00
Giteabot
4b37eb2c23
Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
Backport #27203 by @Nabapadma-sarker

Fixes #27202

Co-authored-by: Nabapadma-sarker <nabapadmacse1991@gmail.com>
2023-09-25 07:02:08 +00:00
Giteabot
dd2f007501
Fix z-index on markdown completion (#27237) (#27242)
Backport #27237 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/27230

Co-authored-by: silverwind <me@silverwind.io>
2023-09-25 09:10:46 +08:00
Giteabot
dd44c2164e
Fix z-index on markdown completion (#27237) (#27238)
Backport #27237 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/27230

Co-authored-by: silverwind <me@silverwind.io>
2023-09-24 23:37:58 +00:00
Giteabot
2604571993
Update database-preparation and add note re: MariaDB (#27232) (#27235)
Backport #27232 by @techknowlogick

update DB docs per feedback.
https://gitea.com/gitea/gitea-docusaurus/issues/69

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2023-09-25 05:27:15 +08:00
KN4CK3R
eae6985b63
Quote table release in sql queries (#27205) (#27219)
Backport of #27205

Fixes #27174

`release` is a reserved keyword in MySql. I can't reproduce the issue on
my setup and we have a test for that code but it seems there can be
setups where it fails.
2023-09-24 01:48:50 +03:00
Giteabot
d8583edfe7
Fix release URL in webhooks (#27182) (#27184)
Backport #27182 by @jolheiser

Resolves #27180

`URL` points to the API URL, `HTMLURL` points to the web page.

Notably, however, for PRs they are the same URL. I switched them to use
HTMLURL to match the rest of the codebase terminology.

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-09-21 23:59:27 +00:00
Giteabot
d99479c810
Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167)
Backport #27150 by @memphis88

Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694,
this addresses the team creation not returning the organization
information in the response.

This fix is connected to the
[issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27)
discovered in the terraform provider.
Moreover, the
[documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam)
suggests that the response body should include the `organization` field
(currently being `null`).

Co-authored-by: Dionysios Kakouris <1369451+memphis88@users.noreply.github.com>
2023-09-21 22:23:33 +02:00
Giteabot
fbe1f35112
Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27162)
Backport #27150 by @memphis88

Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694,
this addresses the team creation not returning the organization
information in the response.

This fix is connected to the
[issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27)
discovered in the terraform provider.
Moreover, the
[documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam)
suggests that the response body should include the `organization` field
(currently being `null`).

Co-authored-by: Dionysios Kakouris <1369451+memphis88@users.noreply.github.com>
2023-09-21 12:14:59 +02:00
Giteabot
25233a9bdc
Fix successful return value for SyncAndGetUserSpecificDiff (#27152) (#27156)
Backport #27152 by @delvh

A function should not return an error when it is successful.
Otherwise, things like
https://discord.com/channels/322538954119184384/322538954119184384/1153705341620600833
happen…

Co-authored-by: delvh <dev.lh@web.de>
2023-09-21 00:58:13 +02:00
Giteabot
7a99c7b83c
Improve actions docs related to pull_request event (#27126) (#27145)
Backport #27126 by @Zettat123

Related to #27039

The `ref` property in Gitea Actions is different from GitHub Actions.
This PR improves the documentation to explain the difference.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-09-20 11:49:58 +02:00
Giteabot
1d6e5c8e58
fix pagination for followers and following (#27127) (#27138)
Backport #27127 by @earl-warren

- Use the correct total amount for pagination. Thereby correctly show
the pagination bare when there's more than one page of
followers/followings.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1477

(cherry picked from commit c1a136318b)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-09-19 16:03:01 +00:00
Giteabot
882e465c3a
services/wiki: Close() after error handling (#27129) (#27137)
Backport #27129 by @earl-warren

Refs: https://codeberg.org/forgejo/forgejo/pulls/1385

Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
(cherry picked from commit 589e7d346f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
2023-09-19 15:13:23 +00:00
Giteabot
b139234fa8
Fix issue templates when blank isses are disabled (#27061) (#27082)
Backport #27061 by @JakobDev

Fixes #27060

Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-09-14 17:39:34 +02:00
sebastian-sauer
d8b39324d7
Load reviewer before sending notification (#27063) (#27064)
Fixes #27035
2023-09-13 15:32:58 -05:00
Lunny Xiao
9df573bddc
Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)
backport #26991 

Unfortunately, when a system setting hasn't been stored in the database,
it cannot be cached.
Meanwhile, this PR also uses context cache for push email avatar display
which should avoid to read user table via email address again and again.

According to my local test, this should reduce dashboard elapsed time
from 150ms -> 80ms .
2023-09-13 15:15:00 +08:00
wxiaoguang
b0a405c5fa
Use secure cookie for HTTPS sites (#26999) (#27013)
Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.
2023-09-11 09:59:00 +00:00
Infinoid
3c53740244
Correct the database.LOG_SQL default value in config cheat sheet (#26997) (#27002)
This is a manual backport of #26997 to v1.20.
2023-09-10 21:43:42 -04:00
Giteabot
da7d7e60d8
Fix INI parsing for value with trailing slash (#26995) (#27001)
Backport #26995 by @wxiaoguang

Fix #26977 (a temp fix)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-10 20:52:25 +02:00
Lunny Xiao
e502be46f3
Fix changelog typo (#26973) 2023-09-08 16:35:37 +08:00
techknowlogick
4a886de71e
1.20.4 changelog (#26966) 2023-09-08 12:17:00 +08:00