1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-11-04 08:17:24 -05:00
Commit Graph

4285 Commits

Author SHA1 Message Date
Lunny Xiao
65d96725bb
Fix possible renderer security problem(#30136) (#30315)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-09 00:24:35 +02:00
wxiaoguang
2172b38d50
Escape paths for find file correctly (#30026) (#30031)
Backport #30026
2024-03-23 17:21:57 +01:00
Giteabot
f91b4dd959
Fix bugs in rerunning jobs (#29955) (#29983)
Backport #29955 by @Zettat123

Fix #28761
Fix #27884
Fix #28093

## Changes

### Rerun all jobs
When rerun all jobs, status of the jobs with `needs` will be set to
`blocked` instead of `waiting`. Therefore, these jobs will not run until
the required jobs are completed.

### Rerun a single job
When a single job is rerun, its dependents should also be rerun, just
like GitHub does
(https://github.com/go-gitea/gitea/issues/28761#issuecomment-2008620820).
In this case, only the specified job will be set to `waiting`, its
dependents will be set to `blocked` to wait the job.

### Show warning if every job has `needs`
If every job in a workflow has `needs`, all jobs will be blocked and no
job can be run. So I add a warning message.

<img
src="https://github.com/go-gitea/gitea/assets/15528715/88f43511-2360-465d-be96-ee92b57ff67b"
width="480px" />

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-22 03:57:10 +00:00
Lunny Xiao
6ef986d474
Performance improvements for pull request list page (#29900) (#29972)
This PR will avoid load pullrequest.Issue twice in pull request list
page. It will reduce x times database queries for those WIP pull
requests.

Partially fix #29585
Backport #29900
2024-03-22 09:58:04 +08:00
Lunny Xiao
3fd15aeff2
Add cache for dashbaord commit status (#29932)
backport #29444
2024-03-20 10:34:40 +00:00
Lunny Xiao
5f7b6b55a5
Only do counting when count_only=true for repo dashboard (#29884) (#29905)
Ref: #29878
Backport #29884

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-20 11:02:35 +08:00
Giteabot
408c92938b
Fix PR creation via api between branches of same repo with head field namespaced (#26986) (#29857)
Backport #26986 by @norohind

Fix #20175

Current implementation of API does not allow creating pull requests
between branches of the same
repo when you specify *namespace* (owner of the repo) in `head` field in
http request body.

---------

Co-authored-by: norohind <60548839+norohind@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-20 09:38:30 +08:00
wxiaoguang
b9dd5dd471
Fix template error when comment review doesn't exist (#29888) (#29889)
Backport #29888
2024-03-19 15:00:01 +08:00
Giteabot
00ea9af8e1
Editor error message misleading due to re-used key. (#29859) (#29876)
Backport #29859 by @buckybytes

The error message:

`editor.file_changed_while_editing = The file contents have changed
since you started editing. <a target="_blank" rel="noopener noreferrer"
href="%s">Click here</a> to see them or <strong>Commit Changes
again</strong> to overwrite them.`

Is re-used in inappropriate contexts. The link in the key goes to a 404
when the key is used in a situation where the file contents have not
changed.

Added two new keys to differentiate commit id mismatch and push out of
date conditions.

Co-authored-by: buckybytes <158571971+buckybytes@users.noreply.github.com>
2024-03-18 14:45:43 +08:00
Lunny Xiao
85f31eb643
Fix codeowner detected diff base branch to mergebase (#29783) (#29807)
Fix #29763
Backport #29783 

This PR fixes 2 problems with CodeOwner in the pull request.
- Don't use the pull request base branch but merge-base as a diff base
to detect the code owner.
- CodeOwner detection in fork repositories will be disabled because
almost all the fork repositories will not change CODEOWNERS files but it
should not be used on fork repositories' pull requests.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-17 02:40:06 +01:00
Lunny Xiao
61db562a5f
Fix user router possbile panic (#29751) (#29786)
regression from #28023
backport #29751
2024-03-14 12:44:14 +08:00
sillyguodong
538efb9df7
Make runs-on support variable expression (#29468) (#29782)
backport #29468 

Close issue: https://gitea.com/gitea/act_runner/issues/445
Follow: https://gitea.com/gitea/act/pulls/91

Move `getSecretsOfTask` and `getVariablesOfTask` under models because of
circular dependency issues.
2024-03-14 10:19:01 +08:00
Lunny Xiao
8c31456a87
Use Get but not Post to get actions artifacts (#29734) (#29737)
backport #29734
2024-03-12 17:31:45 +01:00
Lunny Xiao
a129c0c06c
Fix 500 when deleting account with incorrect password or unsupported login type (#29579) (#29656)
Fix #26210
Backport #29579

Co-authored-by: Jason Song <i@wolfogre.com>
2024-03-08 15:43:57 +01:00
Lunny Xiao
5667ef9aab
Add missing database transaction for new issue (#29490) (#29607)
When creating an issue, inserting issue, assign users and set project
should be in the same transaction.

Backport #29490
2024-03-05 16:37:55 +00:00
wxiaoguang
02df269d24
Make "/user/login" page redirect if the current user has signed in (#29583) (#29599)
Backport #29583
2024-03-05 21:03:45 +08:00
wxiaoguang
4ef7e496b8
Add a trailing slash to dashboard links (#29555) (#29573)
Backport #29555
2024-03-04 13:50:55 +08:00
Giteabot
b84303ef6e
Fix 500 when pushing release to an empty repo (#29554) (#29564)
Backport #29554 by @lng2020

As title. 
The former code directly used `ctx.Repo.GitRepo`, causing 500.

22b4f0c09f/routers/api/v1/repo/release.go (L241)

Co-authored-by: Nanguan Lin <nanguanlin6@gmail.com>
2024-03-03 17:10:22 +00:00
wxiaoguang
2b059f493e
Only use supported sort order for "explore/users" page (#29430) (#29443)
Backport #29430

Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.
2024-03-03 02:28:45 +00:00
Giteabot
5ca2971ccb
Fix incorrect cookie path for AppSubURL (#29534) (#29552)
Backport #29534
Regression of #24107

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-03 08:54:33 +08:00
Giteabot
971eab18fa
Fix incorrect redirection when creating a PR fails (#29537) (#29543)
Backport #29537 by wxiaoguang

This is only a quick fix to make it easier to backport.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-02 20:01:19 +00:00
Giteabot
8723389028
Fix incorrect relative/absolute URL usages (#29531) (#29547)
Backport #29531 by wxiaoguang

Add two "HTMLURL" methods for PackageDescriptor. 
And rename "FullWebLink" to "VersionWebLink"

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-02 18:00:15 +00:00
Giteabot
a86d9337e9
Fix issue & comment history bugs (#29525) (#29527)
Backport #29525 by @wxiaoguang

* Follow #17746: `HasIssueContentHistory` should use expr builder to
make sure zero value (0) be respected.
* Add "doer" check to make sure `canSoftDeleteContentHistory` only be
called by sign-in users.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-02 08:45:48 +08:00
Giteabot
c293e34df0
Fix wrong test usage of AppSubURL (#29459) (#29488)
Backport #29459 by @KN4CK3R

The tests use an invalid `setting.AppSubURL`. The wrong behaviour
disturbs other PRs like #29222 and #29427.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-29 14:40:35 +08:00
Giteabot
2df38af752
Fix missed return (#29450) (#29453)
Backport #29450 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-02-27 23:33:03 +08:00
Giteabot
9456deb512
Not trigger all jobs any more, when re-running the first job (#29439) (#29441)
Backport #29439 by @sillyguodong

Previously, it will be treated as "re-run all jobs" when `jobIndex ==
0`. So when you click re-run button on the first job, it triggers all
the jobs actually.

Caused by #26535.

Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
2024-02-27 16:18:49 +08:00
Giteabot
e75594f7a6
Do not double close reader (#29354) (#29370)
Backport #29354 by @KN4CK3R

Fixes #29346

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-24 12:08:06 +00:00
Lunny Xiao
a1c0b3a02e
Display friendly error message (#29105) (#29363)
Backport #29105 

`ctx.Error` only displays the text but `ctx.ServerError` renders the
usual error page.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-24 11:01:18 +00:00
Giteabot
35db5a373b
Fix validity of the FROM email address not being checked (#29347) (#29360)
Backport #29347 by @carlosfelgueiras

Fixes #27188.
Introduces a check on the installation that tries to parse the FROM
address. If it fails, shows a new error message to the user.

Co-authored-by: Carlos Felgueiras <carlosfelgueiras@tecnico.ulisboa.pt>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-24 08:23:21 +00:00
Lunny Xiao
5043ad54c7
Fix project counter in organization/individual profile (#28068) (#29361)
Fix #28052
Backport #28068 
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558)

![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a)

![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d)

Co-authored-by: yp05327 <576951401@qq.com>
2024-02-24 07:58:43 +00:00
wxiaoguang
511298e452
Use general token signing secret (#29205) (#29325)
Backport #29205 (including #29172)

Use a clearly defined "signing secret" for token signing.
2024-02-22 17:07:41 +00:00
Zettat123
dcb9c38568
Fix error display when merging PRs (#29288) (#29309)
Backport #29288
Partially fix #29071, regression of Modernize merge button #28140 

Fix some missing `Redirect` -> `JSONRedirect`.

Thanks @yp05327 for the help in
https://github.com/go-gitea/gitea/issues/29071#issuecomment-1931261075
2024-02-22 03:32:54 +01:00
Markus Amshove
78f41e4fc4
Disallow merge when required checked are missing (#29143) (#29268)
backport #29143

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-19 20:48:17 +00:00
Lunny Xiao
e2eac7574f
Fix bug when the linked account was disactived and list the linked accounts (#29263)
The bug has been fixed on v1.22 but not backport to v1.21.
This original PR have many refactors so I don't think it's necessary to
backport all of them.

Fix #28667
2024-02-19 15:23:47 +00:00
Jimmy Praet
3604b7d8ad
Load outdated comments when (un)resolving conversation on PR timeline (#29203) (#29221)
Backport #29203

Relates to #28654, #29039 and #29050.

The "show outdated comments" flag should only apply to the file diff
view.
On the PR timeline, outdated comments are always shown. So they should
also be loaded when (un)resolving a conversation on the timeline page.
2024-02-18 06:58:26 +00:00
wxiaoguang
dd8bc1d61d
Refactor issue template parsing and fix API endpoint (#29069) (#29140)
Backport #29069

The old code `GetTemplatesFromDefaultBranch(...) ([]*api.IssueTemplate,
map[string]error)` doesn't really follow Golang's habits, then the
second returned value might be misused. For example, the API function
`GetIssueTemplates` incorrectly checked the second returned value and
always responds 500 error.

This PR refactors GetTemplatesFromDefaultBranch to
ParseTemplatesFromDefaultBranch and clarifies its behavior, and fixes
the API endpoint bug, and adds some tests.

And by the way, add proper prefix `X-` for the header generated in
`checkDeprecatedAuthMethods`, because non-standard HTTP headers should
have `X-` prefix, and it is also consistent with the new code in
`GetIssueTemplates`
2024-02-14 01:32:31 +00:00
CEnnis91
1aaeec6da7
Fix swift packages not resolving (#29095) (#29102) 2024-02-08 18:26:54 +00:00
Giteabot
c9b2aaed0e
Improve user experience for outdated comments (#29050) (#29086)
Backport #29050 by wxiaoguang

Try to improve #28949

1. Make `ctx.Data["ShowOutdatedComments"] = true` by default: it brings
consistent user experience, and sometimes the "outdated (source
changed)" comments are still valuable.
2. Show a friendly message if the comment won't show, then the end users
won't fell that "the comment disappears" (it is the special case when
`ShowOutdatedComments = false`)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-08 10:29:54 +08:00
Giteabot
aadbbf4358
Do not render empty comments (#29039) (#29049)
Backport #29039 by wxiaoguang

Follow #28654

The `comments` might be empty, so the templates shouldn't (and couldn't)
use it to render. When there is no comment, the UI should also be
updated to empty, so returning an empty body is good enough.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-04 13:25:58 +00:00
Giteabot
c398c25b18
Fix an actions schedule bug (#28942) (#28999)
Backport #28942 by @Zettat123

In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.

This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-31 15:52:31 +00:00
Giteabot
b8e6cffd31
Preserve BOM in web editor (#28935) (#28959)
Backport #28935 by @silverwind

The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.

Co-authored-by: silverwind <me@silverwind.io>
2024-01-27 23:23:31 +01:00
Giteabot
d6eb6c90f4
fix: update enable_prune even if mirror_interval is not provided (#28905) (#28929)
Backport #28905 by @Anthony-Jhoiro

Currently, the `updateMirror` function which update the mirror interval
and enable prune properties is only executed by the `Edit` function. But
it is only triggered if `opts.MirrorInterval` is not null, even if
`opts.EnablePrune` is not null.

With this patch, it is now possible to update the enable_prune property
with a patch request without modifying the mirror_interval.

## Example request with httpie

### Currently:
**Does nothing**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token
```

**Updates both properties**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" "mirror_interval=10m" -A bearer -a $gitea_token
```

### With the patch
**Updates enable_prune only**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token
```

Co-authored-by: Anthony Quéré <47711333+Anthony-Jhoiro@users.noreply.github.com>
2024-01-26 00:14:38 +01:00
Jimmy Praet
9210ce4045
Don't reload timeline page when (un)resolving or replying conversation (#28654) (#28917)
Backport #28654
Fixes #15981
2024-01-24 20:09:48 +01:00
FuXiaoHei
7f0ce2dfc7
Fix uploaded artifacts should be overwritten (#28726) backport v1.21 (#28832)
Backport https://github.com/go-gitea/gitea/pull/28726 by @fuxiaohei

Fix Uploaded artifacts should be overwritten
https://github.com/go-gitea/gitea/issues/28549

When upload different content to uploaded artifact, it checks that
content size is not match in db record with previous artifact size, then
the new artifact is refused.

Now if it finds uploading content size is not matching db record when
receiving chunks, it updates db records to follow the latest size value.
2024-01-22 09:49:21 +08:00
Giteabot
b7c944b9e4
Prevent anonymous container access if RequireSignInView is enabled (#28877) (#28882)
Backport #28877 by @KN4CK3R

Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-01-22 01:44:38 +08:00
KN4CK3R
022552d5b6
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R


![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>
2024-01-16 02:13:29 +00:00
Giteabot
376fa0d8c4
Forbid removing the last admin user (#28337) (#28793)
Backport #28337 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-16 01:51:46 +00:00
KN4CK3R
ae99233db0
Fix GetCommitStatuses (#28787) (#28804)
Backport #28787

Replaces #28802
2024-01-15 19:30:12 +01:00
Giteabot
fbf29f29b5
Modernize merge button (#28140) (#28786)
Backport #28140 by @earl-warren

- Make use of the `form-fetch-action` for the merge button, which will
automatically prevent the action from happening multiple times and show
a nice loading indicator as user feedback while the merge request is
being processed by the server.
- Adjust the merge PR code to JSON response as this is required for the
`form-fetch-action` functionality.
- Resolves https://codeberg.org/forgejo/forgejo/issues/774
- Likely resolves the cause of
https://codeberg.org/forgejo/forgejo/issues/1688#issuecomment-1313044

(cherry picked from commit 4ec64c19507caefff7ddaad722b1b5792b97cc5a)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2024-01-15 09:40:52 +08:00
Lunny Xiao
6e29242ebb
Fix schedule tasks bugs (#28691) (#28780)
Fix #28157
Backport #28691 

This PR fix the possible bugs about actions schedule.

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.
2024-01-14 23:54:22 +01:00