Commit graph

19120 commits

Author SHA1 Message Date
Giteabot
56642554d1
Move reverproxyauth before session so the header will not be ignored even if user has login (#27821) (#30948)
Backport #27821 by @lunny

When a user logout and then login another user, the reverseproxy auth
should be checked before session otherwise the old user is still login.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 14dc00ae01c35ad51a3982a5725777bbeabe2b78)
2024-05-14 16:17:23 +02:00
Giteabot
10a9b6b806
Fix some UI regressions for commit list (#30920) (#30937)
Backport #30920 by wxiaoguang

Close #30919

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 94c5a30c8bd2ae78ffd7bd3b39bee019c531e1e7)
2024-05-14 16:14:38 +02:00
silverwind
6917b25ad3
Fix and tweak pull request commit list (#30528)
Fixes https://github.com/go-gitea/gitea/issues/30493, regression from
https://github.com/go-gitea/gitea/pull/30374.

Also did the flexbox convertion as suggested by the existing comment.

<img width="850" alt="Screenshot 2024-04-16 at 22 28 48"
src="https://github.com/go-gitea/gitea/assets/115237/e8905944-620a-4211-b5c5-53ed3b3ee23e">

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 311f5261cdb23b46d3f510e40fd4e2ac06e376c0)
(cherry picked from commit eea7ea9d0a)
2024-05-14 16:14:14 +02:00
yp05327
37fc6cdaf6
Fix incorrect default branch when adopt a repository (#30912) (#30928)
Backport #30912

ps: removed useless `u *user_model.User` for `adoptRepository`
(cherry picked from commit 2200c41ffd7dc84faa1de61941603af11b3412f2)
2024-05-14 16:09:33 +02:00
Zettat123
65529bd334
Update issue indexer after merging a PR (#30715)
Fix #30684

(cherry picked from commit f09e68ec33262d5356779572a0b1c66e6e86590f)

Conflicts:
	tests/integration/pull_merge_test.go
	trivial context conflict
(cherry picked from commit 8f0f6bf89c)

(cherry picked from commit df5513978a630355a28b6b42fcc63fe5d70652d8)
2024-05-14 16:00:57 +02:00
Lunny Xiao
d91839692f
Fix various problems around projects board view (#30696)
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a303c973e0264dab45a787c4afa200e183e0d953)

Conflicts:
	routers/web/web.go
	e91733468ef726fc9365aa4820cdd5f2ddfdaa23 Add missing database transaction for new issue (#29490) was not cherry-picked
	services/issue/issue.go
	fe6792dff3 Enable/disable owner and repo projects independently (#28805) was not cherry-picked
(cherry picked from commit 7d3ca90dfe)

(cherry picked from commit 084bec89ed7ae0816fc2d8db6784ad22523d1fc4)
2024-05-14 15:51:15 +02:00
silverwind
9934931f1f
[PORT] gitea##30237: Fix and rewrite contrast color calculation, fix project-related bugs
1. The previous color contrast calculation function was incorrect at
least for the `#84b6eb` where it output low-contrast white instead of
black. I've rewritten these functions now to accept hex colors and to
match GitHub's calculation and to output pure white/black for maximum
contrast. Before and after:
<img width="94" alt="Screenshot 2024-04-02 at 01 53 46"
src="https://github.com/go-gitea/gitea/assets/115237/00b39e15-a377-4458-95cf-ceec74b78228"><img
width="90" alt="Screenshot 2024-04-02 at 01 51 30"
src="https://github.com/go-gitea/gitea/assets/115237/1677067a-8d8f-47eb-82c0-76330deeb775">

2. Fix project-related issues:

- Expose the new `ContrastColor` function as template helper and use it
for project cards, replacing the previous JS solution which eliminates a
flash of wrong color on page load.
- Fix a bug where if editing a project title, the counter would get
lost.
- Move `rgbToHex` function to color utils.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>

---
Conflict resolution: Trivial.
(cherry picked from commit 36887ed3921d03f1864360c95bd2ecf853bfbe72)
(cherry picked from commit f6c0c39f1a)
2024-05-14 15:50:47 +02:00
Yarden Shoham
c6d2c18052
Remove jQuery class from the project page (#30183)
- Switched from jQuery class functions to plain JavaScript `classList`
- Tested the edit column modal functionality and it works as before

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit b535c6ca7b9e8c4bcf5637091ee5ad6d9c807c31)
(cherry picked from commit 702f112602)
2024-05-14 15:50:31 +02:00
Giteabot
8f8d85da47
Fix wrong transfer hint (#30889) (#30900)
Backport #30889 by @lunny

Fix #30187

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 271e8748a2035ebc836cc2d1e03f4e68b063697e)
2024-05-14 15:45:03 +02:00
Lunny Xiao
7e81775184
Move database operations of merging a pull request to post receive hook and add a transaction (#30805)
Merging PR may fail because of various problems. The pull request may
have a dirty state because there is no transaction when merging a pull
request. ref
https://github.com/go-gitea/gitea/pull/25741#issuecomment-2074126393

This PR moves all database update operations to post-receive handler for
merging a pull request and having a database transaction. That means if
database operations fail, then the git merging will fail, the git client
will get a fail result.

There are already many tests for pull request merging, so we don't need
to add a new one.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ebf0c969403d91ed80745ff5bd7dfbdb08174fc7)

Conflicts:
	modules/private/hook.go
	routers/private/hook_post_receive.go
	trivial conflicts because
	  263a716cb5 * Performance optimization for git push (#30104)
	was not cherry-picked and because of
	  998a431747 Do not update PRs based on events that happened before they existed
(cherry picked from commit eb792d9f8a)

(cherry picked from commit ec3f5f9992d7ff8250c044a4467524d53bd50210)
2024-05-14 15:37:32 +02:00
6543
99bd29f02f
Repository explore alphabetically order respect owner name (#30882)
similar to #30784 but only for the repo explore page

is covered by #30876 for the main branch

(cherry picked from commit d410e2acce22e5b3518a9bf64a9152b32a91fe18)
2024-05-14 15:31:36 +02:00
Giteabot
e5f9482745
Fix missing migrate actions artifacts (#30874) (#30886)
Backport #30874 by @lunny

The actions artifacts should be able to be migrate to the new storage
place.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 216c8eada3c0727288dc5565ae9fdd798b17c463)
2024-05-14 15:31:14 +02:00
Giteabot
220594bacc
Make "sync branch" also sync object format and add tests (#30878) (#30880)
Backport #30878 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ad5a8d043c6818c0c496ebae2f5ea9373219bcd6)
2024-05-14 15:28:38 +02:00
Giteabot
1582b1e83a
Get repo list with OrderBy alpha should respect owner too (#30784) (#30875)
Backport #30784 by @6543

instead of:
- zowner/gcode
- awesome/nul
- zowner/nul
- zowner/zzz

we will get:
- awesome/nul
- zowner/gcode
- zowner/nul
- zowner/zzz

Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit cfe6779d4eb2f3869357768fe58863642f79c5a9)
2024-05-14 15:27:25 +02:00
Giteabot
dbecdd2be2
Have time.js use UTC-related getters/setters (#30857) (#30869)
Backport #30857 by kemzeb

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Co-authored-by: Sam Fisher <fisher@3echelon.local>
(cherry picked from commit 2252a7bf84c26aee0dfa1b1b826dba148f507a3a)
2024-05-14 15:25:52 +02:00
Earl Warren
98afc8fcdb Merge pull request '[v7.0/forgejo] Expand code diffs against the commits repo' (#3767) from bp-v7.0/forgejo-220c3fe into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3767
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 12:42:18 +00:00
0ko
679010f079 Merge pull request '[v7.0/forgejo] Translation updates from Weblate' (#3749) from bp-v7.0/forgejo-61643a6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3749
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 12:20:19 +00:00
forgejo-backport-action
0dc681ed13 [v7.0/forgejo] Improve translatability of "Transfer ownership" (#3750)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3739

This text can have different forms in other languages depending on context.

The commit also contains a change to .editorconfig to prevent EoF changes when mass-replacing strings, as that causes unintentional merge conflicts with Weblate.

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3750
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-14 12:14:36 +00:00
Gergely Nagy
dc13eecc04 Expand code diffs against the commits repo
When expanding code diffs, the expansion should search for more context
in the commits repo, rather than in the repo in context, because the
commit may not be available in the base repo. For example, when
previewing a pull request, the commit is not in the target repo yet -
it's in the fork.

Fixes #3746.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 220c3fe3b3)
2024-05-14 12:06:44 +00:00
Earl Warren
8a8718be4d Merge pull request '[v7.0/forgejo] Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)' (#3751) from bp-v7.0/forgejo-337f4f9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3751
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 10:55:07 +00:00
Gergely Nagy
50ac410e35
[backport]: backport applyElemsCallback
Lifted out from 1983226581.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-14 08:39:59 +02:00
wxiaoguang
cbdf32126f
Refactor and fix archive link bug (#30535)
Regression of #29920
Fixes: #30569

Also this is a rewriting to eliminate the remaining jQuery usages from code.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d0e07083559180b124a08359fcc72f9ef695e723)

Conflicts:
	- web_src/js/features/repo-common.js
	  Conflict resolved in favour of Gitea.
2024-05-14 08:34:46 +02:00
Beowulf
1f08add260
Replace reply with a forked version to fix the cut-off of the incoming mail text (#3747)
replace reply with forgejos forked version

If plain text is selected as the message format in e.g. Apple Mail, the inline attachments are no longer at the end of the mail, but instead directly where they are in the mail. When parsing the mail, these inline attachments are replaced by "--". The new reply version no longer cuts the text at the first "--".

Tests for this are present in reply (7dc5750c6d).

Fixes https://codeberg.org/forgejo/forgejo/issues/3496#issuecomment-1798416

---

Additionally, I reduced the allocations for the inline attachments.
2024-05-13 23:51:40 +02:00
Earl Warren
8b86b6f1a0 Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)
In
  801792e4dc Rename Str2html to SanitizeHTML and clarify its behavior (followup)
the replacement was incorrect because
  c9d0e63c20  Remove unnecessary "Str2html" modifier from templates
was not applied and Str2html should have not been present in the first
place.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3554
(cherry picked from commit 337f4f9d87)
2024-05-13 18:38:48 +00:00
0ko
564183bbbd Translation updates from Weblate (#3748)
This is not the usual Weblate PR. I did not reset Weblate after squash-merging https://codeberg.org/forgejo/forgejo/pulls/3637, so Weblate failed to rebase and locked. These are manually cherry-picked commits that Weblate produced after that PR was merged. We need to squash-merge them too before resetting Weblate, so the new translations don't get lost.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Cwpute <Cwpute@users.noreply.translate.codeberg.org>
Co-authored-by: Mylloon <Mylloon@users.noreply.translate.codeberg.org>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: owofied <furry@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3748
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
(cherry picked from commit 61643a698c)
2024-05-13 18:18:32 +00:00
Earl Warren
9d6974d1f8 Merge pull request '[v7.0/forgejo] [I18N] Translations update from Weblate' (#3740) from bp-v7.0/forgejo-010cccd into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3740
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-13 12:45:16 +00:00
Codeberg Translate
92867c76a7 [I18N] Translations update from Weblate (#3637)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Co-authored-by: Kaede Fujisaki <ledyba@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: kdh8219 <kdh8219@monamo.dev>
Co-authored-by: enricpineda <enricpineda@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: nmmr <nmmr@users.noreply.translate.codeberg.org>
Co-authored-by: VioletLul <VioletLul@users.noreply.translate.codeberg.org>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Dirk <Dirk@users.noreply.translate.codeberg.org>
Co-authored-by: Nifou <Nifou@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: yeziruo <yeziruo@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3637
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 010cccd33e)
2024-05-13 11:55:57 +00:00
Earl Warren
186cb13b26 Merge pull request 'Port "Fix project name wrapping, remove horizontal margin on header"' (#3730) from 0ko/forgejo:wrappp into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3730
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-12 13:46:38 +00:00
0ko
9673355bf3 Port "Fix project name wrapping, remove horizontal margin on header"
Port of 370b1bdb37.
2024-05-12 17:37:36 +05:00
Earl Warren
0bba3e2158 Merge pull request '[v7.0/forgejo] Add class tw-break-anywhere' (#3720) from bp-v7.0/forgejo-b45fbe1 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3720
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-12 10:48:49 +00:00
0ko
6334a48043 Add class tw-break-anywhere
very partial port of 9946353282 (diff-38f10be6b48c74bcacbf9f6e15cc8582a45b7a6cbd1cdd8efec8e592575290c5) to fix a few picked areas where lack of it causes bugs.

(cherry picked from commit b45fbe1dcc)
2024-05-11 18:13:28 +00:00
Earl Warren
ba1f73f550 Merge pull request '[v7.0/forgejo] templates: Be more forgiving about missing package metadata' (#3705) from bp-v7.0/forgejo-ac4d535 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3705
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-10 18:47:36 +00:00
Gergely Nagy
00cfe9aef9 templates: Be more forgiving about missing package metadata
When rendering templates for packages, be more forgiving about missing
metadata. For some repository types - like maven - metadata is uploaded
separately. If that upload fails, or does not happen, there will be no
metadata.

In that case, Forgejo should handle it gracefully, and render as much of
the information as possible, without erroring out. Rendering without
metadata allows one to delete a partial package, while if we throw
errors, that becomes a whole lot harder.

This patch adjusts the generic metadata template, and also the maven
template. There may be more cases of the same problem lying around.

Fixes #3663.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ac4d535dbf)
2024-05-10 18:10:25 +00:00
Earl Warren
d8fda28dfc Merge pull request '[v7.0/forgejo] Fix some 7.0 missing variables' (#3688) from bp-v7.0/forgejo-0dc35c9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3688
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 19:30:27 +00:00
Earl Warren
7afee47817 Merge pull request '[v7.0/forgejo] Teach activities.GetFeeds() how to avoid returning duplicates' (#3687) from bp-v7.0/forgejo-9cb2aa9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3687
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 19:29:39 +00:00
0ko
887c050ea3 [THEME] Fix some 7.0 missing variables
(cherry picked from commit 0dc35c9df9)
2024-05-09 18:52:33 +00:00
Gergely Nagy
9ba48419ba Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9cb2aa989a)
2024-05-09 18:37:30 +00:00
Earl Warren
283b678146 Merge pull request '[v7.0/forgejo] Fix an incorrect form submission in repo-issue.js' (#3677) from bp-v7.0/forgejo-f4dd53d into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3677
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-08 21:49:06 +00:00
Gergely Nagy
b6be9fb901 Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f4dd53d79d)
2024-05-08 21:16:08 +00:00
Earl Warren
767d292c83 Merge pull request '[v7.0/forgejo] Cumulative English improvements (May 2024)' (#3674) from bp-v7.0/forgejo-b11eddf into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3674
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 19:16:24 +00:00
0ko
8d3c6251a7 [I18N] English improvements (May 2024)
- `editor.commit_id_not_matching` was reported by https://codeberg.org/kita. I confirmed the meaning on next.forgejo.org.
- `additional_repo_units_hint` was suggested by https://codeberg.org/leana8959.

(cherry picked from commit b11eddfaa8)
2024-05-08 17:09:24 +00:00
Earl Warren
94ce24cf92 Merge pull request '[v7.0/forgejo] fix(security): CVE-2024-24788 malformed DNS message' (#3673) from bp-v7.0/forgejo-f3045f0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3673
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:02:19 +00:00
Earl Warren
696ed328fb fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
(cherry picked from commit f3045f0519)
2024-05-08 14:47:59 +00:00
Earl Warren
dd3487dbbf Merge pull request '[v1.22/gitea] week 2024-19 cherry pick v7.0' (#3659) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3659
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:48:50 +00:00
Earl Warren
18249e58be Merge pull request '[v7.0/forgejo] Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed' (#3660) from earl-warren/forgejo:wip-v7.0-chi-binding into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3660
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-07 08:56:40 +00:00
Earl Warren
f8a3482cdb
Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed
(cherry picked from commit 58bf120eba)

Conflicts: trivial context conflicts
2024-05-07 08:35:25 +01:00
yp05327
da993b09ad
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 6a4bc0289d)
2024-05-07 08:21:38 +01:00
Kemal Zebari
6ae15bc15e
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
(cherry picked from commit e388822e9d)
2024-05-07 08:17:35 +01:00
Giteabot
f30c648037
Ignore useless error message "broken pipe" (#30801) (#30842)
Backport #30801 by wxiaoguang

Fix #30792

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ab2ef1ae49bc5e81d0debac85aee687a64fde8b3)
2024-05-07 08:15:36 +01:00
Giteabot
248a5b8d7a
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6d83f5eddc0f394f6386e80b86a3221f6f4925ff)
2024-05-07 08:14:22 +01:00