Commit graph

16106 commits

Author SHA1 Message Date
wxiaoguang
8f6d442a04
Use secure cookie for HTTPS sites (#26999) (#27013)
Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

(cherry picked from commit b0a405c5fa)
2023-09-20 12:50:46 +02:00
Infinoid
2e9fa11bb3
Correct the database.LOG_SQL default value in config cheat sheet (#26997) (#27002)
This is a manual backport of #26997 to v1.20.

(cherry picked from commit 3c53740244)
2023-09-20 12:50:46 +02:00
Giteabot
957a64d91a
Fix INI parsing for value with trailing slash (#26995) (#27001)
Backport #26995 by @wxiaoguang

Fix #26977 (a temp fix)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit da7d7e60d8)
2023-09-20 12:50:46 +02:00
Lunny Xiao
56a17f3565
Fix changelog typo (#26973)
(cherry picked from commit e502be46f3)
2023-09-20 12:50:46 +02:00
Gusted
4b9a473e12
[GITEA] Use restricted sanitizer for repository description
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1433
  - Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
  - Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
  - Added unit testing.
  - Resolves https://codeberg.org/forgejo/forgejo/issues/1202
  - Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit a8afa4cd18)
2023-09-13 17:17:37 +02:00
Earl Warren
5aad8a6918
[GITEA] enable system users for comment.LoadPoster
System users (Ghost, ActionsUser, etc) have a negative id and may be
the author of a comment, either because it was created by a now
deleted user or via an action using a transient token.

The GetPossibleUserByID function has special cases related to system
users and will not fail if given a negative id.

Refs: https://codeberg.org/forgejo/forgejo/issues/1425
(cherry picked from commit 97667e06b3)
2023-09-12 11:02:07 +02:00
Earl Warren
b63df8b5c4
[SEMVER] 5.0.3+0-gitea-1.20.4 2023-09-08 09:36:09 +02:00
techknowlogick
11af4c9aad
1.20.4 changelog (#26966)
(cherry picked from commit 4a886de71e)
2023-09-08 08:10:08 +02:00
techknowlogick
052c83393f
Improve LDAP group config documentation (#21227) (#26921)
backport #21227

author @svenseeberg

Co-authored-by: Sven Seeberg <mail@sven-seeberg.de>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit b6fd1e48c0)
2023-09-08 08:10:08 +02:00
Giteabot
e25033ef8a
Update documents to fix some links (#26885) (#26888)
Backport #26885 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 9f14b2173a)
2023-09-08 08:09:18 +02:00
CaiCandong
f34f2c3141
Update docs about attachment path (#26883) (#26884)
Backport #26883
This change was caused by #26271, for configuration as below:
```
[attachment]
ENABLE = true
PATH = data/attachments
MAX_SIZE = 100
MAX_FILES = 5
```
Before #26271, the resolved path is ${AppWorkPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/attachments`)
After #26271, the resolved path is ${AppDataPath}/${attachments.PATH}
(such as `/var/lib/gitea/data/data/attachments`)

Fix https://github.com/go-gitea/gitea/issues/26864 Follow
https://github.com/go-gitea/gitea/pull/26271

(cherry picked from commit e15794f62f)
2023-09-08 08:09:18 +02:00
Giteabot
4df75c254f
Fix wrong review requested number (#26784) (#26880)
Backport #26784 by @lng2020

Fix the wrong review requested number mentioned by #18808 .
Fix #18808
Before:

![ksnip_20230829-140750](https://github.com/go-gitea/gitea/assets/70063547/0af2055b-6f16-4699-a944-c7186831d7f9)
After:

![ksnip_20230829-141817](https://github.com/go-gitea/gitea/assets/70063547/16633264-20ba-45e3-bfbb-a495ed76a45b)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 2a184796b5)
2023-09-08 08:09:18 +02:00
Giteabot
1689b3da55
Redirect from {repo}/issues/new to {repo}/issues/new/choose when blank issues are disabled (#26813) (#26847)
Backport #26813 by @JakobDev

You can currently visit `{repo}/issues/new` and create a blank issue,
even if it's disabled. This PR fixes this,

Fixes https://codeberg.org/forgejo/forgejo/issues/1356

Co-authored-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit 2cfabb68ff)
2023-09-08 08:09:18 +02:00
wxiaoguang
9c0380fe84
Avoid double-unescaping of form value (#26853) (#26863)
Backport #26853

The old `prepareQueryArg` did double-unescaping of form value.

(cherry picked from commit e8da63c24e)
2023-09-08 08:09:18 +02:00
Giteabot
193e04c43b
Fix verifyCommits error when push a new branch (#26664) (#26810)
Backport #26664 by @CaiCandong

> ### Description
> If a new branch is pushed, and the repository has a rule that would
require signed commits for the new branch, the commit is rejected with a
500 error regardless of whether it's signed.
>
> When pushing a new branch, the "old" commit is the empty ID
(0000000000000000000000000000000000000000). verifyCommits has no
provision for this and passes an invalid commit range to git rev-list.
Prior to 1.19 this wasn't an issue because only pre-existing individual
branches could be protected.
>
> I was able to reproduce with
[try.gitea.io/CraigTest/test](https://try.gitea.io/CraigTest/test),
which is set up with a blanket rule to require commits on all branches.

Fix #25565
Very thanks to @Craig-Holmquist-NTI for reporting the bug and suggesting
an valid solution!

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 93c36f395c)
2023-09-08 08:09:18 +02:00
Giteabot
6b5ef0fad7
Sync tags when adopting repos (#26816) (#26834)
Backport #26816 by @Zettat123

Fixes #26138

Sync the tags into database when adopting repos

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 302c03c4a9)
2023-09-08 08:09:18 +02:00
Giteabot
d5845521a8
check blocklist for emails when adding them to account (#26812) (#26831)
Backport #26812 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
(cherry picked from commit 41bae29f84)
2023-09-08 08:09:18 +02:00
yp05327
a6c2201dd4
Fix context filter has no effect in dashboard (#26695) (#26811)
Backport #26695

(cherry picked from commit c72f6067b3)
2023-09-08 08:09:18 +02:00
js6pak
833cf722ab
Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)
Backport #26759

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 54cc459ea8)
2023-09-08 08:09:18 +02:00
Giteabot
0b1175f21b
Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791)
Backport #26683 by @yp05327

Related to: #8312 #26491

In migration v109, we only added a new column `CanCreateOrgRepo` in Team
table, but not initial the value of it.
This may cause bug like #26491.

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit c3d323fd85)
2023-09-08 08:09:18 +02:00
Giteabot
4d2b4008d3
Fix some slice append usages (#26778) (#26798)
Backport #26778 by @harryzcy

Co-authored-by: Chongyi Zheng <git@zcy.dev>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 4013f3f600)
2023-09-08 08:09:18 +02:00
Giteabot
1d228e6ee9
Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790)
Backport #26785 by @CaiCandong

## Description
Sometimes, we need to use an upstream mirror repository to update the
current development repository, but mirror repositories are prohibited
from PR. It should not appear in `merge to,` but it can appear in `pull
from.`
Fix #24585 #26193 #26781
Related #24183

Many thanks to @apnote  for assisting me in reproducing this bug!

## ScreenShot
---
### Before

<img
src="https://github.com/go-gitea/gitea/assets/50507092/3d76c376-1f54-45b9-80c9-6ba8319d6a9a"
width="400px">

<img
src="https://github.com/go-gitea/gitea/assets/50507092/fbfd9f7f-421f-4a2e-9a3e-f2958bbf3312"
width="400px">

### After

<img
src="https://github.com/go-gitea/gitea/assets/50507092/e6984524-4f61-4310-b795-4d8598bd8963"
width="400px">

<img
src="https://github.com/go-gitea/gitea/assets/50507092/04065b44-78d7-4721-bf31-0f1674150727"
width="400px">

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 3bab20491e)
2023-09-08 08:09:18 +02:00
xpume
53e4f672a3
Fix Page Not Found error (#26768)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit c8b189eb01)
2023-09-08 08:07:19 +02:00
Lunny Xiao
bb84b7565f
Fix bug for ctx usage (#26763)
Fix #26684
Backport #26762

(cherry picked from commit a1cec4141e)
2023-09-08 08:07:19 +02:00
wxiaoguang
66016b3fe3
Fix incorrect "tabindex" attributes (#26733) (#26734)
Backport #26733 manually

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 307ee2c044)
2023-09-08 08:07:19 +02:00
Giteabot
d7aa9fc964
Fix link in mirror docs (#26719) (#26732)
Backport #26719 by @silverwind

Fix hash fragment in this link

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 2f6c0e6596)
2023-09-08 08:07:19 +02:00
Giteabot
c407810217
Add matrix to support (#26382) (#26722)
Backport #26382 by @jolheiser

This PR adds our matrix space to the support options and alphabetizes
the list.

I also considered adding our Mastodon, however that isn't as suitable as
the other options because it's just whoever has access to the account vs
a community chat/forum.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
(cherry picked from commit e6173acac9)
2023-09-08 08:07:19 +02:00
Giteabot
560ff3ea36
Make issue template field template access correct template data (#26698) (#26709)
Backport #26698 by @wxiaoguang

Regression of #23092, the `{{$field := .}}` was missing during that
refactoring.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 4af872178e)
2023-09-08 08:07:19 +02:00
wxiaoguang
4da20765e8
Backport line height fix (#26708)
Backport the `line-height: normal`, because #26520 was backported

(cherry picked from commit 508c624e99)
2023-09-08 08:07:19 +02:00
Giteabot
03b397a408
Prefer variables over subprocesses (#26690) (#26693)
Backport #26690 by @thomas-mc-work

… because it doesn't require a separate shell, spawning a process which
cost unnecessary resources and takes time.

Co-authored-by: Thomas McWork <thomas.mc.work@posteo.de>
(cherry picked from commit ecfed9e298)
2023-09-08 08:07:19 +02:00
Giteabot
c1efe5b104
add mfa doc (#26654) (#26674)
Backport #26654 by @lunny

copy and modified from #14572

> Whilst debating enforcing MFA within our team, I realised there isn't
a lot of context to the side effects of enabling it. Most of us use Git
over HTTP and would need to add a token.

I plan to add another PR that adds a sentence to the UI about needing to
generate a token when enabling MFA if HTTP is to be used.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 2f4de240c1)
2023-09-08 08:07:19 +02:00
Giteabot
a98cb4d806
update config docs url (#26640) (#26642)
Backport #26640 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
(cherry picked from commit e1fa3d1d69)
2023-09-08 08:07:19 +02:00
Giteabot
ef46b01168
Fix unable to display individual-level project (#26198) (#26636)
Backport #26198 by @CaiCandong

As title

Before:

![image](https://github.com/go-gitea/gitea/assets/50507092/94afc3bf-5597-4151-a59b-5632840ffa21)

After:

![image](https://github.com/go-gitea/gitea/assets/50507092/df81aa0b-98a6-477d-a270-2e45b3dca0fc)

fix #26189

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 352a495c02)
2023-09-08 08:07:19 +02:00
Giteabot
06c45d3b6e
Use correct minio error (#26634) (#26639)
Backport #26634 by @delvh

Previously, `err` was defined above, checked for `err == nil` and used
nowhere else.
Hence, the result of `convertMinioErr` would always be `nil`.
This leads to a NPE further down the line.
That is not intentional, it should convert the error of the most recent
operation, not one of its predecessors.

Found through
https://discord.com/channels/322538954119184384/322538954119184384/1143185780206993550.

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit a4b14638b5)
2023-09-08 08:07:19 +02:00
a1012112796
5abca17b64
fix reopen logic for agit flow pull request (#26399) (#26613)
Backport #26399

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit f43df2f820)
2023-09-08 08:07:19 +02:00
Giteabot
19a49e763a
Add branch_filter to hooks API endpoints (#26599) (#26632)
Backport #26599 by @yardenshoham

We now include the branch filler in the response.

- Closes #26591

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit fe78aabc67)
2023-09-08 08:07:19 +02:00
Giteabot
2f6d011503
Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
Backport #26597 by @wxiaoguang

Fix #26526

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 4aed0e6b07)
2023-09-08 08:07:19 +02:00
Gusted
ec4b6d7d04 Merge pull request '[BRANDING] gitea logo for gitea webhooks' (#1369) from earl-warren/forgejo:wip-v1.20-webhook into v1.20/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1369
2023-09-01 19:26:36 +00:00
Earl Warren
7f7e1ccab8
[BRANDING] gitea logo for gitea webhooks
Refs: https://codeberg.org/forgejo/forgejo/issues/1367
(cherry picked from commit 2d8c1b9373)
2023-09-01 11:56:05 +02:00
Earl Warren
18b4554009 Merge pull request '[TESTS] [v1.20] verify facts for the admin storage documentation' (#1364) from earl-warren/forgejo:wip-v1.20-development-storage-doc-tests into v1.20/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1364
2023-08-31 15:03:31 +00:00
Earl Warren
d3b8870700
[TESTS] verify facts for the admin storage documentation (squash)
(cherry picked from commit d83d8ce57b)
2023-08-31 15:32:22 +02:00
oliverpool
ebf80c3d90 [CI] update DNS on experimental release (#1298)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1298
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2023-08-22 09:02:58 +02:00
Gusted
fa25b9eec6
[GITEA] Add slow SQL query warning
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1284
  - Databases are one of the most important parts of Forgejo, every
interaction with Forgejo uses the database in one way or another.
Therefore, it is important to maintain the database and recognize when
Forgejo is not doing well with the database. Forgejo already has the
option to log *every* SQL query along with its execution time, but
monitoring becomes impractical for larger instances and takes up
unnecessary storage in the logs.
  - Add a QoL enhancement that allows instance administrators to specify a
threshold value beyond which query execution time is logged as a warning
in the xorm logger. The default value is a conservative five seconds to
avoid this becoming a source of spam in the logs.
  - The use case for this patch is that with an instance the size of Codeberg, monitoring SQL logs is not very fruitful and most of them are uninteresting. Recently, in the context of persistent deadlock issues (https://codeberg.org/forgejo/forgejo/issues/220), I have noticed that certain queries hold locks on tables like comment and issue for several seconds. This patch helps to identify which queries these are and when they happen.
  - Added unit test.
2023-08-21 21:18:43 +02:00
John Olheiser
07531cf953
Set errwriter for urfave/cli v1 (#26616)
Resolves #26615

(cherry picked from commit 11711c51cb)
2023-08-21 07:27:20 +02:00
Giteabot
4f8ae2881c
Update 1.20.3 changelog (#26609) (#26610)
Backport #26609 by @delvh

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit bcb0f3a90f)
2023-08-21 07:27:20 +02:00
Giteabot
b31c44894e
Use "input" event instead of "keyup" event for migration form (#26602) (#26605)
Backport #26602 by @wxiaoguang

Otherwise, "pasted" content won't update the UI.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit c99374b151)
2023-08-21 07:27:20 +02:00
Giteabot
98820fe4f2
Do not use deprecated log config options by default (#26592) (#26600)
Backport #26592 by @wxiaoguang

Simplify the log config

* Remove unnecessary `ROUTER` config, it defaults to the `MODE`.
* `XORM` config was deprecated

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit b643b2ca9c)
2023-08-21 07:27:20 +02:00
CaiCandong
28acd6e262
Fix project filter bugs (#26490) (#26558)
Backport  #26490

related: #26012

1. missing project filter on the issue page.

1e76a824bc/modules/indexer/issues/dboptions.go (L11-L15)
2. incorrect SQL condition: some issue does not belong to a project but
exists on the project_issue table.

f5dbac9d36/models/issues/issue_search.go (L233)

![before](https://github.com/go-gitea/gitea/assets/50507092/1dcde39e-3e2f-4151-b2c6-4d67bf493c2f)

![after](https://github.com/go-gitea/gitea/assets/50507092/badfb81f-056d-4a2f-9838-1cba9c15768d)

(cherry picked from commit 94f86964b4)
2023-08-21 07:27:20 +02:00
Giteabot
c8f437b316
Add minimum polyfill to support "relative-time-element" in PaleMoon (#26575) (#26578)
Backport #26575 by @wxiaoguang

Close #26525

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 1f29cfa683)
2023-08-21 07:27:20 +02:00
Giteabot
563fc65e35
Fix "issueReposQueryPattern does not match query" (#26556) (#26564)
Backport #26556 by @wolfogre

Fix
`https://github.com/go-gitea/gitea/pull/26545#discussion_r1295734340`

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 1cedf36d30)
2023-08-21 07:27:20 +02:00