Commit Graph

13136 Commits

Author SHA1 Message Date
Gusted
27ee01e1e8
Disable content sniffing on PlainTextBytes (#18359)
- Disable the browser's function to "sniff" for the content-type on the
provided plain text, this will prevent the possible usage of
user-controlled data being sent, which could be malicious.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-22 13:32:35 -05:00
6543
6ad7a5376a
Update github.com/duo-labs/webauthn (#18357) 2022-01-22 18:01:40 +01:00
wxiaoguang
5ff899d5ac
Fix route wrap (#18360) 2022-01-22 15:05:22 +00:00
GiteaBot
f91092453e [skip ci] Updated translations via Crowdin 2022-01-22 00:28:20 +00:00
qwerty287
1f40933d38
Add config options to hide issue events (#17414)
* Add config option to hide issue events
Adds a config option `HIDE_ISSUE_EVENTS` to hide most issue events (changed labels, milestones, projects...) on the issue detail page.
If this is true, only the following events (comment types) are shown:
* plain comments
* closed/reopned/merged
* reviews

* Make configurable using a list

* Add docs

* Add missing newline

* Fix merge issues

* Allow changes per user settings

* Fix lint

* Rm old docs

* Apply suggestions from code review

* Use bitsets

* Rm comment

* fmt

* Fix lint

* Use variable/constant to provide key

* fmt

* fix lint

* refactor

* Add a prefix for user setting key

* Add license comment

* Add license comment

* Update services/forms/user_form_hidden_comments.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* check len == 0

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-01-21 18:59:26 +01:00
silverwind
108f1aab5c
Add js vendor directory to .gitattributes (#18350) 2022-01-21 23:42:38 +08:00
GiteaBot
6c7084cbee [skip ci] Updated translations via Crowdin 2022-01-21 00:30:19 +00:00
zeripath
44deae8f3d
Refactor jwt.StandardClaims to RegisteredClaims (#18344)
* Refactor jwt.StandardClaims to RegisteredClaims

go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims
instead. This PR migrates to use this new format.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2022-01-20 22:52:56 +01:00
6543
54e9ee37a7
format with gofumpt (#18184)
* gofumpt -w -l .

* gofumpt -w -l -extra .

* Add linter

* manual fix

* change make fmt
2022-01-20 18:46:10 +01:00
Gusted
1d98d205f5
Enable deprecation error for v1.17.0 (#18341)
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-01-20 18:00:38 +01:00
Gusted
16d378fefc
Use correct translation key for errors (#18342)
- Noted by:
https://github.com/go-gitea/gitea/issues/17876#issuecomment-1017503614
2022-01-20 15:18:46 +00:00
wxiaoguang
5bf8d5445e
Refactor Router Logger (#17308)
Make router logger more friendly, show the related function name/file/line.

[BREAKING]
This PR substantially changes the logging format of the router logger. If you use this logging for monitoring e.g. fail2ban you will need to update this to match the new format.
2022-01-20 19:41:25 +08:00
Jelle Hulter
bbd30787d3
Updated Chroma to v0.10.0 (#18270) 2022-01-20 17:59:15 +08:00
zeripath
7427b81fec
Change initial TrustModel to committer (#18335) 2022-01-19 21:41:59 -05:00
Gusted
6c0fe1f3ec
refactor httplib (#18338)
- Remove a lot of unused code(most if not all were introduced in gogs
for webhooks usages).

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-01-19 19:31:39 -05:00
zeripath
5cb0c9aa0d
Propagate context and ensure git commands run in request context (#17868)
This PR continues the work in #17125 by progressively ensuring that git
commands run within the request context.

This now means that the if there is a git repo already open in the context it will be used instead of reopening it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 23:26:57 +00:00
Grzegorz Alibożek
4563148a61
Upgrade Alpine from 3.13 to 3.15 (#18050)
* Upgrade alpine to 3.15

* Add executability test to entrypoint for too old dockers

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docker/rootless/usr/local/bin/docker-entrypoint.sh

Co-authored-by: zeripath <art27@cantab.net>
2022-01-19 16:55:17 -05:00
GiteaBot
b7c6457648 [skip ci] Updated translations via Crowdin 2022-01-19 21:28:43 +00:00
zeripath
6b0a71230d
Stop trimming preceding and suffixing spaces from editor filenames (#18334)
* Stop trimming preceding and suffixing spaces from editor filenames

In #5702 it was decided to trim preceding and suffixed spaces aswell as / from
editing file filenames. This was because at this point in time the url-safety of
Gitea was much poorer.

We can now drop this requirement and file editing should work correctly.

Fix #18176

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 21:03:15 +00:00
GiteaBot
c68f1281f6 [skip ci] Updated translations via Crowdin 2022-01-19 20:29:22 +00:00
silverwind
f19f53c077
Left-Align text in Unicode warning boxes (#18331)
Wrapped text is more readable when left-aligned.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
2022-01-19 19:25:08 +00:00
zeripath
6779d9726f
Only warn on bidi but still escape non-bidi (#18333)
Fix #18324

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 19:24:15 +00:00
wxiaoguang
6fba174606
Fix incorrect OAuth message (#18332)
As the title,

Fix #18327
2022-01-19 19:05:06 +00:00
GiteaBot
531b6d60e1 [skip ci] Updated translations via Crowdin 2022-01-19 18:28:18 +00:00
techknowlogick
4a6bae59c0
Changelog for 1.16.0-rc1 (#18309)
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2022-01-19 18:08:23 +01:00
zeripath
4a20eadfd7
Restore propagation of ErrDependenciesLeft (#18325)
Unfortunately #17643 prevented all propagation of ErrDependenciesLeft meaning
that dependency errors that prevent closing of issues get swallowed.

This PR restores propagation of the error but instead swallows the error in the
places where it needs to be swallowed.

Fix #18223

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 00:26:42 +01:00
wxiaoguang
84f8ef3df6
Fix PR comments UI (#18323)
Closes:
* Review comment cannot be edited #17768
* Changing PR Comment Resolved State Disables Further Changes #18315
2022-01-19 01:28:38 +08:00
wxiaoguang
11b4827791
Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
And shrink the height of Dropzone.
2022-01-19 00:57:57 +08:00
Gusted
9dcf0bf6ec
Fix commit links on compare page (#18310)
* Fix commit links on compare page

- Use the correct repo link for each commit(the headrepo). As for
compare pages were baserepo != headrepo, it wouldn't have the correct
link.

Co-authored-by: zeripath <art27@cantab.net>
2022-01-18 16:12:10 +00:00
silverwind
8156e0f855
Update JS dependencies, remove eslint-plugin-github (#18317)
- Update all JS dependencies
- Add new lint rules
- Regenerate SVGs
- Tested Monaco and Mermaid
* Remove eslint-plugin-github
2022-01-18 23:01:36 +08:00
Peter Gardfjäll
89a3214352
Add MirrorUpdated field to Repository API type (#18267)
Add the last update time to the repository api type.

Close #18266
2022-01-18 13:18:30 +00:00
zeripath
68b59d8966
replace satori/go.uuid with gofrs/uuid (#18311)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 11:04:24 +00:00
JonRB
483409716d
Place inline diff comment dialogs in the 4th column. (#18321)
Comment dialogs for inline comments should appear in 4th column (not 3rd column), this PR changes the column that the inline review comment is associated with.

This problem has occurred due to an unrecognised conflict between #17562 and #17315. 

Fix as zeripath suggested in #18320

Fix #18320 

Co-authored-by: zeripath <art27@cantab.net>
2022-01-18 10:28:45 +00:00
zeripath
089b4e6a45
Use indirect comparison when showing pull requests (#18313)
When generating the commits list and number of files changed for PRs and
compare we should use "..." always not "..".

Fix #18303

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 07:45:43 +00:00
zeripath
a7ee4d507a
Prevent ambiguous column error in organizations page (#18314)
Explicitly set the table for the org_id column queries on the organizations pages.

Fix #18229

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 07:45:14 +00:00
zeripath
851b54ba9f
Correctly upload LFS files (#18316)
We need to use the cached .gitattributes file for checking if a file
should be stored in the lfs.

Fix #18297

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 07:44:30 +00:00
GiteaBot
eed8633fb0 [skip ci] Updated translations via Crowdin 2022-01-18 00:31:56 +00:00
a1012112796
8581e2f4ec
update description about vendoring in CONTRIBUTING.md (#18280)
* update description about vendoring in CONTRIBUTING.md

follow #18277

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update CONTRIBUTING.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* fix and readd test-vendor step

* remove vendor from .gitattributes @silverwind

* simplify go mod check

Signed-off-by: a1012112796 <1012112796@qq.com>

* Revert "remove vendor from .gitattributes @silverwind"

This reverts commit 4789e704cb7a2c80934e4a4cd31efb161e6c8666.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2022-01-17 13:39:07 -05:00
Aravinth Manivannan
076cead40d
Fix CheckRepoStats and reuse it during migration (#18264)
The CheckRepoStats function missed the following counters:

- label num_closed_issues & num_closed_pulls
- milestone num_closed_issues & num_closed_pulls

The update SQL statements for updating the repository
num_closed_issues & num_closed_pulls fields were repeated in three
functions (repo.CheckRepoStats, migrate.insertIssues and
models.Issue.updateClosedNum) and were moved to a single helper.

The UpdateRepoStats is implemented and called in the Finish migration method so that it happens immediately instead of wating for the
CheckRepoStats to run.

Signed-off-by: Loïc Dachary loic@dachary.org

---
[source](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/34)
2022-01-17 19:31:58 +01:00
silverwind
7dde39a6db
Minor tweak to tag list (#18295)
Slightly reduce the font size and padding in the tags table, it seemed a bit too big to me.
2022-01-17 14:26:35 +01:00
a1012112796
43a22c6a21
show pull link for agit pull request also (#18235) 2022-01-17 13:56:43 +08:00
GiteaBot
bd7680f450 [skip ci] Updated translations via Crowdin 2022-01-17 00:28:33 +00:00
silverwind
212e81f11d
Add some .ignore entries (#18296)
Exclude node_modules and minified files from search tools like `rg` and `ag`.
2022-01-16 17:26:15 +00:00
Ben Niemann
2871e58a01
Remove unneeded debug messages to stdout. (#18298)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-16 23:42:06 +08:00
zeripath
52bfb7f012
Handle missing default branch better in owner/repo/branches page (#18290)
This PR more nicely handles a missing default branch in owner/repo/branches

Fix #18265

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-16 22:59:16 +08:00
wxiaoguang
4d0a72a271
Revert "Prevent possible XSS when using jQuery (#18289)" (#18293)
This reverts commit 661d3d28e9.
2022-01-16 11:19:26 +00:00
a1012112796
72b3681648
not show double error response in git hook (#18292)
if return a error message to cli, it will print it
to stderr which is duplicate with our code (line 82
in same file). so user will see two line same
error message in git output. I think it's not mecessary,
so suggerst not return error message to cli. Thanks.

Signed-off-by: a1012112796 <1012112796@qq.com>
2022-01-16 09:32:32 +00:00
zeripath
7960c96c19
Remove accidental debugging in blob_excerpt.tmpl (#18287)
* Remove accidental debugging in blob_excerpt.tmpl

Unfortunately it appears that a small bit of debugging code was left in blob_excerpt.tmpl
This breaks diff expansion causing #18281.

Fix #18281

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-16 09:31:41 +00:00
Gusted
661d3d28e9
Prevent possible XSS when using jQuery (#18289)
In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.
2022-01-16 13:14:32 +08:00
zeripath
4b4884ce88
Return nicer error if trying to pull from non-existent user (#18288)
* Return nicer error if trying to pull from non-existent user

Gitea serv will currently return an 500 if we try to pull from a repository where
the owner does not exist.

This PR checks for the UserNotExist Error when checking for the user and will
return a NotFound error instead.

Fix #18225
2022-01-16 11:44:11 +08:00