Commit Graph

12005 Commits

Author SHA1 Message Date
zeripath 147bcc3d0f
Changelog for 1.15.11 (#18455)
## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29

* SECURITY
  * Only view milestones from current repo (#18414) (#18418)
* BUGFIXES
  * Fix broken when no commits and default branch is not master (#18422) (#18424)
  * Fix commit's time (#18375) (#18409)
  * Fix restore without topic failure (#18387) (#18401)
  * Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
  * Update to go/text 0.3.7 (#18336)
* MISC
  * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
2022-01-30 01:27:13 +01:00
Lunny Xiao ce272f2e53
Fix broken when no commits and default branch is not master (#18424)
* Fix broken when no commits and default branch is not master

* Fix IsEmpty check

* Improve codes
2022-01-28 14:48:18 +08:00
zeripath 9d9ad1b59f
Only view milestones from current repo (#18414) (#18418)
Backport #18414

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-26 22:09:35 +00:00
Lunny Xiao df57524c49
Fix restore without topic failure (#18387) (#18401)
Co-authored-by: zeripath <art27@cantab.net>
2022-01-26 11:16:13 +08:00
Gusted d60b5f1e89
Fix commit's time (#18375) (#18409)
- Backport of #18375
2022-01-25 21:50:02 +00:00
wxiaoguang f7f4129f52
Fix mermaid import (it uses ESModule now) (#18382) 2022-01-24 21:40:51 +08:00
zeripath 21838225ab
Update to go/text 0.3.7 (#18336)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 15:44:01 -05:00
wxiaoguang 95f39457de
Backport: Upgrade EasyMDE 2.16.1 (package-lock.json) (#18301)
* Upgrade EasyMDE 2.16.1
* Update CodeMirror 5.65.0
* Update caniuse-lite (suggested by npm)
2022-01-17 18:32:26 +08:00
wxiaoguang 6cb5069bf6
Upgrade EasyMDE to 2.16.1 (#18279) 2022-01-15 19:18:30 +08:00
Richard Mahn a6f9ebfeb9
Changelog for 1.15.10 (#18274)
[1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14

* BUGFIXES
  * Fix inconsistent PR comment counts (#18260) (#18261)
  * Fix release link broken (#18252) (#18253)
  * Fix update user from site administration page bug (#18250) (#18251)
  * Set HeadCommit when creating tags (#18116) (#18173)
  * Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
  * Fix purple color in suggested label colors (#18241) (#18242)
* SECURITY
  * Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
2022-01-14 18:48:42 +00:00
Lunny Xiao 14de28b876
Fix release link broken (#18253)
* Fix release link broken

* Fix unsupported compare

* Fix another place
2022-01-14 02:49:25 +01:00
Norwin e4120bbc89
fix regression from #16075 (#18261)
we don't want reviews to count towards comments, as this needs changes
in other components as well (eg repo stats cron job, etc).
2022-01-14 00:13:08 +08:00
Lunny Xiao 37abfcaf8a
Fix update user bug (#18251) 2022-01-12 22:10:03 +08:00
silverwind c719841f0d
Fix purple color in suggested label colors (#18242)
This looks like a typo that was introduced when these colors were added,
causing what is supposed to be purple show up as green.
2022-01-11 12:12:51 -06:00
silverwind f9e150002e
Fix mermaid rendering in milestone dashboard (#18214)
Fixes: https://github.com/go-gitea/gitea/issues/18200
2022-01-09 00:59:36 +08:00
zeripath 2f4f2852fc
Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
Updates to latest mermaid.

Backport #18198

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-07 17:26:14 -05:00
Lunny Xiao b25a571bc9
Set HeadCommit when creating tags. (#18116) (#18173)
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-04 02:22:10 +01:00
Gusted f9bbed028c
Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
- Backport #18135
- Backport #18153
2022-01-02 02:39:23 +00:00
Lunny Xiao 7e084341fe
Fix wrong redirect on org labels (#18128) (#18134)
* Fix wrong redirect on org labels (#18128)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2021-12-30 17:08:42 +01:00
DuckDuckWhale 7d75eede04
Doc: add missing bug fix to changelog (#18133) 2021-12-30 16:42:25 +01:00
zeripath 3db98bef99
Changelog v1.15.9 (#18115)
* BUGFIXES
  * Revert "Fix delete u2f keys bug (#18042)" (#18107)
  * Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
  * Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
  * Reset locale on login (#17734) (#18100)
  * Correctly handle failed migrations (#17575) (#18099)
  * Instead of using routerCtx just escape the url before routing (#18086) (#18098)
  * Quote references to the user table in consistency checks (#18072) (#18073)
  * Add NotFound handler (#18062) (#18067)
  * Ensure that git repository is closed before transfer (#18049) (#18057)
  * Use common sessioner for API and web routes (#18114)
* TRANSLATION
  * Fix code search result hint on zh-CN (#18053)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-30 13:03:04 +08:00
DuckDuckWhale 484fe075f4
Fix: unstable sort skips/duplicates issues across pages (#18095)
When viewing issues in sorted order, some issues are duplicated across
pages and some are missing.  This is caused by the lack of tie-breakers
in database queries, making pagination inconsistent.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-29 19:44:34 +08:00
zeripath de3216ee55
Use common sessioner for API and web routes (#18114)
* Use common sessioner for API and web routes

Since the regenerate session ID PR some users of the memory session provider have been
reporting difficulties with getting API results.

I am uncertain as to why this is happening - but I think that the sessioner being
created twice may be a potential cause for this. Therefore this PR attempts to move
this out to a common sessioner as it is in 1.16.

Fix #18070

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update routers/init.go
2021-12-28 22:15:01 +00:00
Lunny Xiao 353d88a42e
Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
* Migrating wiki don't require token, so we should move it out of the require form

* Fix lint

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-27 09:33:32 +08:00
Lunny Xiao a17fce31a9
Revert "Fix delete u2f keys bug (#18042)" (#18107)
This reverts commit 91f5be889a.
2021-12-26 22:57:00 +08:00
zeripath 71e1ebfa60
Instead of using routerCtx just escape the url before routing (#18086) (#18098)
Backport #18086

A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing #18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.

Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.

Fix #17938
Fix #18060
Replace #18062
Replace #17997

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-26 10:32:04 +00:00
zeripath afe9d2cadd
Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
Backport #18080

If http.Get() returns an error return nil and err before attempting to
use the broken file.

Thanks to walker xiong for spotting this bug.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-26 09:22:10 +00:00
zeripath 012e45a4c1
Correctly handle failed migrations (#17575) (#18099)
* Correctly handle failed migrations

There is a bug in handling failed migrations whereby the migration task gets decoupled
from the migration repository. This leads to a failure of the task to get deleted with
the repository and also leads to the migration failed page resulting in a ISE.

This PR removes the zeroing out of the task id from the migration but also makes
the migration handler tolerate missing tasks much nicer.

Fix #17571

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-25 15:45:51 +00:00
zeripath d25ff0d695
Reset locale on login (#17734) (#18100)
Backport #17734

When logging in reset the user's locale to ensure that it matches their
preferred locale.

Fix #15612

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-25 21:31:23 +08:00
zeripath 6eaebda1b5
Quote references to the user table in consistency checks (#18072) (#18073)
Backport #18072

Although #17487 ensured that the table was quoted in the join it missed that the
query part of the check also needed to be quoted.

Fix #17485

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-22 23:29:05 +00:00
zeripath 6100935a77
Add NotFound handler (#18062) (#18067)
Backport #18062

PR #17997 means that urls with terminal '/' are no longer immediately mapped
to the url without a terminal slash. However, it has revealed that the NotFound handler
appears to have been lost.

This PR adds back in a NotFound handler that simply redirects to a path without the
terminal slash or runs the NotFound handler.

Fix #18060

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-22 15:26:37 +00:00
zeripath 6de75224de
Ensure that git repository is closed before transfer (#18049) (#18057)
Backport #18049

Repository Transfer requires that the repository directory is renamed - which
is not possible on Windows if the git repository is open.

Fix #17885

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-21 18:27:46 +00:00
Lunny Xiao 9086916eb7
Fix code search result hint on zh-CN (#18053) 2021-12-21 16:08:06 +08:00
zeripath 877040e652
Update Changelog (#18047) 2021-12-20 22:12:46 -05:00
Lunny Xiao 91f5be889a
Fix delete u2f keys bug (#18042)
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-20 15:53:25 -05:00
zeripath a818a48c76
Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
Backport #18045

The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.

Fix #18037

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 15:53:08 -05:00
zeripath 76e1c130fb
Reset Session ID on login (#18018) (#18041)
Backport #18018

When logging in the SessionID should be reset and the session cleaned up.

Also logs the user in on completion of linking account

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 20:06:54 +00:00
zeripath 148a417774
Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
* Prevent off-by-one error on comments on newly appended lines (#18029)

Backport #18029

There was a bug in CutDiffAroundLine whereby if a file without a terminal new line
has a patch which appends lines to it and a comment is placed on one of those lines
the comment diff will be a line out of place.

This fixes CutDiffAroundLine to simply ignore the missing terminal newline - however,
we should really improve this rendering to add a marker to say that there was a
previously missing terminal newline.

Fix #17875

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-12-20 11:38:58 -05:00
zeripath 6081948ef0
Changelog 1.15.8 (#18026)
## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-19

* BUGFIXES
  * Reset locale on login (#18023) (#18025)
  * Fix reset password email template (#17025) (#18022)
  * Fix outType on gitea dump (#18000) (#18016)
  * Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
  * Fix rename notification bug (#18011)
  * Prevent double decoding of % in url params  (#17997) (#18001)
  * Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
  * Prevent deadlock in create issue (#17970) (#17982)
* TESTING
  * Use non-expiring key. (#17984) (#17985)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: 6543 <6543@obermui.de>
2021-12-20 12:32:07 +02:00
zeripath 48bd54286c
Stop printing 03d after escaped characters in logs (#18030) (#18034)
Backport #18030

Strangely a weird bug was present in the log escaping code whereby any escaped
character would gain 03d - this was due to a mistake in the format string where
it should have read %03o but read instead %o03d. This has led to spurious 03d
trailing characters on these escaped characters!

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-19 21:35:29 +00:00
zeripath c69b3b65f3
Reset locale on login (#18023) (#18025)
Backport #18023

Although we reset the locale in a number of places there were several ways of logging in that were missing the same code.

Fix #18020

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2021-12-19 15:04:31 +00:00
zeripath fe91d9617b
Fix reset password email template (#17025) (#18022) 2021-12-18 17:55:26 -05:00
Gusted 711ca52f1f
backport: fix outType on gitea dump (#18016)
- Backport from #18000

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-18 09:55:24 +08:00
Lunny Xiao a15f0cb010
Fix rename notification bug (#18011) 2021-12-17 18:59:08 -05:00
zeripath 2051f850ef
Ensure complexity, minlength and ispwned are checked on password setting (#18005) (#18015)
Backport #18005

It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.

Fix #17977

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-17 21:24:59 +00:00
zeripath 3ae4c4898b
Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991)

Unfortunately it appears that if git cat-file is run in an invalid
repository it will hang until stdin is closed. This will result in
deadlocked /pulls pages and dangling git cat-file calls if a broken
repository is tried to be reviewed or pulls exists for a broken
repository.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix compilation bug

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the missing directories to the testrepos

* fixup! Add the missing directories to the testrepos

* and ensure that all of the other places have the objects directories too

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-17 10:08:00 +08:00
zeripath 3a77465e4e
Prevent double decoding of % in url params (#17997) (#18001) 2021-12-16 18:03:20 -05:00
zeripath fc8c23edb7
Prevent deadlock in create issue (#17970) (#17982) 2021-12-14 21:06:40 -05:00
KN4CK3R 31df892059
Use non-expiring key. (#17984) (#17985) 2021-12-14 17:42:03 -05:00
Lunny Xiao 9879e23c57
Changelog for v1.15.7 (#17871)
* Changelog for v1.15.7

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-12-02 21:16:33 +01:00