Commit Graph

12841 Commits

Author SHA1 Message Date
wxiaoguang 4d0a72a271
Revert "Prevent possible XSS when using jQuery (#18289)" (#18293)
This reverts commit 661d3d28e9.
2022-01-16 11:19:26 +00:00
a1012112796 72b3681648
not show double error response in git hook (#18292)
if return a error message to cli, it will print it
to stderr which is duplicate with our code (line 82
in same file). so user will see two line same
error message in git output. I think it's not mecessary,
so suggerst not return error message to cli. Thanks.

Signed-off-by: a1012112796 <1012112796@qq.com>
2022-01-16 09:32:32 +00:00
zeripath 7960c96c19
Remove accidental debugging in blob_excerpt.tmpl (#18287)
* Remove accidental debugging in blob_excerpt.tmpl

Unfortunately it appears that a small bit of debugging code was left in blob_excerpt.tmpl
This breaks diff expansion causing #18281.

Fix #18281

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-16 09:31:41 +00:00
Gusted 661d3d28e9
Prevent possible XSS when using jQuery (#18289)
In the case of misuse or misunderstanding from a developer whereby,
if `sel` can receive user-controlled data, jQuery `$(sel)` can lead to the
creation of a new element. Current usage is using hard-coded selectors
in the templates, but nobody prevents that from expanding to
user-controlled somehow.
2022-01-16 13:14:32 +08:00
zeripath 4b4884ce88
Return nicer error if trying to pull from non-existent user (#18288)
* Return nicer error if trying to pull from non-existent user

Gitea serv will currently return an 500 if we try to pull from a repository where
the owner does not exist.

This PR checks for the UserNotExist Error when checking for the user and will
return a NotFound error instead.

Fix #18225
2022-01-16 11:44:11 +08:00
GiteaBot a15353dc00 [skip ci] Updated translations via Crowdin 2022-01-16 00:28:39 +00:00
Jan Tojnar a38ab71b20
docs: mention client_max_body_size affects LFS (#18291) 2022-01-15 17:26:01 -05:00
silverwind 0ed9b006e8
Add lockfile-check (#18285)
* Add lockfile-check

This check runs `npm install` which will rewrite the lockfile in case it
is inconsistent with package.json. This check detects this and will fail
the CI in such a case.
2022-01-15 21:06:29 +01:00
zeripath d7c2a2951c
Webauthn nits (#18284)
This contains some additional fixes and small nits related to #17957 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-15 17:52:56 +01:00
Gusted e239d354c9
Update `package-lock.json` (#18283)
- NPM didn't like that package-lock.json was out-of-sync, webpack
throwed some errors as well with building.
- Follow-up for: #18278
2022-01-15 15:25:25 +01:00
wxiaoguang aa1e8f6a74
Upgrade EasyMDE to 2.16.1 (#18278) 2022-01-15 11:20:47 +01:00
techknowlogick 84145e45c5
Remove golang vendored directory (#18277)
* rm go vendor

* fix drone yaml

* add to gitignore
2022-01-14 18:16:05 -05:00
zeripath 2b16ca7c77
Changelog for 1.15.10 (#18274) (#18276)
* Changelog for 1.15.10 (#18274)

[1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14

* BUGFIXES
  * Fix inconsistent PR comment counts (#18260) (#18261)
  * Fix release link broken (#18252) (#18253)
  * Fix update user from site administration page bug (#18250) (#18251)
  * Set HeadCommit when creating tags (#18116) (#18173)
  * Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
  * Fix purple color in suggested label colors (#18241) (#18242)
* SECURITY
  * Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)

* update docs/config.yaml

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Richard Mahn <richmahn@users.noreply.github.com>
2022-01-14 15:02:37 -05:00
Lunny Xiao 35c3553870
Support webauthn (#17957)
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
GiteaBot 8808293247 [skip ci] Updated translations via Crowdin 2022-01-14 00:29:34 +00:00
Gusted d413a1f8a4
Improve the comment for 2FA filter in admin panel (#18017)
Replace TODO with explanation

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-13 21:32:28 +01:00
Norwin 696521b33b
fix regression from #16075 (#18260)
we don't want reviews to count towards comments, as this needs changes
in other components as well (eg repo stats cron job, etc).

Co-authored-by: 6543 <6543@obermui.de>
2022-01-14 00:50:43 +08:00
silverwind f635d60344
Prevent underline hover on cards (#18259)
Prevent a undesired underline effect on hovered cards.

This was regressed by #17898.
2022-01-13 14:33:04 +00:00
Lunny Xiao dd135c6258
Fix release link broken (#18252)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-13 15:14:53 +02:00
Aravinth Manivannan 69a28299e2
migrations: a deadline at January 1st, 1970 is valid (#18237)
* migrations: a deadline at January 1st, 1970 is valid

Do not change the deadline value if it is set to January 1st, 1970.

Setting the deadline to year 9999 when it is zero (which is equal to
January 1st, 1970) modifies a deadline set to January 1st, 1970 which
is a valid date. In addition, setting a date in year 9999 will be
converted to a null date in some cases.

Signed-off-by: Loïc Dachary <loic@dachary.org>

* tests: set milestone.deadline_unix in fixtures

The value of deadline_unix must be set to 253370764800 (i.e. 9999-01-01) in
fixtures, otherwise it will be inserted as null which leads to
unexpected errors. For instance, DumpRepository will store a null
deadline_unix as 0 (i.e. 1970-01-01) and RestoreRepository will change
it to 9999-01-01.

Signed-off-by: Loïc Dachary <loic@dachary.org>

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-13 14:03:30 +08:00
wxiaoguang eaf09a5368
Fix documents for development and bug report (#18249) 2022-01-13 10:58:46 +08:00
Zoran Peričić 17b2079f3e
Add/update SMTP auth providers via cli (#18197)
Allow adding/updating SMTP authentication source via CLI using:
- gitea admin  auth add-smtp 
- gitea admin  auth update-smtp

Signed-off-by: Zoran Peričić <zpericic@netst.org>
2022-01-12 22:54:53 +00:00
6543 ff00b8688b
Fix NPE on try to get tag reference via API (#18245)
* fix npe

* rm gitRepo from Tag
2022-01-12 20:37:46 +00:00
Lunny Xiao 67d73882f4
Fix update user bug (#18250) 2022-01-12 21:58:09 +08:00
M. Zhou ba9e4e2570
[doc] https-setup: explain relative paths for {CERT,KEY}_FILE fields. (#18244)
Closes: https://github.com/go-gitea/gitea/issues/14401
2022-01-11 23:18:28 -05:00
Bo-Yi Wu ee8718e452
chore: remove unnecessary section (#18209)
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2022-01-11 18:27:32 -05:00
silverwind 72cced1f3e
Fix purple color in suggested label colors (#18241)
This looks like a typo that was introduced when these colors were added,
causing what is supposed to be purple show up as green.
2022-01-11 12:11:40 -06:00
zeripath 09d2029b6c
Prevent NPE when viewing non-rendered files (#18234)
Fix #18231

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-11 18:18:52 +01:00
Lunny Xiao 0857c197a0
Fix collobration template (#18232) 2022-01-11 12:33:47 +00:00
Andrey Esin c0ed869e0f
Fix identation typo in doc installation with Docker (#18233) 2022-01-11 19:33:42 +08:00
GiteaBot ed6757ecdc [skip ci] Updated translations via Crowdin 2022-01-11 00:28:42 +00:00
luzpaz af92473920
Fix source typos (#18227)
Follow-up to #18219
2022-01-10 23:46:26 +08:00
luzpaz 8c647bf0f6
Fix various typos (#18219)
Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby,te,unknwon`

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-10 17:32:37 +08:00
Gusted 242dddfcb7
Remove `ioutil` (#18222)
- Don't use `ioutil` package anymore as it doesn't anything special
anymore since Go 1.16:

```
// As of Go 1.16, the same functionality is now provided
// by package io or package os, and those implementations
// should be preferred in new code.
```

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-10 09:48:13 +08:00
GiteaBot 60b945565d [skip ci] Updated translations via Crowdin 2022-01-10 00:28:05 +00:00
Greg Myers 79791ba4ac
Fix typos in docs/content (#18215) 2022-01-09 19:53:03 +08:00
GiteaBot de578bff8c [skip ci] Updated licenses and gitignores 2022-01-09 00:28:45 +00:00
capvor 3a0dee01ed
In the Organization member page, 2fa column is too narrow for Simplified Chinese and Chinese Traditional. (#18213)
Expand 2fa column and Narrow the last column.
2022-01-09 00:21:10 +08:00
Lunny Xiao 23f5a34c89
Fix new team (#18212)
fix regression from #17811
2022-01-08 15:19:36 +00:00
wxiaoguang 70d7475356
Fix EasyMDE image paste bug during refactoring (#18207) 2022-01-08 21:33:32 +08:00
delvh 4f7764561a
Sort locales according to their names (#18211)
* Sort locales according to their names

* Fix documentation and sort case insensitive
2022-01-08 12:18:39 +00:00
zeripath 832f987d80
Restore setting of ctx.Repo.Mirror (#18205)
In #17933 repoAssignment no longer sets the ctx.Repo.Mirror field meaning that
attempting change mirror settings results in an NPE. This PR simply restores this.

Either we should remove this field or, we should set it. At present it seems simplest
to set it instead of going looking in the Data for the value although converting the
context to a bag of things may be the correct approach in the future.

Fix #18204

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-08 10:03:51 +08:00
GiteaBot 69a4bd02f0 [skip ci] Updated translations via Crowdin 2022-01-08 00:28:35 +00:00
KN4CK3R e30b20dc68
Show OAuth callback error message (#18185)
* Show callback error message.

* lint

* Use error code to display a message.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-07 21:02:09 +00:00
silverwind 3dbdf36d95
Fix CSS specificity issue with easymde's css (#18201)
* Fix CSS specificity issue with easymde's css

PR #18069 introduced a regression in certain overwritten editor styles
because the dynamic loading of easymde.min.css causes its's style to
apply after our supposed override styles.

Solve this by bundling the styles into index.css. We should later aim to
completely replace easymde.min.css completely with our own styles so there
are no more conflicts.

* Update web_src/js/features/comp/EasyMDE.js

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-07 16:41:31 +08:00
silverwind 80705cf4b4
Fix mermaid rendering in milestone dashboard (#18202)
Fixes: https://github.com/go-gitea/gitea/issues/18200
2022-01-07 11:49:27 +08:00
Lunny Xiao a1c12fb0b3
Don't store assets modified time into generated files (#18193) 2022-01-06 21:33:17 -05:00
zeripath 21ed4fd8da
Add warning for BIDI characters in page renders and in diffs (#17562)
Fix #17514

Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces.

There is a button which can be used to escape the content to show it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gwyneth Morgan <gwymor@tilde.club>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-07 02:18:52 +01:00
GiteaBot ee60f27aec [skip ci] Updated translations via Crowdin 2022-01-07 00:28:31 +00:00
dependabot[bot] 36a0f4e418
Bump mermaid from 8.13.4 to 8.13.8 (#18198)
Bumps [mermaid](https://github.com/knsv/mermaid) from 8.13.4 to 8.13.8.
- [Release notes](https://github.com/knsv/mermaid/releases)
- [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/docs/CHANGELOG.md)
- [Commits](https://github.com/knsv/mermaid/compare/8.13.4...8.13.8)

---
updated-dependencies:
- dependency-name: mermaid
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-06 15:17:27 -05:00