Backport #14651
There is potentially a race with a slow starting internal
queue causing a NPE if Has is checked before the internal
queue has been setup.
This PR adds a lock on the Has() fn.
Fix#14311
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one
* Add a warning on document
Co-authored-by: zeripath <art27@cantab.net>
Backport #14624
GetCommit() assumes that all 40 char strings are SHA1s. This leads to an
error if you try to do a PR on a branch which is 40 characters long.
This PR attempts the SHA first - and if it fails will switch to using rev-parse.
Fix#14470
Signed-off-by: Andrew Thornton <art27@cantab.net>
Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.
Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Migrations currently uses the default Xorm mapper which is
not the same as the mapper Gitea actually uses.
This means that there is a difference between the struct
parsing and mapping to database tables in migrations as
compared to normal Sync2.
This was the cause for the catastrophic problem in v168 -
untagged fields are not mapped in the same way in migrations
as compared to outside of migrations.
This is also likely the cause of some weird subtle failures
in other migrations as any untagged field may not be being
mapped exactly the same way.
This PR suggests that we ensure that the mapper is set at
the start of the migrations code - but also enforces a strict
clean mapper between each migration.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
* Enhance Ghost comment mitigation Settings (#14392)
* refactor models.DeleteComment and delete related reactions too
* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser
* Resolve Fixme & fix potential deadlock
* rm refactor
* make diff eaven less
* Prevent panic on fuzzer provided string
The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Placate lint
* placate lint again
Signed-off-by: Andrew Thornton <art27@cantab.net>
* minor cleanup
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Backport #14131
Unfortunately every connection to postgres requires that the search path is
set appropriately.
This PR shadows the postgres driver to ensure that as soon as a connection
is open, the search_path is set appropriately.
Fix#14088
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix bug of link query order on markdown render
* Fix bluemonday bug and fix one wrong test
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
The design is very flexible, but not implemented correctly.
This commit fixes several issues:
* Costom storage type stated in https://docs.gitea.io/en-us/config-cheat-sheet/#storage-storage
not working
* [storage.attachments], [storage.minio] section not respected
Signed-off-by: 胡玮文 <huww98@outlook.com>
Co-authored-by: 胡玮文 <huww98@outlook.com>
* Fix panic in BasicAuthDecode
If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.
* Update BasicAuthDecode()
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
* Don't use simpleMDE editor on mobile devices
simpleMDE doesn't work properly on mobile devices -- We've replaced it with the slightly more working easyMDE in 1.14 but since that change can't be backported to 1.13 we will just disable the editor on mobile here.
* make isMobile function per code review -- disable simpleMDE for code review and replies
* Fix issue with plain text and wiki
Co-authored-by: silverwind <me@silverwind.io>
* Update view.tmpl
Added rendering of emoji to project label
* Add RenderEmojiPlain to the title and remove has-emoji
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Rakshith Ravi <rakshith.ravi@gmx.com>
Co-authored-by: zeripath <art27@cantab.net>
zeripath