Commit Graph

10260 Commits

Author SHA1 Message Date
techknowlogick e00e8d8ad3
Disable Git Hooks by default (#13064)
* Disable Git Hooks by default

Related #13058

* pass tests
2020-10-07 14:24:14 -04:00
GiteaBot e0b7727804 [skip ci] Updated translations via Crowdin 2020-10-07 09:56:17 +00:00
Niklas Goerke 8fe8ab5cbf
Mitigate Security vulnerability in the git hook feature (#13058)
* Extend git hook warning in the UI.

Git hooks are a dangerous feature, administrators should be warned before giving
the git hook privilege to users.

* Disable Git hooks by default and add warning.

Git hooks are a dangerous features (see warning text) that should only
be enabled if the administrator was informed about the risk involved.

Co-authored-by: Niklas Goerke <goerke@fzi.de>
2020-10-07 12:55:13 +03:00
Rongjian Zhang d49242287d
Update third-party-tools.en-us.md (#13046) 2020-10-06 12:55:51 -04:00
GiteaBot f5436b4a67 [skip ci] Updated translations via Crowdin 2020-10-06 16:17:17 +00:00
Rongjian Zhang 77f360b1b8
fix: case typo (#13049)
* Update settings.go

* Run swagger generate
2020-10-06 12:16:16 -04:00
GiteaBot a23c128ba6 [skip ci] Updated translations via Crowdin 2020-10-06 07:24:15 +00:00
6543 c584364b90
[Docs] Update GitNex Link (#13050) 2020-10-06 08:23:10 +01:00
Spencer Taylor 6eea301829
Adding visual cue for "Limited" & "Private" organizations. (#13040)
* Adding visual cue for "Limited" & "Private" organizations.

* Moving org visibility CSS styles to .less files.

Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-06 02:25:43 -04:00
6543 df4bbcd235
Fix error create comment on outdated file (#13041)
* FIX

* more specific

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-05 20:18:55 -04:00
kolaente b5e76dddb8
Fix Pull Request merge buttons on mobile (#13035)
Signed-off-by: kolaente <k@knt.li>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-05 19:31:25 -04:00
GiteaBot 91118bc73d [skip ci] Updated translations via Crowdin 2020-10-05 22:47:15 +00:00
kolaente 78aded1eaa
Fix Issue & Pull Request comment headers on mobile (#13039)
Signed-off-by: kolaente <k@knt.li>
2020-10-05 18:46:11 -04:00
zeripath 5e1c51cdb6
(Re)Load issue labels when changing them (#13007)
(Re)Load issue labels when labels are added or removed

This means that the label state that the webhooks produce accurately matches
the changes that they are reporting.

Fix #10660

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-05 09:49:11 +03:00
silverwind cda44750cb
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-05 01:49:33 -04:00
Lucas Queiroz 67a5573310
[#13004] Add Timestamp to Tag list API (#13026)
* Add Timestamp to Tag list API

* Add unit test for ToCommitMeta

* Rename timestamp to created

* Reformat files
2020-10-05 12:07:54 +08:00
Divyam Bhasin 48703c3c68
updated docs with caveat for authorized_keys (#13030)
* updated docs with caveat for authorized_keys

* wrapped authorized_keys in ticks

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-04 19:52:40 -04:00
赵智超 01c7204895
Return sample message for login error in api context (#12994)
* Return sample message for login error in api context

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update modules/context/auth.go

Co-authored-by: silverwind <me@silverwind.io>

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-04 17:39:31 -04:00
silverwind 922d698842
CSS tweaks to warning/error segments and misc fixes (#13024)
* CSS tweaks to warning/error segments and misc fixes

- Adjust styling for warning/error in arc-green
- Change danger boxes from orange to red
- Fix code highlight text color in arc-green
- Fix warning message in arc-green
- Fix border in org member list in arc-green
- Fix disabled checkbox text in arc-green

* use same selector in gitea theme

* fix blame highlight

Co-authored-by: zeripath <art27@cantab.net>
2020-10-04 16:54:22 -04:00
GiteaBot 10e04da28c [skip ci] Updated translations via Crowdin 2020-10-04 17:13:45 +00:00
zeripath 3f3a4f5b41
Avoid setitng the CONN_STR in queues unless it is meant to be set (#13025)
Since the move to common leveldb and common redis the disk queue code
will check the connection string before defaulting to the DATADIR.

Therefore we should ensure that the connection string is kept empty
unless it is actually set.

Fix #13023

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-04 18:12:26 +01:00
John Olheiser 72636fd664
hCaptcha Support (#12594)
* Initial work on hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Format

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* At least return and debug log a captcha error

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Pass context to hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Finish hcaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update example config

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply error fix for recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Change recaptcha ChallengeTS to string

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-02 23:37:53 -04:00
zeripath 5460bf8903
Fix formatting of branches ahead-behind on narrow windows (#12989)
Make the bar-groups width 50% with max-width of 90px

Fix #12252

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-02 19:10:43 -04:00
Claudius Ellsel 45727c32c3
Update comparison for GitLab CE (#13019)
* Update comparison for GitLab CE

Fixes #13018.

* Update docs/content/doc/features/comparison.en-us.md

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

* Update comparison.en-us.md

According to the linked issue it is there and just the documentation is lacking.

* Update docs/content/doc/features/comparison.en-us.md

Co-authored-by: techknowlogick <matti@mdranta.net>

* Update docs/content/doc/features/comparison.en-us.md

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <matti@mdranta.net>
2020-10-02 18:08:17 -04:00
rebeckanylander 54091e074c
Fix comment header span. (#13009)
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-02 11:13:46 -04:00
mrsdizzie 7a34fc0ae8
Remove code-view class from diff view (#13011)
code-view class seems unecessary here as everything needed style wise comes from various diff classes. This allows comments and comment editor to be styled properly and fixes linked bug.

Fixes #13010

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-02 10:38:38 -04:00
zeripath 54dd28f159
Fix 500 on README in submodule (#13006)
If a README file is a symlink to a submodule Gitea the view branch page
will return a 500.

The underlying problem is a missed conversion of an
plumbing.ErrObjectNotFound in git/tree_blob.go.

Fix #12599

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-02 09:27:44 -04:00
GiteaBot 86b8c81240 [skip ci] Updated translations via Crowdin 2020-10-02 09:38:47 +00:00
James Lakin 6fc129fe62
Fix repository create/delete event webhooks (#13008)
This small PR changes the webhook trigger behaviour to be more in line with what's expected. (When 'repository' events are enabled, of course)

In other words:

For system-wide or default webhooks, repository events will now trigger said webhook. Previously it had to be under an organization for create events to be visible - a tad unexpected!
Deleting a repository will now fire its own defined webhooks, not just organisational and system ones.
In order to enable the latter the webhook has to now be triggered before the actual repo undergoes deletion. I'm willing to tweak this to try and 'grab' the webhook model beforehand and trigger the webhook notifier directly afterwards, but this may make the code more complex for little benefit.

Closes #11766, #9180.
2020-10-02 10:37:46 +01:00
techknowlogick 77f3dbed6d
latest version is 1.12.5 (#13005) 2020-10-01 15:21:25 -04:00
John Olheiser b428f9feb5
Changelog 1.12.5 (#13002) (#13003)
* Changelog 1.12.5

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: techknowlogick <matti@mdranta.net>

* Apply suggestions from code review

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
2020-10-01 14:47:54 -04:00
Pranav Nachnekar 1827f892de
fix: media links in org files not liked to media files (#12997)
* fix: media links in org files not liked to media files

* fix: write directly to io.Writer r

as suggested by code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-01 11:22:34 -04:00
GiteaBot 1d2553abbf [skip ci] Updated translations via Crowdin 2020-10-01 12:50:55 +00:00
techknowlogick 156f54d6e2
allow U2F with default settings for gitea in subpath (#12990)
* allow U2F with default settings for gitea in subpath

* use trim suffix

Co-authored-by: zeripath <art27@cantab.net>
2020-10-01 20:49:49 +08:00
zeripath c6da033656
Copy missing things from app.example.ini to Cheat Sheet (#12988)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-01 07:57:57 +01:00
GiteaBot 992f387139 [skip ci] Updated translations via Crowdin 2020-10-01 05:55:40 +00:00
6543 818d921bbb
Refactor use TrimSuffix instead of TrimRight (#12993)
* Refactor use TrimSuffix instead of TrimRight

* TrimRight right

* has #12990
2020-10-01 06:54:34 +01:00
GiteaBot 551473b294 [skip ci] Updated translations via Crowdin 2020-09-30 21:00:33 +00:00
raoulb a43cf283de
Fix hugo shortcode typo in faq (#12987)
* Fix hugo shortcode typo in faq

* Switch to using language tags
2020-09-30 16:59:30 -04:00
GiteaBot 7670a9db10 [skip ci] Updated translations via Crowdin 2020-09-30 16:17:15 +00:00
PE1NUT f2c29f2d25
Clarification on the use of certificate chains (#12986)
* Clarification on the use of certificate chains

* As per @bagasme

Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-30 12:16:13 -04:00
GiteaBot 615e784150 [skip ci] Updated translations via Crowdin 2020-09-30 12:28:46 +00:00
Lunny Xiao 0d0e01eaa9
Fix typo on Chinese documents (#12982) 2020-09-30 20:27:41 +08:00
zeripath fe79b13ab2
Always return a list from GetCommitsFromIDs (#12981)
`GetCommitsFromIDs` is only used in one place: `LoadPushCommits` where
it expects that `c.Commits` is not nil.

This potentially nil set causes a NPE in in #12953

Fix #12953

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-29 22:26:54 +01:00
zeripath 1bcf1ad643
Only set the user password if the password field would have been shown (#12980)
POSTing to /admin/users/:id should only set the password if the the user
IsLocal or IsOauth2

Fix #12952

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-29 21:27:03 +01:00
GiteaBot 9b6361f8a0 [skip ci] Updated translations via Crowdin 2020-09-29 19:27:47 +00:00
zeripath 1267e678fa
Fix admin/config page (#12979)
Change `.LFS.ContentPath` to `.LFS.Path`

Fix #12975

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-29 15:26:45 -04:00
Lunny Xiao 3878e985b6
Add default storage configurations (#12813)
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-29 12:05:13 +03:00
zeripath 4c6ac08182
Completely quote AppPath and CustomConf paths (#12955)
* Completely quote AppPath and CustomConf paths

Properly handle spaces in AppPath and CustomConf within hooks and
authorized_keys. Unfortunately here we don't seem to be able to get away
with using go-shellquote as it appears that Windows doesn't play too
well with singlequote quoting - therefore we will avoid singlequote
quoting unless we absolutely cannot get away without it, e.g. \n or !.

Fix #10813

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing change

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix Test_CmdKeys

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-28 21:16:52 -04:00
zeripath 5cfc1f573f
Fix the issue reported on #12385 (#12969)
Missed setting ConnectionString on queuesettings

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-28 19:00:54 -04:00