Earl Warren
305ec55b10
[v7.0/forgejo] chore(ci): notify the k8s cluster about experimental releases
...
This is in preparation of the migration of the v*.next.forgejo.org
instances currently managed at https://code.forgejo.org/infrastructure/k8s
The key difference is that the former system relies on ad-hoc scripts
and creates one k8s cluster for each instance, sharing nothing between
them.
The newer k8s cluster is used for all and requires significantly less
ad-hoc tooling.
See also:
* https://code.forgejo.org/infrastructure/next-digest
* https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/k8s.md#updating-v-next-forgejo-org
(cherry picked from commit dab156b452
)
2024-11-04 14:37:59 +01:00
Earl Warren
ec3321a02d
Merge pull request 'Update dependency mermaid to v10.9.3 [SECURITY] (v7.0/forgejo)' ( #5725 ) from renovate/v7.0/forgejo-npm-mermaid-vulnerability into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5725
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-28 07:59:16 +00:00
Earl Warren
20848116a6
Merge pull request '[v7.0/forgejo] use constant time check for internal token' ( #5723 ) from bp-v7.0/forgejo-53231ba into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5723
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-28 07:21:14 +00:00
Renovate Bot
23dc779f94
Update dependency mermaid to v10.9.3 [SECURITY]
2024-10-28 06:28:51 +00:00
Gusted
1f40efc60b
fix(sec): use constant time check for internal token
...
(cherry picked from commit 53231bad61
)
2024-10-28 06:17:16 +00:00
Earl Warren
cc343f27e9
Merge pull request '[v7.0/forgejo] add permission check to 'delete branch after merge'' ( #5720 ) from earl-warren/forgejo:wip-v7.0-delete-branch into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5720
2024-10-28 06:15:56 +00:00
Gusted
5488ec7d96
security: add permission check to 'delete branch after merge'
...
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.
(cherry picked from commit 266e0b2ce9
)
Conflicts:
tests/integration/pull_merge_test.go
trivial context conflict
2024-10-28 06:32:10 +01:00
0ko
d9d434217f
Merge pull request 'Translation backports to v7' ( #5401 ) from 0ko/forgejo:i18n-backport-20240926-v7 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5401
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-27 12:46:28 +00:00
Codeberg Translate
80f501c9ad
[v7.0/forgejo] i18n: update of translations from Codeberg Translate
...
Backport: https://codeberg.org/forgejo/forgejo/pulls/5309 .
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: aleksi <aleksi@users.noreply.translate.codeberg.org>
Co-authored-by: Vaclovas Intas <Gateway_31@protonmail.com>
Co-authored-by: toasterbirb <toasterbirb@users.noreply.translate.codeberg.org>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5309
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 6d57cbe5c8
)
(cherry picked from commit 9791010feb
)
2024-09-26 22:39:12 +05:00
Codeberg Translate
698b9e3766
[v7.0/forgejo] i18n: update of translations from Codeberg Translate
...
Backport: https://codeberg.org/forgejo/forgejo/pulls/5231 .
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Monti <contact@montidaproot.xyz>
Co-authored-by: muhaaliss <muhaaliss@users.noreply.translate.codeberg.org>
Co-authored-by: EssGeeEich <EssGeeEich@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: Marco Ciampa <ciampix@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5231
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 2d3fc00d02
)
(cherry picked from commit 884b5aab8b
)
2024-09-26 22:36:58 +05:00
Codeberg Translate
7d994178c4
[v7.0/forgejo] i18n: update of translations from Codeberg Translate
...
Backport: https://codeberg.org/forgejo/forgejo/pulls/5182 .
Co-authored-by: Vaclovas Intas <Gateway_31@protonmail.com>
Co-authored-by: Monti <contact@montidaproot.xyz>
Co-authored-by: sclu1034 <sclu1034@users.noreply.translate.codeberg.org>
Co-authored-by: Dirk <Dirk@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5182
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit fb4a8b24cc
)
(cherry picked from commit 1fc2e1f02d
)
2024-09-26 22:36:04 +05:00
Earl Warren
a12e0308da
Merge pull request 'Update dependency go to v1.22.7 (v7.0/forgejo)' ( #5241 ) from renovate/v7.0/forgejo-patch-golang-packages into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5241
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-06 22:52:38 +00:00
Earl Warren
7644435aed
Merge pull request '[v7.0/forgejo] replace v-html with v-text in branch search inputbox for XSS protection' ( #5246 ) from bp-v7.0/forgejo-bb8796b into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5246
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-09-06 11:15:13 +00:00
Lunny Xiao
bb811ee28a
fix: replace v-html with v-text in branch search inputbox
...
Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
(cherry picked from commit 7eef261c3ebf9bfe37fe0dceb51bde9a79bbaf17)
(cherry picked from commit bb8796b3be
)
2024-09-06 10:38:00 +00:00
Renovate Bot
a0c1c1fdc7
Update dependency go to v1.22.7
2024-09-06 05:18:52 +00:00
Earl Warren
367ccad622
Merge pull request 'Update dependency webpack to v5.94.0 [SECURITY] (v7.0/forgejo)' ( #5201 ) from renovate/v7.0/forgejo-npm-webpack-vulnerability into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5201
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-09-03 08:36:50 +00:00
Renovate Bot
af756c76a7
Update dependency webpack to v5.94.0 [SECURITY]
2024-09-02 06:22:11 +00:00
0ko
08e37d130a
Merge pull request '[v7.0/forgejo] i18n: update of translations from Codeberg Translate' ( #5181 ) from bp-v7.0/forgejo-b73fd55 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5181
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-30 19:06:38 +00:00
Codeberg Translate
fa7fffdeef
i18n: update of translations from Codeberg Translate ( #5070 )
...
Translations update from [Codeberg Translate](https://translate.codeberg.org ) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/ ).
Current translation status:
![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg )
<!--start release-notes-assistant-->
## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-- >
- Localization
- [PR](https://codeberg.org/forgejo/forgejo/pulls/5070 ): <!--number 5070 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Xinayder <Xinayder@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Eryk Michalak <gnu.ewm@protonmail.com>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5070
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 45198cef64
)
(cherry picked from commit b73fd55374
)
2024-08-30 18:28:49 +00:00
Earl Warren
47cd797dd3
Merge pull request '[gitea] week 2024-35-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' ( #5113 ) from earl-warren/wcp/2024-35-v7.0 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5113
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-28 10:30:46 +00:00
Gusted
41f7faf4fe
Merge pull request '[v7.0/forgejo] [SEC] Ensure propagation of API scopes for Conan and Container authentication' ( #5150 ) from bp-v7.0/forgejo-5a871f6 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5150
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-28 09:55:33 +00:00
Gusted
ce10ec2878
[SEC] Ensure propagation of API scopes for Conan and Container authentication
...
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128
(cherry picked from commit 5a871f6095
)
2024-08-28 08:44:58 +00:00
Otto
619fe48af7
Merge pull request 'Backports of #4889 and #4984 to v7' ( #5138 ) from 0ko/forgejo:i18n-backport-20240827-v7 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5138
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-27 17:36:59 +00:00
Earl Warren
4b5f4ec788
Merge pull request '[v7.0/forgejo] fix: correct doctor commands and rename to forgejo' ( #5134 ) from bp-v7.0/forgejo-94af0e5 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5134
Reviewed-by: Otto <otto@codeberg.org>
2024-08-27 06:13:36 +00:00
Codeberg Translate
250bf845bd
[v7.0/forgejo] i18n: update of translations from Codeberg Translate
...
Backport: #4984 .
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: qui <qui@users.noreply.translate.codeberg.org>
Co-authored-by: hahahahacker2009 <hahahahacker2009@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4984
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit d30be160c9
)
(cherry picked from commit 619f2faf98
)
2024-08-27 08:29:22 +05:00
0ko
7191018661
[v7.0/forgejo] i18n: update of translations from Codeberg Translate
...
Backport: #4889 .
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net>
Co-authored-by: dragon <dragon@users.noreply.translate.codeberg.org>
Co-authored-by: hoovad <hoovad@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: zub <zub@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4889
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 17fa75074d
)
(cherry picked from commit c13d13f7cc
)
2024-08-27 08:27:23 +05:00
Otto Richter
402cf29da6
fix: correct doctor commands and rename to forgejo
...
The syntax is `doctor check --run` , see https://forgejo.org/docs/latest/admin/command-line/#doctor
(cherry picked from commit 94af0e53e5
)
2024-08-27 01:44:00 +00:00
Earl Warren
5df3029bf2
chore(release-notes): weekly cherry-pick week 2024-35-v7.0
2024-08-25 17:49:20 +02:00
Giteabot
bf07064e40
add CfTurnstileSitekey context data to all captcha templates ( #31874 ) ( #31876 )
...
Backport #31874 by @bohde
In the OpenID flows, the "CfTurnstileSitekey" wasn't populated, which
caused those flows to fail if using Turnstile as the Captcha
implementation.
This adds the missing context variables, allowing Turnstile to be used
in the OpenID flows.
Co-authored-by: Rowan Bohde <rowan.bohde@gmail.com>
(cherry picked from commit 0affb5c775280622b277bba2223c01968bafa8b7)
2024-08-25 17:41:08 +02:00
Otto
3dbe5be281
Merge pull request '[PORT] Fix overflow for images on project cards (gitea#31683)' ( #5033 ) from gusted/forgejo-bp-5029-v7 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5033
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 21:35:23 +00:00
Gusted
9ed7adcbf8
[UI] Remove snapping for images on project cards
...
Remove the snapping of the images on the projects cards, the images are
way too small to notice that when scrolling you're being snapped to
these images and when you do notice it, it doesn't make sense as you
wouldn't expect it to be snapped.
(cherry picked from commit 0764b7c18b
)
2024-08-20 18:34:45 +02:00
Simon Priet
7d133488b7
[PORT] Scroll images in project issues separately from the remaining issue (gitea#31683)
...
As discussed in https://github.com/go-gitea/gitea/issues/31667 &
https://github.com/go-gitea/gitea/issues/26561 , when a card on a Project
contains images, they can overflow the card on its containing column.
This aims to fix this issue via snapping scrollbars.
---
Backport: #5029
Conflict resolution: none
Modification: Remove the snapping of the images on the projects cards, the images are way too small to notice that when scrolling you're being snapped to these images and when you do notice it, it doesn't make sense as you wouldn't expect it to be snapped.
(cherry picked from commit 8e46efef95
)
2024-08-20 18:34:11 +02:00
Gusted
a84730775a
Merge pull request '[PORT] Remove jQuery class from the comment context menu (gitea#30179)' ( #5019 ) from gusted/forgejo-bp-gt-30179 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5019
Reviewed-by: Otto <otto@codeberg.org>
2024-08-20 13:46:11 +00:00
Earl Warren
db585f082a
Merge pull request '[gitea] week 2024-34-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' ( #4999 ) from earl-warren/wcp/2024-34-v7.0 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4999
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-20 05:43:22 +00:00
Yarden Shoham
d6a21fcb79
[PORT] Remove jQuery class from the comment context menu (gitea #30179 )
...
- Switched from jQuery class functions to plain JavaScript
- Tested the comment context menu functionality and it works as before
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: silverwind <me@silverwind.io>
---
Resolves #5016
(cherry picked from commit 66f7d47d2c702bab4ca9bcedc1c0ba9ddfa49a17)
2024-08-20 01:30:51 +02:00
Gusted
684c3106b4
Merge pull request '[v7.0/forgejo] [UI] Fix misalignment of authors for repo acctivity' ( #5005 ) from bp-v7.0/forgejo-72f4130 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5005
Reviewed-by: Otto <otto@codeberg.org>
2024-08-18 20:53:59 +00:00
Gusted
a6c74df161
[UI] Fix misalignment of authors for repo acctivity
...
- Regression of #4571
- We aren't showing the ticks generated by chartjs, because we want to
show the avatar of the person instead. You can't *realy* disable that
tick, so instead I opted to make them transparent in #4571 , however they
still affected the generation of ticks so if enough authors were being
shown, for some the ticks were being skipped. Adjust the settings to
make sure they are always being shown.
- Resolves https://codeberg.org/forgejo/forgejo/issues/4982
(cherry picked from commit 72f41306c2
)
2024-08-18 20:12:27 +00:00
Earl Warren
6becfc016f
chore(release-notes): weekly cherry-pick week 2024-34-v7.0
2024-08-18 07:11:37 +02:00
Giteabot
64c7687308
Fix panic of ssh public key page after deletion of auth source ( #31829 ) ( #31836 )
...
Backport #31829 by @lunny
Fix #31730
This PR rewrote the function `PublicKeysAreExternallyManaged` with a
simple test. The new function removed the loop to make it more readable.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 5fa90ad9bc7fe800d657e909462e5e1caefc7193)
2024-08-18 07:11:32 +02:00
Giteabot
4c5e4e672d
Show lock owner instead of repo owner on LFS setting page ( #31788 ) ( #31817 )
...
Backport #31788 by @wolfogre
Fix #31784 .
Before:
<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023 ">
After:
<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02 ">
Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit a39fe5325266f1c079e0e54abc68e6470764eb44)
Conflicts:
models/git/lfs_lock.go
trivial context conflict
2024-08-18 07:01:03 +02:00
Zoupers Zou
8e8a07cc15
Fix #31185 try fix lfs download from bitbucket failed ( #31201 )
...
Fix #31185
(cherry picked from commit e25d6960b5749fbf7f88ebb6b27878c0459817da)
(cherry picked from commit baad8337f9
)
2024-08-18 07:01:03 +02:00
oliverpool
45d96b4765
Add container.FilterSlice function (gitea#30339) (skip using it)
...
Many places have the following logic:
```go
func (jobs ActionJobList) GetRunIDs() []int64 {
ids := make(container.Set[int64], len(jobs))
for _, j := range jobs {
if j.RunID == 0 {
continue
}
ids.Add(j.RunID)
}
return ids.Values()
}
```
this introduces a `container.FilterMapUnique` function, which reduces
the code above to:
```go
func (jobs ActionJobList) GetRunIDs() []int64 {
return container.FilterMapUnique(jobs, func(j *ActionRunJob) (int64, bool) {
return j.RunID, j.RunID != 0
})
}
```
Conflicts:
models/issues/comment_list.go due to premature refactor in #3116
(cherry picked from commit 525accfae6
)
Conflicts:
models/issues/comment_list.go
only cherry-pick the container.FilterSlice function, for the sake of backporting
2024-08-18 06:55:15 +02:00
Michael Kriese
1a4c399652
Merge pull request '[v7.0/forgejo] fix: Run full PR checks on agit push' ( #4950 ) from bp-v7.0/forgejo-2d05e92 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4950
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-13 19:04:58 +00:00
Michael Kriese
7e847ad879
fix(agit): run full pr checks on force-push
...
(cherry picked from commit 2d05e922a2
)
2024-08-13 18:26:33 +00:00
Earl Warren
44b34ea2ac
Merge pull request '[gitea] week 2024-33-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' ( #4925 ) from earl-warren/wcp/2024-33-v7.0 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4925
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-12 21:26:24 +00:00
Giteabot
3e091b9bac
Fix `IsObjectExist` with gogit ( #31790 ) ( #31806 )
...
Backport #31790 by @wolfogre
Fix #31271 .
When gogit is enabled, `IsObjectExist` calls
`repo.gogitRepo.ResolveRevision`, which is not correct. It's for
checking references not objects, it could work with commit hash since
it's both a valid reference and a commit object, but it doesn't work
with blob objects.
So it causes #31271 because it reports that all blob objects do not
exist.
Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 144648a4afdd93d534875a86c50ec61c860878f3)
2024-08-11 09:41:23 +02:00
Earl Warren
3a18717c6b
Merge pull request '[v7.0/forgejo] [BUG] Return blocking errors as JSON errors' ( #4917 ) from bp-v7.0/forgejo-d97cf0e into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4917
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 06:42:40 +00:00
Gusted
e988d1a8bb
[BUG] Return blocking errors as JSON errors
...
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.
(cherry picked from commit d97cf0e854
)
2024-08-10 05:53:00 +00:00
Earl Warren
29afb54daf
Merge pull request '[v7.0/forgejo] disallow javascript: URI in the repository description' ( #4900 ) from bp-v7.0/forgejo-bb448f3 into v7.0/forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4900
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-09 06:58:26 +00:00
Gusted
542281ab9f
disallow javascript: URI in the repository description
...
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs ) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
(cherry picked from commit bb448f3dc2
)
2024-08-09 05:57:13 +00:00