mirror of
1
Fork 0
Commit Graph

49 Commits

Author SHA1 Message Date
zeripath bbffcc3aec
Multiple Escaping Improvements (#17551)
There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this.
    
This is an extensive PR attempting to fix these issues.

1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping.
2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand.
3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 
4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.)
5. The title generation in feeds is now properly escaped.
6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-16 18:18:25 +00:00
6543 63d7cbcef1
Make mirror feature more configurable (#16957)
Rename`[repository]` `DISABLE_MIRRORS` to `[mirror]` `DISABLE_NEW_PULL`  and add `ENABLED` and `DISABLE_NEW_PUSH` with the below meanings:

- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors.
- `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
- `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid.


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2021-09-07 17:49:36 +02:00
6543 640066840e
Use a generic markup class to display externally rendered files and diffs (#15735)
* creates and implements generic markup less class

* How to give custom CSS to externally rendered html

* Clarifies sources of CSS styling of markup

* further clarification of sources of markup styling

* rename _markdown to _markup

* remove defunct import

* fix orphaned reference

* Update docs/content/doc/advanced/external-renderers.en-us.md

* more renames markdown -> markup

* do not suggest less customization

* add back tokens

* fix class whitespace, remove useless if-clause

* remove unused csv-data rules

* use named exports and rename functions

* sort imports

Co-authored-by: HarvsG <11440490+HarvsG@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
2021-05-07 10:43:41 +02:00
silverwind d848098f60
Enforce tab indentation in templates (#15289)
* Enforce tab indendation in templates

This adds editorconfig-checker [1] to lint the template files so they
conform the editorconfig files. I fixed all current identation issues
using the fix mode of eclint [2] and some manual corrections.

We can extend this linting to other files later, for now I'd like this
PR to focus on HTML template files only.

[1] https://github.com/editorconfig-checker/editorconfig-checker
[2] https://github.com/jedmao/eclint

* fix indendation

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-10 23:46:37 -04:00
zeripath 61711143b9
Fix alignment of People and Teams right arrow on org homepage (#14924)
Fix #14854

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-03-08 15:52:58 +01:00
silverwind 9269a038a4
Direct avatar rendering (#13649)
* Direct avatar rendering

This adds new template helpers for avatar rendering which output image
elements with direct links to avatars which makes them cacheable by the
browsers.

This should be a major performance improvment for pages with many avatars.

* fix avatars of other user's profile pages

* fix top border on user avatar name

* uncircle avatars

* remove old incomplete avatar selector

* use title attribute for name and add it back on blame

* minor refactor

* tweak comments

* fix url path join and adjust test to new result

* dedupe functions
2020-12-03 19:46:11 +01:00
silverwind b1cf7f4df1
Add class to page content to unify top margin (#13766)
* Add class to page content to unify top margin

Previously pages would individually set this margin but some didn't so
content would stick to the header without any space. Resolve this by
adding a new class that is added on all pages. The only place where we
remove this margin again is on the pages with menu or wrapper in the
header.

* fix admin notices

* fix team pages

* fix loading segment on gitgraph for arc-green

* fix last missing case

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-30 23:00:14 -05:00
silverwind e00a355427
Dropdowns, Labels fixes and more CSS tweaks (#13733)
* Dropdowns and Labels fixes

- Rework dropdown, menu and label styles
- Improve issue sidebar milestone and label sections
- Fix archived repo and private org badge
- Move more colors to CSS vars
- Move issue number to end of title on issue page

* more dropdown fixes

* fix basic blue labels - fixes #13731

* improve class setting on svg

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-29 01:22:04 -05:00
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf 3ea237b333
Add markdown support in organization description (#13549)
Similarly to how you can write some markdown in user profile description, you can now use the same feature in organization description.
As discussed in discord.
kudos to @mrsdizzie and @zeripath 

visualization:
![image](https://user-images.githubusercontent.com/61180606/99115919-8004a200-25f3-11eb-8bbd-ab33de2cabb3.png)
2020-11-15 16:28:08 +00:00
Divyam Bhasin 9b11c3e320
#13091 - add new mirror button (#13105)
* added button

* got URL params to carry through to service specific migrate pages

* do not display add mirror button if mirroring turned off

* added corrections by reviewers

* Add silverwind's suggestion

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
2020-10-23 19:01:58 -04:00
Spencer Taylor 6eea301829
Adding visual cue for "Limited" & "Private" organizations. (#13040)
* Adding visual cue for "Limited" & "Private" organizations.

* Moving org visibility CSS styles to .less files.

Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-06 02:25:43 -04:00
silverwind ffddf3f8a6
Make SVG size argument optional (#12814)
Now defaults to 16 on both frontend and backend.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-11 16:19:00 -04:00
John Olheiser ac18c3f6f2
Fixes (#10386)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: techknowlogick <matti@mdranta.net>
2020-02-20 17:44:13 -06:00
John Olheiser 86fdba177a
Add Octicon SVG spritemap (#10107)
* Add octicon SVG sprite

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Static prefix

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* SVG for all repo icons

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* make vendor

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Swap out octicons

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Move octicons to top of less imports

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix JS

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Definitely not a search/replace

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Missed regex

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Move to more generic calls and webpack

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* make svg -> make webpack

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Remove svg-sprite

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update tests

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Missed a test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Remove svg from makefile

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Suggestions

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Attempt to fix test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update tests

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Revert timetracking test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Swap .octicon for .svg in less

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add aria-hidden

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Replace mega-octicon

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix webpack globbing on Windows

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Revert

Co-Authored-By: silverwind <me@silverwind.io>

* Fix octions from upstream

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix Vue and missed JS function

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add JS helper and PWA

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Preload SVG

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <matti@mdranta.net>
2020-02-11 12:02:41 -05:00
David Svantesson 69a255defb Team permission to create repository in organization (#8312)
* Add team permission setting to allow creating repo in organization.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add test case for creating repo when have team creation access.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* build error: should omit comparison to bool constant

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add comment on exported functions

* Fix fixture consistency, fix existing unit tests

* Fix boolean comparison in xorm query.

* addCollaborator and changeCollaborationAccessMode separate steps

More clear to use different if-cases.

* Create and commit xorm session

* fix

* Add information of create repo permission in team sidebar

* Add migration step

* Clarify that repository creator will be administrator.

* Fix some things after merge

* Fix language text that use html

* migrations file

* Create repository permission -> Create repositories

* fix merge

* fix review comments
2019-11-20 19:27:49 +08:00
Richard Mahn ba91214633 Feature - #3031 - search for org repos (#5986) 2019-02-08 11:45:43 -05:00
cezar97 51ba3df5ff Add `noreferrer` to rel='noopener` for <a> tags (#4328) 2018-07-03 19:52:36 -04:00
Morgan Bazalgette b5fba4cd42 Fix organization profile on mobile devices (#3332) 2018-01-10 01:11:01 +02:00
Ethan Koenig ab62da283a Fix avatar URLs (#3069)
* Fix avatar URLs

* import order
2017-12-03 19:55:13 +08:00
harry 93f726352c Link members and repositories count to each page on org home. (#2787) 2017-11-04 13:46:34 +08:00
Lauris BH 32ca299650 Remove direct user adding to organization members (#2641) 2017-10-15 10:24:24 +08:00
Bo-Yi Wu 0cee52e0d3 fix: remove `str2html` from org full name (#1360)
* fix: remove str2html for security issue.

* fix: update
2017-04-05 18:31:31 -07:00
Bo-Yi Wu 19bc2b10ae fix: Add str2html on DisplayName of Org. (#1091) 2017-03-01 12:02:19 +08:00
Bwko 5ab85372da Added rel="noopener" to target="_blank" hrefs (#327)
* Added rel="noopener" to target="_blank" hrefs

* Replaced gogs.io/docs with docs.gitea.io
2016-12-02 09:12:16 +08:00
Kim "BKC" Carlbäcker 562f9b6eae Merge all pagination-templates into 'base/paginate'
to reduce code-duplicity
2016-11-07 12:44:29 +01:00
Unknwon 50422f1fc2 #3348 always use relative avatar link in the template 2016-08-05 12:12:54 -07:00
Unknwon e74630ae3b #1384 add pagination for repositories 2016-07-24 14:32:46 +08:00
Unknwon 1f2e173a74 Refactor User.Id to User.ID 2016-07-24 01:08:22 +08:00
Unknwon 4f78abe7dc #3066 fix create organization ignores full name property 2016-07-23 17:57:22 +08:00
Unknwon eac32419fc templates/org/home: minor UI fix 2016-07-16 15:54:43 +08:00
Unknwon 971e2c3bd6 Upgrade octicon to 4.3.0 2016-07-16 12:45:13 +08:00
Tamás Molnár d169d00be6 Display org member's full name in link title. 2016-03-16 22:04:19 +01:00
Adam Strzelecki da2585c11e Indent all templates with tabs
This commit improves templates readability, since all of them use consistent
indent with all template command blocks indented too.

1. Indents both HTML containers such as <div>, <p> and Go HTML template blocks
   such as {{if}} {{with}}

2. Cleans all trailing white-space

3. Adds trailing last line-break to each file
2015-12-08 00:57:46 +01:00
Adam Strzelecki e57b2dffa4 Admin should be able to see all organizations
This is follow-up for 56c66ee486 allowing admin
to see private repositories, even when not being member of them.
2015-11-30 21:46:01 +01:00
Unknwon 3ca544912f #1944 Drop /org/ URL path prefix in organization home page 2015-11-24 19:14:00 -05:00
Unknwon 52c8f69163 fix #650 2015-11-22 01:32:09 -05:00
Unknwon eea9302d8f fix #1204 2015-07-31 13:53:14 +08:00
Unknwon 7ccab9cd09 Merge branch 'dev' of github.com:gogits/gogs into access
Conflicts:
	gogs.go
	models/models.go
	models/user.go
	templates/.VERSION
	templates/org/home.tmpl
2015-02-22 22:51:25 -05:00
Unknwon c753fdceaf templates/org/home.tmpl: fix org member can't see public repo 2015-02-22 03:07:04 -05:00
Unknwon 6b7d35eade fix mirror issues uncaught #941 2015-02-13 02:14:57 -05:00
Unknwon 79262173a6 Webhook delivery locking & Hide repo for org members if they don't have access 2014-10-09 19:01:22 -04:00
Unknwon 7ba9257a7f Add suburl support 2014-09-19 20:11:34 -04:00
Martin van Beurden 0055cbd365 Allow Gogs to run from a suburl behind a reverse proxy. e.g. http://mydomain.com/gogs/
Conflicts:
	modules/setting/setting.go

Conflicts:
	templates/repo/release/list.tmpl
	templates/user/dashboard/dashboard.tmpl

Conflicts:
	routers/repo/setting.go
2014-09-18 20:50:48 +02:00
Unknwon 21a1b8e5a3 Finish new edit team page, add member to team 2014-08-24 21:09:05 +08:00
Unknwon bba707de36 Finish team list, create new team, join/leave team page 2014-08-16 16:21:17 +08:00
Unknwon 36b4c57ff1 Finish new organization members and invitation page 2014-08-15 18:29:41 +08:00
Unknwon 5fbf8531e6 Finish new home page of organization 2014-08-10 20:11:18 -07:00
Unknwon 5e81383413 Git installation check, show image in single file view, show short SHA1 instead of 40-length string, complete log module 2014-07-26 18:37:18 -04:00
Unknown 5dbfe3c26c Finish organization homepage 2014-06-28 15:43:25 -04:00