Earl Warren
e7a97a39a6
Merge pull request '[TESTS] verify sanitization of names to prevent XSS' ( #2435 ) from earl-warren/forgejo:wip-xss into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2435
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 16:06:38 +00:00
Gusted
ca798e4cc2
[SECURITY] Test XSS in dismissed review
...
It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
2024-02-22 15:33:20 +01:00
Earl Warren
6f41188ac1
Merge pull request '[RELEASE] v1.21.6-0 release notes' ( #2410 ) from earl-warren/forgejo:wip-release-notes-1.21 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2410
2024-02-22 14:08:00 +00:00
Gusted
565e331238
[SECURITY] Test XSS in wiki last commit information
...
On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. Verify it is sanitized.
2024-02-22 15:03:15 +01:00
Earl Warren
704615fa65
[RELEASE] v1.21.6-0 release notes
...
Refs: https://codeberg.org/forgejo/forgejo/issues/2408
2024-02-22 14:22:32 +01:00
Earl Warren
2f5b266cca
Merge pull request 'Add e2e debug server' ( #2423 ) from maltejur/forgejo:e2e_debugserver into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2423
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 20:34:06 +00:00
Malte Jürgens
5c67c34ce8
Add e2e debug server
...
This adds the ability to run `make test-e2e-debugserver` to start a
forgejo server pupulated with the test data from `models/fixtures`. This
is particularly useful for debugging the e2e tests with a external tool,
such as the Playwright extension for VSCode [1].
[1] https://open-vsx.org/extension/ms-playwright/playwright
2024-02-21 20:47:57 +01:00
Earl Warren
3be80c9e95
Merge pull request '[THEMES] Port console colors' ( #2419 ) from gusted/forgejo-port-css into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2419
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 14:39:50 +00:00
Codeberg Translate
0081e59243
[I18N] Translations update from Weblate ( #2384 )
...
Translations update from [Weblate](https://translate.codeberg.org ) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/ ).
Current translation status:
![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg )
Co-authored-by: earl-warren <contact@earl-warren.org>
Co-authored-by: Kaede Fujisaki <psi@7io.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: meskobalazs <meskobalazs@fsf.hu>
Co-authored-by: Xinayder <me+codeberg@aoalmeida.com>
Co-authored-by: Anonymous <noreply@weblate.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: Dirk <dirk@0x7be.de>
Co-authored-by: fnetX <otto@codeberg.org>
Co-authored-by: Squeljur <squeljur+git@gmail.com>
Co-authored-by: noureddin <noureddin@protonmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2384
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-02-21 13:36:00 +00:00
Earl Warren
9daf97b46e
Merge pull request '[BUG] Initalize Git for hook regeneration' ( #2416 ) from gusted/forgejo-init-git into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2416
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 13:29:02 +00:00
Earl Warren
726ce5e3f9
Merge pull request '[BUG] Load `AllUnitsEnabled` when necessary' ( #2420 ) from gusted/forgejo-add-more into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2420
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 13:25:38 +00:00
Michael Kriese
849de07064
feat(xorm): add max idle time setting for db connections ( #2418 )
...
Add a new optional `CONN_MAX_IDLETIME`[^1]
This allows to set the `SetConnMaxIdleTime` on `database/sql`.
It's useful to allow to close more idle connections to reduce database connections, especially on postgresql.
For me i would like to use it to set a higher max idle connections but they will all be closed after being idle.
So also the last idle connection will be closed when there is no load on forgejo.
I also use it with max connection lifetime, because currently `database/sql` doesn't detect a postgresql master change[^2] and i'll get `[E] can't update runner status: pq: cannot execute UPDATE in a read-only transaction`[^3] on forgejo until the connection is closed.
[^1]: https://pkg.go.dev/database/sql#DB.SetConnMaxIdleTime
[^2]: https://stackoverflow.com/questions/51858659/how-to-safely-discard-golang-database-sql-pooled-connections-for-example-when-t
[^3]: https://matrix.to/#/!zpNKWqkiEOyljSMQDK:matrix.org/$_AJft_amsGn5hXGOYw75JoBJQnW3aKJEpb-Iw53L_TU?via=schinas.net&via=matrix.org&via=nitro.chat
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2418
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2024-02-21 12:17:16 +00:00
Gusted
6fbfe441de
[BUG] Load `AllUnitsEnabled` when necessary
...
- In order to determine if the "Add more..." tab should be shown, the
template has to know if the repository has all units enabled, this is
done in the repository header which can be shown for quite a lot of
pages (code, issues, projects, actions etc.)
- This was previously set in the `RepoRefByType` function, which would
be called by pages such as code, issues and releases, but it was not
being called for all pages such as actions, packages and wiki. Which
would in turn incorrectly show the "Add more..." button when it
shouldn't.
- Now call it from the template itself, so the value is 'always' loaded
when necessary.
2024-02-21 12:48:26 +01:00
Gusted
c6d366e283
[THEMES] Port console colors
...
- Port 1fd7e3d6be
to the Forgejo themes,
they are a copy paste, but have a bit darker console background color to
have better contrast and match better with the overal Forgejo dark
theme's shade.
2024-02-21 12:19:15 +01:00
Gusted
815abad84c
[BUG] Initalize Git for hook regeneration
...
- The hook regeneration code relies on `git.SupportProcReceive` being
set to determine if the `proc-receive` hook should be written, this
variable is set when the git module is initialized.
- Resolves #2414
2024-02-20 19:39:50 +01:00
Shiny Nematoda
51fb6f3983
[FEAT] add fallback repo search using git grep
2024-02-20 13:00:34 +00:00
Earl Warren
0533022d63
Merge pull request '[gitea] cherry-pick' ( #2397 ) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2397
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-19 23:03:10 +00:00
Gusted
f128b6efc9
Merge pull request '[BUG] Restrict when to make link absolute in markdown' ( #2403 ) from gusted/forgejo-custom-url into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2403
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-19 22:16:23 +00:00
Şahin Akkaya
8125fe0634
Deduplicate translations for contributors graph ( #29256 )
...
I have implemented three graph pages
([contributors](https://github.com/go-gitea/gitea/pull/27882 ), [code
frequency](https://github.com/go-gitea/gitea/pull/29191 ) and [recent
commits](https://github.com/go-gitea/gitea/pull/29210 )) and they have
all same page title as the tab name so I decided to use same
translations for them. This PR is for contributors graph. Other PR's
have their own respective commits.
(cherry picked from commit 39a77d92d9677b0a0049cb8696960d6d2ac052d6)
2024-02-19 22:58:33 +01:00
wxiaoguang
c7c20ff5ab
Remove DataRaceCheck ( #29258 )
...
Since #26254 , it started using `{{ctx.Locale.Tr ...}}`
Now the `ctx` seems stable enough, so the check could be removed.
(cherry picked from commit 567a68a0bf78c8d70f08c8ab948fdbb455225aa9)
2024-02-19 22:58:33 +01:00
Johan Van de Wauw
5fffab8d9d
Fix c/p error in inline documentation ( #29148 )
...
Fix small copy/paste error in inline documentation
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 740c6a226c4df26432641018fbfd9186977d573f)
2024-02-19 22:58:33 +01:00
KN4CK3R
369fe56966
Show commit status for releases ( #29149 )
...
Fixes #29082
![grafik](https://github.com/go-gitea/gitea/assets/1666336/bb2ccde1-ee99-459d-9e74-0fb8ea79e8b3 )
(cherry picked from commit 7e8ff709401d09467c3eee7c69cd9600d26a97a3)
2024-02-19 22:58:33 +01:00
Markus Amshove
b1d66f50fb
Disallow merge when required checked are missing ( #29143 )
...
fixes #21892
This PR disallows merging a PR when not all commit status contexts
configured in the branch protection are met.
Previously, the PR was happy to merge when one commit status was
successful and the other contexts weren't reported.
Any feedback is welcome, first time Go :-)
I'm also not sure if the changes in the template break something else
Given the following branch protection:
![branch_protection](https://github.com/go-gitea/gitea/assets/2401875/f871b4e4-138b-435a-b496-f9ad432e3dec )
This was shown before the change:
![before](https://github.com/go-gitea/gitea/assets/2401875/60424ff0-ee09-4fa0-856e-64e6e3fb0612 )
With the change, it is now shown as this:
![after](https://github.com/go-gitea/gitea/assets/2401875/4e464142-efb1-4889-8166-eb3be26c8f3d )
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a11ccc9fcd61fb25ffb1c37b87a0df4ee9efd84e)
2024-02-19 22:58:33 +01:00
Jason Song
e96e1beded
Do not use lower tag names to find releases/tags ( #29261 )
...
Fix #26090 , see
https://github.com/go-gitea/gitea/issues/26090#issuecomment-1952013206
Since `TagName` stores the original tag name and `LowerTagName` stores
the lower tag name, it doesn't make sense to use lowercase tags as
`TagNames` in `FindReleasesOptions`.
5e72526da4/services/repository/push.go (L396-L397)
While the only other usage looks correct:
5e72526da4/routers/web/repo/repo.go (L416)
(cherry picked from commit 0ea8de2d0729e1e1d0ea9de1e59fbcb673e87fd2)
2024-02-19 22:58:33 +01:00
silverwind
b3f2447bc4
Downscale pasted PNG images based on metadata ( #29123 )
...
Some images like MacOS screenshots contain
[pHYs](http://www.libpng.org/pub/png/book/chapter11.html#png.ch11.div.8 )
data which we can use to downscale uploaded images so they render in the
same dppx ratio in which they were taken.
Before:
<img width="584" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/50979e3a-5d5a-40dc-a0a4-36eb6e28f14a ">
After:
<img width="329" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/0690902a-f2fe-4c6b-97b3-6fdd67c21bad ">
(cherry picked from commit 5e72526da4e915791f03af056890e16821bde052)
2024-02-19 22:58:33 +01:00
GiteaBot
bb911b2d5f
[skip ci] Updated licenses and gitignores
...
(cherry picked from commit f04e71f9bc05d4930e1eff0b69ceb0e890528e30)
2024-02-19 22:58:33 +01:00
Şahin Akkaya
68cf08090d
De-duplicate contributor graph translations ( #29247 )
...
(cherry picked from commit 20f6a7c484d9dbf249d8e1dafa9a8c0a2e12127e)
2024-02-19 22:58:33 +01:00
Lunny Xiao
ac3f389e29
Fix missed edit issues event for actions ( #29237 )
...
Fix #29213
(cherry picked from commit c2a8aacae5242adbeb7bc1d4002492ae1cae47b2)
2024-02-19 22:58:33 +01:00
silverwind
aefc747ccb
Clean up diff header css and reduce global textarea min-height ( #29232 )
...
1. Tweak diff header and remove a numbe of unneeded CSS for it:
Before:
<img width="433" alt="Screenshot 2024-02-18 at 01 08 09"
src="https://github.com/go-gitea/gitea/assets/115237/d8b377c0-57bc-44d5-bb57-a582c7d4b3b4 ">
After:
<img width="463" alt="Screenshot 2024-02-18 at 01 07 56"
src="https://github.com/go-gitea/gitea/assets/115237/d08c17e7-5b86-4d07-81da-6371f4754325 ">
3. Reduce height of review textarea and also reduce fomantic's CSS from
12em to 8em. Now fits better on my screen:
<img width="1352" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/5c658d13-295e-4929-94da-13ade888020d ">
---------
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 39f8ab591c18a65cf783ecd17ddc1a5914ceff7a)
2024-02-19 22:58:33 +01:00
wxiaoguang
d611fe8d26
Improve TrHTML and add more tests ( #29228 )
...
Follow #29165 .
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 4345cac52971c13debfe5e6f311aef3930fe2eed)
2024-02-19 22:58:33 +01:00
Tim-Nicas Oelschläger
559afdad73
Convert visibility to number ( #29226 )
...
Don't throw error while creating user (Fixes #29218 )
(cherry picked from commit 6093f507fe6f2d4802de8ec1ff5b04820e81571c)
2024-02-19 22:58:33 +01:00
yp05327
d93d963c3f
Implement some action notifier functions ( #29173 )
...
Fix #29166
Add support for the following activity types of `pull_request`
- assigned
- unassigned
- review_requested
- review_request_removed
- milestoned
- demilestoned
(cherry picked from commit 1a6e1cbada27db1e3327b0d7d331492c95e24759)
2024-02-19 22:58:32 +01:00
wxiaoguang
81925ebb0c
Refactor more code in templates ( #29236 )
...
Follow #29165 .
* Introduce JSONTemplate to help to render JSON templates
* Introduce JSEscapeSafe for templates. Now only use `{{ ... |
JSEscape}}` instead of `{{ ... | JSEscape | Safe}}`
* Simplify "UserLocationMapURL" useage
(cherry picked from commit 31bb9f3247388b993c61a10190cfd512408ce57e)
2024-02-19 22:58:32 +01:00
wxiaoguang
bdf470785d
Use "Safe" modifier for manually constructed safe HTML strings in templates ( #29227 )
...
Follow #29165 . These HTML strings are safe to be rendered directly, to
avoid double-escaping.
(cherry picked from commit a784ed3d6c6946fd9bf95f2e910f52f549326fe2)
2024-02-19 22:58:32 +01:00
Yarden Shoham
ca46f7f7e0
Remove jQuery from repo migrate page ( #29219 )
...
- Switched to plain JavaScript
- Tested the repo migrate functionality and it works as before
# Demo using JavaScript without jQuery
![action](https://github.com/go-gitea/gitea/assets/20454870/44ad134b-832e-44b8-8e77-7cc8603d95fe )
---------
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 5e1bf3efe2ad3ba6cd30db187ca59b94c3fcdafa)
2024-02-19 22:58:32 +01:00
Yarden Shoham
66bae322b4
Remove unneccesary `initUserAuthLinkAccountView` from "link account" page ( #29217 )
...
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 3da2c63354eb3804c7aec3c688b066b044f2c30e)
2024-02-19 22:58:32 +01:00
Earl Warren
fc10cfeacf
Merge pull request 'Port "Remove jQuery from the repo release form"' ( #2402 ) from gusted/forgejo-port-gitea-pr-2 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2402
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-19 21:58:17 +00:00
Earl Warren
fa1341ccc2
Merge pull request 'Port "Use general token signing secret"' ( #2401 ) from gusted/forgejo-port-gitea-pr into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2401
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-19 21:56:51 +00:00
Gusted
65b9a959b8
[BUG] Restrict when to make link absolute in markdown
...
- In markdown, links are proccessed to be made absolute against the
relevant base in that context. Such that `./src` will be transformed
into `http://example.com/owner/repo/src/branch/main/src `.
- Don't try to make the link absolute if the link has a schema that's
defined in `[markdown].CUSTOM_URL_SCHEMES`, because they can't be made
absolute and doing so could lead to problems (see test case, double
slash was transformed to single slash).
- Adds unit test.
- Resolves https://codeberg.org/Codeberg/Community/issues/1489
2024-02-19 20:56:00 +01:00
wxiaoguang
62d3e5255f
Port "Use general token signing secret"
...
Port of https://github.com/go-gitea/gitea/pull/29205
Use a clearly defined "signing secret" for token signing.
(cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92)
2024-02-19 20:49:37 +01:00
Yarden Shoham
6b1f660db9
Port "Remove jQuery from the repo release form"
...
Port of https://github.com/go-gitea/gitea/pull/29225 . Reworked to not
use global click event listener.
---
- Switched to plain JavaScript
- Tested the repo release form functionality and it works as before
2024-02-19 19:54:22 +01:00
Gusted
cfd6420a0e
Merge pull request '[REFACTOR] Refactor the AGit code' ( #2386 ) from gusted/fix-agit into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2386
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-19 15:59:10 +00:00
Gusted
d8a267d3ab
[FEAT] Restrict file size of blame operation
...
- Currently there exists a restriction to not render and show files that
are larger than what's configured in `[UI].MAX_DISPLAY_FILE_SIZE`.
- Apply the same restriction to the blame operation as well, as the
blame operation can be seen as displaying a file.
- Add integration test.
- Ref: #2394
2024-02-19 16:39:39 +01:00
Earl Warren
6c9c0aca76
Merge pull request '[gitea] cherry-pick' ( #2375 ) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2375
Reviewed-by: Otto <otto@codeberg.org>
2024-02-19 14:42:41 +00:00
Earl Warren
ad79ba6a00
Merge pull request '[RELEASE] copy the release to forgejo-experimental if tests pass' ( #2377 ) from earl-warren/forgejo:wip-test-release into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2377
2024-02-19 14:05:28 +00:00
Gusted
1a0315ad78
Merge pull request '[TRANSLATION] Clarify the description of SSH Keys' ( #2393 ) from gusted/forgjeo-clarify-ssh into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2393
Reviewed-by: Otto <otto@codeberg.org>
2024-02-19 13:35:03 +00:00
Earl Warren
00d175701e
[RELEASE] use 0.0-test instead of forgejo-test
...
so that it is a valid semver version instead of not
2024-02-19 14:18:26 +01:00
Earl Warren
004b772b5c
[RELEASE] cache node_modules
2024-02-19 14:18:26 +01:00
Earl Warren
aef5f44169
[RELEASE] do not limit clone depth when building a release
...
otherwise git describe may not produce a tag based version number
2024-02-19 14:18:25 +01:00
Earl Warren
102b3738a2
[RELEASE] copy the release to forgejo-experimental if tests pass
2024-02-19 14:18:25 +01:00