Commit graph

3033 commits

Author SHA1 Message Date
zeripath
3ae4c4898b
Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991)

Unfortunately it appears that if git cat-file is run in an invalid
repository it will hang until stdin is closed. This will result in
deadlocked /pulls pages and dangling git cat-file calls if a broken
repository is tried to be reviewed or pulls exists for a broken
repository.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix compilation bug

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the missing directories to the testrepos

* fixup! Add the missing directories to the testrepos

* and ensure that all of the other places have the objects directories too

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-17 10:08:00 +08:00
zeripath
3a77465e4e
Prevent double decoding of % in url params (#17997) (#18001) 2021-12-16 18:03:20 -05:00
Gusted
04517e17d6
Use correct user on releases (#17818)
- Backport #17806
2021-11-26 07:06:26 +00:00
KN4CK3R
3a222ee416
Fixed commit count (#17698) (#17790)
* Fixed commit count (#17698)

Added "Tag" label.
Unified branch, tag and commit name.

* Keep 1.15 behaviour.

* Removed locale change.
2021-11-26 00:21:56 +01:00
Gusted
76ad83f05e
backport: use correct sender on title change (#17792) 2021-11-24 03:53:18 -05:00
Lunny Xiao
714ecd9f1e
Fix close issue but time watcher still running (#17761)
* Fix bug

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-11-23 20:05:44 +08:00
99rgosse
7be2d7b136
Fix Migrate Description - backport (#17727) 2021-11-19 17:52:47 +08:00
Lunny Xiao
0305a73633
Fix bug when read mysql database max lifetime (#17682) (#17690) 2021-11-17 21:28:41 +08:00
Gusted
ea0fe83888
Fix golangci-lint warnings (#17598 et al) (#17668)
Backport #17598 
Backport #17606 
Backport #17608 
Backport #17609

- Since https://gitea.com/gitea/test-env/pulls/10 the golangci-lint has been upgraded and is erroring about new warnings in the code, this PR fixes those warnings.
2021-11-16 20:38:49 +00:00
wxiaoguang
20ae184967
Only allow webhook to send requests to allowed hosts (#17482) (#17510)
Backport #17482

* Only allow webhook to send requests to allowed hosts (backport #17482)

* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x
2021-11-06 09:23:43 +00:00
Gusted
0d0ff5e32a
backport(1.15): Use correct defaultValue for stracktrace (#17557)
- Backporting https://github.com/go-gitea/gitea/pull/17552
2021-11-05 22:55:33 +08:00
Lunny Xiao
f25f7c592f
Fix zero created time bug on commit api (#17547)
Co-authored-by: zeripath <art27@cantab.net>
2021-11-05 14:15:44 +08:00
Lunny Xiao
f572fb906f
fix email with + when active (#17518) (#17520)
Co-authored-by: zeripath <art27@cantab.net>
2021-11-03 00:52:38 +02:00
zeripath
ef12b8de80
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 11:33:18 +08:00
KN4CK3R
1fbdf96c34
Fix CSV render error (#17406) (#17431)
Backport #17406.

Closes #17378 

Both errors from #17378 were caused by  #15175.

Problem 1 (error with added file):
`ToUTF8WithFallbackReader` creates a `MultiReader` from a `byte[2048]` and the remaining reader. `CreateReaderAndGuessDelimiter` tries to read 10000 bytes from this reader but only gets 2048 because that's the first reader in the `MultiReader`. Then the `if size < 1e4` thinks the input is at EOF and just returns that.

Problem 2 (error with changed file):
The blob reader gets defer closed. That was fine because the old version reads the whole file into memory. Now with the streaming version the close needs to defer after the method.

Co-authored-by: zeripath <art27@cantab.net>
2021-10-25 18:31:15 +01:00
KN4CK3R
5159055278
Read expected buffer size (#17409) (#17430)
Backport of #17409

* Read expected buffer size.

* Changed name.
2021-10-25 17:46:56 +01:00
wxiaoguang
175ebc6f88
Fix issue markdown bugs (#17413)
* Bug fix: render Markdown `http://AppURL/org/repo/issues/4?a=1&b=2#comment-123 test` to HTML correctly, close #17394
* Bug fix: fix the positions of checkboxes in rendered HTML, close #17395

# Conflicts:
#	modules/markup/html.go
2021-10-23 23:30:46 +08:00
zeripath
8ace5c1161
Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376)
Backport #17281

There is a subtle bug in the SSH library x/crypto/ssh which makes the incorrect
assumption that the public key type is the same as the signature algorithm type.

This means that only ssh-rsa signatures are offered by default.

This PR adds a workaround around this problem.

Fix #17175

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-10-21 16:37:49 +08:00
Richard Mahn
befb6bea22
Prevent NPE in CSV diff rendering when column removed (#17018) (#17377)
Backport of #17018

Fixes #16837 if a column is deleted.
2021-10-20 22:55:34 +02:00
John Olheiser
eb748ff79e
Allow mocking timeutil (#17354) (#17356)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2021-10-18 16:48:23 -05:00
zeripath
a20ccec369
Ensure that git daemon export ok is created for mirrors (#17243) (#17306)
Backport #17243

There is an issue with #16508 where it appears that create repo requires that the
repo does not exist. This causes #17241 where an error is reported because of this.

This PR fixes this and also runs update-server-info for mirrors and generated repos.

Fix #17241

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-14 18:07:53 +02:00
zeripath
9c2b7a196e
Disable core.protectNTFS (#17300) (#17302)
Backport #17300

core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.

The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.

Fix #17092

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-13 23:02:45 +03:00
zeripath
1e278b15c2
Use pointer for wrappedConn methods (#17295) (#17296)
Backport #17295

Fix #17294

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-12 23:45:30 +01:00
Norwin
245596e130
don't try to interpret treepath as hash (#17272)
...when path contains no hash-path-separator ('/')

This is a workaround to #17179.

Entering this case when `path` does not contain a '/' does not really
make sense, as that means the tree path is empty, but this case is only
entered for routes that expect a non-empty tree path.

Treepaths like <40-char-dirname>/<filename> will still fail,
but hopefully don't occur that often. A more complete fix that avoids
this case too is outlined in #17185, but too big of a change to backport
2021-10-08 13:53:54 -04:00
pricly-yellow
7b1153e943
API pull's head/base have correct permission(#17214) (#17245)
* for all pull requests API return permissions of caller
* for all webhook return empty permissions

Signed-off-by: Danila Kryukov <pricly_yellow@dismail.de>

* Fix incorrect error handler

Co-authored-by: delvh <dev.lh@web.de>

* Fix wrong assumption in tests

* Change paramenter name to doer to indicate source

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
2021-10-07 12:39:23 +03:00
Lunny Xiao
766272b154
Fix bug of get context user (#17169) (#17172)
Co-authored-by: 6543 <6543@obermui.de>
2021-09-28 15:42:43 +02:00
zeripath
4707d4b8a9
Nicely handle missing user in collaborations (#17049) (#17166)
Backport #17049

It is possible to have a collaboration in a repository which refers to a no-longer
existing user. This causes the repository transfer to fail with an unusual error.

This PR makes `repo.getCollaborators()` nicely handle the missing user by ghosting
the collaboration but also adds consistency check. It also adds an
Access consistency check.

Fix #17044

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2021-09-28 07:41:12 +01:00
zeripath
4b8b214108
Create doctor command to fix repo_units broken by dumps from 1.14.3-1.14.6 (#17136) (#17137)
Backport #17136

There was a serious issue with the `gitea dump` command in 1.14.3-1.14.6 which led to corruption of the `config` field of the `repo_unit` table. 

This PR adds a doctor command to attempt to fix the broken repo_units. Users affected by #16961 should run:

```
gitea doctor --fix --run fix-broken-repo-units
```

Fix #16961

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-27 18:30:11 +01:00
zeripath
4b6556565f
Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141)
Backport #17140

When rendering source in org mode there is a mistake in the highlight code that
causes a panic.

This PR fixes this.

Fix #17139

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-24 14:29:47 +01:00
zeripath
6139834e76
Add caller to cat-file batch calls (#17082) (#17089)
Some people still appear to report unclosed cat-files. This PR simply adds the caller
to the process descriptor for the CatFileBatch and CatFileBatchCheck calls.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-09-20 00:07:35 +08:00
Lunny Xiao
fd35f56e87
Fix bug of migrate comments which only fetch one page (#17055) (#17058)
* Fix bug of migrate comments which only fetch one page

* add next page to trace

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-09-15 14:01:54 -04:00
zeripath
6a025d8b4a
Do not show issue context popup on external issues (#17050) (#17054)
Backport #17050

The issues pop-up context cannot work for external issues - therefore do not show
these.

Fix #17047

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-15 17:38:20 +08:00
zeripath
270c7f36db
Correctly rollback in ForkRepository (#17034) (#17045)
Backport #17034

The rollback functionality in
services/repository/repository.go:ForkRepository is incorrect and could
lead to a deadlock as it uses DeleteRepository to delete the rolled-back
repository - a function which creates its own transaction.

This PR adjusts the rollback function to only use RemoveAll as any
database changes will be automatically rolled-back. It also handles
panics and adjusts the Close within WithTx to ensure that if there is a
panic the session will always be closed.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-09-15 08:42:09 +03:00
zeripath
0e448fb96d
Decrement Fork Num when converting from Fork (#17035) (#17046)
Backport #17035

When converting repositories from forks to normal the root NumFork needs to be
decremented too.

Fix #17026

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-15 10:05:47 +08:00
zeripath
659b946eda
Fix missing close in WalkGitLog (#17008) (#17009)
Backport #17008

When the external context is cancelled it is possible for the
GitLogReader to not itself be Closed.

This PR does three things:

1. Instead of adding a plain defer it wraps the `g.Close` in a func as
`g` may change.
2. It adds the missing explicit g.Close - although the defer fix makes
this unnecessary.
3. It passes down the external context as the base context for the
GitLogReader meaning that the cancellation of the external context will
pass down automatically.

Fix #17007

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-10 17:46:06 +08:00
6543
3b13c5d41a
Fix bug of migrated repository not index (#16991) (#16996)
Fix #16986, #16152

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-09-09 07:02:22 +01:00
Lunny Xiao
07489d0405
Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977)
* Fix storage Iterate bug and Add storage doctor to delete garbage attachments

* Close object when used
2021-09-07 19:39:05 +01:00
zeripath
5cb5101720
Close storage objects before cleaning (#16934) (#16942)
Backport #16934

Storage.Iterate provides the path and an open object. On windows using
local storage means that the objects will be locked thus preventing clean
from deleting them.

This PR simply closes the objects early.

Fix #16932

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-03 12:17:07 +01:00
Lunny Xiao
8b132bdec6
Ignore review comment when ref commit is missed (#16905) (#16919)
backport #16905
2021-09-02 11:51:32 +01:00
zeripath
02de43236a
Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
Backport #16903

Fix bug related to early breaking when migrating reactions.

Co-authored-by: 6543 <6543@obermui.de>
2021-09-01 17:52:38 -04:00
Lunny Xiao
af1fd56d8a
Fix dump and restore respository (#16698) (#16898)
* Fix dump and restore
* return different error message for get commit
* Fix missing delete release attachment when deleting repository
* Fix ci and add some comments

back port #16698

Co-authored-by: zeripath <art27@cantab.net>
2021-08-31 10:44:14 +01:00
6543
0274933c22
Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)

Co-authored-by: zeripath <art27@cantab.net>
2021-08-31 16:06:01 +08:00
zeripath
58f4a4114e
Simplify split diff view generation and remove JS dependency (#16775) (#16863)
Backport #16775

Gitea has relied on some slow JS code to match up added and deleted lines on the
diff pages. This can cause a considerable slow down on large diff pages.

This PR makes a small change meaning that the matching up can occur much more simply.

Partial fix #1351

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-30 16:43:06 +01:00
6543
c5193a8481
In Render tolerate not being passed a context (#16842) (#16858)
* In Render tolerate not being passed a context

It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.

Fix #16835

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Context to Repo calls for RenderString

All calls from routers can easily add the context - so add it.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-08-29 15:25:45 +01:00
techknowlogick
0c7927fe48
Report the correct number of pushes on the feeds (#16811) (#16822)
* Report the correct number of pushes on the feeds

Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.

Fix #16804

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update templates/user/dashboard/feeds.tmpl

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: zeripath <art27@cantab.net>
2021-08-26 02:30:13 -04:00
zeripath
2148b27bfa
Prevent NPE on empty commit (#16812) (#16819)
Backport #16812

Handle completely empty commit as the first commit to a repository.

Fix #16668

Signed-off-by: Andrew Thornton art27@cantab.net
2021-08-25 13:22:48 +01:00
zeripath
d89029ebac
Ensure empty lines are copiable and final new line too (#16678) (#16692)
Backport #16678

When files are highlighted the newline character needs to be added in a whitespace
compliant mode. Also ensure the final empty newline is rendered.

Fix #16434

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-15 05:39:23 +02:00
6543
62315ea731
If PatchURL is empty, skip pull patch download when migrating (Partial #16356) (#16681)
Partial backport #16356

Whilst looking at adding migration support for onedev it has become apparent that gitea would attempt to pull patches on other migration targets even if that PatchURL was empty.
2021-08-13 18:26:19 +02:00
6543
86861ee135
Update issue_index to finish migration (#16685) (#16687)
* update issue_index to finish migration

* One Func to RecalculateIssueIndexForRepo
2021-08-13 15:13:03 +01:00
6543
d2d99a25b7
Fix NPE in fuzzer (#16680) (#16682)
The fuzzer found an issue with the issue pattern processor where there is a spurious
path.Clean which does not need to be there. This PR also sets the default AppURL for
the fuzzer too.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-08-13 08:51:13 +03:00