Backport #18072
Although #17487 ensured that the table was quoted in the join it missed that the
query part of the check also needed to be quoted.
Fix#17485
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18062
PR #17997 means that urls with terminal '/' are no longer immediately mapped
to the url without a terminal slash. However, it has revealed that the NotFound handler
appears to have been lost.
This PR adds back in a NotFound handler that simply redirects to a path without the
terminal slash or runs the NotFound handler.
Fix#18060
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18049
Repository Transfer requires that the repository directory is renamed - which
is not possible on Windows if the git repository is open.
Fix#17885
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18045
The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.
Fix#18037
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18018
When logging in the SessionID should be reset and the session cleaned up.
Also logs the user in on completion of linking account
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent off-by-one error on comments on newly appended lines (#18029)
Backport #18029
There was a bug in CutDiffAroundLine whereby if a file without a terminal new line
has a patch which appends lines to it and a comment is placed on one of those lines
the comment diff will be a line out of place.
This fixes CutDiffAroundLine to simply ignore the missing terminal newline - however,
we should really improve this rendering to add a marker to say that there was a
previously missing terminal newline.
Fix#17875
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #18030
Strangely a weird bug was present in the log escaping code whereby any escaped
character would gain 03d - this was due to a mistake in the format string where
it should have read %03o but read instead %o03d. This has led to spurious 03d
trailing characters on these escaped characters!
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #18023
Although we reset the locale in a number of places there were several ways of logging in that were missing the same code.
Fix#18020
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Backport #18005
It appears that there are several places that password length, complexity and ispwned
are not currently been checked when changing passwords. This PR adds these.
Fix#17977
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991)
Unfortunately it appears that if git cat-file is run in an invalid
repository it will hang until stdin is closed. This will result in
deadlocked /pulls pages and dangling git cat-file calls if a broken
repository is tried to be reviewed or pulls exists for a broken
repository.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix compilation bug
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add the missing directories to the testrepos
* fixup! Add the missing directories to the testrepos
* and ensure that all of the other places have the objects directories too
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Check if column exist before rename if exist, just return with no error
* Also check if errors column exist
* Add comment for migration
* Fix sqlite test
Backport #17572
* Remove appSubUrl from pasted images
Since we fixed the url base for the links in repositories we no longer need to add
the appsuburl to pasted image links.
Fix#17057
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17482
* Only allow webhook to send requests to allowed hosts (backport #17482)
* use ALLOWED_HOST_LIST=* for default to keep the legacy behavior in 1.15.x
Backport #17498
The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous
as the commit message is now rendered by the template. The template will correctly
escape strings - therefore we are currently double escaping.
This PR fixes this.
Fix#17492
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17487
CountOrphanedObjects needs to quote the table it is joining with as this table may
be `user`.
Fix#17485
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #17475
The underlying problem in #17328 appears to be that users are re-running the install
page during upgrades. The function that tests and creates the db did not intend for
this and thus instead the migration scripts being run - a simple sync tables occurs.
This then causes a weird partially migrated DB which causes, in this release cycle,
the duplicate column in task table error. It is likely the cause of some weird
partial migration errors in other cycles too.
This PR simply ensures that the migration scripts are also run at this point too.
Fix#17328
Signed-off-by: Andrew Thornton <art27@cantab.net>