if AllowedUserVisibilityModes allow only public & limited, and orgs can be private, a user can create a repo to that organisation whitch will result in an update of the user. On this call the user is validaten and will be rejected since private is not allowed, but its not an user its an valid org ...
Co-authored-by: Alexey 〒erentyev <axifnx@gmail.com>
Co-authored-by: Alexey 〒erentyev <axifnx@gmail.com>
Backport #16956
The mail template rendering was failing with the error -
`...vices/mailer/mail.go:301:composeIssueCommentMessages() [E] ExecuteTemplate [issue/default/body]: template: issue/default:65:10: executing "issue/default" at <.i18n.Tr>: can't evaluate field i18n in type *models.Comment`
The issue was the template variable i18n is available in the outer scope.
Fix#16877
Co-authored-by: 6543 <6543@obermui.de>
Backport #16952
PR #16125 did not update the error handlers to handle conflict errors relating
to rebases. This PR adds them.
Fix#16922
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16950
The lastLeftIdx should be reset at the same time as creating a new section otherwise
it is possible for a second addition to end up attempting to read a nil entry.
Fix#16943
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16934
Storage.Iterate provides the path and an open object. On windows using
local storage means that the objects will be locked thus preventing clean
from deleting them.
This PR simply closes the objects early.
Fix#16932
Signed-off-by: Andrew Thornton <art27@cantab.net>
There is a flaw in #16820 where it was missed that although xorm will
not add a primary key to a table during syncing, it will remove an
unique constraint.
Users upgrading from 1.15.0 to 1.15.1 will therefore lose the unique
constraint that makes this table work unless they run `gitea doctor
recreate-table issue_index`. Postgres helpfully warns about this
situation but MySQL does not.
Main/1.16-dev is not affected by this issue as there is a migration that
does the above recreation by default. Users moving directly to 1.15.1
from 1.14.x or lower are also not affected.
Whilst we could force all users who ran 1.15.0 to do the above
recreate-table call, this PR proposes an alternative: Just add the
unique constraint back in for 1.15.x. This won't have any long term
effects - just some wasted space for the unnecessary index.
Fix#16936
Signed-off-by: Andrew Thornton <art27@cantab.net>
## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02
* BUGFIXES
* Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
* Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
* Ignore review comment when ref commit is missed (#16905) (#16919)
* Fix wrong attachment removal (#16915) (#16917)
* Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
* Correctly return the number of Repositories for Organizations (#16807) (#16911)
* Test if LFS object is accessible (#16865) (#16904)
* Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* Fix dump and restore respository (#16698) (#16898)
* Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
* Fix wiki raw commit diff/patch view (#16891) (#16892)
* Ensure wiki repos are all closed (#16886) (#16888)
* List limited and private orgs if authenticated on API (#16866) (#16879)
* Simplify split diff view generation and remove JS dependency (#16775) (#16863)
* Ensure that the default visibility is set on the user create page (#16845) (#16862)
* In Render tolerate not being passed a context (#16842) (#16858)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
* Report the correct number of pushes on the feeds (#16811) (#16822)
* Add primary_key to issue_index (#16813) (#16820)
* Prevent NPE on empty commit (#16812) (#16819)
* Fix branch pagination error (#16805) (#16816)
* Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
* Remove spurious / from issues.opened_by (#16793)
* Ensure that template compilation panics are sent to the logs (#16788) (#16792)
* Update caddyserver/certmagic (#16789) (#16790)
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16916
Duplicate #15987 to allow access to releases download through BASIC authentication.
Fix#16914
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16912
Add ignore-dirty to /user/settings/account
Add autocomplete="off" to push_mirror_address form on /:owner/:repo/settings
Fix#16861
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16807
Calculate and return the number of Repositories on the dashboard
Organization list.
This PR restores some of the logic that was removed in #14032 to
calculate the number of repos on the dashboard orgs list.
Fix#16648
Replaces #16799
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix dump and restore
* return different error message for get commit
* Fix missing delete release attachment when deleting repository
* Fix ci and add some comments
back port #16698
Co-authored-by: zeripath <art27@cantab.net>
* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)
Co-authored-by: zeripath <art27@cantab.net>
There are multiple places where wiki git repositories are not properly closed.
This PR ensures they are closed.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Backport #16775
Gitea has relied on some slow JS code to match up added and deleted lines on the
diff pages. This can cause a considerable slow down on large diff pages.
This PR makes a small change meaning that the matching up can occur much more simply.
Partial fix#1351
Signed-off-by: Andrew Thornton <art27@cantab.net>
* In Render tolerate not being passed a context
It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.
Fix#16835
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Context to Repo calls for RenderString
All calls from routers can easily add the context - so add it.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
* Upgrade xorm to v1.2.2 (#16663)
Backport #16663Fix#16683
* Add test to ensure that dumping of login sources remains correct (#16847)
#16831 has occurred because of a missed regression. This PR adds a simple test to
try to prevent this occuring again.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Report the correct number of pushes on the feeds
Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.
Fix#16804
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update templates/user/dashboard/feeds.tmpl
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
Backport #16813
Make the group_id a primary key in issue_index. This already has an
unique index and therefore is a good candidate for becoming a primary
key.
This PR also changes all other uses of this table to add the group_id as
the primary key.
The migration v192 from #16813 has not been backported but Xorm will
work fine with non-primary keyed tables. If a user on 1.15 wishes to
have the correct schema sooner than 1.16 - they can use gitea doctor
recreate-table issue_index and gitea will recreate the table with the
primary key.
Fix#16802
Signed-off-by: Andrew Thornton art27@cantab.net
Backport #16805Fix#16801
Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
Backport #16788
Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.
This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Backport #16794
There is a missing return in handleSettingRemoteAddrError which means
that the error page for repo settings is duplicately rendered.
Fix#16771
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
The MySQL indexes are not being renamed at the same time as RENAME table despite the
CASCADE. Therefore it is probably better to just recreate the indexes instead.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
In #7269, thin scrollbars were added in Arc Green theme. It got moved
in base theme in #13361.
This PR removes the use of thin scrollbars which causes an
accessibility issue. The scrollbars become too thin to be dragged.
Signed-off-by: Elouan Martinet <exa@elou.world>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Partial Backport #16705
There was an inadvertent breaking change in #15629 meaning that notes refs and other
git extension refs will be automatically rejected.
This PR removes this incorrect forced rejection of non-standard refs.
Fix#16688
Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #16678
When files are highlighted the newline character needs to be added in a whitespace
compliant mode. Also ensure the final empty newline is rendered.
Fix#16434
Signed-off-by: Andrew Thornton <art27@cantab.net>
Partial backport #16356
Whilst looking at adding migration support for onedev it has become apparent that gitea would attempt to pull patches on other migration targets even if that PatchURL was empty.
The fuzzer found an issue with the issue pattern processor where there is a spurious
path.Clean which does not need to be there. This PR also sets the default AppURL for
the fuzzer too.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>