Release/v1.17 #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#20021) Co-authored-by: wxiaoguang <[email protected]>
Backport #20032 In DeleteIssue the PR git head reference should be `/refs/pull/xxx/head` not `/refs/pull/xxx` Fix #19655 Signed-off-by: a1012112796 <[email protected]>
Fixes #19090 If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 Co-authored-by: 6543 <[email protected]>
Mysql TEXT has a limit of 64KB, change this to LONGTEXT in mysql only so we can have bigger hook payloads. Postgresql has unlimited TEXT - https://www.postgresql.org/docs/current/datatype-character.html Sqlite has unlimited TEXT - https://www.sqlitetutorial.net/sqlite-data-types/#:~:text=The%20maximum%20length%20of%20TEXT,SQLite%20supports%20various%20character%20encodings. Backport of #20038 Co-authored-by: zeripath <[email protected]>
There appears to be a strange bug whereby the comment_id index can sometimes be missed or missing from the action table despite the sync2 that should create it in the earlier part of this migration. However, looking through the code for Sync2 there is no need for this pre-code to exist and Sync2 should drop/create the indices as necessary. I think therefore we should simplify the migration to simply be Sync2. Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: 6543 <[email protected]>
Co-authored-by: Gusted <[email protected]> Co-authored-by: delvh <[email protected]> Co-authored-by: zeripath <[email protected]> Co-authored-by: Lauris BH <[email protected]> Co-authored-by: Lunny Xiao <[email protected]>
…20102) The code introduced by #18185 gets the error from response after it was processed by goth. That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth. It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed. This fixes it by handling the error before the request is passed to goth.
Synced the list to what is allowed on GitHub currently.
…oject to issue (#20133) (#20188) * Check if project has the same repository id with issue when assign project to issue * Check if issue's repository id match project's repository id * Add more permission checking * Remove invalid argument * Fix errors * Add generic check * Remove duplicated check * Return error + add check for new issues * Apply suggestions from code review Co-authored-by: Gusted <[email protected]> Co-authored-by: KN4CK3R <[email protected]> Co-authored-by: 6543 <[email protected]>
Backport #20158 Unforunately the previous PR #20035 created indices that were not helpful for SQLite. This PR adjusts these after testing using the try.gitea.io db. Fix #20129 Signed-off-by: Andrew Thornton <[email protected]>
Backport #20243 Adjust the max-widths for the repository file table to allow for nicer resizing of the names and commit messages. Fix #20040 Signed-off-by: Andrew Thornton <[email protected]> ## Screenshots ## MediaXL  ## MediaLg  ## MediaMd  ## MediaSm  Co-authored-by: Lunny Xiao <[email protected]>
Backport #20171 The setting `DEFAULT_SHOW_FULL_NAME` promises to use the user's full name everywhere it can be used. Unfortunately the function `*user_model.User.ShortName()` currently uses the `.Name` instead - but this should also use the `.FullName()`. Therefore we should make `*user_model.User.ShortName()` base its pre-shortened name on the `.FullName()` function. Co-authored-by: Baekjun Kim <[email protected]>
Backport #20200 The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix #20181 Signed-off-by: Andrew Thornton <[email protected]>
Backport #20220 Users who are following or being followed by a user should only be displayed if the viewing user can see them. Signed-off-by: Andrew Thornton <[email protected]>
…21808) Backport #21791 There was a bug introduced in #21352 due to a change of behaviour caused by #19280. This causes a panic on running the default doctor checks because the panic introduced by #19280 assumes that the only way opts.StdOut and opts.Stderr can be set in RunOpts is deliberately. Unfortunately, when running a git.Command the provided RunOpts can be set, therefore if you share a common set of RunOpts these two values can be set by the previous commands. This PR stops using common RunOpts for the commands in that doctor check but secondly stops RunCommand variants from changing the provided RunOpts. Signed-off-by: Andrew Thornton <[email protected]>
When backporting #20902 in #21058 there was a slight misbackport. It was missed that we needed to remove the global command option before setting the settings. Fix #21805 Signed-off-by: Andrew Thornton <[email protected]>
Backport of #21849 Co-authored-by: Lauris BH <[email protected]>
) (#21919) Backport #21884 Committer avatar rendered by `func AvatarByEmail` are not vertical align as `func Avatar` does. - Replace literals `ui avatar` and `ui avatar vm` with the constant `DefaultAvatarClass` Signed-off-by: Xinyu Zhou <[email protected]>
…branch actually done (#21562) (#21927) Backport #21562 Signed-off-by: Xinyu Zhou <[email protected]> Co-authored-by: Lunny Xiao <[email protected]> Co-authored-by: Lauris BH <[email protected]>
Fix #21910 Backport #21921 Co-authored-by: KN4CK3R <[email protected]> Co-authored-by: KN4CK3R <[email protected]>
Backport #21787 Co-authored-by: Lunny Xiao <[email protected]> Co-authored-by: Lauris BH <[email protected]>
Backport #21902 Although git does expect that author names should be of the form: `NAME <EMAIL>` some users have been able to create commits with: `<EMAIL>` Fix #21900 Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: Lauris BH <[email protected]>
Backport #22037. When deleting a closed issue, we should update both `NumIssues`and `NumClosedIssues`, or `NumOpenIssues`(`= NumIssues -NumClosedIssues`) will be wrong. It's the same for pull requests. Releated to #21557. Alse fixed two harmless problems: - The SQL to check issue/PR total numbers is wrong, that means it will update the numbers even if they are correct. - Replace legacy `num_issues = num_issues + 1` operations with `UpdateRepoIssueNumbers`.
Backport of #22081 Co-authored-by: KN4CK3R <[email protected]>
Backport of #22095 I changed it to a static condition because it needs a new version of xorm which is only available in 1.19. This change is valid because `SearchLatestVersions` is never called to list internal versions and there will no change to this behaviour in <1.19. Co-authored-by: Lunny Xiao <[email protected]> Co-authored-by: techknowlogick <[email protected]>
Backport #22118 Moved files in a patch will result in git apply returning: ``` error: {filename}: No such file or directory ``` This wasn't handled by the git apply patch code. This PR adds handling for this. Fix #22083 Signed-off-by: Andrew Thornton <[email protected]> Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: KN4CK3R <[email protected]>
Backport #22034 This fixes a bug where, when searching unadopted repositories, active repositories will be listed as well. This is because the size of the array of repository names to check is larger by one than the `IterateBufferSize`. For an `IterateBufferSize` of 50, the original code will pass 51 repository names but set the query to `LIMIT 50`. If all repositories in the query are active (i.e. not unadopted) one of them will be omitted from the result. Due to the `ORDER BY` clause it will be the oldest (or least recently modified) one. Co-authored-by: Christian Ullrich <[email protected]>
- Backport of #22171 - Currently, the 'IsZero' function for 'TimeStamp' just checks if the unix time is zero, which is not the behavior of 'Time.IsZero()', but Gitea is using this method in accordance with the behavior of 'Time.IsZero()'. - Adds a new condition to check for the zero time instant. - Fixes a bug where non-expiring GPG keys where shown as they expired on Jan 01, 0001. - Related https://codeberg.org/Codeberg/Community/issues/791
Disable auto tag so that 1.17 release will not tag `:1`.
Backport of #22186 Co-authored-by: Lunny Xiao <[email protected]>
Backport #22203 Signed-off-by: jolheiser <[email protected]>
Co-authored-by: techknowlogick <[email protected]> Co-authored-by: John Olheiser <[email protected]> Co-authored-by: Lauris BH <[email protected]>
Backport of #22150 Co-authored-by: Lunny Xiao <[email protected]>
Backport #22244. Fix #13485. Co-authored-by: delvh <[email protected]> Co-authored-by: Lauris BH <[email protected]> Co-authored-by: Lunny Xiao <[email protected]> Co-authored-by: delvh <[email protected]> Co-authored-by: Lauris BH <[email protected]> Co-authored-by: Lunny Xiao <[email protected]>
- Backport of #22229 - When the GPG key contains an error, such as an invalid signature or an email address that does not match the user.A page will be shown that says you must provide a signature for the token. - This page had two errors: one had the wrong translation key and the other tried to use an undefined variable [`.PaddedKeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/models/asymkey/gpg_key.go#L65-L72), which is a function implemented on the `GPGKey` struct, given that we don't have that, we use [`KeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/routers/web/user/setting/keys.go#L102) which is [the fingerprint of the publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString) and is a valid way for opengpg to refer to a key. <!-- Please check the following: 1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes. 2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md 3. Describe what your pull request does and which issue you're targeting (if any) -->
backport #22219 Since we changed the /api/v1/ routes to disallow session authentication we also removed their reliance on CSRF. However, we left the ReverseProxy authentication here - but this means that POSTs to the API are no longer protected by CSRF. Now, ReverseProxy authentication is a kind of session authentication, and is therefore inconsistent with the removal of session from the API. This PR proposes that we simply remove the ReverseProxy authentication from the API and therefore users of the API must explicitly use tokens or basic authentication. Replace #22077 Close #22221 Close #22077 Signed-off-by: Andrew Thornton <[email protected]> Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: zeripath <[email protected]>
- Followup for #22231 to follow the frontport.
Backport #22393 Signed-off-by: jolheiser <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.