Commit Graph

4479 Commits

Author SHA1 Message Date
wxiaoguang 01f736f68c
Remove duplicate option in admin screen and now-unused translation keys (#28492) (#30024)
Backport #28492
Fix #30019

Co-authored-by: The Magician <142242365+TheMagician23@users.noreply.github.com>
2024-03-23 15:56:19 +01:00
wxiaoguang 24c66c5096
Fix manual merge form and 404 page templates (#30000)
Partially backport #29985, fix some template errors.

* fix the manual-merge form
* fix the 404 page
2024-03-22 19:42:41 +08:00
Lunny Xiao 6ef986d474
Performance improvements for pull request list page (#29900) (#29972)
This PR will avoid load pullrequest.Issue twice in pull request list
page. It will reduce x times database queries for those WIP pull
requests.

Partially fix #29585
Backport #29900
2024-03-22 09:58:04 +08:00
wxiaoguang b9dd5dd471
Fix template error when comment review doesn't exist (#29888) (#29889)
Backport #29888
2024-03-19 15:00:01 +08:00
Lunny Xiao 440be51a45
Fix bug on template (#29887)
Caused by #29807
Fix #29886
2024-03-18 15:24:07 +00:00
Lunny Xiao 85f31eb643
Fix codeowner detected diff base branch to mergebase (#29783) (#29807)
Fix #29763
Backport #29783 

This PR fixes 2 problems with CodeOwner in the pull request.
- Don't use the pull request base branch but merge-base as a diff base
to detect the code owner.
- CodeOwner detection in fork repositories will be disabled because
almost all the fork repositories will not change CODEOWNERS files but it
should not be used on fork repositories' pull requests.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-17 02:40:06 +01:00
Giteabot 47dc4598a3
Fix `for` attribute not pointing to the ID of the color picker (#29813) (#29815)
Backport #29813 by @yardenshoham

It didn't include the word picker.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-03-15 13:33:46 +00:00
Giteabot e03cf66e8b
Fix missing translation on milestons (#29785) (#29789)
Backport #29785 by @lunny

Caused by #26569
Fix #29778

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-14 09:21:04 +01:00
wxiaoguang bb2640c485
Fix incorrect package link method calls in templates (#29580) (#29764)
Backport #29580
Fix #29562
Fix #29762
Follow  #29531
2024-03-13 19:43:31 +08:00
Giteabot 6124c78de0
Fix date rendering by adding `<gitea-absolute-date>` (#29725) (#29747)
Backport #29725 by @silverwind

Alternative to: https://github.com/go-gitea/gitea/pull/29698
Fixes: https://github.com/go-gitea/gitea/issues/29034

<img width="278" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/12ecd967-2723-410d-8a28-a1b0f41b7bba">

It also fixes a secondary issue that we were showing timestamp tooltips
over date, which makes no sense, so these are now gone as well:

<img width="284" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/a70432f3-97b6-41e6-b202-b53b76924a66">

Co-authored-by: silverwind <me@silverwind.io>
2024-03-13 01:04:58 +01:00
Giteabot 9db426ad8c
Fix wrong line number in code search result (#29260) (#29623)
Backport #29260 by @yp05327

Fix #29136

Before:
The result is a table and all line numbers are all in one row.

![image](https://github.com/go-gitea/gitea/assets/18380374/7a18b354-e257-4f57-a5ca-f6d37378edf6)

![image](https://github.com/go-gitea/gitea/assets/18380374/98416e11-89b5-4b4f-920b-91bcf041a87f)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/f189e436-9046-4431-926a-cd0deb58e8f1)

![image](https://github.com/go-gitea/gitea/assets/18380374/07d213ed-2401-4b7f-b951-5df7dc776af4)

~~Updated:~~
~~added `active` class to the target line.~~

![image](https://github.com/go-gitea/gitea/assets/18380374/0b274e48-048a-4c66-ba95-df515212ec08)

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-06 10:05:41 +01:00
wxiaoguang 4ef7e496b8
Add a trailing slash to dashboard links (#29555) (#29573)
Backport #29555
2024-03-04 13:50:55 +08:00
wxiaoguang 2b059f493e
Only use supported sort order for "explore/users" page (#29430) (#29443)
Backport #29430

Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.
2024-03-03 02:28:45 +00:00
Giteabot 971eab18fa
Fix incorrect redirection when creating a PR fails (#29537) (#29543)
Backport #29537 by wxiaoguang

This is only a quick fix to make it easier to backport.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-02 20:01:19 +00:00
Giteabot 401cc394d5
Fix incorrect subpath in links (#29535) (#29541)
Backport #29535 by wxiaoguang

* `$referenceUrl`: it is constructed by "Issue.Link", which already has
the "AppSubURL"
* `window.location.href`: AppSubURL could be empty string, so it needs
the trailing slash

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-02 12:26:54 +00:00
Giteabot 222f93822e
Fix URL calculation in clone input box (#29470) (#29473)
Backport #29470 by @silverwind

Ported the function as-is and added comments so we don't forget about
this in the future.

Fixes: https://github.com/go-gitea/gitea/issues/29462

Co-authored-by: silverwind <me@silverwind.io>
2024-02-28 15:25:53 +00:00
Lunny Xiao dc48eb070b
Fix template bug (#27581) (#29446)
Fix #29152
Backport #27581
2024-02-27 11:11:38 +00:00
Giteabot 83327e043a
Fix incorrect tree path value for patch editor (#29377) (#29421)
Backport #29377 by wxiaoguang

Regression of #18718. When submitting the form,
EditRepoFileForm.TreePath is marked as "Required", so the value can't be
empty. The value is not used by backend, so use a meaningful dummy value
for it.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-26 09:26:23 +00:00
Giteabot 0f35cb5a2a
Add missing space (#29393) (#29399)
Backport #29393 by @KN4CK3R

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-26 00:08:44 +08:00
Giteabot 0b3d6c399c
enforce maxlength in frontend (#29389) (#29396)
Backport #29389 by @zokkis

Set maxlength attribute in frontend

to long file-name

![image](https://github.com/go-gitea/gitea/assets/72873130/15111614-55ab-4583-acb2-15c25997601d)

![image](https://github.com/go-gitea/gitea/assets/72873130/4105ddd8-4973-4da8-b3ab-4cfae1b45554)
(same for branch-name and commit-summary)

Co-authored-by: Tim-Niclas Oelschläger <72873130+zokkis@users.noreply.github.com>
2024-02-25 14:56:44 +00:00
Lunny Xiao 5043ad54c7
Fix project counter in organization/individual profile (#28068) (#29361)
Fix #28052
Backport #28068 
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558)

![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a)

![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d)

Co-authored-by: yp05327 <576951401@qq.com>
2024-02-24 07:58:43 +00:00
6543 4435d8a4b6
Fix XSS vulnerabilities (#29336)
- The Wiki page did not sanitize author name
- the reviewer name on a "dismiss review" comment is also affected
- the migration page has some spots

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: jolheiser <john.olheiser@gmail.com>
2024-02-22 23:37:21 +01:00
Zettat123 e940443b27
Do not show delete button when time tracker is disabled (#29257) (#29279)
Backport #29257 
Fix #29233

The delete button of time logs won't be shown when the time tracker is
disabled.
 

![image](https://github.com/go-gitea/gitea/assets/15528715/5cc4e0c9-d2f9-4b8f-a2f5-fe202b94c191)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-20 09:11:01 +00:00
Markus Amshove 78f41e4fc4
Disallow merge when required checked are missing (#29143) (#29268)
backport #29143

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-19 20:48:17 +00:00
Tim-Nicas Oelschläger 39735c43a8
Convert visibility to number (#29226) (#29244)
Backport #29226

Don't throw error while creating user (Fixes #29218)

---

The backport info from Giteabot
https://github.com/go-gitea/gitea/pull/29226#issuecomment-1951341322
needs to specify the version, because the default is v1.18
2024-02-18 18:51:00 +00:00
silverwind 8cd83ff391
Rework spellchecking, add lint-spell (#29112)
Backport clean cherry-picks of
9c39f8515f
and
c7a21cbb0c
onto 1.21.

- Use maintained fork https://github.com/golangci/misspell
- Rename `mispell-check` to `lint-spell`, add `lint-spell-fix`
- Run `lint-spell` in separate actions step
- Lint more files, fix discovered issues
- Remove inaccurate and outdated info in docs (we do not need GOPATH for
tools anymore)

Maybe later we can add more spellchecking tools, but I have not found
any good ones yet.
2024-02-16 02:42:26 +00:00
Giteabot c9b2aaed0e
Improve user experience for outdated comments (#29050) (#29086)
Backport #29050 by wxiaoguang

Try to improve #28949

1. Make `ctx.Data["ShowOutdatedComments"] = true` by default: it brings
consistent user experience, and sometimes the "outdated (source
changed)" comments are still valuable.
2. Show a friendly message if the comment won't show, then the end users
won't fell that "the comment disappears" (it is the special case when
`ShowOutdatedComments = false`)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-08 10:29:54 +08:00
Giteabot 7ed79b748f
Hide code links on release page if user cannot read code (#29064) (#29066)
Backport #29064 by @wolfogre

On the release list page, if the user doesn't have the permission to
read code, the code links will lead to 404 pages or api errors:

<img width="1297" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/a74fbc63-6dd6-43c6-853c-28acdbfdcb4e">


After this PR:

<img width="1297" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/a626373d-c2df-40a9-8fed-1b12ff6bc56f">

And this PR also removed some dead code. After #23465, the tag list page
has an independent template, and all `IsTag` in the release list
template are always false.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-02-06 21:36:56 +08:00
Giteabot 5ac41026f9
Wrap contained tags and branches again (#29021) (#29026)
Backport #29021 by @delvh

Fixes #29016

## After


![grafik](https://github.com/go-gitea/gitea/assets/51889757/2c72ee8f-439e-4328-85df-77772e0f4aef)

Co-authored-by: delvh <dev.lh@web.de>
2024-02-02 16:05:47 +08:00
Giteabot 333d02ddfd
Fix incorrect button CSS usages (#29015) (#29023)
Backport #29015 by @wxiaoguang

Fix 2 problems:

1. Remove the legacy (non-existing) CSS: `class="btn btn-gray
btn-radius"`
2. Remove the button styles inside the `ui message`, according to:
https://fomantic-ui.com/collections/message.html , the button shouldn't
have any border/padding.

### Before


![image](https://github.com/go-gitea/gitea/assets/2114189/4c7e98e2-4e8a-493f-9b7e-446a365066a1)



![image](https://github.com/go-gitea/gitea/assets/2114189/05221251-7a79-4c96-8973-fb4588275672)

### After



![image](https://github.com/go-gitea/gitea/assets/2114189/8bc3edbc-42a6-40bd-85fd-de40e94841d4)


![image](https://github.com/go-gitea/gitea/assets/2114189/93f69143-d835-437c-b5eb-0f6dddde97a1)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-02 01:10:23 +01:00
Giteabot b8e6cffd31
Preserve BOM in web editor (#28935) (#28959)
Backport #28935 by @silverwind

The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.

Co-authored-by: silverwind <me@silverwind.io>
2024-01-27 23:23:31 +01:00
Jimmy Praet 9210ce4045
Don't reload timeline page when (un)resolving or replying conversation (#28654) (#28917)
Backport #28654
Fixes #15981
2024-01-24 20:09:48 +01:00
Giteabot d590607106
Render code block in activity tab (#28816) (#28818)
Backport #28816 by @JakobDev

This is a little bugfix. Inline code is usually rendered in issue
titles, but it is missing in the activity tab.

Before:
![Screenshot 2024-01-16 at 14-20-51
Test](https://github.com/go-gitea/gitea/assets/15185051/383370f3-0fb2-49de-81cc-014e5cf86727)
After:

![grafik](https://github.com/go-gitea/gitea/assets/15185051/83eaf973-ce9a-44ce-beea-2db49fc8bd73)

Co-authored-by: JakobDev <jakobdev@gmx.de>
2024-01-17 01:35:26 +01:00
KN4CK3R 022552d5b6
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R


![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>
2024-01-16 02:13:29 +00:00
Giteabot 376fa0d8c4
Forbid removing the last admin user (#28337) (#28793)
Backport #28337 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-16 01:51:46 +00:00
Giteabot be541d9877
Fix links in issue card (#28806) (#28807)
Backport #28806 by @denyskon

Fixes_
https://github.com/go-gitea/gitea/issues/23318#issuecomment-1611086747

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
2024-01-16 09:30:07 +08:00
Giteabot 2a0fbe23b8
Fix button size in "attached header right" (#28770) (#28774)
Backport #28770 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-12 15:04:19 +00:00
Giteabot 5e9fd0ab5e
Hide code related setting options in repository when code unit is disabled (#28631) (#28749)
Backport #28631 by @lunny

Since #20805, code can be hidden.
However, the related settings are still shown even though they don't
have any meaning then.


https://github.com/go-gitea/gitea/assets/81045/5fdee54d-ac81-418a-82f7-eadff048cedd

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-11 04:31:24 +00:00
Giteabot 12f418a7e8
Add download attribute to release attachments (#28739) (#28740)
Backport #28739 by @JakobDev

Fixes #28736

Co-authored-by: JakobDev <jakobdev@gmx.de>
2024-01-09 21:18:13 +08:00
Giteabot 2399b4d483
Avoid unnecessary 500 panic when a commit doesn't exist (#28719) (#28721)
Backport #28719 by wxiaoguang

In #26851, it assumed that `Commit` always exists when
`PageIsDiff==true`.

But for a 404 page, the `Commit` doesn't exist, so the following code
would cause panic because nil value can't be passed as string parameter
to `IsMultilineCommitMessage(string)` (or the StringUtils.Cut in later
PRs)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-07 10:40:30 +00:00
wxiaoguang 83457805bb
Make template `DateTime` show proper tooltip (#28677) (#28683)
Backport #28677
2024-01-03 18:41:03 +08:00
Giteabot 373e78895e
switch destination directory for apt signing keys (#28639) (#28642)
Backport #28639 by @denyskon

According to [Debian
docs](https://wiki.debian.org/DebianRepository/UseThirdParty):

> The certificate MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded
by apt-key add.
> ...
> If future updates to the certificate will be managed by an apt/dpkg
package as recommended below, then it SHOULD be downloaded into
/usr/share/keyrings using the same filename that will be provided by the
package. If it will be managed locally , it SHOULD be downloaded into
/etc/apt/keyrings instead.
> ...
> A sources.list entry SHOULD have the signed-by option set.

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
2023-12-29 05:44:47 +00:00
Giteabot 564068aa99
Fix wrong due date rendering in issue list page (#28588) (#28591)
Backport #28588 by @yardenshoham

It included the hours, minutes, and seconds. By removing these, the date
renders correctly.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-12-22 17:25:43 +00:00
Giteabot acc8100d47
Fix 500 error of searching commits (#28576) (#28579)
Backport #28576 by wxiaoguang

Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.

Fix #28575

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-22 02:29:28 +00:00
Giteabot 932e282e15
Fix duplicate ID when deleting repo (#28520) (#28528)
Backport #28520 by @framitdavid


There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.

I am submitting these pull requests to ensure that the correct input
field is focused when the user clicks on the label. This change will
also facilitate the writing of tests using Playwright or Testing Library
to retrieve elements based on roles. This PR will also improve
acessibility of this area.

Co-authored-by: David Øvrelid <46874830+framitdavid@users.noreply.github.com>
2023-12-19 16:40:03 +08:00
Giteabot 411310d698
chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
Backport #28491 by @appleboy

- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 11:14:06 +08:00
Giteabot 4462628a26
Improve the prompt for "ssh-keygen sign" (#28509) (#28510)
Backport #28509 by wxiaoguang

Close #28505

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-18 15:25:52 +00:00
wxiaoguang a3f403f438
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149
2023-12-18 12:20:37 +08:00
Giteabot f144521aea
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 13:45:00 +08:00
Giteabot b56a9f6ded
Fix margin in server signed signature verification view (#28379) (#28381)
Backport #28379 by @lafriks

Before:

![image](https://github.com/go-gitea/gitea/assets/165205/e2e2256d-03c5-4ab8-8ed9-08ef68571a43)

After:

![image](https://github.com/go-gitea/gitea/assets/165205/804132ef-18f9-4ab8-949d-f6c71e7f4d24)

Co-authored-by: Lauris BH <lauris@nix.lv>
2023-12-07 10:37:12 +08:00