Set the context for CreateArchive to that of the request to ensure that archives
are only built for as long as a request is requesting them
Fix #11551
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Escape more things that are passed through str2html
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Bloody editors!
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update routers/user/oauth.go
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Turns out text ellispsis does not work in combination with flexbox and
while wrapping in a display:block can help in some cases, I could not
get this to work properly so this changes the truncate to inline-block
again and reduces the clickable area to just vertical expansion from the
links.
When adding Avatar email-hash pairs we simply want the DB table to
represent a Set. We don't care if the hash-pair is already present,
so we just simply Insert and ignore the error.
Unfortunately this seems to cause some DBs to log the duplicate
insert to their logs - looking like a bug a in Gitea.
Now, there is no standard way in SQL to say Insert but if there's
an error ignore it. MySQL has INSERT IGNORE, PostgreSQL >= 9.5 has
INSERT ... ON CONFLICT DO NOTHING, but I do not believe that SQLite
or MSSQL have variants.
This PR places the insert in a transaction which we are happy to fail
if there is an error - hopefully this will stop the unnecessary
logging.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update JWT docs in example config
align with way we have `LFS_JWT_SECRET` in config
Fix #12590
* Update custom/conf/app.example.ini
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Add cron running API
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
* placate-swagger
Signed-off-by: Andrew Thornton <art27@cantab.net>
* return not found
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
- Fix emoji not being replaced in issue title change text
- Make the image attributes consistent, add alt, remove align
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Make it easier to edit deeply nested code. I plan to convert Less to
2-space so that we have standardized indentation width in the codebase.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
- Remove overly thin font-width on counter
- Add hover effect on reaction picker
- Change colors on arc-green to green to match the theme
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
signing.wont_sign.%!s(<nil>) will be displayed if the repository needs signed
commits but the user is not logged in.
This is displayed because of complicated logic in the the template repo/issue/view_content/pull.tmpl
and a shortcut in the code of routers/repo/issue.go
This PR adds a default value of notsignedin if users are not signed in, which
although our templates will not show will prevent custom templates from showing
the above.
It also fixes the template to avoid showing signing errors if the user is not
authorized to sign.
Replaces #12564
Close #12564
Signed-off-by: Andrew Thornton <art27@cantab.net>
TestToUTF8WithFallback is the cause of recurrent spurious test failures
even despite code to set the detected charset order.
The reason why this happens is because the preferred detected charset order
is not being initialised for these tests.
This PR simply ensures that this is set at the start of each test and would
allow different tests to be written to allow differing orders.
Replaces #12571
Close #12571
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix diff path unquoting
services/gitdiff/gitdiff.go whereby there it assumed that the path would
always be quoted on both sides
This PR simplifies the code here and uses fmt.Fscanf to parse the
strings as necessary.
Fix #12546
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add testcase as per @mrsdizzie
Signed-off-by: Andrew Thornton <art27@cantab.net>
MySQL in its infinite wisdom determines that UTF8 does not
mean UTF8. Our install scripts know about this and will set
CHARSET to utf8mb4 if we users choose this but... users who
do not explicitly set this variable will default to utf8mb3
without knowing it.
This PR changes the unset CHARSET value to utf8mb4 if users
choose to use mysql.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Skip SSPI authentication attempts for /api/internal
SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.
Fix #11260
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update oauth2.go
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* hide: 'New Project board' button
* there is no reason to show the button for users that are not signed in
* update template: specifies the condition together with another one
as per lafriks' suggestion in the comment
* chore: add proper user authorization check
* chore: also hide button if repo is archived
* chore: show project board edit/delete menu to authorized users only
* chore: drop the redundant IsSigned check
* CanWriteIssues and CanWritePulls implies (and requires) signed in user
* Add CanWriteProjects and properly assert permissions
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
- Emit static string for licenses.txt during development for faster builds
- Manually add @primer/octicons to licenses.txt because it's never
directy imported.
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Disable password complexity check default
These features enourange bad passwords/are annoying for people using better password methods, and at minimum we shouldn't force that as a default for obvious reasons. Disable any default check to avoid regular complaints.
* fix copy paste format
* Prevent NPE on commenting on lines with invalidated comments
Only check for a review if we are replying to a previous review.
Prevent the NPE in #12239 by assuming that a comment without a Review is
non-pending.
Fix #12239
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add hack around to show the broken comments
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add migration and remove template hacks
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove double indirect in NewColoredIDValue
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle forced-update in mirror.go
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add tracing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* As per @lafriks
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use Node 14 on CI
Node 14 is sufficiently stable now, use it on CI.
* also run build on node 14
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>