* Do not display the raw OpenID error in the UI
If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.
Fix #4973
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update auth_openid.go
Place error log within the `err != nil` branch.
* add migration and basic UI for changing a user's theme
* update user themem
* use right text on button
* load theme based on users' selection
* load theme based on users' selection in pwa too
* update sample config
* delete older theme loading
* implement AfterLoad to set users' theme properly
* set up default theme when creating a user. This uses the installation wide theme
* use flash messages for error
* set default theme when creating a user from the cli
* fix @lunny review
* Fix sqlite deadlock when assigning to a PR
Fix 5639
Signed-off-by: Andrew Thornton <art27@cantab.net>
* More possible deadlocks found and fixed
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add changelog for 1.6.3 and 1.7.0-rc2
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing point for 1.6.3
Signed-off-by: Jonas Franz <info@jonasfranz.software>
[https-setup]
- Made it clearer that HTTP redirection is possible
[config-cheat-sheet]
- Clarified the behavihour of the redirection-related config keys
* Add changelog for 1.7.0-rc1
* Change position of refactoring of heatmap
* Refactoring some items in changelog
* Fix wrong PR title in changelog
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Remove backported PRs
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix wrong date
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add new PR to list
* Security fixes have been backported
* comments: Fix an incorrent DOM element selection.
This commit fixes a bug that was causing text from previously edited
comment to get saved when two comments were edited one after other.
Text area with id of `#content` isn't unique on the page but it was
being treated as unique by the event handling code.
Fixes: #5581.
* templates: Remove `id` from textarea in commit edit form.
An element is assigned an `id` only if it is unique for the whole page
but in this case there can be multiple textarea so it should have one.