Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-30 05:46:09 +01:00
Commit graph

18964 commits

Author SHA1 Message Date
silverwind 9934931f1f
[PORT] gitea##30237: Fix and rewrite contrast color calculation, fix project-related bugs
1. The previous color contrast calculation function was incorrect at
least for the `#84b6eb` where it output low-contrast white instead of
black. I've rewritten these functions now to accept hex colors and to
match GitHub's calculation and to output pure white/black for maximum
contrast. Before and after:
<img width="94" alt="Screenshot 2024-04-02 at 01 53 46"
src="https://github.com/go-gitea/gitea/assets/115237/00b39e15-a377-4458-95cf-ceec74b78228"><img
width="90" alt="Screenshot 2024-04-02 at 01 51 30"
src="https://github.com/go-gitea/gitea/assets/115237/1677067a-8d8f-47eb-82c0-76330deeb775">

2. Fix project-related issues:

- Expose the new `ContrastColor` function as template helper and use it
for project cards, replacing the previous JS solution which eliminates a
flash of wrong color on page load.
- Fix a bug where if editing a project title, the counter would get
lost.
- Move `rgbToHex` function to color utils.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>

---
Conflict resolution: Trivial.
(cherry picked from commit 36887ed3921d03f1864360c95bd2ecf853bfbe72)
(cherry picked from commit f6c0c39f1a)
2024-05-14 15:50:47 +02:00
Yarden Shoham c6d2c18052
Remove jQuery class from the project page (#30183)
- Switched from jQuery class functions to plain JavaScript `classList`
- Tested the edit column modal functionality and it works as before

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit b535c6ca7b9e8c4bcf5637091ee5ad6d9c807c31)
(cherry picked from commit 702f112602)
2024-05-14 15:50:31 +02:00
Giteabot 8f8d85da47
Fix wrong transfer hint (#30889) (#30900)
Backport #30889 by @lunny

Fix #30187

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 271e8748a2035ebc836cc2d1e03f4e68b063697e)
2024-05-14 15:45:03 +02:00
Lunny Xiao 7e81775184
Move database operations of merging a pull request to post receive hook and add a transaction (#30805)
Merging PR may fail because of various problems. The pull request may
have a dirty state because there is no transaction when merging a pull
request. ref
https://github.com/go-gitea/gitea/pull/25741#issuecomment-2074126393

This PR moves all database update operations to post-receive handler for
merging a pull request and having a database transaction. That means if
database operations fail, then the git merging will fail, the git client
will get a fail result.

There are already many tests for pull request merging, so we don't need
to add a new one.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ebf0c969403d91ed80745ff5bd7dfbdb08174fc7)

Conflicts:
	modules/private/hook.go
	routers/private/hook_post_receive.go
	trivial conflicts because
	  263a716cb5 * Performance optimization for git push (#30104)
	was not cherry-picked and because of
	  998a431747 Do not update PRs based on events that happened before they existed
(cherry picked from commit eb792d9f8a)

(cherry picked from commit ec3f5f9992d7ff8250c044a4467524d53bd50210)
2024-05-14 15:37:32 +02:00
6543 99bd29f02f
Repository explore alphabetically order respect owner name (#30882)
similar to #30784 but only for the repo explore page

is covered by #30876 for the main branch

(cherry picked from commit d410e2acce22e5b3518a9bf64a9152b32a91fe18)
2024-05-14 15:31:36 +02:00
Giteabot e5f9482745
Fix missing migrate actions artifacts (#30874) (#30886)
Backport #30874 by @lunny

The actions artifacts should be able to be migrate to the new storage
place.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 216c8eada3c0727288dc5565ae9fdd798b17c463)
2024-05-14 15:31:14 +02:00
Giteabot 220594bacc
Make "sync branch" also sync object format and add tests (#30878) (#30880)
Backport #30878 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ad5a8d043c6818c0c496ebae2f5ea9373219bcd6)
2024-05-14 15:28:38 +02:00
Giteabot 1582b1e83a
Get repo list with OrderBy alpha should respect owner too (#30784) (#30875)
Backport #30784 by @6543

instead of:
- zowner/gcode
- awesome/nul
- zowner/nul
- zowner/zzz

we will get:
- awesome/nul
- zowner/gcode
- zowner/nul
- zowner/zzz

Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit cfe6779d4eb2f3869357768fe58863642f79c5a9)
2024-05-14 15:27:25 +02:00
Giteabot dbecdd2be2
Have time.js use UTC-related getters/setters (#30857) (#30869)
Backport #30857 by kemzeb

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Co-authored-by: Sam Fisher <fisher@3echelon.local>
(cherry picked from commit 2252a7bf84c26aee0dfa1b1b826dba148f507a3a)
2024-05-14 15:25:52 +02:00
Earl Warren 98afc8fcdb Merge pull request '[v7.0/forgejo] Expand code diffs against the commits repo' (#3767) from bp-v7.0/forgejo-220c3fe into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3767
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 12:42:18 +00:00
0ko 679010f079 Merge pull request '[v7.0/forgejo] Translation updates from Weblate' (#3749) from bp-v7.0/forgejo-61643a6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3749
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 12:20:19 +00:00
forgejo-backport-action 0dc681ed13 [v7.0/forgejo] Improve translatability of "Transfer ownership" (#3750)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3739

This text can have different forms in other languages depending on context.

The commit also contains a change to .editorconfig to prevent EoF changes when mass-replacing strings, as that causes unintentional merge conflicts with Weblate.

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3750
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-14 12:14:36 +00:00
Gergely Nagy dc13eecc04 Expand code diffs against the commits repo
When expanding code diffs, the expansion should search for more context
in the commits repo, rather than in the repo in context, because the
commit may not be available in the base repo. For example, when
previewing a pull request, the commit is not in the target repo yet -
it's in the fork.

Fixes #3746.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 220c3fe3b3)
2024-05-14 12:06:44 +00:00
Earl Warren 8a8718be4d Merge pull request '[v7.0/forgejo] Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)' (#3751) from bp-v7.0/forgejo-337f4f9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3751
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 10:55:07 +00:00
Gergely Nagy 50ac410e35
[backport]: backport applyElemsCallback
Lifted out from 1983226581.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-14 08:39:59 +02:00
wxiaoguang cbdf32126f
Refactor and fix archive link bug (#30535)
Regression of #29920
Fixes: #30569

Also this is a rewriting to eliminate the remaining jQuery usages from code.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d0e07083559180b124a08359fcc72f9ef695e723)

Conflicts:
	- web_src/js/features/repo-common.js
	  Conflict resolved in favour of Gitea.
2024-05-14 08:34:46 +02:00
Beowulf 1f08add260
Replace reply with a forked version to fix the cut-off of the incoming mail text (#3747)
replace reply with forgejos forked version

If plain text is selected as the message format in e.g. Apple Mail, the inline attachments are no longer at the end of the mail, but instead directly where they are in the mail. When parsing the mail, these inline attachments are replaced by "--". The new reply version no longer cuts the text at the first "--".

Tests for this are present in reply (7dc5750c6d).

Fixes https://codeberg.org/forgejo/forgejo/issues/3496#issuecomment-1798416

---

Additionally, I reduced the allocations for the inline attachments.
2024-05-13 23:51:40 +02:00
Earl Warren 8b86b6f1a0 Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)
In
  801792e4dc Rename Str2html to SanitizeHTML and clarify its behavior (followup)
the replacement was incorrect because
  c9d0e63c20  Remove unnecessary "Str2html" modifier from templates
was not applied and Str2html should have not been present in the first
place.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3554
(cherry picked from commit 337f4f9d87)
2024-05-13 18:38:48 +00:00
0ko 564183bbbd Translation updates from Weblate (#3748)
This is not the usual Weblate PR. I did not reset Weblate after squash-merging https://codeberg.org/forgejo/forgejo/pulls/3637, so Weblate failed to rebase and locked. These are manually cherry-picked commits that Weblate produced after that PR was merged. We need to squash-merge them too before resetting Weblate, so the new translations don't get lost.

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Cwpute <Cwpute@users.noreply.translate.codeberg.org>
Co-authored-by: Mylloon <Mylloon@users.noreply.translate.codeberg.org>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: owofied <furry@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3748
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
(cherry picked from commit 61643a698c)
2024-05-13 18:18:32 +00:00
Earl Warren 9d6974d1f8 Merge pull request '[v7.0/forgejo] [I18N] Translations update from Weblate' (#3740) from bp-v7.0/forgejo-010cccd into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3740
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-13 12:45:16 +00:00
Codeberg Translate 92867c76a7 [I18N] Translations update from Weblate (#3637)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Co-authored-by: Kaede Fujisaki <ledyba@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: kdh8219 <kdh8219@monamo.dev>
Co-authored-by: enricpineda <enricpineda@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: nmmr <nmmr@users.noreply.translate.codeberg.org>
Co-authored-by: VioletLul <VioletLul@users.noreply.translate.codeberg.org>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Dirk <Dirk@users.noreply.translate.codeberg.org>
Co-authored-by: Nifou <Nifou@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: yeziruo <yeziruo@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3637
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
(cherry picked from commit 010cccd33e)
2024-05-13 11:55:57 +00:00
Earl Warren 186cb13b26 Merge pull request 'Port "Fix project name wrapping, remove horizontal margin on header"' (#3730) from 0ko/forgejo:wrappp into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3730
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-12 13:46:38 +00:00
0ko 9673355bf3 Port "Fix project name wrapping, remove horizontal margin on header"
Port of 370b1bdb37.
2024-05-12 17:37:36 +05:00
Earl Warren 0bba3e2158 Merge pull request '[v7.0/forgejo] Add class tw-break-anywhere' (#3720) from bp-v7.0/forgejo-b45fbe1 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3720
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-12 10:48:49 +00:00
0ko 6334a48043 Add class tw-break-anywhere
very partial port of 9946353282 (diff-38f10be6b48c74bcacbf9f6e15cc8582a45b7a6cbd1cdd8efec8e592575290c5) to fix a few picked areas where lack of it causes bugs.

(cherry picked from commit b45fbe1dcc)
2024-05-11 18:13:28 +00:00
Earl Warren ba1f73f550 Merge pull request '[v7.0/forgejo] templates: Be more forgiving about missing package metadata' (#3705) from bp-v7.0/forgejo-ac4d535 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3705
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-10 18:47:36 +00:00
Gergely Nagy 00cfe9aef9 templates: Be more forgiving about missing package metadata
When rendering templates for packages, be more forgiving about missing
metadata. For some repository types - like maven - metadata is uploaded
separately. If that upload fails, or does not happen, there will be no
metadata.

In that case, Forgejo should handle it gracefully, and render as much of
the information as possible, without erroring out. Rendering without
metadata allows one to delete a partial package, while if we throw
errors, that becomes a whole lot harder.

This patch adjusts the generic metadata template, and also the maven
template. There may be more cases of the same problem lying around.

Fixes #3663.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ac4d535dbf)
2024-05-10 18:10:25 +00:00
Earl Warren d8fda28dfc Merge pull request '[v7.0/forgejo] Fix some 7.0 missing variables' (#3688) from bp-v7.0/forgejo-0dc35c9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3688
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 19:30:27 +00:00
Earl Warren 7afee47817 Merge pull request '[v7.0/forgejo] Teach activities.GetFeeds() how to avoid returning duplicates' (#3687) from bp-v7.0/forgejo-9cb2aa9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3687
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 19:29:39 +00:00
0ko 887c050ea3 [THEME] Fix some 7.0 missing variables
(cherry picked from commit 0dc35c9df9)
2024-05-09 18:52:33 +00:00
Gergely Nagy 9ba48419ba Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9cb2aa989a)
2024-05-09 18:37:30 +00:00
Earl Warren 283b678146 Merge pull request '[v7.0/forgejo] Fix an incorrect form submission in repo-issue.js' (#3677) from bp-v7.0/forgejo-f4dd53d into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3677
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-08 21:49:06 +00:00
Gergely Nagy b6be9fb901 Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f4dd53d79d)
2024-05-08 21:16:08 +00:00
Earl Warren 767d292c83 Merge pull request '[v7.0/forgejo] Cumulative English improvements (May 2024)' (#3674) from bp-v7.0/forgejo-b11eddf into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3674
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 19:16:24 +00:00
0ko 8d3c6251a7 [I18N] English improvements (May 2024)
- `editor.commit_id_not_matching` was reported by https://codeberg.org/kita. I confirmed the meaning on next.forgejo.org.
- `additional_repo_units_hint` was suggested by https://codeberg.org/leana8959.

(cherry picked from commit b11eddfaa8)
2024-05-08 17:09:24 +00:00
Earl Warren 94ce24cf92 Merge pull request '[v7.0/forgejo] fix(security): CVE-2024-24788 malformed DNS message' (#3673) from bp-v7.0/forgejo-f3045f0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3673
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:02:19 +00:00
Earl Warren 696ed328fb fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
(cherry picked from commit f3045f0519)
2024-05-08 14:47:59 +00:00
Earl Warren dd3487dbbf Merge pull request '[v1.22/gitea] week 2024-19 cherry pick v7.0' (#3659) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3659
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:48:50 +00:00
Earl Warren 18249e58be Merge pull request '[v7.0/forgejo] Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed' (#3660) from earl-warren/forgejo:wip-v7.0-chi-binding into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3660
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-07 08:56:40 +00:00
Earl Warren f8a3482cdb
Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed
(cherry picked from commit 58bf120eba)

Conflicts: trivial context conflicts
2024-05-07 08:35:25 +01:00
yp05327 da993b09ad
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 6a4bc0289d)
2024-05-07 08:21:38 +01:00
Kemal Zebari 6ae15bc15e
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
(cherry picked from commit e388822e9d)
2024-05-07 08:17:35 +01:00
Giteabot f30c648037
Ignore useless error message "broken pipe" (#30801) (#30842)
Backport #30801 by wxiaoguang

Fix #30792

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ab2ef1ae49bc5e81d0debac85aee687a64fde8b3)
2024-05-07 08:15:36 +01:00
Giteabot 248a5b8d7a
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6d83f5eddc0f394f6386e80b86a3221f6f4925ff)
2024-05-07 08:14:22 +01:00
Kemal Zebari 5678e9ab20
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 9cd0441cd3)
2024-05-07 08:12:34 +01:00
silverwind a7124df0c5
Add hover outline to heatmap squares (#30828)
Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

(cherry picked from commit 6f89d5e3a0886d02ead732005f593ae003f78f78)
2024-05-07 08:09:44 +01:00
wxiaoguang abf40ee957
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
(cherry picked from commit 4e35e5b8ae)
2024-05-07 07:59:45 +01:00
Earl Warren 7be345f88e Merge pull request '[v7.0/forgejo] Improve repo filter names' (#3641) from bp-v7.0/forgejo-82f7308 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3641
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-05 14:49:03 +00:00
0ko 8b1d84797f [I18N] Improve repo filter names
(cherry picked from commit 82f7308e1b)
2024-05-05 12:15:56 +00:00
Earl Warren ba0ed5823c Merge pull request '[UI] Fix commit messages breaking out of event history' (#3640) from 0ko/forgejo:ui-fix-break-out into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3640
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:12:09 +00:00