(cherry picked from commit 6d910daafb)
(cherry picked from commit d447861cc9)
(cherry picked from commit dc6e9d8799)
(cherry picked from commit ef232fa20c)
(cherry picked from commit 290c55517a)
(cherry picked from commit db48af1784)
(cherry picked from commit 85f33237a2)
(cherry picked from commit 76899ee33e)
(cherry picked from commit 148b3ee9cb)
(cherry picked from commit 1f6ad8f465)
(cherry picked from commit c330afdba3)
(cherry picked from commit b1f87075a7)
(cherry picked from commit 7da40992cc)
(cherry picked from commit 7ab19ff5e5)
(cherry picked from commit e61e44921b)
(cherry picked from commit 83646119fb)
(cherry picked from commit 20cf748e61)
(cherry picked from commit 0a99919cec)
(cherry picked from commit 21215222a6)
(cherry picked from commit 0f6c5658d7)
(cherry picked from commit 1752e43d3c)
(cherry picked from commit 2332080929)
(cherry picked from commit 590aabf2a2)
(cherry picked from commit 87d8b7b315c3e25bd3fcf9dc9c1d359bcd107281)
(cherry picked from commit ff37de38be)
(cherry picked from commit cee32c9e7a)
(cherry picked from commit 39faade524)
(cherry picked from commit 0e5ca477b6)
(cherry picked from commit 70e2730f7b)
(cherry picked from commit 2ad4003944)
(cherry picked from commit 2429de9e87)
(cherry picked from commit c133915fc1)
(cherry picked from commit c607dcaf9f)
(cherry picked from commit 00f006637f)
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request
changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248
(cherry picked from commit 1741a5f1fe)
---------
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Fixes #27598
In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
Closes #27455
> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
>
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.
The PR removes the now obsolete setting `COOKIE_USERNAME`.
1. `make build` fails because `||` and `&&` have the same precedence in
sh/bash, so the `false` command always evaluated (leading to an error).
```
+ which gmake /usr/local/bin/gmake
+ false
*** Failed target: .BEGIN
*** Failed command: which "gmake" || printf "Error: GNU Make is
required!\n\n" 1>&2 && false
*** Error code 1
```
2. When `GPREFIX` is set to an empty string with quotation marks,
`gmake` mistakenly thinks that it's a file name:
``` gmake: *** empty string invalid as file name. Stop. ```
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
---------
Co-authored-by: Giteabot <teabot@gitea.io>
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
(cherry picked from commit fd34fdac14)
---------
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>
Fix #27541
The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
Follow #27354
Major changes:
1. The `right aligned` in `<th class="one wide right aligned">` is a
no-op because it doesn't have any content
2. The `gt-df` in `<td class="sha gt-df">` was wrong, it causes UI
misalignment, a table cell shouldn't be "flex"
3. Use `gt-py-0` for `gt-pt-0 gt-pb-0`
4. Simplify the layout for buttons, because the `text right aligned` is
widely used and good enough, it doesn't make sense to introduce the
`<div class="gt-df gt-je">`
5. Escape the `$.FileName` correctly
Before:
![image](https://github.com/go-gitea/gitea/assets/2114189/eb2ced3f-1dad-4149-9ed2-aee4c0663621)
After:
![image](https://github.com/go-gitea/gitea/assets/2114189/08244b61-416b-4279-b495-029bc0a96f67)
This script was trying to be too smart, make it more straightforward and
less error-prone so that i could be used by the backport bot too
ideally.
- Always delete the backport branch so that script is idempotent in this
regard
- Remove the push functionality, it's best done by the user because only
they know the remote name
- Remove reading docs/config.yaml, it no longer exists
- Remove version detection, version is now a required argument
- Remove opening the pull request with xdg-open, xdg-open is not
portable
- Remove continue from failed cherry pick. It's best to reset manually
in this case
- Clean up the console logging
Example run:
```
$ go run ./contrib/backport --version v1.21 27503
* Backporting 27503 to origin/release/v1.21 as backport-27503-v1.21
* `git fetch origin main`
* `git fetch origin release/v1.21`
* `git branch -D backport-27503-v1.21`
* `git checkout -b backport-27503-v1.21 origin/release/v1.21`
* Attempting git cherry-pick 08efeb5cdc
* Amending commit to prepend `Backport #27503` to body
Backport done! You can now push it with `git push yourremote backport-27503-v1.21`
```
---------
Co-authored-by: delvh <dev.lh@web.de>