* Fixed deadlock in CreateComment
* Fix possible deadlock in UpdateIssueDeadline from createDeadlineComment
* Ensure that calls to IsTimeTracker enabled are called within session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that calls to reactionList are also called within session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure all calls in NewPullRequest with the session are called within the session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Deal with potential deadlocks in repo
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that isStaring is checked within our transaction
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix mistake in isOrganizationMember
Sorry.
* Do not display the raw OpenID error in the UI
If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.
Fix #4973
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update auth_openid.go
Place error log within the `err != nil` branch.
* add migration and basic UI for changing a user's theme
* update user themem
* use right text on button
* load theme based on users' selection
* load theme based on users' selection in pwa too
* update sample config
* delete older theme loading
* implement AfterLoad to set users' theme properly
* set up default theme when creating a user. This uses the installation wide theme
* use flash messages for error
* set default theme when creating a user from the cli
* fix @lunny review
* Fix sqlite deadlock when assigning to a PR
Fix 5639
Signed-off-by: Andrew Thornton <art27@cantab.net>
* More possible deadlocks found and fixed
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add changelog for 1.6.3 and 1.7.0-rc2
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing point for 1.6.3
Signed-off-by: Jonas Franz <info@jonasfranz.software>
[https-setup]
- Made it clearer that HTTP redirection is possible
[config-cheat-sheet]
- Clarified the behavihour of the redirection-related config keys
* Add changelog for 1.7.0-rc1
* Change position of refactoring of heatmap
* Refactoring some items in changelog
* Fix wrong PR title in changelog
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Remove backported PRs
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix wrong date
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add new PR to list
* Security fixes have been backported