Backport #27592 by @JakobDev
If you set a checkbox as required in a issue form at the moment, the
checkbox is checked and read only, what does not make much sense. With
this PR, the Checkbox actually needs to be checked. The label supports
now also Markdown. This matches GitHub's behaviour.
And yes, I know the CSS is a ugly workaround. It looks like the given
CSS code is part Fomantic and I don't know how to change that. The
Maintainers are free to change that.
![grafik](https://github.com/go-gitea/gitea/assets/15185051/3f35be75-b0b4-42a7-9048-a4970384a035)
Co-authored-by: JakobDev <jakobdev@gmx.de>
Backport #27669 by @silverwind
1. Do not show temporary tooltips that are triggered from within
dropdowns. Previously this resulted in the tooltip being stuck to
top-left of the page like seen on issue comment URL copy. I could not
figure out any tippy options that prevent this, so I think it's better
to just not show it.
1. Refactor `initGlobalCopyToClipboardListener` so that it does not run
a often useless `document.querySelector` on every click, make
`data-clipboard-text-type` work with `data-clipboard-target`. No use in
current code base but still good to have. Finally some minor code
cleanup in the function.
Point 1 is for this copy button:
<img width="229" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/81f34746-8ea5-43d9-8c6f-f6f417a9e4ad">
Co-authored-by: silverwind <me@silverwind.io>
Backport #27655 by @wolfogre
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.
But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.
This PR fixes it by:
- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #27632 by @wxiaoguang
1. fix#27631 , and add samples to devtest page
2. fix incorrect color for "ui dropdown button" when hover
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27615 by @lng2020
close#27601
The Docker registry has an internal version, which leads to 404
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Backport #27594 by @sryze
1. `make build` fails because `||` and `&&` have the same precedence in
sh/bash, so the `false` command always evaluated (leading to an error).
```
+ which gmake /usr/local/bin/gmake
+ false
*** Failed target: .BEGIN
*** Failed command: which "gmake" || printf "Error: GNU Make is
required!\n\n" 1>&2 && false
*** Error code 1
```
2. When `GPREFIX` is set to an empty string with quotation marks,
`gmake` mistakenly thinks that it's a file name:
``` gmake: *** empty string invalid as file name. Stop. ```
Co-authored-by: Sergey Zolotarev <sryze@protonmail.com>
Backport #27585 by @JakobDev
Fixes https://codeberg.org/forgejo/forgejo/issues/1592
When login in with WebAuth, the page has a link to use TOTP instead.
This link is always displayed, no matter if the User has set up TOTP or
not, which do of cause not work for those who have not.
Co-authored-by: JakobDev <jakobdev@gmx.de>
Backport #27267 by @silverwind
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
Co-authored-by: silverwind <me@silverwind.io>
Backport #27544 by @earl-warren
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
(cherry picked from commit fd34fdac14)
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>
Backport #27486 by @lunny
Fix#27204
This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #27555 by @wolfogre
It should be OK to increase the default queue length since the default
type is "level".
IMO, the old default length (100) is a little too small. See
https://github.com/go-gitea/gitea/issues/27540#issuecomment-1754269491
IIRC, a larger length could lead to more memory usage only when the type
is "channel," but it's an obscure case. Otherwise, it's just a limit
(for "level" or "redis").
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #27485 by @techknowlogick
I'm temporarily unable to properly evaluate actuated runners, and so I'm
switching back to hosted runners until I am able to focus on that again.
---------
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: silverwind <me@silverwind.io>
Backport #27532 by @techknowlogick
`jakejarvis/s3-sync-action@master` is out of date, and using official
actions is always recommended
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Backport #27543 by @wxiaoguang
Fix #27541
The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27526 by @wxiaoguang
Follow #27225
The change in #27225 is not ideal, this should be the complete fix:
support the layout which Fomantic doesn't support.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27507 by @BLumia
This patch adds a hover background for the wiki row in wiki list page,
which make its behavior more close to repo's file list page.
This patch also make the wiki-git-entry visible on the row is hovered
instead of the cel, so users won't be confused since the 'grid' is not
visible from the web page.
After the patch: (when the wiki named 'Home' is hovered)
![image](https://github.com/go-gitea/gitea/assets/10095765/f6c67c41-ad54-4ce4-a3b1-8c7551396ce0)
Co-authored-by: Gary Wang <git@blumia.net>
Backport #27500 by @silverwind
Duplicate headers in a single Markdown document are problemlematic
because the auto-generated links won't be stable. Enable this rule with
no exceptions which is also the default of `markdownlint`. For example:
```md
# A
## Example
# B
## Example
```
Docasaurus will generated `example` and `example-1` links for this. If
the first heading is altered, the link `example` will unexpectedly move
to the second example heading.
Ref: https://github.com/go-gitea/gitea/pull/27461#discussion_r1347987659
Co-authored-by: silverwind <me@silverwind.io>
Backport #27446 by @sryze
storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).
Example CURL command to trigger the panic:
```
curl -I "http://yourhost/gitea//avatars/a"
```
Fixes#27409
---
Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.
Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)
Co-authored-by: Sergey Zolotarev <sryze@outlook.com>
Backport #27000 by @wxiaoguang
This PR reduces the complexity of the system setting system.
It only needs one line to introduce a new option, and the option can be
used anywhere out-of-box.
It is still high-performant (and more performant) because the config
values are cached in the config system.
![image](https://github.com/go-gitea/gitea/assets/2114189/f8cdd743-1145-41ab-9f8f-3996aa97d440)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>