Commit graph

71 commits

Author SHA1 Message Date
Rowan Bohde
4afbfd3946
fix: allow actions artifacts storage migration to complete succesfully (#31251)
Change the copy to use `ActionsArtifact.StoragePath` instead of the
`ArtifactPath`. Skip artifacts that are expired, and don't error if the
file to copy does not exist.

---

When trying to migrate actions artifact storage from local to MinIO, we
encountered errors that prevented the process from completing
successfully:

* The migration tries to copy the files using the per-run
`ArtifactPath`, instead of the unique `StoragePath`.
* Artifacts that have been marked expired and had their files deleted
would throw an error
* Artifacts that are pending, but don't have a file uploaded yet will
throw an error.

This PR addresses these cases, and allow the process to complete
successfully.

(cherry picked from commit 8de8972baf5d82ff7b58ed77d78e8e1869e64eb5)
2024-06-09 16:02:31 +02:00
mirko
f015846c11 Add slogan config (#3752)
This is a PR for #3616

Currently added a new optional config `SLOGAN`  in ini file. When this config is set title page is modified in APP_NAME [ - SLOGAN]

Example in image below

![Selezione_075.png](/attachments/7a72171e-e730-4e57-8c97-ffc94258e00f)

Add the new config value in the admin settings page (readonly)

![Screenshot 2024-05-13 at 18-04-13 My Forgejo.png](/attachments/dad00fc2-29fa-4371-a7b9-5233eadeac13)

## TODO

* [x] Add the possibility to add the `SLOGAN` config from the installation form
* [ ] Update https://forgejo.org/docs/next/admin/config-cheat-sheet

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3752
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: mirko <mirko.perillo@gmail.com>
Co-committed-by: mirko <mirko.perillo@gmail.com>
2024-06-07 17:12:48 +00:00
Earl Warren
9ca80d30ce Merge pull request '[gitea] webhooks openproject compatible (gitea#28435)' (#4027) from oliverpool/forgejo:gitea-cp-28435 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4027
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 15:13:49 +00:00
oliverpool
8763225972 add release note 2024-06-05 15:58:51 +02:00
Earl Warren
32c882af91
test(oauth): coverage for the redirection of a denied grant
See 886a675f62 Return `access_denied` error when an OAuth2 request is denied
2024-06-05 12:51:44 +02:00
Earl Warren
c2382d4f5b Merge pull request '[gitea] week 2024-23 cherry pick (gitea/main -> forgejo)' (#3989) from earl-warren/wcp/2024-23 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3989
Reviewed-by: Otto <otto@codeberg.org>
2024-06-04 07:40:35 +00:00
Earl Warren
7e8890cc55
docs(release): add release notes 2024-06-03 10:03:29 +02:00
Earl Warren
1571052a74
[skip ci] docs(release): week 2024-21-v7.0 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3859
2024-06-03 09:12:49 +02:00
Earl Warren
eee908d02c
[skip ci] docs(release): week 2024-21 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3838
2024-06-03 09:11:17 +02:00
Earl Warren
d43ce30663
[skip ci] docs(release): week 2024-22 cherry pick
Refs: https://codeberg.org/forgejo/forgejo/pulls/3917
2024-06-03 08:24:21 +02:00
Earl Warren
bbdba70db6 Merge pull request 'fix(hook): repo admins are wrongly denied the right to force merge' (#3976) from earl-warren/forgejo:wip-admin-protection into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3976
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-02 19:48:44 +00:00
Earl Warren
09f3518069
fix(hook): repo admins are wrongly denied the right to force merge
The right to force merge is uses the wrong predicate and
applies to instance admins:

  ctx.user.IsAdmin

It must apply to repository admins and use the following predicate:

 ctx.userPerm.IsAdmin()

This regression is from the ApplyToAdmins implementation in
79b7089360.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3780
2024-06-02 21:16:46 +02:00
Mai-Lapyst
56a6d3f77d
Adding release note for #3337 2024-06-02 06:04:53 +02:00
Earl Warren
f887972348 Merge pull request 'forgejo-federated-star: UI to define following repos' (#3886) from meissa/forgejo:forgejo-federated-pr5 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3886
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-31 15:57:17 +00:00
Michael Jerger
8aade372cb add a release note 2024-05-31 16:28:26 +02:00
Earl Warren
a1ef8eaf29 Merge pull request 'Disable self-registration by default on the install page' (#3934) from algernon/forgejo:abandon-all-registration-all-ye-who-enter-here into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3934
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-31 11:49:20 +00:00
Gergely Nagy
6b24a7919d
Add a release note about the previous changes
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-31 08:21:55 +02:00
Earl Warren
e417e424fa
Update module github.com/alecthomas/chroma/v2 to v2.14.0 (take 2)
Because the branch of the other PR was deleted by mistake.

Refs: https://codeberg.org/forgejo/forgejo/pulls/3922
2024-05-30 22:52:26 +02:00
Gergely Nagy
ade7304eea
migrations: Map non-existant external users to Ghost
When performing migrations, and need to remap external users to local
ones, when no local mapping is possible, map the external user to Ghost,
rather than the user who initiated the migration.

Mapping the external user to the migration initiator has the potential
of breaking assumptions elsewhere, like only having one review per pull
request per user. Mapping these migrated, locally unavailable users to
Ghost makes sure these - often hidden - assumptions do not break.

Fixes #3860.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-28 12:40:11 +02:00
Earl Warren
ff2a3f4e3a
fix(services): set SendNotificationEmailOnNewUser
regression from 767e9634d3. It changed
the parsing of the [admin] section from being derived from the content
of each key with mustMapSetting(rootCfg, "admin", &Admin) to
explicitly listing all keys in the code.

SEND_NOTIFICATION_EMAIL_ON_NEW_USER was not added and therefore
ignored. As a consequence notifications of newly registered users were
never sent.
2024-05-25 16:27:44 +02:00
0ko
da12320a0c Replace imgage diff png background pattern with gradient (#3870)
Made the checkerboard background be more flexible in terms of scale and coloring. Provides dark theme for image diff.

I suppose these colors should not be re-used for a color-picker for a example, because it's usually more convenient to always have it in the light mode.

## Test

* go to e6d3623c7e
* or migrate https://next.forgejo.org/image-test/image-diff to your local instance

## Before/after

![image](/attachments/3835a455-69e0-4aec-bc67-5b226d8016c1)

(Old any - New Forgejo dark - New Gitea dark - New Forgejo/Gitea light)

---

Gradient property is taken from [here](https://www.reddit.com/r/css/comments/u08pf3/how_to_make_a_checkerboard_using_background/).

[CSS compatibility](https://developer.mozilla.org/en-US/docs/Web/CSS/gradient/conic-gradient#browser_compatibility): about four years of browser versions.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3870
Reviewed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-05-24 17:33:13 +00:00
oliverpool
4ffda656e8 mysql: use inner join for hook_task deletion
Attempt to fix #3678
2024-05-24 10:31:41 +02:00
Earl Warren
32222d7d0a Merge pull request '[BUG] Fix SourceHut Builds webhook with triggers field' (#3864) from oliverpool/forgejo:sourcehut_trigger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3864
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-24 00:16:22 +00:00
Earl Warren
8cfe353061 Merge pull request 'Update module github.com/jhillyerd/enmime to v1.2.0' (#3791) from renovate/github.com-jhillyerd-enmime-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3791
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 10:21:31 +00:00
Earl Warren
ba6d5ae2af
chore(release-notes): enmime upgrade to v1.2.0
Refs: https://codeberg.org/forgejo/forgejo/pulls/3791
2024-05-23 11:44:26 +02:00
Earl Warren
c66c4d8fd5 Merge pull request 'Update module github.com/markbates/goth to v1.80.0' (#3808) from renovate/github.com-markbates-goth-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3808
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 09:26:08 +00:00
Earl Warren
f84235166e
chore(release-notes): goth upgrade to v1.80.0
Refs: https://codeberg.org/forgejo/forgejo/pulls/3808
2024-05-23 10:55:32 +02:00
oliverpool
0e479f3502 add release-notes 2024-05-22 12:59:41 +02:00
Earl Warren
ce0921d0c5
[skip ci] docs(release-notes): 7.0.3 2024-05-22 12:34:50 +02:00
Earl Warren
fb1338537b Merge pull request '[FEAT] Wiki Search' (#3847) from snematoda/wiki-search-grep into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3847
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 06:27:30 +00:00
Victoria Nadasdi
df0d1a2134 feat: parse prefix from redis URI for queues (#3836)
For security reasons, scoping access to a redis server via ACL rules is
a good practice. Some parts of the codebase handles prefix like cache[^1]
and session[^2], but the queue module doesn't.

This patch adds this missing functionality to the queue module.

Note about relevant test:
I tried to keep the PR as small as possible (and reasonable), and not
change how the test runs. Updated the existing test to use the same
redis address and basically duplicated the test with the extra flag. It
does NOT test if the keys are correct, it ensures only it works as
expected. To make assertions about the keys, the whole test has to be
updated as the general wrapper doesn't allow the main test to check
anything provider (redis) specific property. That's not something I
wanted to take on now.

[^1]: e4c3c039be/modules/cache/cache_redis.go (L139-L150)
[^2]: e4c3c039be/modules/session/redis.go (L122-L129)

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3836
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Victoria Nadasdi <victoria@efertone.me>
Co-committed-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-20 14:10:54 +00:00
Shiny Nematoda
ec4f5495ba feat: wiki search using git-grep
+ add release note
2024-05-20 13:48:50 +00:00
Gergely Nagy
d6915f4d5f
badges: Relax the default workflow badge conditions
Previously, if no branch was explicitly specified for a workflow, it
defaulted to the default branch of the repo. This worked fine for
workflows that were triggered on push, but it prevented showing badges
for workflows that only run on tags, or on schedule - since they do not
run on a specific branch.

Thus, relax the conditions, and if no branch is specified, just return
the latest run of the given workflow. If one is specified, *then*
restrict it to said branch.

Fixes #3487.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-20 11:20:11 +02:00
Haoyuan (Bill) Xing
6cb8c81de1 Add minimal implementation for RubyGems compact index API. (#3811)
Current package registry for RubyGems does not work with Bundler, because it implements neither the [compact index](https://guides.rubygems.org/rubygems-org-compact-index-api/) or the [dependency API](https://guides.rubygems.org/rubygems-org-api/). As a result, bundler complains about finding non-existing dependencies when installing anything with dependency: `revealed dependencies not in the API or the lockfile`.

This patch provides a minimal implementation for the compact index API to solve this issue. Specifically, we implemented a version that does not cache the results / do incremental updates; which is consistent with the current implementation.

Testing:
  * Modified existing integration tests.
  * Manually Verified bundler is able to parse the served versions / info file.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3811
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
Co-committed-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
2024-05-19 23:30:41 +00:00
Emmanuel BENOÎT
0801518f5d fix(actions): prevent deleted records' UUID from colliding with new records (#3830)
This commit changes the code that deletes a runner so it updates the UUID before deleting the record. The new UUID is set to 8 0xff bytes followed by a little endian version of the record's numeric ID. Such UUIDs cannot be created from tokens when registering runners, as the first 16 bytes of the token are in the `[0-9a-f]` range. This should prevent deleted runners from colliding with new records if the tokens share the same first 16 characters.

It is a possible solution to issue #3828

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3830
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net>
Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-05-19 10:46:15 +00:00
Earl Warren
e47dd122f8
chore(release-notes): update dependency mermaid to v10.9.1
Refs: https://codeberg.org/forgejo/forgejo/pulls/3776
2024-05-16 15:34:17 +02:00
Shiny Nematoda
b6ca8abcfd [FEAT] support searching non default branches/tags when using git-grep (#3654)
resolves https://codeberg.org/forgejo/forgejo/pulls/3639#issuecomment-1806676 and https://codeberg.org/forgejo/forgejo/pulls/3513#issuecomment-1794990

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3654
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-05-14 15:41:03 +00:00
Earl Warren
1b3e6a4831 Merge pull request '[gitea] week 2024-20 cherry pick (gitea-github/main -> forgejo)' (#3729) from earl-warren/wcp/2024-20 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3729
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-14 12:23:10 +00:00
Earl Warren
d09a6d130c Merge pull request 'Update module github.com/go-enry/go-enry/v2 to v2.8.8' (#3723) from renovate/github.com-go-enry-go-enry-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3723
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-13 18:28:44 +00:00
Earl Warren
48c18e17d5
chore(release-notes): go-enry v2.8.8
Refs: https://codeberg.org/forgejo/forgejo/pulls/3723
2024-05-13 17:32:28 +02:00
Earl Warren
337f4f9d87
Rename Str2html to SanitizeHTML and clarify its behavior (followup) (take 2)
In
  801792e4dc Rename Str2html to SanitizeHTML and clarify its behavior (followup)
the replacement was incorrect because
  c9d0e63c20  Remove unnecessary "Str2html" modifier from templates
was not applied and Str2html should have not been present in the first
place.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3554
2024-05-13 17:05:03 +02:00
Earl Warren
81e3156f8b
chore(release-notes): [gitea] week 2024-20 cherry pick 2024-05-12 20:20:18 +02:00
Renovate Bot
8672ad12b1 Update module github.com/caddyserver/certmagic to v0.21.0 (#3724)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | require | minor | `v0.20.0` -> `v0.21.0` |

---

### Release Notes

<details>
<summary>caddyserver/certmagic (github.com/caddyserver/certmagic)</summary>

### [`v0.21.0`](https://github.com/caddyserver/certmagic/releases/tag/v0.21.0)

[Compare Source](https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0)

CertMagic v0.21 introduces some big changes:

-   Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
-   New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accesed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
-   DNS challenges should be smoother in some cases as we've improved propagation checking.
-   In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
-   ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).

Please try it out and report any issues!

Thanks to [@&#8203;Framer](https://github.com/Framer) for their contributions to this release!

#### What's Changed

-   Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/certmagic/pull/264
-   Demote "storage cleaning happened too recently" from WARN to INFO by [@&#8203;francislavoie](https://github.com/francislavoie) in https://github.com/caddyserver/certmagic/pull/270
-   Check DNS propagation at authoritative nameservers only with default resolvers by [@&#8203;pgeh](https://github.com/pgeh) in https://github.com/caddyserver/certmagic/pull/274
-   Retry with new account if account disappeared remotely by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/269
-   Update readme examples to use TLS-ALPN const from ACMEz by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/277
-   Initial implementation of ZeroSSL API issuer by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/279
-   Allow deleting directories via FileStorage by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/282
-   Use the `email` configuration in the ACME issuer to "pin" an account to a key by [@&#8203;ankon](https://github.com/ankon) in https://github.com/caddyserver/certmagic/pull/283
-   Initial implementation of ARI by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/286

#### New Contributors

-   [@&#8203;pgeh](https://github.com/pgeh) made their first contribution in https://github.com/caddyserver/certmagic/pull/274
-   [@&#8203;goksan](https://github.com/goksan) made their first contribution in https://github.com/caddyserver/certmagic/pull/277

**Full Changelog**: https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6W119-->

Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-05-12 14:56:39 +00:00
Earl Warren
09855c0caf Merge pull request 'Add a release note for #3285' (#3697) from algernon/forgejo:release-notes/cloning-in-sshtyle into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3697
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-10 09:32:35 +00:00
Gergely Nagy
a5c038f5e8
Add a release note for #3464
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-10 09:39:52 +02:00
Gergely Nagy
9d1ceee797
Add a release note for #3285
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-10 09:32:07 +02:00
Gergely Nagy
9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
Gergely Nagy
f4dd53d79d Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-08 21:14:46 +00:00
Earl Warren
f3045f0519
fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
2024-05-08 14:25:08 +02:00
0ko
b034ab5a8e [UI] Allow org members to navigate between the org and the dashboard
- add a new button to the org view that is only shown to the org members
- add integration test to verify the expected navigatability
- add a new translation string to that button
- fix display style of "View <orgname>" button on the dashboard
- fix gap size between buttons on the org view by utilizing the common class top-right-buttons
2024-05-05 23:14:57 +05:00