Commit graph

1039 commits

Author SHA1 Message Date
Lunny Xiao
66061d2828
Fix 500 when deleting account with incorrect password or unsupported login type (#29579) (#29656)
Fix #26210
Backport #29579

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit a129c0c06c91e4994244138687be135dddd4c00d)
2024-03-10 18:45:59 +07:00
wxiaoguang
ecc0107809
Only use supported sort order for "explore/users" page (#29430) (#29443)
Backport #29430

Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

(cherry picked from commit 2b059f493e46b8b0fb52492623e36a8375cb5fbb)
2024-03-10 18:45:59 +07:00
Giteabot
446d7bd7a7
Fix incorrect redirection when creating a PR fails (#29537) (#29543)
Backport #29537 by wxiaoguang

This is only a quick fix to make it easier to backport.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 971eab18fa0b29312105df739fba443cf9e84d50)
2024-03-10 18:45:59 +07:00
Giteabot
1a65ecb867
Fix incorrect relative/absolute URL usages (#29531) (#29547)
Backport #29531 by wxiaoguang

Add two "HTMLURL" methods for PackageDescriptor.
And rename "FullWebLink" to "VersionWebLink"

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 8723389028bcb5e96359fca61efd7d6da0d6af99)
2024-03-10 18:45:59 +07:00
Giteabot
40318cf9c3
Not trigger all jobs any more, when re-running the first job (#29439) (#29441)
Backport #29439 by @sillyguodong

Previously, it will be treated as "re-run all jobs" when `jobIndex ==
0`. So when you click re-run button on the first job, it triggers all
the jobs actually.

Caused by #26535.

Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
(cherry picked from commit 9456deb512db59025cae26d82812ff880c5ea3bc)
2024-03-10 18:06:44 +07:00
Lunny Xiao
2c802fc8f0
Display friendly error message (#29105) (#29363)
Backport #29105

`ctx.Error` only displays the text but `ctx.ServerError` renders the
usual error page.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit a1c0b3a02e54e5fe879dabccb71fba9498b64051)
2024-03-06 12:20:42 +08:00
Lunny Xiao
e4d3067138
Fix project counter in organization/individual profile (#28068) (#29361)
Fix #28052
Backport #28068
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558)

![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a)

![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 5043ad54c7a0d1dc6bf5f1caf21b4646ec9344d3)
2024-03-06 12:20:42 +08:00
Zettat123
9a63c6f39a
Fix error display when merging PRs (#29288) (#29309)
Backport #29288
Partially fix #29071, regression of Modernize merge button #28140

Fix some missing `Redirect` -> `JSONRedirect`.

Thanks @yp05327 for the help in
https://github.com/go-gitea/gitea/issues/29071#issuecomment-1931261075

(cherry picked from commit dcb9c38568dc4e9502fc416de237cce0eac41cba)
2024-02-22 13:10:12 +01:00
oliverpool
07bc099401 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 14:06:43 +01:00
oliverpool
ad67d9ef1a [GITEA] always load outdated comments 2024-02-04 12:44:13 +01:00
Giteabot
b272224918
Preserve BOM in web editor (#28935) (#28959)
Backport #28935 by @silverwind

The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit b8e6cffd31)
2024-01-31 14:18:26 +01:00
Jimmy Praet
1c3c6aea47
Don't reload timeline page when (un)resolving or replying conversation (#28654) (#28917)
Backport #28654
Fixes #15981

(cherry picked from commit 9210ce4045)
2024-01-31 14:18:26 +01:00
Gusted
3c7a955f05
[GITEA] Fix NPE in UsernameSubRoute
- Backport of #1981
- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e0696278)
(cherry picked from commit 75d8066908)
(cherry picked from commit 4d0a1e0637)
(cherry picked from commit 5f40a485da)
(cherry picked from commit c4cb7812e3)
2024-01-18 15:31:04 +01:00
KN4CK3R
875b398e5e
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

(cherry picked from commit 022552d5b6)
2024-01-16 14:41:11 +00:00
Giteabot
5124be72aa
Forbid removing the last admin user (#28337) (#28793)
Backport #28337 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 376fa0d8c4)
2024-01-16 14:41:11 +00:00
Giteabot
70c7ee5475
Modernize merge button (#28140) (#28786)
Backport #28140 by @earl-warren

- Make use of the `form-fetch-action` for the merge button, which will
automatically prevent the action from happening multiple times and show
a nice loading indicator as user feedback while the merge request is
being processed by the server.
- Adjust the merge PR code to JSON response as this is required for the
`form-fetch-action` functionality.
- Resolves https://codeberg.org/forgejo/forgejo/issues/774
- Likely resolves the cause of
https://codeberg.org/forgejo/forgejo/issues/1688#issuecomment-1313044

(cherry picked from commit 4ec64c19507caefff7ddaad722b1b5792b97cc5a)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit fbf29f29b5)
2024-01-16 14:40:18 +00:00
Giteabot
10b555a52b
Assign pull request to project during creation (#28227) (#28775)
Backport #28227 by @denyskon

When creating a pull request, allow directly assigning it to a project,
as it is already possible for issues.

After:

![grafik](https://github.com/go-gitea/gitea/assets/47871822/01dc2b3d-d56a-4053-b2fc-138725d7633a)

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 80e564087d)
2024-01-16 14:39:23 +00:00
Giteabot
2ab54a9c06
Fix issue dependencies (#27736) (#28776)
Backport #27736 by @lng2020

Fix #27722
Fix #27357
Fix #25837
Fix #28732
1. Fix the typo `BlockingByDependenciesNotPermitted`, which causes the
`not permitted message` not to show. The correct one is `Blocking` or
`BlockedBy`
2. Rewrite the perm check. The perm check uses a very tricky way to
avoid duplicate checks for a slice of issues, which is confusing. In
fact, it's also the reason causing the bug. It uses `lastRepoID` and
`lastPerm` to avoid duplicate checks, but forgets to assign the
`lastPerm` at the end of the code block. So I rewrote this to avoid this
trick.
![I U1AT{GNFY3
1HZ`6L{(2L](https://github.com/go-gitea/gitea/assets/70063547/79acd02a-a567-4316-ae0d-11c6461becf1)
3. It also reuses the `blocks` slice, which is even more confusing. So I
rewrote this too.

![UARFPXRGGZQFB7J$2`R}5_R](https://github.com/go-gitea/gitea/assets/70063547/f21cff0f-d9ac-4ce4-ae4d-adffc98ecd99)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 571822b6ec)
2024-01-16 14:39:23 +00:00
Gusted
fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
wxiaoguang
ea8ca5b509
Avoid cycle-redirecting user/login page (#28636) (#28658)
Backport #28636

Fix #28231, and remove some unused code.

(cherry picked from commit 2165729d16)
2024-01-16 14:11:44 +00:00
Earl Warren
d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
Gusted
120294c44e
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
(cherry picked from commit dd2414f226)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/issues/2016
2024-01-16 14:09:55 +00:00
wxiaoguang
265cd70bdb
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098

(cherry picked from commit 7a2786ca6c)
2024-01-16 14:08:38 +00:00
Earl Warren
0b872a403d
Revert "[GITEA] Use maintained gziphandler"
This reverts commit dd2414f226.
2024-01-16 14:08:31 +00:00
Giteabot
75ad9ac50b
Include heap pprof in diagnosis report to help debugging memory leaks (#28596) (#28599)
(cherry picked from commit f2add36a29)
2024-01-16 14:07:46 +00:00
Giteabot
3fe44b8762
Fix status_check_contexts matching bug (#28582) (#28589)
Backport #28582 by @Zettat123

Fix #28570
Follow #24633

---
Copied from
https://github.com/go-gitea/gitea/issues/28570#issuecomment-1867327999

The feature introduced in #24633 should be compatible with
`status_check_contexts`. However, if one or more of
`status_check_contexts` is not a legal glob expressions, `glob.Compile`
will fail and the contexts cannot match.

21229ed2c8/routers/web/repo/pull.go (L653-L663)

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 6a559ad634)
2024-01-16 14:07:46 +00:00
Giteabot
9ad7a67fc1
Fix 405 method not allowed CORS / OIDC (#28583) (#28586)
Backport #28583 by @morphelinho

Follow #28184
Follow #28515

Fix problem with 405 method not allowed for CORS wrt OIDC

Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
(cherry picked from commit 4dd39eb54a)
2024-01-16 14:07:46 +00:00
Earl Warren
74652a6c81
Revert "[GITEA] Fix wrong link in user and organization profile when using relative url"
This reverts commit 658475dd21.
2024-01-16 13:38:07 +00:00
Gusted
ab1ccc55dc
[GITEA] Fix panic in canSoftDeleteContentHistory
- Backport of #2134
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc6)
2024-01-13 22:05:35 +01:00
katsu
658475dd21
[GITEA] Fix wrong link in user and organization profile when using relative url
- Backport of https://github.com/go-gitea/gitea/pull/28617
- Ref: https://codeberg.org/forgejo/forgejo/issues/1947

(cherry picked from commit 42149ff1a8)
2024-01-08 16:40:16 +01:00
Gusted
0fbf761d19
[GITEA] Handle non-existant commit in Archive request
- When a user requests a archive of a non-existant commit
`git.ErrNotExist` is returned, but was not gracefully handled resulting
in a 500 error.
- Doesn't exist in v1.22 due to it being refactored away in
cbf923e87b
- Adds integration test.
2024-01-04 23:56:33 +01:00
Giteabot
1f8d01c74d
Use information from previous blame parts (#28572) (#28577)
Backport #28572 by @KN4CK3R

Fixes #28545

`git blame` output can contain blocks without commit information if it
was outputted before (the `0dafa97ea3f6d9662299579e5be1875cd28baaae 48
26 1` line):
```
fec25436488499df7231f63b857f66457c193d5c 24 25 1
author Bastien Montagne
author-mail <bastien@blender.org>
author-time 1660731031
author-tz +0200
committer Bastien Montagne
committer-mail <bastien@blender.org>
committer-time 1660731031
committer-tz +0200
summary LibOverride: Add Make/Reset/Clear entries to IDTemplate contextual menu.
previous 839ece6477203382b7a7483062961540180ff1cd source/blender/editors/interface/interface_ops.c
filename source/blender/editors/interface/interface_ops.c
        #include "BLT_translation.h"
0dafa97ea3f6d9662299579e5be1875cd28baaae 48 26 1

3d57bc4397fca53bc9702a27bbf50102827829b0 27 27 1
author Hans Goudey
author-mail <hans@blender.org>
author-time 1700131315
author-tz +0100
committer Hans Goudey
committer-mail <hooglyboogly@noreply.localhost>
committer-time 1700131315
committer-tz +0100
summary Cleanup: Move several blenkernel headers to C++
previous 451c054d9b7d3148a646caa5a72fb127a5b5c408 source/blender/editors/interface/interface_ops.cc
filename source/blender/editors/interface/interface_ops.cc
        #include "BKE_context.hh"
```
This PR reuses data from the previous blame part to fill these gaps.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 1183002b32)
2023-12-22 12:10:03 +01:00
Giteabot
d15f9ee0b0
Only check online runner when detecting matching runners in workflows (#28286) (#28512)
Backport #28286 by @yp05327

Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.

![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit d9aeb1f09d)
2023-12-22 12:10:03 +01:00
wxiaoguang
cd5a0ec1c8
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149

(cherry picked from commit a3f403f438)

Conflicts:
	modules/setting/ui.go
	trivial context conflict
2023-12-22 12:07:01 +01:00
Lunny Xiao
3b672c9791
Do some missing checks (#28423) (#28432)
backport #28423

(cherry picked from commit 265f485295)
2023-12-12 15:21:33 +01:00
Lunny Xiao
14750f3d11
Also sync DB branches on push if necessary (#28361) (#28403)
Fix #28056
Backport #28361

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.

(cherry picked from commit 87db4a47c8)
2023-12-12 15:21:33 +01:00
Giteabot
e4dc14f070
Fix missing check (#28406) (#28411)
Backport #28406 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit cd2dd5a67d)
2023-12-12 15:21:32 +01:00
Earl Warren
69b4fd5fe2
Revert "fix POST /{username}/{reponame}/{type:issues|pulls}/move_pin"
This reverts commit 6483bceee2.
2023-12-12 15:21:32 +01:00
Earl Warren
ee1655d5b0
Revert "fix POST /{username}/{reponame}/{type:issues|pulls}/{index}/content-history/soft-delete"
This reverts commit 2a8cb675ca.
2023-12-12 15:21:32 +01:00
Giteabot
1ce155c5a6
Fix object does not exist error when checking citation file (#28314) (#28369)
Backport #28314 by @yp05327

Fix #28264

`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit c5c44d0951)
2023-12-08 13:41:16 +01:00
Giteabot
3a788340f0
Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) (#28365)
Backport #28359 by @lunny

The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.

Fix #28332
Replace #28333

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit b7e3adc66c)
2023-12-08 13:41:16 +01:00
Giteabot
b69ad623c2
Read previous info from git blame (#28306) (#28310)
Backport #28306 by @KN4CK3R

Fixes #28280

Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit e15fe85335)
2023-12-08 13:41:16 +01:00
Giteabot
694f748f38
Fix issue will be detected as pull request when checking First-time contributor (#28237) (#28271)
Backport #28237 by @yp05327

Fix #28224

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 76e892317b)
2023-12-08 13:40:59 +01:00
Gusted
114f18f105
[GITEA] Make pagination test more robust (squash)
- Backport #1882
- Be more specific of which element we want and also don't include the
href into the selector, so if the value changes, it will show the value
that was rendered.
- Ensure stable order of passed repository IDs.
- Resolves codeberg.org/forgejo/forgejo/issues/1880

(cherry picked from commit 79bc4cffe5)
2023-12-05 18:47:19 +01:00
Gusted
2552bb7b6e [GITEA] Only pass selected repository IDs to pagination
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1848
- `ReposParam` is passed to the pagination as value for the `repos`
query. It should paginate to other pages with only the selected
repositories, which was currently not the case, but was already the case
for the links in the selectable items.
- Fix the wrong value being passed for issues/pulls lists.
- Fix the formatting of repository query value for milestones lists.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1836

(cherry picked from commit c648e5ab3a)
2023-12-01 19:59:21 +00:00
Antonin Delpeuch
e6fb2107f2 [GITEA] oauth2: use link_account page when email/username is missing (#1757)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1757
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 0f6e0f9035)
2023-11-30 15:40:12 +01:00
Loïc Dachary
6483bceee2
fix POST /{username}/{reponame}/{type:issues|pulls}/move_pin
(cherry picked from commit 7eda733ed6a22c08a85fdc90deec0c440427cef7)
(cherry picked from commit 2d9d2979e6)
2023-11-26 14:11:36 +01:00
Loïc Dachary
2a8cb675ca
fix POST /{username}/{reponame}/{type:issues|pulls}/{index}/content-history/soft-delete
(cherry picked from commit a11d82a42729eba02032310f7778a9197f4f8ead)
(cherry picked from commit bebc244156)
2023-11-26 14:09:56 +01:00
Lunny Xiao
f4310d74ee
Fix comment permissions (#28213) (#28216)
backport #28213

This PR will fix some missed checks for private repositories' data on
web routes and API routes.

(cherry picked from commit bc3d8bff73)
2023-11-26 13:56:50 +01:00
Giteabot
3175a984f2
Make CORS work for oauth2 handlers (#28184) (#28185)
Backport #28184

Fix #25473

Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 23838c2c2e)
2023-11-25 07:27:39 +01:00