backport #32144
This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.
The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #32185 by @bsofiato
Resolves#32184
Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
Co-authored-by: Bruno Sofiato <bruno.sofiato@gmail.com>
Backport #32130 by @wolfogre
Since page templates keep changing, some pages that contained forms with
CSRF token no longer have them.
It leads to some calls of `GetCSRF` returning an empty string, which
fails the tests. Like
3269b04d61/tests/integration/attachment_test.go (L62-L63)
The test did try to get the CSRF token and provided it, but it was
empty.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #32075 by @lunny
After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #31946 by @lunnyFix#13489
In the original implementation, only `All` will display your owned and
collaborated repositories. For other filters like `Source`, `Mirrors`
and etc. will only display your owned repositories.
This PR removed the limitations. Now except `collbrations`, other
filters will always display your owned and collaborated repositories.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #32066 by @lunny
The previous implementation requires admin permission to rename branches
which should be write permission.
Fix#31993
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #32102 by @lunnyFix#31930 and more places which use `http.TimeFormat` wrongly.
`http.TimeFormat` requires a UTC time. refer to
https://pkg.go.dev/net/http#TimeFormat
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #32099 by @maantje
This PR addresses the missing `bin` field in Composer metadata, which
currently causes vendor-provided binaries to not be symlinked to
`vendor/bin` during installation.
In the current implementation, running `composer install` does not
publish the binaries, leading to issues where expected binaries are not
available.
By properly declaring the `bin` field, this PR ensures that binaries are
correctly symlinked upon installation, as described in the [Composer
documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).
Co-authored-by: Jamie Schouten <j4mie@hey.com>
Backport #32050 by @KN4CK3R
Fixes#31937
- Add missing comment reply handling
- Use `onGiteaRun` in the test because the fixtures are not present
otherwise (did this behaviour change?)
Compare without whitespaces.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #31841 by @kemzeb
A 500 status code was thrown when passing a non-existent target to the
create release API. This snapshot handles this error and instead throws
a 404 status code.
Discovered while working on #31840.
Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
This PR should be replaced by #31860 in v1.23. The aim of creating this
PR is to fix it in 1.22 because globallock hasn't been introduced.
Fix#27640Fix#29563Fix#31215
Backport #32017 by @charles-plutohealth
---
`status == "rename"` should have read `status == "renamed"`. The typo
means that file.PreviousFilename would never be populated, which e.g.
breaks usage of the Github Action at
https://github.com/dorny/paths-filter.
Co-authored-by: charles-plutohealth <143208583+charles-plutohealth@users.noreply.github.com>
Backport #32025 by @wolfogre
Fix#32024. Follow #27655.
After this PR, all usage of "new dial context" needs to provide a proxy,
so I dropped the old `NewDialContext` and renamed
`NewDialContextWithProxy` to `NewDialContext`.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #32011 by @wolfogre
Replace #32001.
To prevent the context cache from being misused for long-term work
(which would result in using invalid cache without awareness), the
context cache is designed to exist for a maximum of 10 seconds. This
leads to many false reports, especially in the case of slow SQL.
This PR increases it to 5 minutes to reduce false reports.
5 minutes is not a very safe value, as a lot of changes may have
occurred within that time frame. However, as far as I know, there has
not been a case of misuse of context cache discovered so far, so I think
5 minutes should be OK.
Please note that after this PR, if warning logs are found again, it
should get attention, at that time it can be almost 100% certain that it
is a misuse.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #31931 by @lunny
All refs under `refs/pull` should only be changed from Gitea inside but
not by pushing from outside of Gitea.
This PR will prevent the pull refs update but allow other refs to be
updated on the same pushing with `--mirror` operations.
The main changes are to add checks on `update` hook but not
`pre-receive` because `update` will be invoked by every ref but
`pre-receive` will revert all changes once one ref update fails.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>