1.5.0 changelog

* site admin could create repos even MAX_CREATION_LIMIT=0

* Optimize if structure

.drone.yml

@@ -75,7 +75,7 @@ pipeline:
       - make lint
       - make fmt-check
       - make swagger-check
-      - make swagger-validate
+#      - make swagger-validate
       - make misspell-check
       - make test-vendor
       - make build

CHANGELOG.md

@@ -4,10 +4,25 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
-## [1.5.0-RC1](https://github.com/go-gitea/gitea/releases/tag/v1.5.0-rc1) - 2018-07-04
+## [1.5.0](https://github.com/go-gitea/gitea/releases/tag/v1.5.0) - 2018-08-10
 * SECURITY
+  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
   * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
   * Do not allow to reuse TOTP passcode (#3878)
+* BUGFIXES
+  * Fix column droping for MSSQL that need new transaction for that (#4440) (#4484)
+  * Redirect to correct page after using scratch token (#4458) (#4472)
+  * Replace src with raw to fix image paths (#4377) (#4386)
+  * Fixes repo membership check in API (#4341) (#4379)
+  * Add default merge options when adding new repository (#4369) (#4373)
+  * Fix repository last updated time update when delete a user who watched the repo (#4363) (#4371)
+  * Fix html entity escaping in branch deletion message (#4471) (#4485)
+  * Fix out-of-transaction query in removeOrgUser (#4521) (#4524)
+  * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (#4519)
+  * Fix panic issue on update avatar email (#4580) (#4590)
+  * Fix bugs when too many IN variables (#4594) (#4597)
+  * Push whitelist now doesn't apply to branch deletion (#4601) (#4640)
+  * Site admin could create repos even MAX_CREATION_LIMIT=0 (#4645) (#4650)
 * FEATURE
   * Add cli commands to regen hooks & keys (#3979)
   * Add support for FIDO U2F (#3971)

Gopkg.lock

@@ -299,12 +299,14 @@
 [[projects]]
   name = "github.com/go-xorm/builder"
   packages = ["."]
-  revision = "488224409dd8aa2ce7a5baf8d10d55764a913738"
+  revision = "dc8bf48f58fab2b4da338ffd25191905fd741b8f"
+  version = "v0.3.0"
 
 [[projects]]
   name = "github.com/go-xorm/core"
   packages = ["."]
-  revision = "cb1d0ca71f42d3ee1bf4aba7daa16099bc31a7e9"
+  revision = "c10e21e7e1cec20e09398f2dfae385e58c8df555"
+  version = "v0.6.0"
 
 [[projects]]
   name = "github.com/go-xorm/tidb"
@@ -314,7 +316,7 @@
 [[projects]]
   name = "github.com/go-xorm/xorm"
   packages = ["."]
-  revision = "d4149d1eee0c2c488a74a5863fd9caf13d60fd03"
+  revision = "ad69f7d8f0861a29438154bb0a20b60501298480"
 
 [[projects]]
   branch = "master"
@@ -873,6 +875,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "036b8c882671cf8d2c5e2fdbe53b1bdfbd39f7ebd7765bd50276c7c4ecf16687"
+  inputs-digest = "3b587a036aaf09514228ead18e7fd93e9ee1d14d4e56715bb2f197d5f27259d1"
   solver-name = "gps-cdcl"
   solver-version = 1

Gopkg.toml

@@ -38,7 +38,7 @@ ignored = ["google.golang.org/appengine*"]
 [[override]]
   name = "github.com/go-xorm/xorm"
   #version = "0.6.5"
-  revision = "d4149d1eee0c2c488a74a5863fd9caf13d60fd03"
+  revision = "ad69f7d8f0861a29438154bb0a20b60501298480"
 
 [[override]]
   name = "github.com/gorilla/mux"

Makefile

@@ -21,7 +21,19 @@ GOFMT ?= gofmt -s
 GOFLAGS := -i -v
 EXTRA_GOFLAGS ?=
 
-LDFLAGS := -X "main.Version=$(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')" -X "main.Tags=$(TAGS)"
+ifneq ($(DRONE_TAG),)
+	VERSION ?= $(subst v,,$(DRONE_TAG))
+	GITEA_VERSION := $(VERSION)
+else
+	ifneq ($(DRONE_BRANCH),)
+		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
+	else
+		VERSION ?= master
+	endif
+	GITEA_VERSION := $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
+endif
+
+LDFLAGS := -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
 
 PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
 SOURCES ?= $(shell find . -name "*.go" -type f)
@@ -45,16 +57,6 @@ else
 	EXECUTABLE := gitea
 endif
 
-ifneq ($(DRONE_TAG),)
-	VERSION ?= $(subst v,,$(DRONE_TAG))
-else
-	ifneq ($(DRONE_BRANCH),)
-		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
-	else
-		VERSION ?= master
-	endif
-endif
-
 .PHONY: all
 all: build
 

integrations/api_repo_test.go

@@ -235,3 +235,30 @@ func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
 	req := NewRequestf(t, "GET", "/api/v1/repositories/2")
 	sess.MakeRequest(t, req, http.StatusNotFound)
 }
+
+func TestAPIRepoMigrate(t *testing.T) {
+	testCases := []struct {
+		ctxUserID, userID  int64
+		cloneURL, repoName string
+		expectedStatus     int
+	}{
+		{ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-admin", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-own", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
+		{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-org", expectedStatus: http.StatusCreated},
+		{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
+	}
+
+	prepareTestEnv(t)
+	for _, testCase := range testCases {
+		user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
+		session := loginUser(t, user.Name)
+
+		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate", &api.MigrateRepoOption{
+			CloneAddr: testCase.cloneURL,
+			UID:       int(testCase.userID),
+			RepoName:  testCase.repoName,
+		})
+		session.MakeRequest(t, req, testCase.expectedStatus)
+	}
+}

models/branches.go

@@ -74,7 +74,7 @@ func (protectBranch *ProtectedBranch) CanUserMerge(userID int64) bool {
 		return true
 	}
 
-	if len(protectBranch.WhitelistTeamIDs) == 0 {
+	if len(protectBranch.MergeWhitelistTeamIDs) == 0 {
 		return false
 	}
 
@@ -184,6 +184,24 @@ func (repo *Repository) IsProtectedBranch(branchName string, doer *User) (bool,
 		BranchName: branchName,
 	}
 
+	has, err := x.Exist(protectedBranch)
+	if err != nil {
+		return true, err
+	}
+	return has, nil
+}
+
+// IsProtectedBranchForPush checks if branch is protected for push
+func (repo *Repository) IsProtectedBranchForPush(branchName string, doer *User) (bool, error) {
+	if doer == nil {
+		return true, nil
+	}
+
+	protectedBranch := &ProtectedBranch{
+		RepoID:     repo.ID,
+		BranchName: branchName,
+	}
+
 	has, err := x.Get(protectedBranch)
 	if err != nil {
 		return true, err

models/issue.go

@@ -1283,7 +1283,7 @@ func getParticipantsByIssueID(e Engine, issueID int64) ([]*User, error) {
 		And("`comment`.type = ?", CommentTypeComment).
 		And("`user`.is_active = ?", true).
 		And("`user`.prohibit_login = ?", false).
-		Join("INNER", "user", "`user`.id = `comment`.poster_id").
+		Join("INNER", "`user`", "`user`.id = `comment`.poster_id").
 		Distinct("poster_id").
 		Find(&userIDs); err != nil {
 		return nil, fmt.Errorf("get poster IDs: %v", err)

models/issue_watch.go

@@ -67,7 +67,7 @@ func getIssueWatchers(e Engine, issueID int64) (watches []*IssueWatch, err error
 		Where("`issue_watch`.issue_id = ?", issueID).
 		And("`user`.is_active = ?", true).
 		And("`user`.prohibit_login = ?", false).
-		Join("INNER", "user", "`user`.id = `issue_watch`.user_id").
+		Join("INNER", "`user`", "`user`.id = `issue_watch`.user_id").
 		Find(&watches)
 	return
 }

models/migrations/v64.go

@@ -120,6 +120,14 @@ func addMultipleAssignees(x *xorm.Engine) error {
 		}
 	}
 
+	// Commit and begin new transaction for dropping columns
+	if err := sess.Commit(); err != nil {
+		return err
+	}
+	if err := sess.Begin(); err != nil {
+		return err
+	}
+
 	if err := dropTableColumns(sess, "issue", "assignee_id"); err != nil {
 		return err
 	}

models/migrations/v69.go

@@ -73,6 +73,14 @@ func moveTeamUnitsToTeamUnitTable(x *xorm.Engine) error {
 		}
 	}
 
+	// Commit and begin new transaction for dropping columns
+	if err := sess.Commit(); err != nil {
+		return err
+	}
+	if err := sess.Begin(); err != nil {
+		return err
+	}
+
 	if err := dropTableColumns(sess, "team", "unit_types"); err != nil {
 		return err
 	}

models/org.go

@@ -383,7 +383,7 @@ func GetOwnedOrgsByUserIDDesc(userID int64, desc string) ([]*User, error) {
 func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {
 	ous := make([]*OrgUser, 0, 10)
 	sess := x.
-		Join("LEFT", "user", "`org_user`.org_id=`user`.id").
+		Join("LEFT", "`user`", "`org_user`.org_id=`user`.id").
 		Where("`org_user`.uid=?", uid)
 	if !all {
 		// Only show public organizations
@@ -454,7 +454,7 @@ func AddOrgUser(orgID, uid int64) error {
 func removeOrgUser(sess *xorm.Session, orgID, userID int64) error {
 	ou := new(OrgUser)
 
-	has, err := x.
+	has, err := sess.
 		Where("uid=?", userID).
 		And("org_id=?", orgID).
 		Get(ou)
@@ -575,7 +575,7 @@ func (org *User) getUserTeams(e Engine, userID int64, cols ...string) ([]*Team,
 	return teams, e.
 		Where("`team_user`.org_id = ?", org.ID).
 		Join("INNER", "team_user", "`team_user`.team_id = team.id").
-		Join("INNER", "user", "`user`.id=team_user.uid").
+		Join("INNER", "`user`", "`user`.id=team_user.uid").
 		And("`team_user`.uid = ?", userID).
 		Asc("`user`.name").
 		Cols(cols...).

models/repo.go

@@ -1347,6 +1347,12 @@ func createRepository(e *xorm.Session, doer, u *User, repo *Repository) (err err
 				Type:   tp,
 				Config: &IssuesConfig{EnableTimetracker: setting.Service.DefaultEnableTimetracking, AllowOnlyContributorsToTrackTime: setting.Service.DefaultAllowOnlyContributorsToTrackTime},
 			})
+		} else if tp == UnitTypePullRequests {
+			units = append(units, RepoUnit{
+				RepoID: repo.ID,
+				Type:   tp,
+				Config: &PullRequestsConfig{AllowMerge: true, AllowRebase: true, AllowSquash: true},
+			})
 		} else {
 			units = append(units, RepoUnit{
 				RepoID: repo.ID,
@@ -1401,7 +1407,7 @@ func createRepository(e *xorm.Session, doer, u *User, repo *Repository) (err err
 
 // CreateRepository creates a repository for the user/organization u.
 func CreateRepository(doer, u *User, opts CreateRepoOptions) (_ *Repository, err error) {
-	if !u.CanCreateRepo() {
+	if !doer.IsAdmin && !u.CanCreateRepo() {
 		return nil, ErrReachLimitOfRepo{u.MaxRepoCreation}
 	}
 
@@ -1948,7 +1954,7 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 func GetRepositoryByOwnerAndName(ownerName, repoName string) (*Repository, error) {
 	var repo Repository
 	has, err := x.Select("repository.*").
-		Join("INNER", "user", "`user`.id = repository.owner_id").
+		Join("INNER", "`user`", "`user`.id = repository.owner_id").
 		Where("repository.lower_name = ?", strings.ToLower(repoName)).
 		And("`user`.lower_name = ?", strings.ToLower(ownerName)).
 		Get(&repo)

models/repo_watch.go

@@ -54,7 +54,7 @@ func getWatchers(e Engine, repoID int64) ([]*Watch, error) {
 	return watches, e.Where("`watch`.repo_id=?", repoID).
 		And("`user`.is_active=?", true).
 		And("`user`.prohibit_login=?", false).
-		Join("INNER", "user", "`user`.id = `watch`.user_id").
+		Join("INNER", "`user`", "`user`.id = `watch`.user_id").
 		Find(&watches)
 }
 

models/user.go

@@ -374,9 +374,9 @@ func (u *User) GetFollowers(page int) ([]*User, error) {
 		Limit(ItemsPerPage, (page-1)*ItemsPerPage).
 		Where("follow.follow_id=?", u.ID)
 	if setting.UsePostgreSQL {
-		sess = sess.Join("LEFT", "follow", `"user".id=follow.user_id`)
+		sess = sess.Join("LEFT", "follow", "`user`.id=follow.user_id")
 	} else {
-		sess = sess.Join("LEFT", "follow", "user.id=follow.user_id")
+		sess = sess.Join("LEFT", "follow", "`user`.id=follow.user_id")
 	}
 	return users, sess.Find(&users)
 }
@@ -393,9 +393,9 @@ func (u *User) GetFollowing(page int) ([]*User, error) {
 		Limit(ItemsPerPage, (page-1)*ItemsPerPage).
 		Where("follow.user_id=?", u.ID)
 	if setting.UsePostgreSQL {
-		sess = sess.Join("LEFT", "follow", `"user".id=follow.follow_id`)
+		sess = sess.Join("LEFT", "follow", "`user`.id=follow.follow_id")
 	} else {
-		sess = sess.Join("LEFT", "follow", "user.id=follow.follow_id")
+		sess = sess.Join("LEFT", "follow", "`user`.id=follow.follow_id")
 	}
 	return users, sess.Find(&users)
 }
@@ -956,7 +956,7 @@ func deleteUser(e *xorm.Session, u *User) error {
 		Where("watch.user_id = ?", u.ID).Find(&watchedRepoIDs); err != nil {
 		return fmt.Errorf("get all watches: %v", err)
 	}
-	if _, err = e.Decr("num_watches").In("id", watchedRepoIDs).Update(new(Repository)); err != nil {
+	if _, err = e.Decr("num_watches").In("id", watchedRepoIDs).NoAutoTime().Update(new(Repository)); err != nil {
 		return fmt.Errorf("decrease repository num_watches: %v", err)
 	}
 	// ***** END: Watch *****
@@ -966,7 +966,7 @@ func deleteUser(e *xorm.Session, u *User) error {
 	if err = e.Table("star").Cols("star.repo_id").
 		Where("star.uid = ?", u.ID).Find(&starredRepoIDs); err != nil {
 		return fmt.Errorf("get all stars: %v", err)
-	} else if _, err = e.Decr("num_stars").In("id", starredRepoIDs).Update(new(Repository)); err != nil {
+	} else if _, err = e.Decr("num_stars").In("id", starredRepoIDs).NoAutoTime().Update(new(Repository)); err != nil {
 		return fmt.Errorf("decrease repository num_stars: %v", err)
 	}
 	// ***** END: Star *****

modules/context/repo.go

@@ -85,9 +85,9 @@ func (r *Repository) CanCreateBranch() bool {
 }
 
 // CanCommitToBranch returns true if repository is editable and user has proper access level
-//   and branch is not protected
+//   and branch is not protected for push
 func (r *Repository) CanCommitToBranch(doer *models.User) (bool, error) {
-	protectedBranch, err := r.Repository.IsProtectedBranch(r.BranchName, doer)
+	protectedBranch, err := r.Repository.IsProtectedBranchForPush(r.BranchName, doer)
 	if err != nil {
 		return false, err
 	}

modules/lfs/server.go

@@ -85,9 +85,12 @@ type link struct {
 
 var oidRegExp = regexp.MustCompile(`^[A-Fa-f0-9]+$`)
 
+func isOidValid(oid string) bool {
+	return oidRegExp.MatchString(oid)
+}
+
 // ObjectOidHandler is the main request routing entry point into LFS server functions
 func ObjectOidHandler(ctx *context.Context) {
-
 	if !setting.LFS.StartServer {
 		writeStatus(ctx, 404)
 		return
@@ -110,6 +113,11 @@ func ObjectOidHandler(ctx *context.Context) {
 }
 
 func getAuthenticatedRepoAndMeta(ctx *context.Context, rv *RequestVars, requireWrite bool) (*models.LFSMetaObject, *models.Repository) {
+	if !isOidValid(rv.Oid) {
+		writeStatus(ctx, 404)
+		return nil, nil
+	}
+
 	repository, err := models.GetRepositoryByOwnerAndName(rv.User, rv.Repo)
 	if err != nil {
 		log.Debug("Could not find repository: %s/%s - %s", rv.User, rv.Repo, err)
@@ -222,7 +230,7 @@ func PostHandler(ctx *context.Context) {
 		return
 	}
 
-	if !oidRegExp.MatchString(rv.Oid) {
+	if !isOidValid(rv.Oid) {
 		writeStatus(ctx, 404)
 		return
 	}
@@ -249,7 +257,6 @@ func PostHandler(ctx *context.Context) {
 
 // BatchHandler provides the batch api
 func BatchHandler(ctx *context.Context) {
-
 	if !setting.LFS.StartServer {
 		writeStatus(ctx, 404)
 		return
@@ -266,6 +273,10 @@ func BatchHandler(ctx *context.Context) {
 
 	// Create a response object
 	for _, object := range bv.Objects {
+		if !isOidValid(object.Oid) {
+			continue
+		}
+
 		repository, err := models.GetRepositoryByOwnerAndName(object.User, object.Repo)
 
 		if err != nil {
@@ -292,12 +303,10 @@ func BatchHandler(ctx *context.Context) {
 			continue
 		}
 
-		if oidRegExp.MatchString(object.Oid) {
-			// Object is not found
-			meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
-			if err == nil {
-				responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
-			}
+		// Object is not found
+		meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
+		if err == nil {
+			responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
 		}
 	}
 

modules/markup/markdown/markdown.go

@@ -101,7 +101,7 @@ var (
 func (r *Renderer) Image(out *bytes.Buffer, link []byte, title []byte, alt []byte) {
 	prefix := r.URLPrefix
 	if r.IsWiki {
-		prefix = util.URLJoin(prefix, "wiki", "src")
+		prefix = util.URLJoin(prefix, "wiki", "raw")
 	}
 	prefix = strings.Replace(prefix, "/src/", "/raw/", 1)
 	if len(link) > 0 {

routers/api/v1/org/member.go

@@ -133,7 +133,7 @@ func IsMember(ctx *context.APIContext) {
 			ctx.Error(500, "IsOrgMember", err)
 			return
 		} else if userIsMember {
-			userToCheckIsMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
+			userToCheckIsMember, err := ctx.Org.Organization.IsOrgMember(userToCheck.ID)
 			if err != nil {
 				ctx.Error(500, "IsOrgMember", err)
 			} else if userToCheckIsMember {

routers/api/v1/repo/repo.go

@@ -306,16 +306,23 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
 		return
 	}
 
-	if ctxUser.IsOrganization() && !ctx.User.IsAdmin {
-		// Check ownership of organization.
-		isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
-		if err != nil {
-			ctx.Error(500, "IsOwnedBy", err)
-			return
-		} else if !isOwner {
-			ctx.Error(403, "", "Given user is not owner of organization.")
+	if !ctx.User.IsAdmin {
+		if !ctxUser.IsOrganization() && ctx.User.ID != ctxUser.ID {
+			ctx.Error(403, "", "Given user is not an organization.")
 			return
 		}
+
+		if ctxUser.IsOrganization() {
+			// Check ownership of organization.
+			isOwner, err := ctxUser.IsOwnedBy(ctx.User.ID)
+			if err != nil {
+				ctx.Error(500, "IsOwnedBy", err)
+				return
+			} else if !isOwner {
+				ctx.Error(403, "", "Given user is not owner of organization.")
+				return
+			}
+		}
 	}
 
 	remoteAddr, err := form.ParseRemoteAddr(ctx.User)

routers/user/auth.go

@@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -319,7 +320,7 @@ func TwoFactorScratchPost(ctx *context.Context, form auth.TwoFactorScratchAuthFo
 
 		handleSignInFull(ctx, u, remember, false)
 		ctx.Flash.Info(ctx.Tr("auth.twofa_scratch_used"))
-		ctx.Redirect(setting.AppSubURL + "/user/settings/two_factor")
+		ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		return
 	}
 

routers/user/setting/profile.go

@@ -119,7 +119,7 @@ func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm, ctxUser *mo
 		ctxUser.AvatarEmail = form.Gravatar
 	}
 
-	if form.Avatar.Filename != "" {
+	if form.Avatar != nil && form.Avatar.Filename != "" {
 		fr, err := form.Avatar.Open()
 		if err != nil {
 			return fmt.Errorf("Avatar.Open: %v", err)

templates/repo/branch/list.tmpl

@@ -72,7 +72,7 @@
 		{{.i18n.Tr "repo.branch.delete_html"}} <span class="branch-name"></span>
 	</div>
 	<div class="content">
-		<p>{{.i18n.Tr "repo.branch.delete_desc"}}</p>
+		<p>{{.i18n.Tr "repo.branch.delete_desc" | Str2html}}</p>
 	</div>
 	{{template "base/delete_modal_actions" .}}
 </div>

templates/repo/issue/view_content.tmpl

@@ -137,7 +137,7 @@
 		{{.i18n.Tr "repo.branch.delete" .HeadTarget }}
 	</div>
 	<div class="content">
-		<p>{{.i18n.Tr "repo.branch.delete_desc"}}</p>
+		<p>{{.i18n.Tr "repo.branch.delete_desc" | Str2html}}</p>
 	</div>
 	{{template "base/delete_modal_actions" .}}
 </div>

templates/status/404.tmpl

@@ -4,6 +4,5 @@
 	<div class="ui divider"></div>
 	<br>
 	{{if .ShowFooterVersion}}<p>Application Version: {{AppVer}}</p>{{end}}
-	<p>If you think this is an error, please open an issue on <a href="https://github.com/go-gitea/gitea/issues/new">GitHub</a>.</p>
 </div>
 {{template "base/footer" .}}

vendor/github.com/go-xorm/builder/builder.go

@@ -4,6 +4,10 @@
 
 package builder
 
+import (
+	"fmt"
+)
+
 type optype byte
 
 const (
@@ -29,6 +33,9 @@ type Builder struct {
 	joins     []join
 	inserts   Eq
 	updates   []Eq
+	orderBy   string
+	groupBy   string
+	having    string
 }
 
 // Select creates a select Builder
@@ -67,6 +74,11 @@ func (b *Builder) From(tableName string) *Builder {
 	return b
 }
 
+// TableName returns the table name
+func (b *Builder) TableName() string {
+	return b.tableName
+}
+
 // Into sets insert table name
 func (b *Builder) Into(tableName string) *Builder {
 	b.tableName = tableName
@@ -178,6 +190,33 @@ func (b *Builder) ToSQL() (string, []interface{}, error) {
 	return w.writer.String(), w.args, nil
 }
 
+// ConvertPlaceholder replaces ? to $1, $2 ... or :1, :2 ... according prefix
+func ConvertPlaceholder(sql, prefix string) (string, error) {
+	buf := StringBuilder{}
+	var j, start = 0, 0
+	for i := 0; i < len(sql); i++ {
+		if sql[i] == '?' {
+			_, err := buf.WriteString(sql[start:i])
+			if err != nil {
+				return "", err
+			}
+			start = i + 1
+
+			_, err = buf.WriteString(prefix)
+			if err != nil {
+				return "", err
+			}
+
+			j = j + 1
+			_, err = buf.WriteString(fmt.Sprintf("%d", j))
+			if err != nil {
+				return "", err
+			}
+		}
+	}
+	return buf.String(), nil
+}
+
 // ToSQL convert a builder or condtions to SQL and args
 func ToSQL(cond interface{}) (string, []interface{}, error) {
 	switch cond.(type) {

vendor/github.com/go-xorm/builder/builder_insert.go

@@ -15,7 +15,7 @@ func (b *Builder) insertWriteTo(w Writer) error {
 		return errors.New("no table indicated")
 	}
 	if len(b.inserts) <= 0 {
-		return errors.New("no column to be update")
+		return errors.New("no column to be insert")
 	}
 
 	if _, err := fmt.Fprintf(w, "INSERT INTO %s (", b.tableName); err != nil {
@@ -26,7 +26,9 @@ func (b *Builder) insertWriteTo(w Writer) error {
 	var bs []byte
 	var valBuffer = bytes.NewBuffer(bs)
 	var i = 0
-	for col, value := range b.inserts {
+
+	for _, col := range b.inserts.sortedKeys() {
+		value := b.inserts[col]
 		fmt.Fprint(w, col)
 		if e, ok := value.(expr); ok {
 			fmt.Fprint(valBuffer, e.sql)

vendor/github.com/go-xorm/builder/builder_select.go

@@ -34,24 +34,65 @@ func (b *Builder) selectWriteTo(w Writer) error {
 		}
 	}
 
-	if _, err := fmt.Fprintf(w, " FROM %s", b.tableName); err != nil {
+	if _, err := fmt.Fprint(w, " FROM ", b.tableName); err != nil {
 		return err
 	}
 
 	for _, v := range b.joins {
-		fmt.Fprintf(w, " %s JOIN %s ON ", v.joinType, v.joinTable)
+		if _, err := fmt.Fprintf(w, " %s JOIN %s ON ", v.joinType, v.joinTable); err != nil {
+			return err
+		}
+
 		if err := v.joinCond.WriteTo(w); err != nil {
 			return err
 		}
 	}
 
-	if !b.cond.IsValid() {
-		return nil
+	if b.cond.IsValid() {
+		if _, err := fmt.Fprint(w, " WHERE "); err != nil {
+			return err
+		}
+
+		if err := b.cond.WriteTo(w); err != nil {
+			return err
+		}
 	}
 
-	if _, err := fmt.Fprint(w, " WHERE "); err != nil {
-		return err
+	if len(b.groupBy) > 0 {
+		if _, err := fmt.Fprint(w, " GROUP BY ", b.groupBy); err != nil {
+			return err
+		}
 	}
 
-	return b.cond.WriteTo(w)
+	if len(b.having) > 0 {
+		if _, err := fmt.Fprint(w, " HAVING ", b.having); err != nil {
+			return err
+		}
+	}
+
+	if len(b.orderBy) > 0 {
+		if _, err := fmt.Fprint(w, " ORDER BY ", b.orderBy); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// OrderBy orderBy SQL
+func (b *Builder) OrderBy(orderBy string) *Builder {
+	b.orderBy = orderBy
+	return b
+}
+
+// GroupBy groupby SQL
+func (b *Builder) GroupBy(groupby string) *Builder {
+	b.groupBy = groupby
+	return b
+}
+
+// Having having SQL
+func (b *Builder) Having(having string) *Builder {
+	b.having = having
+	return b
 }

vendor/github.com/go-xorm/builder/cond.go

@@ -5,7 +5,6 @@
 package builder
 
 import (
-	"bytes"
 	"io"
 )
 
@@ -19,15 +18,15 @@ var _ Writer = NewWriter()
 
 // BytesWriter implments Writer and save SQL in bytes.Buffer
 type BytesWriter struct {
-	writer *bytes.Buffer
-	buffer []byte
+	writer *StringBuilder
 	args   []interface{}
 }
 
 // NewWriter creates a new string writer
 func NewWriter() *BytesWriter {
-	w := &BytesWriter{}
-	w.writer = bytes.NewBuffer(w.buffer)
+	w := &BytesWriter{
+		writer: &StringBuilder{},
+	}
 	return w
 }