Commit Graph

1270 Commits

Author SHA1 Message Date
Unknwon 3a30c06345 Fix wiki vulnerabilities
- Arbitrary file creation leading to command execution
- .md file creation/deletion

Reported by Gabriel Campana.
2016-07-01 15:33:35 +08:00
Andrey Nering 743d22669a Re-work MAX_DIFF_LINES: supress diff per file, not the whole diff (#3174) 2016-06-29 23:11:00 +08:00
Andrey Nering 6efb1e5626 Localize collaboration settings. (#3100)
Closes #2764
2016-06-28 00:22:30 +08:00
Sandro Santilli 8a248696e9 Use a gopher as default avatar (rather than the gravatar logo) (#3208)
Also changes the avatar from a jpeg to a png, to allow for
transparent background. The indexed png is also smaller in size.

Note that at the moment the default avatar is only used when
the user requested a custom avatar and the custom avatar file
is not found (should never happen).

In the future the default avatar could be used as a default
return when by-mail avatar lookups fail too (both gravatar
and libravatar support passing a default)
2016-06-27 18:12:30 +08:00
Franz Schmidt 8b35c194ec Fixes #3110 (#3136) 2016-06-27 17:02:39 +08:00
Robin Lambertz ac05f88641 Fix #3154 (#3155) 2016-06-27 16:58:53 +08:00
SjonHortensius 17a4d8a5e5 Fix capitalisation of repo-name in news (#3203)
use 'official' repo.Name instead of incoming repoName; to enforce
correct capitalisation
2016-06-27 16:10:12 +08:00
Robin Lambertz bc00da1721 Fix negative issue count (#3207) 2016-06-27 01:53:30 +08:00
Unknwon e9ae926e04 #809 fix wrong closed issue count when create closed issue via API
Add start count corrector for Repository.NumClosedIssues
2016-05-27 18:23:39 -07:00
Andrey Nering 12d30255a7 Add comment note (#3093) 2016-05-23 13:24:40 -07:00
Kim Carlbäcker 3c0c7a9f83 Fix listing team members (#3048) 2016-05-06 20:02:36 -04:00
Andrey Nering d8612f7704 Fix remove folder issues, including initialization failling. (#2969)
- Prevent panic on creating notice if database is not available
- Prevent incorrect folder on Windows ("/" instead of "\")
2016-05-06 15:48:18 -04:00
Unknwon 0a78d99a4d models/release: filter input to prevent command line argument vulnerability 2016-05-06 15:40:41 -04:00
Unknwon 0325bec283 #2895 minor fix for bug of xorm 2016-04-26 00:22:03 -04:00
Thomas Boerger dfad51fe9e Made the issue stats query more secure with parameterized placeholders (#2895) 2016-04-26 00:07:49 -04:00
Unknwon 78b8b63774 #2992 set default style name when empty in AfterSet 2016-04-22 18:36:05 -04:00
Cosmin Stroe ba314a7a36 Support alphanumeric issue style (ABC-1234) for external issue tracker (#2992) 2016-04-22 18:28:08 -04:00
Unknwon 762ab056a2 Fix XORM IN condition table name parse 2016-03-27 18:21:37 -04:00
Thomas Boerger 746c7fd4e7 Followup fix for previous query fix 2016-03-28 00:05:49 +02:00
Thomas Boerger b5948f2e71 Made the issues query more secure and simpler 2016-03-27 23:26:45 +02:00
Thomas Boerger 79a1bfd963 Try to make the SQL queries cleaner and more secure 2016-03-27 22:59:57 +02:00
Unknwon b1d41cfa60 #1692 add admin APIs to add/remove a user from teams 2016-03-25 18:04:02 -04:00
Unknwon 98b58fa050 Handle windows deletion when start
Fix #2872
2016-03-23 03:16:53 -04:00
Unknwon e6f927f61a #1692 api: admin list and create team under organization 2016-03-21 12:47:54 -04:00
Unknwon ff731ea07d #2814 LOWER() column value within search 2016-03-16 16:55:19 -04:00
Odin Ugedal 6ccb2d36cf Remove email from user search 2016-03-15 19:44:58 +01:00
Odin Ugedal 3253e3c5aa Make user search look in username, name and email
Make user search function look in username (lower_name), full name
(full_name) and primary email (email). This will benefit searching after
user in "explore", admin panel and when adding new collaborators.
2016-03-15 14:16:58 +01:00
Unknwon 9bd9ad4205 #1692 add CRUD issue APIs
- Fix go-gogs-client#10
- Related to #809
2016-03-13 23:20:22 -04:00
Unknwon f76d821bda fix #2804 2016-03-11 17:12:37 -05:00
Unknwon 263304b6b7 #13 fix postgres aggregate 2016-03-11 16:11:33 -05:00
Unknwon 2bf8494332 #13 finish user and repository search
Both are possible on explore and admin panel
2016-03-11 15:33:12 -05:00
Marin Jankovski 1314ba219e Updated and created were appended with _unix. Fresh databases have only the newly named fields. 2016-03-11 12:43:35 +01:00
Unknwon 5267dce210 Fix ref comment from commit create empty feed 2016-03-11 05:11:58 -05:00
Unknwon eed9966ad6 #2727 fix incompatible SQL in PostgreSQL 2016-03-09 23:18:39 -05:00
Unknwon ad513a20e9 #2302 Replace time.Time with Unix Timestamp (int64) 2016-03-09 19:53:30 -05:00
Unknwon 13bd16af92 Minor fixes for #2766 2016-03-06 13:24:42 -05:00
Tamás Molnár 9c91e27933 Added: Ability to delete org avatar. 2016-03-06 17:36:30 +01:00
Unknwon a5b0400be7 #1146 finish new access rights for collaborators 2016-03-05 20:45:23 -05:00
Unknwon 045f14fbd0 #1146 finsih UI work for access mode of collaborators
Collaborators have write access as default, and can be changed via repository
collaboration settings page to change between read, write and admin.
2016-03-05 18:08:42 -05:00
Unknwon 414eb22ef9 #1597 fix activitity feeds for pull requests 2016-03-05 12:58:51 -05:00
Unknwon a2f13eae55 #1157 some avatar setting changes
- Allow to delete current avatar
2016-03-05 00:51:51 -05:00
Unknwon 2a931937a8 Update locales 2016-03-04 18:51:18 -05:00
Unknwon dfd6f8f7ab Merge pull request #2757 from joshfng/fix-fork-relative-url
Use relative url when showing forked from
2016-03-04 18:37:42 -05:00
Josh Frye 275464e7fb Use relative url when showing forked from 2016-03-04 18:32:30 -05:00
Unknwon e2d370f0da #1597 fix pull request remote head can't update with force push 2016-03-04 16:53:03 -05:00
Unknwon 5335e671be #2743 more fixes on SQL errors 2016-03-04 16:00:00 -05:00
Unknwon 2d2d85bba4 #1597 support pull requests in same repository 2016-03-04 15:43:01 -05:00
Unknwon 9df6ce48c5 Minor fixes for #2746 2016-03-04 13:32:17 -05:00
Unknwon 4d5911dbcf Merge pull request #2746 from joshfng/feature-delete-wiki-pages
Add ability to delete single wiki pages.
2016-03-04 13:14:37 -05:00
Unknwon d57a2b908a #2743 and #2751 fix bad SQL generated by XORM
Use hand-written SQL to do complex query
2016-03-04 13:08:47 -05:00
Josh Frye 1ca171dbe9 Add ability to delete single wiki pages. 2016-03-04 09:26:52 -05:00
Unknwon 260723e2cc Minor fixes for #2745 2016-03-03 23:24:22 -05:00
Josh Frye f3358f5927 Repo setting to delete and disable wiki 2016-03-03 16:12:48 -05:00
Josh Frye 7f2733fa1b Return errors instead of just logging them. 2016-03-03 12:43:23 -05:00
Josh Frye edb7967dc7 Set DefaultBranch to master when importing a new repo if possible 2016-03-03 12:23:45 -05:00
Unknwon c9901bbba5 #2743 workaround to fix XORM problem 2016-03-03 10:57:27 -05:00
Unknwon 97429a25ab #2727 make IN clause compatible with Postgres 2016-03-01 14:39:28 -05:00
Unknwon 9e89584cb4 Allow setting git operations timeouts
- Migrate: #2704 #2653
- Clone: #2701
- Mirror, Pull
2016-02-29 19:29:49 -05:00
Unknwon ea80274229 #2700 fix sqlite3 can't create issue with more than one label 2016-02-29 18:45:12 -05:00
Unknwon 8055a0bdac Post work for #2637
Improve test cases, config settings, also show SSH config settings on admin config panel.
2016-02-27 20:48:39 -05:00
Unknwon 83c74878df Merge pull request #2637 from Gibheer/ssh-publickeys
allow native and ssh-keygen public key check
2016-02-27 18:55:14 -05:00
Unknwon d320915ad2 Minor fix for #2710 2016-02-27 11:31:24 -05:00
Lukas Dietrich c0eaae200e Add ForegroundColor for labels 2016-02-27 13:59:11 +01:00
Unknwon 129638117f #2697 fix panic when close issue via commit message 2016-02-25 14:17:55 -05:00
Gibheer 2f27ee2232 variable should not use ALL_CAPS 2016-02-23 15:39:05 +01:00
Unknwon 912f7b51e9 #1821 add actions for close and reopen issues 2016-02-22 12:40:00 -05:00
Andrey Nering d160c7e565 Little refactoring of diff highlight.
Moving cache variable to template instead of in the struct.
2016-02-21 18:45:24 -03:00
Unknwon ac78bae7b5 Replace uuid module with original package 2016-02-20 18:13:12 -05:00
Unknwon d5a3021a7d Make markdown as an independent module 2016-02-20 17:10:05 -05:00
Unknwon d8a994ef24 Move cron module to independent package
Make it easier to keep track of upstream changes and bug fixes
2016-02-20 15:58:09 -05:00
Unknwon acf094fb07 Minor fix for #2634
Add AttributesInBind option in new auth source form.
2016-02-20 14:56:27 -05:00
Unknwon b7f3d94cd0 Minor fix for #2524 2016-02-19 22:16:26 -05:00
Unknwon f6c98465c7 Merge pull request #2524 from mhartkorn/pullrefs
Enable a way to checkout Pull Requests from remote refs
2016-02-19 22:00:25 -05:00
Unknwon aa12135b97 Fix panic when view profile without signin
Also fix that no matter who, still able to see organizations with private membership.
2016-02-19 18:10:03 -05:00
Unknwon 2408df3f35 Merge pull request #2663 from Download-Fritz/MirrorForks
#2505 Allow to fork and disallow to create PRs for mirrors.
2016-02-19 15:04:50 -05:00
Download-Fritz a467184e13 #2505 Allow to fork and disallow to create PRs for mirrors. 2016-02-19 20:33:06 +01:00
Unknwon 338af89d56 #2650 fix possbility that use email as pusher user name
Remove the possibility of using email as user name when user actually push
through combination of email and password with HTTP.

Also refactor update action function to replcae tons of arguments with
single PushUpdateOptions struct.
And define the user who pushes code as pusher, therefore variable names shouldn't
be confusing any more.
2016-02-17 22:47:06 -05:00
Gibheer dab74f21b7 remove ed25519 test for now
TravisCI is too old for ed25519, so it can't be tested correctly.
2016-02-17 11:30:48 +01:00
Gibheer 9eef2e706c fix ssh public key tests
The old API was using []byte, but was changed to string without running
the tests again.
It also sets the variables from the configuration to make them work.
Maybe there is a better way to do this.
2016-02-17 09:33:41 +01:00
Gibheer 12403bdfb0 allow native and ssh-keygen public key check
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.

This commit also brings back the blacklist feature, which was removed in
7ef9a05588. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.

Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.
2016-02-16 23:01:56 +01:00
Lunny Xiao 779b71eda4 fix dependency broken because xorm's API changed 2016-02-16 22:35:08 +08:00
Unknwon 2765b5c7cf #2630 fix wrong user avatar link in webhook
Was using the wrong method and now uses the method which checks if
the avatar link is relative or not.
2016-02-15 15:18:53 -05:00
Unknwon 632c27802c Minor fix for #2624 2016-02-15 14:57:15 -05:00
Unknwon dc89c51f3e Merge pull request #2624 from mhartkorn/convert-mirror-to-repo
Convert mirrors to regular repositories
2016-02-15 14:26:21 -05:00
Martin Hartkorn bb595666ac Moved UpdateRepository() to CleanUpMigrateInfo() and correctly delete mirror from database 2016-02-15 14:59:24 +01:00
Unknwon 58e004f7da Remove cache avatar support and add its tests 2016-02-14 23:14:55 -05:00
Unknwon fd92d91da3 Minor fix for #2578 2016-02-14 20:36:03 -05:00
Unknwon d8631b616e Merge pull request #2578 from exmex/develop
Admins and user itself sees private org relations on profile
2016-02-14 20:34:53 -05:00
Unknwon a1d97e8f5c Minor fix for #2567 2016-02-14 20:07:42 -05:00
Unknwon daa43cfb6e Merge pull request #2567 from fnkr/hide-other-teams-activity-from-dashboard
Only show activities and repositories on the dashboard, that the user has access to
2016-02-14 19:57:49 -05:00
Unknwon 9adfe453d5 #2569 delete repo local copy when transfer
Remote repository path is renamed but does not delete
outdated local copy which still has old repository path
as remote.
2016-02-14 19:42:38 -05:00
Martin Hartkorn 15d37b7a95 Refactored according to suggestions 2016-02-14 22:40:39 +01:00
Martin Hartkorn 3650bd8528 Convert mirrors to regular repositories. 2016-02-14 21:12:00 +01:00
Josh Frye 8662990746 Add default branch to repo payload 2016-02-12 11:04:46 -05:00
Josh Frye ce3708b3ea Remove local wiki copy on repo transfer. Fixes #2558 2016-02-11 19:26:51 -05:00
Unknwon 59745c62b4 #1577 fix missing SQL query placeholder 2016-02-10 17:30:24 -05:00
Unknwon 297e772c20 #2485 fix payloads mixed up for webhook
When repository contains a Slack type hook,
it changes original payload content.

This patch fixes it by using a local object to store
newly created Slack payload instead of assigning
back to the same variable.
2016-02-10 15:21:39 -05:00
Unknwon f15a2f9b25 Merge pull request #2528 from andreynering/diff-sintax-highlight-733
Enable syntax highlighting on diff view
2016-02-07 11:49:11 -05:00
Andrey Nering d37cf09ccd Workaroud delete folder on Windows. Fix #1738 2016-02-07 13:39:32 -02:00
ExMex 2cfe6f8c60 Admins and user itself sees private org relations on profile 2016-02-07 10:20:58 +01:00
Florian Kaiser 45db167f7a Only show activities for repositories on dashboard, that the user has access to 2016-02-06 07:52:21 +00:00
Tobias Kunicke fa5a1cb54f regulate timezone for milestone.deadline 2016-02-06 00:08:02 +01:00
Unknwon f8182ac521 #2558 delete local wiki copy when rename repo and user 2016-02-05 14:11:53 -05:00
Andrey Nering 2bfb8bb5fd Enable sintax highlighting on diff view. Close #733 2016-02-04 18:21:47 -02:00
Andrey Nering 137a49e834 go fmt models/git_diff_test.go 2016-02-04 17:55:17 -02:00
Martin Hartkorn a3bdede2ce Removed unused method GetUnmergedPullRequestByRepoPathAndHeadBranch 2016-02-04 19:15:21 +01:00
Unknwon ddf9fa06c7 Minor fix for #2530 2016-02-04 13:03:34 -05:00
Martin Hartkorn d91004ee71 Removed dependency on post-receive hook and use TriggerTask instead 2016-02-04 19:00:42 +01:00
Unknwon 739d5aa1d3 Merge pull request #2530 from fnkr/hide-other-teams-repos-from-org-page
Hide other teams & repos from organization page
2016-02-04 12:52:11 -05:00
Unknwon 04be8c0de5 #2554 reinitialize all repos from the db
- Update locales
2016-02-04 12:51:00 -05:00
Florian Kaiser fb1708e1af Remove unnecessary private functions 2016-02-04 17:08:25 +00:00
Unknwon a47baa1b7a Add missing patch conflit pattern 2016-02-03 12:28:03 -05:00
Unknwon 995487e822 Minor fix for #2506 2016-02-02 17:07:40 -05:00
Unknwon 5e97693e0e Merge pull request #2506 from sapk/add-branche-api-support
Implement API for branches listing
2016-02-02 16:51:14 -05:00
Unknwon 5a27aea8e0 Fix random avatar does not work on Windows
path.Dir can't handle Windows case, must use filepath.Dir
2016-02-02 10:22:27 -05:00
Unknwon 32efc3ec0a Merge pull request #2540 from JohnMaguire/bugfix/2447-delete-public-key-authorized_keys
Fixes #2447 (delete public key from authorized_keys)
2016-02-01 16:32:30 -05:00
John Maguire b3e0efc0c3 Trim whitespace when adding SSH keys (fixes #2447) 2016-01-31 22:02:36 -05:00
John Maguire caa4ca46c0 Add debug log when SSH key for deletion isn't found 2016-01-31 22:02:23 -05:00
Florian Kaiser 90780a0d90 Use invalid value (-1) instead of 0 to prevent bug if auto increment starts with 0 2016-01-31 19:17:58 +00:00
Florian Kaiser bba1847a8e Everyone can see public repos 2016-01-31 18:37:50 +00:00
Florian Kaiser e35791b2b2 Only show teams the user has access to 2016-01-31 15:30:07 +00:00
Florian Kaiser 5eafe2b17e Only show repositories the user has access to, on the organization home 2016-01-31 15:29:45 +00:00
Martin Hartkorn 20403f75fb Enable a way to checkout Pull Requests from remote refs 2016-01-30 23:56:38 +01:00
Florian Kaiser 295de51b99 Show all orgs on user profile, except the private one's 2016-01-30 21:53:58 +00:00
Unknwon 112a7cab31 #2497 incorrect error handle for team name 2016-01-29 17:06:14 -05:00
Antoine GIRARD b7b30cd85e Corrections following recommendations 2016-01-28 20:51:19 +01:00
Antoine GIRARD c11c3b6c11 Near ready 2016-01-28 20:51:19 +01:00
Unknwon e2dde6eb0a Record error when fail to health check repository 2016-01-28 06:46:25 -05:00
Unknwon 4deb876343 Minor fix for #2494
- Change tooltip size from mini to tiny in profile page
2016-01-28 06:07:16 -05:00
Unknwon 0617720c0c Merge pull request #2494 from mhartkorn/pullreq-name-change
Change user name in Pull Requests to avoid errors (fixes #2495)
2016-01-28 05:58:37 -05:00
Martin Hartkorn 674c5c37be Change user name in Pull Requests 2016-01-27 22:45:03 +01:00
Andrey Nering 5deb726f3f Refactoring of inline diff computing to prevent empty diff box. Fix #2489 2016-01-27 18:54:08 -02:00
Kim "BKC" Carlbäcker edc414c584 Fixed Webhook URL-length Issue #2465 2016-01-27 01:40:35 +01:00
Unknwon 7ef9a05588 #2179 use Go sub-repo ssh to verify public key content 2016-01-15 18:39:51 +08:00
Unknwon c631a4a9b9 URL fix for #2287 2016-01-15 18:00:39 +08:00
Antoine GIRARD 688fc515f8 Fix username display in lower-cased for comment in Dashboard 2016-01-12 21:30:14 +01:00
Unknwon f43cc90841 #2287 Truncate repository name if too long 2016-01-11 20:41:43 +08:00
Unknwon c199703e2a #2349 fix convert type 2016-01-11 15:47:23 +08:00
Unknwon 91bab801aa #2349 try to handle []int8 case 2016-01-11 14:34:32 +08:00
Andrey Nering 9620f48ed0 Fix test case after 86bce4a2ae. 2016-01-09 17:05:21 -02:00
Unknwon 8a93113192 roll back a small change 2016-01-09 15:04:28 +08:00
Unknwon 86bce4a2ae minor fix to #2335 2016-01-09 14:51:17 +08:00
Unknwon bcf6aed452 Merge pull request #2335 from andreynering/highlight-diff
Highlight diff
2016-01-09 13:39:18 +08:00
Andrey Nering 697b0e2aba Fix: now highlights in diff view are getting the correct lines. 2016-01-08 16:33:27 -02:00
Andrey Nering bf11ad19ea Semantic fixes. 2016-01-07 11:27:35 -02:00
Andrey Nering 81ed5c4bee Declaring specific types for enums constants.
This makes the code more strict since you can't assign or compare
values of different types without proper cast.
2016-01-06 18:00:40 -02:00
Andrey Nering 73474c043b Highlighting differences of lines in the diff view. 2016-01-06 17:46:56 -02:00
zhuharev 0d5dc8a064 typo fix 2016-01-06 22:41:42 +03:00
Unknwon 4993ab1a76 #2185 fall back to use custom chardet lib 2015-12-31 22:13:47 -05:00
Unknwon 240fe07287 #2273 URL consistency on webhook payload 2015-12-25 07:11:58 -05:00