- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.
(cherry picked from commit fe2df46d05)
Conflicts:
templates/repo/issue/view_content/comments.tmpl
trivial context conflict
- On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. That whole string is not being sanitized (passed
trough `Safe` in the templates), because the last edited bit is
formatted as an HTML element and thus shouldn't be sanitized. The
problem with this is that now `.Author.Name` is not being sanitized.
- This can be exploited, the names of authors and commiters on a Git
commit is user controlled, they can be any value and thus also include
HTML. It's not easy to actually exploit this, as you cannot use the
official git binary to do use, as they actually strip `<` and `>` from
user names (trivia: this behaviour was introduced in the initial commit
of Git). In the integration testing, go-git actually has to generate
this commit as they don't have such restrictions.
- Pass `.Author.Name` trough `Escape` in order to be sanitized.
(cherry picked from commit d24c37e132)
Conflicts:
templates/repo/wiki/revision.tmpl
templates/repo/wiki/view.tmpl
trivial context conflict
Backport #26785 by @CaiCandong
## Description
Sometimes, we need to use an upstream mirror repository to update the
current development repository, but mirror repositories are prohibited
from PR. It should not appear in `merge to,` but it can appear in `pull
from.`
Fix#24585#26193#26781
Related #24183
Many thanks to @apnote for assisting me in reproducing this bug!
## ScreenShot
---
### Before
<img
src="3d76c376-1f54-45b9-80c9-6ba8319d6a9a"
width="400px">
<img
src="fbfd9f7f-421f-4a2e-9a3e-f2958bbf3312"
width="400px">
### After
<img
src="e6984524-4f61-4310-b795-4d8598bd8963"
width="400px">
<img
src="04065b44-78d7-4721-bf31-0f1674150727"
width="400px">
Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 3bab20491e60a5bbcc64bef42394dcf427d74308)
Backport #26719 by @silverwind
Fix hash fragment in this link
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 2f6c0e65966fd75ea066c266a0f7d3724634ad63)
Backport #26698 by @wxiaoguang
Regression of #23092, the `{{$field := .}}` was missing during that
refactoring.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 4af872178ebd53ac391939908afa7d95ac311b65)
Backport #26352
Now, you don't need to be a git expert anymore to know what these numbers mean.
## Before
## After
or when the mode actually changed:
(cherry picked from commit 39cbca0f952ecdd1b985f20b9dd9fef4d621f99e)
Backport #26340 by @CaiCandong
Now, for a new repo without any commit, the Last indexed SHA field looks
like this:
Before:
After:
fix#26336
Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 59354d7135c4d380e11cb35ae0ac59a0ec7bf041)
Backport #26268 by @yardenshoham
Closes#26263
We have to pass the date without the time.
# Before
# After
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 2cf1515f5c5e048b5f1280e60c54ad3247988ad0)
Backport #26233 by @silverwind
Resizing the comment editor can be a very expensive operation because it
triggers page reflows, which on large PRs can take upwards of seconds to
complete. Disable this mechanism on the diff page only where we know
that the page can get large.
Fixes https://github.com/go-gitea/gitea/issues/26201 for the textarea
editor.
I don't think this can be fixed for EasyMDE because as far as I can
tell, it exposes no option to disable this resizing.
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 0f265a2489bcdac6cf350a89eecb19ed78e133c1)
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1293
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248
the stacking takes up screen space - display the tabs as the navigation
bar. github uses the same layout.
Screenshots (left before, right after):
Large screen:
(cherry picked from commit b81c013057)
Backport #26218 by @kerwin612
Fixed two incorrect headers for setting the page navigation bar:
* User settings page, should not use the title "`org.settings`"
* Repo settings page, should not use the title "`org.settings`"
Co-authored-by: Kerwin Bryant <kerwin612@qq.com>
(cherry picked from commit 212274309307bbc0aa19d117016dc52ae1cc6793)
Backport #26209 by @puni9869
as title
Fixes : #25825
Before
<img width="1334" alt="image"
src="c54a41b0-39bd-4094-a956-081a8f4128f2">
After change
<img width="1340" alt="image"
src="c112d235-6bbe-4bcb-9529-78da3ab0fa14">
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 81d3dc1da5a2af02d000f13c3d9b5b2aa56ad216)
Backport #26133 by @wxiaoguang
Close#26104 . Only a quick fix, the UI is not perfect.
Before:
<details>
</details>
After:
<details>
</details>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 0f73be0ae3247deb1881f1ded9f8b2e55e46e233)
Backport #25935 by @silverwind
With the introduction of Actions, the pending commit icon has changed
from yellow to grey for Drone integrations which never set the "running"
status, so it stays in "pending" until completion.
I find it better to have this icon colored like on 1.19. Now both the
"pending" and "running" icons look the same, but I guess we could add an
animation to the "running" state similar to GitHub has to it later.
Before:
<img width="339" alt="Screenshot 2023-07-17 at 19 14 19"
src="2f4886e4-74fd-42ea-b59e-9af8f141bf1f">
After:
<img width="335" alt="Screenshot 2023-07-17 at 19 14 30"
src="53189642-e72d-47f6-9cbe-f14eda28f730">
Also, it matches GH's icon:
<img width="466" alt="image"
src="5804ff90-d223-4a3c-8093-7a9abbaacf87">
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 864bdd0ac8a597eaed5c59b31979a160b776ee2b)
Backport #25894 by @sebastian-sauer
Use a real button and add an aria-label.
Additionally, show the button whenever it is focused.
See https://codeberg.org/forgejo/forgejo/issues/998 for explanation.
Our handling of this button is now equal to that of GitHub.
Nothing has changed visually.
Co-authored-by: sebastian-sauer <sauer.sebastian@gmail.com>
Backport #25748 by @hiifong
I think hiding the add file button for mirror repositories that can keep
the ui clean.
Before:
After:
Co-authored-by: hiifong <i@hiif.ong>
Backport #25690 by @sebastian-sauer
gitea allows to create empty PRs.
Currently when you need approvals for a merge, you have to manually add
/files to the url to get to the files tab to approve / reject the PR.
This PR allows to open the files tab via the normal tab / link and then
fixes the layout of the files tab.
**Screenshots:**
Before:
After:
Co-authored-by: sebastian-sauer <sauer.sebastian@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Backport https://github.com/go-gitea/gitea/pull/25601 to 1.20.
Various small enhancements to the actions list. Before and after:
<img width="1264" alt="Screenshot 2023-06-30 at 00 11 40"
src="bb4162ee-cdcf-4a73-b05e-f9521562edbb">
<img width="1264" alt="Screenshot 2023-06-30 at 00 09 51"
src="52a70ea9-4bb3-406e-904b-0fdaafde9582">
Co-authored-by: Giteabot <teabot@gitea.io>
Backport #25529 by @sebastian-sauer
the PullHeadCommitID is not always available when the PR is merged.
Not sure if this is the best solution but in my simple tests it looks
like this fixes the problem - happy to get any feedback.
hopefully fixes https://github.com/go-gitea/gitea/issues/24813
Co-authored-by: sebastian-sauer <sauer.sebastian@gmail.com>
Backport #25573 by @saegl5
This pull request fades read-only checkboxes and checkmark, and it makes
the checkboxes act more read-only/disabled by not changing the
border-color when clicked.
Examples using light mode:
| Before | After |
| - | - |
| 
| 
|
| 
| 
|
| | read-only checkboxes and checkmark are faded<br>and the checkboxes
act more read-only/disabled |
Fixes/Closes/Resolves #25076
Co-authored-by: Ed Silkworth <ed.silkworth@icloud.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #25583 by @HesterG
Close#25557
Fix regression from #25315
`data-id` is still needed for deleting milestone.
Co-authored-by: HesterG <hestergong@gmail.com>
Backport #25460 by @wxiaoguang
Close#20976Close#20975
1. Fix the bug: the TOC in footer was incorrectly rendered as main
content's TOC
2. Fix the layout: on mobile, the TOC is put above the main content,
while the sidebar is put below the main content
3. Auto collapse the TOC on mobile
ps: many styles of "wiki.css" are moved from old css files, so leave
nits to following PRs.
### for desktop
### for mobile
### other changed pages
<details>
</details>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #25398 by @silverwind
Two small tweaks:
1. Vertically center arrow here when editing a PR:
<img width="405" alt="Screenshot 2023-06-20 at 19 48 49"
src="1d63764d-9fd9-467e-8a8e-9258c06475eb">
2. Use 2-row layout on diff viewed status and show it again on mobile:
<img width="142" alt="Screenshot 2023-06-20 at 19 51 21"
src="3046e782-163c-4f87-910c-a22066de8f1b">
Mobile view:
<img width="370" alt="Screenshot 2023-06-20 at 19 44 40"
src="9cf56347-7323-4d05-99a5-17ad215ee44d">
Co-authored-by: silverwind <me@silverwind.io>
Backport #24936
If enabled show a clickable label in the comment. A click on the label
opens the Conversation tab with the comment focussed - there you're able
to view the old diff (or original diff the comment was created on).
**Screenshots**
When resolved and outdated:
Option to enable/disable this (stored in user settings - default is
disabled):
fixes#24913
Co-authored-by: silverwind <me@silverwind.io>
Backport #25312 by @wxiaoguang
We only needs 2 lines to hide the dividers.
```
$dropdownLabelFilter.dropdown('setting', {'hideDividers': 'empty'});
$dropdownLabelFilter.dropdown('refreshItems');
```
Other code blocks are refactored by the way.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #25368 by @denyskon
Fix#24846 applying the solution proposed by @silverwind
<details>
<summary>Screenshots</summary>
</details>
Replaces #25335
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Backport #25315 by @denyskon
Various fixes to pages or elements which were looking ugly on mobile.
<details>
<summary>Screenshots</summary>
</details>
Co-authored by: @silverwind
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: silverwind <me@silverwind.io>
Backport #25320 by @hiifong
Fix#25281
When viewing a file, hide the add button
Co-authored-by: hiifong <i@hiif.ong>
