Fixed the API migration endpoint to set opts.OriginalURL from form.CloneAddr, ensuring consistency with the web route and preventing empty URL in system notices. Removed the TODO comment since OriginalURL is now always populated.
Since CloneAddr is a required field (binding:"Required"), OriginalURL will always be non-empty when the API validation passes.
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Added TODO comment before the migration failure notice to document that opts.OriginalURL can be empty when migration is triggered via the API route, which doesn't set this field. The comment also suggests potential solutions.
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Check if opts.OriginalURL is empty and adapt the notice message accordingly to avoid printing "from failed" when OriginalURL is not set (e.g., when using the API).
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
In Git 2.38, the `merge-tree` command introduced the `--write-tree`
option, which works directly on bare repositories. In Git 2.40, a new parameter `--merge-base` introduced so we require Git 2.40 to use the merge tree feature.
This option produces the merged tree object ID, allowing us to perform
diffs between commits without creating a temporary repository. By
avoiding the overhead of setting up and tearing down temporary repos,
this approach delivers a notable performance improvement.
It also fixes a possible situation that conflict files might be empty
but it's a conflict status according to
https://git-scm.com/docs/git-merge-tree#_mistakes_to_avoid
Replace #35542
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
For when Enry correctly recognized the language, but returns the
language name in a way that isn't recognized by chroma.
Resolves https://github.com/go-gitea/gitea/issues/22443
---------
Co-authored-by: Moritz Jörg <moritz.jorg@oceanbox.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
## Summary
This PR fixes#36255
The image captcha was using random colors which often resulted in poor
contrast against dark backgrounds, making it difficult or impossible for
users to read in dark mode.
## Changes
- Added a custom color palette to the image captcha configuration in
`services/context/captcha.go`
- The palette uses high-contrast colors (bright red, blue, green,
yellow, purple, and dark blue-gray) that provide good visibility in both
light and dark themes
- This improves accessibility and user experience without changing any
existing functionality
## Testing
- Builds successfully
- All existing tests pass
- The color palette is properly supported by the upstream
`gitea.com/go-chi/captcha` library
---
Generated with Claude Code
---------
Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: silverwind <me@silverwind.io>
Resolves#36381 by only allowing admins to perform branch renames that
match to branch protection rules.
---------
Co-authored-by: Giteabot <teabot@gitea.io>
Most potential deadlock problems should have been fixed, and new code is
unlikely to cause new problems with the new design.
Also raise the minimum Git version required to 2.6.0 (released in 2015)
Maybe fix#32018
- Use `gitrepo.GetMergeBase` method instead of other two
implementations.
- Add `FetchRemoteCommit` so that we don't need to add many `remote` to
the git repository to avoid possible git lock conflicts. A lock will
start when invoke the function, it will be invoked when cross-repository
comparing. The head repository will fetch the base repository's base
commit id. In most situations, it should lock the fork repositories so
that it should not become a bottleneck.
- Improve `GetCompareInfo` to remove unnecessarily adding remote.
- Remove unnecessary parameters of `SignMerge`.
Fixes#36333
## Problem
When CODEOWNERS automatically assigns reviewers to a pull request, the
timeline incorrectly shows the PR author as the one who requested the
review (e.g., "PR_AUTHOR requested review from CODE_OWNER"). This is
misleading since the action was triggered automatically by CODEOWNERS
rules, not by the PR author.
## Solution
Store CODEOWNERS attribution in comment metadata instead of changing the
doer user:
- Add `SpecialDoerName` field to `CommentMetaData` struct (value:
`"CODEOWNERS"` for CODEOWNERS-triggered requests)
- Pass `isCodeOwners=true` to `AddReviewRequest` and
`AddTeamReviewRequest` functions
- Template can check this metadata to show appropriate attribution
message
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
When a user has been revoked permission to access a repository, the
related notification could still be visited. But the repository's
information should not be leaked any more.
Enable chunked transfer encoding for Git LFS uploads by adding
Transfer-Encoding: chunked header to upload action responses. This
prevents large file uploads (100+ MB) from being blocked by reverse
proxies like Cloudflare that buffer non-chunked requests.
Fix https://github.com/go-gitea/gitea/issues/22233
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- reduce file name font size from 15px to 14px
- fix labels and buttons being cut off when their size is constrained
- change labels from monospace to sans-serif font
- move diff stats to right and change them from sum of changes to +/-
- change filemode to label and change text to match other labels
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. correctly parse git protocol's "OldCommit NewCommit RefName" line, it
should be explicitly split by space
2. add missing "return" in CreatePullRequest
3. add comments for "/user.keys" and "/user.gpg" outputs
4. trim space for the "commit status context name" to follow the same
behavior of git_model.NewCommitStatus
Replace #34651 and address more problems including fix framework bugs and changing to QueryInfo and QueryContent calls.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources
arrays have equal length. This causes index out of bounds panic when
migrating GitLab releases with more links than sources, which is common
with GoReleaser-generated releases.
Fixes#36292
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#35998
1. Fix `<a rel>` :
* "_blank" already means "noopener"
* "noreferrer" is already provided by page's `<meta name="referrer">`
2. Fix "redirect_to" mechisam
* Use "referer" header to determine the redirect link for a successful
login
3. Simplify code and merge duplicate logic
- The compare page head title should be `compare` but not `new pull
request`.
- Use `UnstableGuessRefByShortName` instead of duplicated functions
calls.
- Direct-compare, tags, commits compare will not display `New Pull
Request` button any more.
The new screenshot
<img width="1459" height="391" alt="image"
src="https://github.com/user-attachments/assets/64e9b070-9c0b-41d1-b4b8-233b96270e1b"
/>
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Make Debian repository signing key generation use explicit stronger defaults
and embed the creation time in the OpenPGP comment for newly created keys.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Use `gitrepo.IsRepositoryExist` instead of `util.IsExit` or
`util.IsDir`
- Use `gitrepo.OpenRepository` instead of `git.OpenRepository`
- Use `gitrepo.DeleteRepository` instead of `util.RemoveAll`
- Use `gitrepo.RenameRepository` instead of `util.Rename`
This pull request adds an option to automatically verify SSH keys from
LDAP authentication sources.
This allows a correct authentication and verification workflow for
LDAP-enabled organizations; under normal circumstances SSH keys in LDAP
are not managed by users manually.
Use the dynamically parsed host in the request for LFS links, but not
use the hard-coded AppURL.
Make LFS server support multi-domain or run Gitea behind a reverse-proxy
with different ROOT_URL.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
