Backport #36958 by @bircni
Move UserDisabledFeatures context data into a shared SettingsCtxData
middleware for the /user/settings route group, so it is set consistently
on all pages (including Notifications, Actions, etc.) instead of only on
the handlers that remembered to set it individually.
Fixes#36954
Co-authored-by: Nicolas <bircni@icloud.com>
backport #36798
- fix wrong parameter of HasOrgOrUserVisible in
routers/api/v1/org/org.go
- add integration tests covering the bug fix
- merge permissions API tests
---
Generated by a coding agent with Codex 5.2
Backport #36797 by @lunny
- set OAuth2 authorization code `ValidUntil` on creation and add expiry
checks during exchange
- return a specific error when codes are invalidated twice to prevent
concurrent reuse
- add unit tests covering validity timestamps, expiration, and double
invalidation
---
Generate by a coding agent with Codex 5.2
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Backport #36805 by @ChristopherHX
* Use base64.RawURLEncoding to avoid equal sign
* using the nodejs package they seem to get lost
* Support uploads with unspecified length
* Support uploads with a single named blockid
* without requiring a blockmap
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #36524 by @noeljackson
Fix data race when uploading container blobs concurrently
Co-authored-by: Noel Jackson <n@noeljackson.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This PR fixes missed repo_id on the migration of attachments to Gitea.
It also provides a doctor check to fix the dirty data on the database.
Backport #36389
Backport #36039 by @lunny
Fix#36026
The redirect should be checked when original user/repo doesn't exist.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36078 by @a1012112796
fix#36071
looks that's because if an svg in hiden env, it's color added by
`fill="url(#a)"` will become not usefull. by ai helping, I think moving
it out of page by position is a good solution. fell free creat a new
pull request if you have a better soluton. Thanks.
<img width="2198" height="1120" alt="image"
src="https://github.com/user-attachments/assets/bbf7c171-0b7f-412a-a1bc-aea3f1629636"
/>
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #36068 by @lunny
Follow #36058 for API edit user bug when editing email.
- The Admin Edit User API includes a breaking change. Previously, when
updating a user with an email from an unallowed domain, the request
would succeed but return a warning in the response headers. Now, the
request will fail and return an error in the response body instead.
- Removed `AdminAddOrSetPrimaryEmailAddress` because it will not be used
any where.
Fix https://github.com/go-gitea/gitea/pull/36058#issuecomment-3600005186
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36058 by @lunny
Fix#20390
We should use `ReplacePrimaryEmailAddress` instead of
`AdminAddOrSetPrimaryEmailAddress` when modify user's email from admin
panel. And also we need a database transaction to keep deletion and
insertion succeed at the same time.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36021 by wxiaoguang
1. the `if` check in `handleCreateManifestResult` didn't handler err
correctly
2. add more error details for debugging
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #35861 by @divyun
Since 1.25.0, the dates get set to `2001-01-01T00:00:00Z`, when not
specified by the caller.
Fixes#35860
Co-authored-by: Divyun Raje Vaid <mail@divyun.com>
Backport #35783Fix#35780, fix#35782
Rerunning a job or a run is only allowed when the job is done and the
run is done.
Related PR: #3497098ff7d0773/routers/web/repo/actions/view.go (L239)
We don't need to check run status again in `rerunJob` because the run
status has been changed before `rerunJob`.
---
In fact, the bug described in the above issues will not occur on the
main branch. Because `getRunJobs` is called before updating the run.
98ff7d0773/routers/web/repo/actions/view.go (L425-L435)
So the run status that `rerunJob` checks is the old status.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
