Backport #36339 by @lunny
When a user has been revoked permission to access a repository, the
related notification could still be visited. But the repository's
information should not be leaked any more.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Partially backport #36336
1. correctly parse git protocol's "OldCommit NewCommit RefName" line, it
should be explicitly split by space
2. trim space for the "commit status context name" to follow the same
behavior of git_model.NewCommitStatus
Backport of https://github.com/go-gitea/gitea/pull/36219
Fixes: https://github.com/go-gitea/gitea/issues/36216
Now `detectWebAuthnSupport` returns the error type and lets the caller
decide whether they call `webAuthnError` and show the error. It no
longer shows the error during page load when the user has not even
interacted with the feature.
The bug affects all users on HTTP, so I think a quick fix release for
this might be good.
Backport #36117 by @schinkelg
Changed a small typo in an English error message and code comments. Very
small PR.
Co-authored-by: Ger Schinkel <schinkelg@users.noreply.github.com>
Backport #36039 by @lunny
Fix#36026
The redirect should be checked when original user/repo doesn't exist.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36078 by @a1012112796
fix#36071
looks that's because if an svg in hiden env, it's color added by
`fill="url(#a)"` will become not usefull. by ai helping, I think moving
it out of page by position is a good solution. fell free creat a new
pull request if you have a better soluton. Thanks.
<img width="2198" height="1120" alt="image"
src="https://github.com/user-attachments/assets/bbf7c171-0b7f-412a-a1bc-aea3f1629636"
/>
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #36055 by @lunny
Replace #36032Fix#36030
This PR use `net/smtp` instead of gomail's smtp. Now
github.com/wneessen/go-mail will be used only for generating email
message body.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36068 by @lunny
Follow #36058 for API edit user bug when editing email.
- The Admin Edit User API includes a breaking change. Previously, when
updating a user with an email from an unallowed domain, the request
would succeed but return a warning in the response headers. Now, the
request will fail and return an error in the response body instead.
- Removed `AdminAddOrSetPrimaryEmailAddress` because it will not be used
any where.
Fix https://github.com/go-gitea/gitea/pull/36058#issuecomment-3600005186
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36058 by @lunny
Fix#20390
We should use `ReplacePrimaryEmailAddress` instead of
`AdminAddOrSetPrimaryEmailAddress` when modify user's email from admin
panel. And also we need a database transaction to keep deletion and
insertion succeed at the same time.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #36045
Partially fix#34710
The bug described in #34710 can be divided into two parts: `push.paths`
and `pull_request.paths`. This PR fixes the issue related to
`pull_request.paths`. The root cause is that the check for whether the
workflow can be triggered happens **before** updating the PR’s merge
base. This causes the file-change detection to use the old merge base.
Therefore, we need to update the merge base first and then check whether
the workflow can be triggered.
Backport #36041 by @hamkido
- Updated error message in `incoming.go` to remove unnecessary wrapping
of the error.
- Corrected typo in error message in `wiki.go` for clarity.
Co-authored-by: hamkido <hamki.do2000@gmail.com>
Backport #36021 by wxiaoguang
1. the `if` check in `handleCreateManifestResult` didn't handler err
correctly
2. add more error details for debugging
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
