Merge branch 'main' into introduce-tar-transform-to-prevent-tarbomb

models/issue.go

@@ -1194,7 +1194,8 @@ func GetIssuesByIDs(issueIDs []int64) ([]*Issue, error) {
 // IssuesOptions represents options of an issue.
 type IssuesOptions struct {
 	db.ListOptions
-	RepoIDs            []int64 // include all repos if empty
+	RepoID             int64 // overwrites RepoCond if not 0
+	RepoCond           builder.Cond
 	AssigneeID         int64
 	PosterID           int64
 	MentionedID        int64
@@ -1285,15 +1286,15 @@ func (opts *IssuesOptions) setupSessionNoLimit(sess *xorm.Session) {
 		sess.In("issue.id", opts.IssueIDs)
 	}
 
-	if len(opts.RepoIDs) > 0 {
-		applyReposCondition(sess, opts.RepoIDs)
+	if opts.RepoID != 0 {
+		opts.RepoCond = builder.Eq{"issue.repo_id": opts.RepoID}
+	}
+	if opts.RepoCond != nil {
+		sess.And(opts.RepoCond)
 	}
 
-	switch opts.IsClosed {
-	case util.OptionalBoolTrue:
-		sess.And("issue.is_closed=?", true)
-	case util.OptionalBoolFalse:
-		sess.And("issue.is_closed=?", false)
+	if !opts.IsClosed.IsNone() {
+		sess.And("issue.is_closed=?", opts.IsClosed.IsTrue())
 	}
 
 	if opts.AssigneeID > 0 {
@@ -1412,10 +1413,6 @@ func issuePullAccessibleRepoCond(repoIDstr string, userID int64, org *organizati
 	return cond
 }
 
-func applyReposCondition(sess *xorm.Session, repoIDs []int64) *xorm.Session {
-	return sess.In("issue.repo_id", repoIDs)
-}
-
 func applyAssigneeCondition(sess *xorm.Session, assigneeID int64) *xorm.Session {
 	return sess.Join("INNER", "issue_assignees", "issue.id = issue_assignees.issue_id").
 		And("issue_assignees.assignee_id = ?", assigneeID)
@@ -1510,20 +1507,10 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
 func CountIssues(opts *IssuesOptions) (int64, error) {
 	e := db.GetEngine(db.DefaultContext)
 
-	countsSlice := make([]*struct {
-		Count int64
-	}, 0, 1)
-
 	sess := e.Select("COUNT(issue.id) AS count").Table("issue")
 	sess.Join("INNER", "repository", "`issue`.repo_id = `repository`.id")
 	opts.setupSessionNoLimit(sess)
-	if err := sess.Find(&countsSlice); err != nil {
-		return 0, fmt.Errorf("unable to CountIssues: %w", err)
-	}
-	if len(countsSlice) != 1 {
-		return 0, fmt.Errorf("unable to get one row result when CountIssues, row count=%d", len(countsSlice))
-	}
-	return countsSlice[0].Count, nil
+	return sess.Count()
 }
 
 // GetParticipantsIDsByIssueID returns the IDs of all users who participated in comments of an issue,

models/issue_label.go

@@ -57,12 +57,9 @@ func (label *Label) CalOpenIssues() {
 
 // CalOpenOrgIssues calculates the open issues of a label for a specific repo
 func (label *Label) CalOpenOrgIssues(repoID, labelID int64) {
-	repoIDs := []int64{repoID}
-	labelIDs := []int64{labelID}
-
 	counts, _ := CountIssuesByRepo(&IssuesOptions{
-		RepoIDs:  repoIDs,
-		LabelIDs: labelIDs,
+		RepoID:   repoID,
+		LabelIDs: []int64{labelID},
 	})
 
 	for _, count := range counts {

models/issue_test.go

@@ -21,6 +21,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 
 	"github.com/stretchr/testify/assert"
+	"xorm.io/builder"
 )
 
 func TestIssue_ReplaceLabels(t *testing.T) {
@@ -157,7 +158,7 @@ func TestIssues(t *testing.T) {
 		},
 		{
 			IssuesOptions{
-				RepoIDs:  []int64{1, 3},
+				RepoCond: builder.In("repo_id", 1, 3),
 				SortType: "oldest",
 				ListOptions: db.ListOptions{
 					Page:     1,
@@ -344,7 +345,7 @@ func TestGetRepoIDsForIssuesOptions(t *testing.T) {
 		},
 		{
 			IssuesOptions{
-				RepoIDs: []int64{1, 2},
+				RepoCond: builder.In("repo_id", 1, 2),
 			},
 			[]int64{1, 2},
 		},

modules/doctor/authorizedkeys.go

@@ -72,8 +72,8 @@ func checkAuthorizedKeys(ctx context.Context, logger log.Logger, autofix bool) e
 				"authorized_keys file %q is out of date.\nRegenerate it with:\n\t\"%s\"\nor\n\t\"%s\"",
 				fPath,
 				"gitea admin regenerate keys",
-				"gitea doctor --run authorized_keys --fix")
-			return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized_keys --fix"`)
+				"gitea doctor --run authorized-keys --fix")
+			return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized-keys --fix"`)
 		}
 		logger.Warn("authorized_keys is out of date. Attempting rewrite...")
 		err = asymkey_model.RewriteAllPublicKeys()

modules/indexer/issues/indexer.go

@@ -321,7 +321,7 @@ func populateIssueIndexer(ctx context.Context) {
 // UpdateRepoIndexer add/update all issues of the repositories
 func UpdateRepoIndexer(repo *repo_model.Repository) {
 	is, err := models.Issues(&models.IssuesOptions{
-		RepoIDs:  []int64{repo.ID},
+		RepoID:   repo.ID,
 		IsClosed: util.OptionalBoolNone,
 		IsPull:   util.OptionalBoolNone,
 	})

modules/validation/helpers.go

@@ -13,32 +13,10 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )
 
-var loopbackIPBlocks []*net.IPNet
-
 var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
 
-func init() {
-	for _, cidr := range []string{
-		"127.0.0.0/8", // IPv4 loopback
-		"::1/128",     // IPv6 loopback
-	} {
-		if _, block, err := net.ParseCIDR(cidr); err == nil {
-			loopbackIPBlocks = append(loopbackIPBlocks, block)
-		}
-	}
-}
-
 func isLoopbackIP(ip string) bool {
-	pip := net.ParseIP(ip)
-	if pip == nil {
-		return false
-	}
-	for _, block := range loopbackIPBlocks {
-		if block.Contains(pip) {
-			return true
-		}
-	}
-	return false
+	return net.ParseIP(ip).IsLoopback()
 }
 
 // IsValidURL checks if URL is valid

options/locale/locale_en-US.ini

@@ -105,6 +105,8 @@ error404 = The page you are trying to reach either <strong>does not exist</stron
 
 never = Never
 
+rss_feed = RSS Feed
+
 [error]
 occurred = An error occurred
 report_message = If you are sure this is a Gitea bug, please search for issues on <a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a> or open a new issue if necessary.

options/locale/locale_ja-JP.ini

@@ -3051,6 +3051,9 @@ container.labels.key=キー
 container.labels.value=値
 generic.download=コマンドラインでパッケージをダウンロードします:
 generic.documentation=汎用 レジストリの詳細については、<a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/generic">ドキュメント</a> を参照してください。
+helm.registry=このレジストリをコマンドラインからセットアップします:
+helm.install=パッケージをインストールするには、次のコマンドを実行します:
+helm.documentation=Helm レジストリの詳細については、 <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/helm/">ドキュメント</a> を参照してください。
 maven.registry=あなたのプロジェクトの <code>pom.xml</code> ファイルに、このレジストリをセットアップします:
 maven.install=パッケージを使用するため <code>pom.xml</code> ファイル内の <code>dependencies</code> ブロックに以下を含めます:
 maven.install2=コマンドラインで実行します:

options/locale/locale_pt-BR.ini

@@ -267,6 +267,7 @@ organizations=Organizações
 search=Pesquisar
 code=Código
 search.fuzzy=Similar
+search.match=Correspondência
 code_search_unavailable=A pesquisa por código não está disponível no momento. Entre em contato com o administrador do site.
 repo_no_results=Nenhum repositório correspondente foi encontrado.
 user_no_results=Nenhum usuário correspondente foi encontrado.
@@ -566,6 +567,7 @@ comment_type_group_lock=Status de Bloqueio
 comment_type_group_review_request=Revisar solicitação
 comment_type_group_pull_request_push=Commits adicionados
 comment_type_group_project=Projeto
+comment_type_group_issue_ref=Referência do issue
 saved_successfully=Suas configurações foram salvas com sucesso.
 privacy=Privacidade
 keep_activity_private=Ocultar a atividade da página de perfil
@@ -2987,6 +2989,8 @@ empty.documentation=Para obter mais informações sobre o registro de pacote, co
 filter.type=Tipo
 filter.type.all=Todos
 filter.no_result=Seu filtro não produziu resultados.
+filter.container.tagged=Marcado
+filter.container.untagged=Desmarcado
 published_by=Publicado %[1]s por <a href="%[2]s">%[3]s</a>
 published_by_in=Publicado %[1]s por <a href="%[2]s">%[3]s</a> em <a href="%[4]s"><strong>%[5]s</strong></a>
 installation=Instalação
@@ -2998,6 +3002,7 @@ details=Detalhes
 details.author=Autor
 details.project_site=Site do Projeto
 details.license=Licença
+assets=Recursos
 versions=Versões
 versions.on=em
 versions.view_all=Ver todas
@@ -3019,6 +3024,7 @@ container.details.documentation_site=Site da Documentação
 container.pull=Puxe a imagem pela linha de comando:
 container.documentation=Para obter mais informações sobre o registro de Container, consulte <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/container/">a documentação</a>.
 container.multi_arch=S.O. / Arquitetura
+container.layers=Camadas da Imagem
 container.labels=Rótulos
 container.labels.key=Chave
 container.labels.value=Valor
@@ -3041,6 +3047,7 @@ npm.install2=ou adicione-o ao arquivo package.json:
 npm.documentation=Para obter mais informações sobre o registro npm, consulte <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/npm/">a documentação</a>.
 npm.dependencies=Dependências
 npm.dependencies.development=Dependências de Desenvolvimento
+npm.dependencies.peer=Dependências Peer
 npm.dependencies.optional=Dependências Opcionais
 npm.details.tag=Tag
 pypi.requires=Requer Python

routers/api/v1/repo/issue.go

@@ -175,6 +175,7 @@ func SearchIssues(ctx *context.APIContext) {
 		opts.TeamID = team.ID
 	}
 
+	repoCond := models.SearchRepositoryCondition(opts)
 	repoIDs, _, err := models.SearchRepositoryIDs(opts)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "SearchRepositoryByName", err)
@@ -235,7 +236,7 @@ func SearchIssues(ctx *context.APIContext) {
 				Page:     ctx.FormInt("page"),
 				PageSize: limit,
 			},
-			RepoIDs:            repoIDs,
+			RepoCond:           repoCond,
 			IsClosed:           isClosed,
 			IssueIDs:           issueIDs,
 			IncludedLabelNames: includedLabelNames,
@@ -462,7 +463,7 @@ func ListIssues(ctx *context.APIContext) {
 	if len(keyword) == 0 || len(issueIDs) > 0 || len(labelIDs) > 0 {
 		issuesOpt := &models.IssuesOptions{
 			ListOptions:       listOptions,
-			RepoIDs:           []int64{ctx.Repo.Repository.ID},
+			RepoID:            ctx.Repo.Repository.ID,
 			IsClosed:          isClosed,
 			IssueIDs:          issueIDs,
 			LabelIDs:          labelIDs,

routers/web/repo/issue.go

@@ -232,7 +232,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
 				Page:     pager.Paginater.Current(),
 				PageSize: setting.UI.IssuePagingNum,
 			},
-			RepoIDs:           []int64{repo.ID},
+			RepoID:            repo.ID,
 			AssigneeID:        assigneeID,
 			PosterID:          posterID,
 			MentionedID:       mentionedID,
@@ -2167,6 +2167,7 @@ func SearchIssues(ctx *context.Context) {
 		opts.TeamID = team.ID
 	}
 
+	repoCond := models.SearchRepositoryCondition(opts)
 	repoIDs, _, err := models.SearchRepositoryIDs(opts)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "SearchRepositoryByName", err.Error())
@@ -2227,7 +2228,7 @@ func SearchIssues(ctx *context.Context) {
 				Page:     ctx.FormInt("page"),
 				PageSize: limit,
 			},
-			RepoIDs:            repoIDs,
+			RepoCond:           repoCond,
 			IsClosed:           isClosed,
 			IssueIDs:           issueIDs,
 			IncludedLabelNames: includedLabelNames,
@@ -2403,7 +2404,7 @@ func ListIssues(ctx *context.Context) {
 	if len(keyword) == 0 || len(issueIDs) > 0 || len(labelIDs) > 0 {
 		issuesOpt := &models.IssuesOptions{
 			ListOptions:       listOptions,
-			RepoIDs:           []int64{ctx.Repo.Repository.ID},
+			RepoID:            ctx.Repo.Repository.ID,
 			IsClosed:          isClosed,
 			IssueIDs:          issueIDs,
 			LabelIDs:          labelIDs,

routers/web/user/home.go

@@ -463,13 +463,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 			// to check if it's in the team(which possible isn't the case).
 			opts.User = nil
 		}
-		userRepoIDs, _, err := models.SearchRepositoryIDs(repoOpts)
-		if err != nil {
-			ctx.ServerError("models.SearchRepositoryIDs: %v", err)
-			return
-		}
-
-		opts.RepoIDs = userRepoIDs
+		opts.RepoCond = models.SearchRepositoryCondition(repoOpts)
 	}
 
 	// keyword holds the search term entered into the search field.
@@ -533,7 +527,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 	// Gets set when clicking filters on the issues overview page.
 	repoIDs := getRepoIDs(ctx.FormString("repos"))
 	if len(repoIDs) > 0 {
-		opts.RepoIDs = repoIDs
+		opts.RepoCond = builder.In("issue.repo_id", repoIDs)
 	}
 
 	// ------------------------------

services/migrations/gitea_uploader.go

@@ -553,7 +553,7 @@ func (g *GiteaLocalUploader) updateGitForPullRequest(pr *base.PullRequest) (head
 			}
 
 			if ok {
-				_, _, err = git.NewCommand(g.ctx, "fetch", remote, pr.Head.Ref).RunStdString(&git.RunOpts{Dir: g.repo.RepoPath()})
+				_, _, err = git.NewCommand(g.ctx, "fetch", "--no-tags", "--", remote, pr.Head.Ref).RunStdString(&git.RunOpts{Dir: g.repo.RepoPath()})
 				if err != nil {
 					log.Error("Fetch branch from %s failed: %v", pr.Head.CloneURL, err)
 				} else {

services/migrations/gitea_uploader_test.go

@@ -105,7 +105,7 @@ func TestGiteaUploadRepo(t *testing.T) {
 	assert.Len(t, releases, 1)
 
 	issues, err := models.Issues(&models.IssuesOptions{
-		RepoIDs:  []int64{repo.ID},
+		RepoID:   repo.ID,
 		IsPull:   util.OptionalBoolFalse,
 		SortType: "oldest",
 	})

templates/org/home.tmpl

@@ -5,6 +5,7 @@
 		<div id="org-info">
 			<div class="ui header">
 				{{.Org.DisplayName}}
+				<a href="{{.Org.HomeLink}}.rss"><i class="ui grey icon tooltip ml-3" data-content="{{.i18n.Tr "rss_feed"}}" data-position="top center">{{svg "octicon-rss" 36}}</i></a>
 				<span class="org-visibility">
 					{{if .Org.Visibility.IsLimited}}<div class="ui large basic horizontal label">{{.i18n.Tr "org.settings.visibility.limited_shortname"}}</div>{{end}}
 					{{if .Org.Visibility.IsPrivate}}<div class="ui large basic horizontal label">{{.i18n.Tr "org.settings.visibility.private_shortname"}}</div>{{end}}

templates/repo/header.tmpl

@@ -13,6 +13,7 @@
 					<a href="{{.Owner.HomeLink}}">{{.Owner.Name}}</a>
 					<div class="mx-2">/</div>
 					<a href="{{$.RepoLink}}">{{.Name}}</a>
+					<a href="{{$.RepoLink}}.rss"><i class="ui grey icon tooltip ml-3" data-content="{{$.i18n.Tr "rss_feed"}}" data-position="top center">{{svg "octicon-rss" 18}}</i></a>
 					<div class="labels df ac fw">
 						{{if .IsTemplate}}
 							{{if .IsPrivate}}

templates/user/profile.tmpl

@@ -16,6 +16,7 @@
 					<div class="content word-break profile-avatar-name">
 						{{if .Owner.FullName}}<span class="header text center">{{.Owner.FullName}}</span>{{end}}
 						<span class="username text center">{{.Owner.Name}}</span>
+						<a href="{{.Owner.HomeLink}}.rss"><i class="ui grey icon tooltip ml-3" data-content="{{.i18n.Tr "rss_feed"}}" data-position="bottom center">{{svg "octicon-rss" 18}}</i></a>
 					</div>
 					<div class="extra content word-break">
 						<ul>

web_src/less/_organization.less

@@ -50,6 +50,8 @@
       overflow-wrap: anywhere;
 
       .ui.header {
+        display: flex;
+        align-items: center;
         font-size: 36px;
         margin-bottom: 0;
         .org-visibility .label {

web_src/less/_user.less

@@ -3,12 +3,8 @@
 .user {
   &.profile {
     .ui.card {
-      .header,
-      .username {
-        display: block;
-      }
-
       .header {
+        display: block;
         font-weight: 600;
         font-size: 1.3rem;
         margin-top: -.2rem;
@@ -17,6 +13,7 @@
 
       .profile-avatar-name {
         border-top: none;
+        text-align: center;
       }
 
       .extra.content {