Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Refactor: move part of updating protected branch logic to service layer (go-gitea#33742)
  Update changelog for v1.23.5 (go-gitea#33797)
  Email option to embed images as base64 instead of link (go-gitea#32061)
  Update TypeScript types (go-gitea#33799)
  Disable vet=off again (go-gitea#33794)

Author: zjjhot

CHANGELOG.md

@@ -4,6 +4,28 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).
 
+## [1.23.5](https://github.com/go-gitea/gitea/releases/tag/v1.23.5) - 2025-03-04
+
+* SECURITY
+  * Bump x/oauth2 & x/crypto (#33704) (#33727)
+* PERFORMANCE
+  * Optimize user dashboard loading (#33686) (#33708)
+* BUGFIXES
+  * Fix navbar dropdown item align (#33782)
+  * Fix inconsistent closed issue list icon (#33722) (#33728)
+  * Fix for Maven Package Naming Convention Handling (#33678) (#33679)
+  * Improve Open-with URL encoding (#33666) (#33680)
+  * Deleting repository should unlink all related packages (#33653) (#33673)
+  * Fix omitempty bug (#33663) (#33670)
+  * Upgrade go-crypto from 1.1.4 to 1.1.6 (#33745) (#33754)
+  * Fix OCI image.version annotation for releases to use full semver (#33698) (#33701)
+  * Try to fix ACME path when renew (#33668) (#33693)
+  * Fix mCaptcha bug (#33659) (#33661)
+  * Git graph: don't show detached commits (#33645) (#33650)
+  * Use MatchPhraseQuery for bleve code search (#33628)
+  * Adjust appearence of commit status webhook (#33778) #33789
+  * Upgrade golang net from 0.35.0 -> 0.36.0 (#33795) #33796
+
 ## [1.23.4](https://github.com/go-gitea/gitea/releases/tag/v1.23.4) - 2025-02-16
 
 * SECURITY

Makefile

@@ -73,7 +73,7 @@ EXTRA_GOFLAGS ?=
 MAKE_VERSION := $(shell "$(MAKE)" -v | cat | head -n 1)
 MAKE_EVIDENCE_DIR := .make_evidence
 
-GOTESTFLAGS ?= -vet=off
+GOTESTFLAGS ?=
 ifeq ($(RACE_ENABLED),true)
 	GOFLAGS += -race
 	GOTESTFLAGS += -race

custom/conf/app.example.ini

@@ -1767,6 +1767,9 @@ LEVEL = Info
 ;;
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true
+;;
+;; convert links of attached images to inline images. Only for images hosted in this gitea instance.
+;EMBED_ATTACHMENT_IMAGES = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

modules/httplib/url.go

@@ -102,25 +102,77 @@ func MakeAbsoluteURL(ctx context.Context, link string) string {
 	return GuessCurrentHostURL(ctx) + "/" + strings.TrimPrefix(link, "/")
 }
 
-func IsCurrentGiteaSiteURL(ctx context.Context, s string) bool {
+type urlType int
+
+const (
+	urlTypeGiteaAbsolute     urlType = iota + 1 // "http://gitea/subpath"
+	urlTypeGiteaPageRelative                    // "/subpath"
+	urlTypeGiteaSiteRelative                    // "?key=val"
+	urlTypeUnknown                              // "http://other"
+)
+
+func detectURLRoutePath(ctx context.Context, s string) (routePath string, ut urlType) {
 	u, err := url.Parse(s)
 	if err != nil {
-		return false
+		return "", urlTypeUnknown
 	}
+	cleanedPath := ""
 	if u.Path != "" {
-		cleanedPath := util.PathJoinRelX(u.Path)
-		if cleanedPath == "" || cleanedPath == "." {
-			u.Path = "/"
-		} else {
-			u.Path = "/" + cleanedPath + "/"
-		}
+		cleanedPath = util.PathJoinRelX(u.Path)
+		cleanedPath = util.Iif(cleanedPath == ".", "", "/"+cleanedPath)
 	}
 	if urlIsRelative(s, u) {
-		return u.Path == "" || strings.HasPrefix(strings.ToLower(u.Path), strings.ToLower(setting.AppSubURL+"/"))
-	}
-	if u.Path == "" {
-		u.Path = "/"
+		if u.Path == "" {
+			return "", urlTypeGiteaPageRelative
+		}
+		if strings.HasPrefix(strings.ToLower(cleanedPath+"/"), strings.ToLower(setting.AppSubURL+"/")) {
+			return cleanedPath[len(setting.AppSubURL):], urlTypeGiteaSiteRelative
+		}
+		return "", urlTypeUnknown
 	}
+	u.Path = cleanedPath + "/"
 	urlLower := strings.ToLower(u.String())
-	return strings.HasPrefix(urlLower, strings.ToLower(setting.AppURL)) || strings.HasPrefix(urlLower, strings.ToLower(GuessCurrentAppURL(ctx)))
+	if strings.HasPrefix(urlLower, strings.ToLower(setting.AppURL)) {
+		return cleanedPath[len(setting.AppSubURL):], urlTypeGiteaAbsolute
+	}
+	guessedCurURL := GuessCurrentAppURL(ctx)
+	if strings.HasPrefix(urlLower, strings.ToLower(guessedCurURL)) {
+		return cleanedPath[len(setting.AppSubURL):], urlTypeGiteaAbsolute
+	}
+	return "", urlTypeUnknown
+}
+
+func IsCurrentGiteaSiteURL(ctx context.Context, s string) bool {
+	_, ut := detectURLRoutePath(ctx, s)
+	return ut != urlTypeUnknown
+}
+
+type GiteaSiteURL struct {
+	RoutePath   string
+	OwnerName   string
+	RepoName    string
+	RepoSubPath string
+}
+
+func ParseGiteaSiteURL(ctx context.Context, s string) *GiteaSiteURL {
+	routePath, ut := detectURLRoutePath(ctx, s)
+	if ut == urlTypeUnknown || ut == urlTypeGiteaPageRelative {
+		return nil
+	}
+	ret := &GiteaSiteURL{RoutePath: routePath}
+	fields := strings.SplitN(strings.TrimPrefix(ret.RoutePath, "/"), "/", 3)
+
+	// TODO: now it only does a quick check for some known reserved paths, should do more strict checks in the future
+	if fields[0] == "attachments" {
+		return ret
+	}
+	if len(fields) < 2 {
+		return ret
+	}
+	ret.OwnerName = fields[0]
+	ret.RepoName = fields[1]
+	if len(fields) == 3 {
+		ret.RepoSubPath = "/" + fields[2]
+	}
+	return ret
 }

modules/httplib/url_test.go

@@ -122,3 +122,26 @@ func TestIsCurrentGiteaSiteURL(t *testing.T) {
 	assert.True(t, IsCurrentGiteaSiteURL(ctx, "https://user-host"))
 	assert.False(t, IsCurrentGiteaSiteURL(ctx, "https://forwarded-host"))
 }
+
+func TestParseGiteaSiteURL(t *testing.T) {
+	defer test.MockVariableValue(&setting.AppURL, "http://localhost:3000/sub/")()
+	defer test.MockVariableValue(&setting.AppSubURL, "/sub")()
+	ctx := t.Context()
+	tests := []struct {
+		url string
+		exp *GiteaSiteURL
+	}{
+		{"http://localhost:3000/sub?k=v", &GiteaSiteURL{RoutePath: ""}},
+		{"http://localhost:3000/sub/", &GiteaSiteURL{RoutePath: ""}},
+		{"http://localhost:3000/sub/foo", &GiteaSiteURL{RoutePath: "/foo"}},
+		{"http://localhost:3000/sub/foo/bar", &GiteaSiteURL{RoutePath: "/foo/bar", OwnerName: "foo", RepoName: "bar"}},
+		{"http://localhost:3000/sub/foo/bar/", &GiteaSiteURL{RoutePath: "/foo/bar", OwnerName: "foo", RepoName: "bar"}},
+		{"http://localhost:3000/sub/attachments/bar", &GiteaSiteURL{RoutePath: "/attachments/bar"}},
+		{"http://localhost:3000/other", nil},
+		{"http://other/", nil},
+	}
+	for _, test := range tests {
+		su := ParseGiteaSiteURL(ctx, test.url)
+		assert.Equal(t, test.exp, su, "URL = %s", test.url)
+	}
+}

modules/setting/mailer.go

@@ -13,7 +13,7 @@ import (
 
 	"code.gitea.io/gitea/modules/log"
 
-	shellquote "github.com/kballard/go-shellquote"
+	"github.com/kballard/go-shellquote"
 )
 
 // Mailer represents mail service.
@@ -29,6 +29,9 @@ type Mailer struct {
 	SubjectPrefix        string              `ini:"SUBJECT_PREFIX"`
 	OverrideHeader       map[string][]string `ini:"-"`
 
+	// Embed attachment images as inline base64 img src attribute
+	EmbedAttachmentImages bool
+
 	// SMTP sender
 	Protocol             string `ini:"PROTOCOL"`
 	SMTPAddr             string `ini:"SMTP_ADDR"`

options/locale/locale_ga-IE.ini

@@ -1937,6 +1937,7 @@ pulls.outdated_with_base_branch=Tá an brainse seo as dáta leis an mbunbhrainse
 pulls.close=Dún Iarratas Tarraing
 pulls.closed_at=`dhún an t-iarratas tarraingthe seo <a id="%[1]s" href="#%[1]s">%[2]s</a>`
 pulls.reopened_at=`athoscail an t-iarratas tarraingthe seo <a id="%[1]s" href="#%[1]s">%[2]s</a>`
+pulls.cmd_instruction_hint=Féach ar threoracha na n-orduithe
 pulls.cmd_instruction_checkout_title=Seiceáil
 pulls.cmd_instruction_checkout_desc=Ó stór tionscadail, seiceáil brainse nua agus déan tástáil ar na hathruithe.
 pulls.cmd_instruction_merge_title=Cumaisc

routers/api/v1/repo/branch.go

@@ -594,12 +594,6 @@ func CreateBranchProtection(ctx *context.APIContext) {
 		return
 	}
 
-	isPlainRule := !git_model.IsRuleNameSpecial(ruleName)
-	var isBranchExist bool
-	if isPlainRule {
-		isBranchExist = git.IsBranchExist(ctx.Req.Context(), ctx.Repo.Repository.RepoPath(), ruleName)
-	}
-
 	protectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, ruleName)
 	if err != nil {
 		ctx.APIErrorInternal(err)
@@ -716,7 +710,7 @@ func CreateBranchProtection(ctx *context.APIContext) {
 		BlockAdminMergeOverride:       form.BlockAdminMergeOverride,
 	}
 
-	if err := git_model.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
+	if err := pull_service.CreateOrUpdateProtectedBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
 		UserIDs:          whitelistUsers,
 		TeamIDs:          whitelistTeams,
 		ForcePushUserIDs: forcePushAllowlistUsers,
@@ -730,36 +724,6 @@ func CreateBranchProtection(ctx *context.APIContext) {
 		return
 	}
 
-	if isBranchExist {
-		if err := pull_service.CheckPRsForBaseBranch(ctx, ctx.Repo.Repository, ruleName); err != nil {
-			ctx.APIErrorInternal(err)
-			return
-		}
-	} else {
-		if !isPlainRule {
-			if ctx.Repo.GitRepo == nil {
-				ctx.Repo.GitRepo, err = gitrepo.RepositoryFromRequestContextOrOpen(ctx, ctx.Repo.Repository)
-				if err != nil {
-					ctx.APIErrorInternal(err)
-					return
-				}
-			}
-			// FIXME: since we only need to recheck files protected rules, we could improve this
-			matchedBranches, err := git_model.FindAllMatchedBranches(ctx, ctx.Repo.Repository.ID, ruleName)
-			if err != nil {
-				ctx.APIErrorInternal(err)
-				return
-			}
-
-			for _, branchName := range matchedBranches {
-				if err = pull_service.CheckPRsForBaseBranch(ctx, ctx.Repo.Repository, branchName); err != nil {
-					ctx.APIErrorInternal(err)
-					return
-				}
-			}
-		}
-	}
-
 	// Reload from db to get all whitelists
 	bp, err := git_model.GetProtectedBranchRuleByName(ctx, ctx.Repo.Repository.ID, ruleName)
 	if err != nil {

routers/web/repo/setting/protected_branch.go

@@ -261,7 +261,7 @@ func SettingsProtectedBranchPost(ctx *context.Context) {
 	protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
 	protectBranch.BlockAdminMergeOverride = f.BlockAdminMergeOverride
 
-	err = git_model.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
+	if err = pull_service.CreateOrUpdateProtectedBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
 		UserIDs:          whitelistUsers,
 		TeamIDs:          whitelistTeams,
 		ForcePushUserIDs: forcePushAllowlistUsers,
@@ -270,24 +270,10 @@ func SettingsProtectedBranchPost(ctx *context.Context) {
 		MergeTeamIDs:     mergeWhitelistTeams,
 		ApprovalsUserIDs: approvalsWhitelistUsers,
 		ApprovalsTeamIDs: approvalsWhitelistTeams,
-	})
-	if err != nil {
-		ctx.ServerError("UpdateProtectBranch", err)
-		return
-	}
-
-	// FIXME: since we only need to recheck files protected rules, we could improve this
-	matchedBranches, err := git_model.FindAllMatchedBranches(ctx, ctx.Repo.Repository.ID, protectBranch.RuleName)
-	if err != nil {
-		ctx.ServerError("FindAllMatchedBranches", err)
+	}); err != nil {
+		ctx.ServerError("CreateOrUpdateProtectedBranch", err)
 		return
 	}
-	for _, branchName := range matchedBranches {
-		if err = pull_service.CheckPRsForBaseBranch(ctx, ctx.Repo.Repository, branchName); err != nil {
-			ctx.ServerError("CheckPRsForBaseBranch", err)
-			return
-		}
-	}
 
 	ctx.Flash.Success(ctx.Tr("repo.settings.update_protect_branch_success", protectBranch.RuleName))
 	ctx.Redirect(fmt.Sprintf("%s/settings/branches?rule_name=%s", ctx.Repo.RepoLink, protectBranch.RuleName))

services/forms/repo_form.go

@@ -170,13 +170,6 @@ func (f *RepoSettingForm) Validate(req *http.Request, errs binding.Errors) bindi
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
 
-// __________                             .__
-// \______   \____________    ____   ____ |  |__
-//  |    |  _/\_  __ \__  \  /    \_/ ___\|  |  \
-//  |    |   \ |  | \// __ \|   |  \  \___|   Y  \
-//  |______  / |__|  (____  /___|  /\___  >___|  /
-//         \/             \/     \/     \/     \/
-
 // ProtectBranchForm form for changing protected branch settings
 type ProtectBranchForm struct {
 	RuleName                      string `binding:"Required"`