3a30c06345
Fix wiki vulnerabilities
...
- Arbitrary file creation leading to command execution
- .md file creation/deletion
Reported by Gabriel Campana.
2016-07-01 15:33:35 +08:00
743d22669a
Re-work MAX_DIFF_LINES: supress diff per file, not the whole diff ( #3174 )
2016-06-29 23:11:00 +08:00
6efb1e5626
Localize collaboration settings. ( #3100 )
...
Closes #2764
2016-06-28 00:22:30 +08:00
8a248696e9
Use a gopher as default avatar (rather than the gravatar logo) ( #3208 )
...
Also changes the avatar from a jpeg to a png, to allow for
transparent background. The indexed png is also smaller in size.
Note that at the moment the default avatar is only used when
the user requested a custom avatar and the custom avatar file
is not found (should never happen).
In the future the default avatar could be used as a default
return when by-mail avatar lookups fail too (both gravatar
and libravatar support passing a default)
2016-06-27 18:12:30 +08:00
8b35c194ec
Fixes #3110 ( #3136 )
2016-06-27 17:02:39 +08:00
ac05f88641
Fix #3154 ( #3155 )
2016-06-27 16:58:53 +08:00
17a4d8a5e5
Fix capitalisation of repo-name in news ( #3203 )
...
use 'official' repo.Name instead of incoming repoName; to enforce
correct capitalisation
2016-06-27 16:10:12 +08:00
bc00da1721
Fix negative issue count ( #3207 )
2016-06-27 01:53:30 +08:00
e9ae926e04
#809 fix wrong closed issue count when create closed issue via API
...
Add start count corrector for Repository.NumClosedIssues
2016-05-27 18:23:39 -07:00
12d30255a7
Add comment note ( #3093 )
2016-05-23 13:24:40 -07:00
3c0c7a9f83
Fix listing team members ( #3048 )
2016-05-06 20:02:36 -04:00
d8612f7704
Fix remove folder issues, including initialization failling. ( #2969 )
...
- Prevent panic on creating notice if database is not available
- Prevent incorrect folder on Windows ("/" instead of "\")
2016-05-06 15:48:18 -04:00
0a78d99a4d
models/release: filter input to prevent command line argument vulnerability
2016-05-06 15:40:41 -04:00
0325bec283
#2895 minor fix for bug of xorm
2016-04-26 00:22:03 -04:00
dfad51fe9e
Made the issue stats query more secure with parameterized placeholders ( #2895 )
2016-04-26 00:07:49 -04:00
78b8b63774
#2992 set default style name when empty in AfterSet
2016-04-22 18:36:05 -04:00
ba314a7a36
Support alphanumeric issue style (ABC-1234) for external issue tracker ( #2992 )
2016-04-22 18:28:08 -04:00
762ab056a2
Fix XORM IN condition table name parse
2016-03-27 18:21:37 -04:00
746c7fd4e7
Followup fix for previous query fix
2016-03-28 00:05:49 +02:00
b5948f2e71
Made the issues query more secure and simpler
2016-03-27 23:26:45 +02:00
79a1bfd963
Try to make the SQL queries cleaner and more secure
2016-03-27 22:59:57 +02:00
b1d41cfa60
#1692 add admin APIs to add/remove a user from teams
2016-03-25 18:04:02 -04:00
98b58fa050
Handle windows deletion when start
...
Fix #2872
2016-03-23 03:16:53 -04:00
e6f927f61a
#1692 api: admin list and create team under organization
2016-03-21 12:47:54 -04:00
ff731ea07d
#2814 LOWER() column value within search
2016-03-16 16:55:19 -04:00
6ccb2d36cf
Remove email from user search
2016-03-15 19:44:58 +01:00
3253e3c5aa
Make user search look in username, name and email
...
Make user search function look in username (lower_name), full name
(full_name) and primary email (email). This will benefit searching after
user in "explore", admin panel and when adding new collaborators.
2016-03-15 14:16:58 +01:00
9bd9ad4205
#1692 add CRUD issue APIs
...
- Fix go-gogs-client#10
- Related to #809
2016-03-13 23:20:22 -04:00
f76d821bda
fix #2804
2016-03-11 17:12:37 -05:00
263304b6b7
#13 fix postgres aggregate
2016-03-11 16:11:33 -05:00
2bf8494332
#13 finish user and repository search
...
Both are possible on explore and admin panel
2016-03-11 15:33:12 -05:00
1314ba219e
Updated and created were appended with _unix. Fresh databases have only the newly named fields.
2016-03-11 12:43:35 +01:00
5267dce210
Fix ref comment from commit create empty feed
2016-03-11 05:11:58 -05:00
eed9966ad6
#2727 fix incompatible SQL in PostgreSQL
2016-03-09 23:18:39 -05:00
ad513a20e9
#2302 Replace time.Time with Unix Timestamp (int64)
2016-03-09 19:53:30 -05:00
13bd16af92
Minor fixes for #2766
2016-03-06 13:24:42 -05:00
9c91e27933
Added: Ability to delete org avatar.
2016-03-06 17:36:30 +01:00
a5b0400be7
#1146 finish new access rights for collaborators
2016-03-05 20:45:23 -05:00
045f14fbd0
#1146 finsih UI work for access mode of collaborators
...
Collaborators have write access as default, and can be changed via repository
collaboration settings page to change between read, write and admin.
2016-03-05 18:08:42 -05:00
414eb22ef9
#1597 fix activitity feeds for pull requests
2016-03-05 12:58:51 -05:00
a2f13eae55
#1157 some avatar setting changes
...
- Allow to delete current avatar
2016-03-05 00:51:51 -05:00
2a931937a8
Update locales
2016-03-04 18:51:18 -05:00
dfd6f8f7ab
Merge pull request #2757 from joshfng/fix-fork-relative-url
...
Use relative url when showing forked from
2016-03-04 18:37:42 -05:00
275464e7fb
Use relative url when showing forked from
2016-03-04 18:32:30 -05:00
e2d370f0da
#1597 fix pull request remote head can't update with force push
2016-03-04 16:53:03 -05:00
5335e671be
#2743 more fixes on SQL errors
2016-03-04 16:00:00 -05:00
2d2d85bba4
#1597 support pull requests in same repository
2016-03-04 15:43:01 -05:00
9df6ce48c5
Minor fixes for #2746
2016-03-04 13:32:17 -05:00
4d5911dbcf
Merge pull request #2746 from joshfng/feature-delete-wiki-pages
...
Add ability to delete single wiki pages.
2016-03-04 13:14:37 -05:00
d57a2b908a
#2743 and #2751 fix bad SQL generated by XORM
...
Use hand-written SQL to do complex query
2016-03-04 13:08:47 -05:00
Unknwon
Andrey Nering
Sandro Santilli
Franz Schmidt
Robin Lambertz
SjonHortensius
Kim Carlbäcker
Thomas Boerger
Cosmin Stroe
Odin Ugedal
Marin Jankovski
Tamás Molnár
Josh Frye