Unknwon
d62ab49978
#3057 retrieve webhook with repo_id
...
This prevents user retrieve arbitrary webhook by changing URL to
access webhook from other unauthorized repositories.
9 years ago
Unknwon
e30c701386
#3229 disallow repository name . and ..
...
Since . and .. has browser automatical behaviors, we need to disallow those names.
9 years ago
Unknwon
401bf944ef
Use SecurityProtocol to replace UseSSL in LDAP config
...
Initially proposed by #2376 and fixes #3068 as well.
9 years ago
Unknwon
4b25bdfbc4
#3058 #3059 support correct page size and link header
9 years ago
Tom
528682a294
getEngine() not handles DB parameters ( #2972 ) ( #2974 )
9 years ago
Unknwon
3a30c06345
Fix wiki vulnerabilities
...
- Arbitrary file creation leading to command execution
- .md file creation/deletion
Reported by Gabriel Campana.
9 years ago
Andrey Nering
743d22669a
Re-work MAX_DIFF_LINES: supress diff per file, not the whole diff ( #3174 )
9 years ago
Andrey Nering
6efb1e5626
Localize collaboration settings. ( #3100 )
...
Closes #2764
9 years ago
Sandro Santilli
8a248696e9
Use a gopher as default avatar (rather than the gravatar logo) ( #3208 )
...
Also changes the avatar from a jpeg to a png, to allow for
transparent background. The indexed png is also smaller in size.
Note that at the moment the default avatar is only used when
the user requested a custom avatar and the custom avatar file
is not found (should never happen).
In the future the default avatar could be used as a default
return when by-mail avatar lookups fail too (both gravatar
and libravatar support passing a default)
9 years ago
Franz Schmidt
8b35c194ec
Fixes #3110 ( #3136 )
9 years ago
Robin Lambertz
ac05f88641
Fix #3154 ( #3155 )
9 years ago
SjonHortensius
17a4d8a5e5
Fix capitalisation of repo-name in news ( #3203 )
...
use 'official' repo.Name instead of incoming repoName; to enforce
correct capitalisation
9 years ago
Robin Lambertz
bc00da1721
Fix negative issue count ( #3207 )
9 years ago
Unknwon
e9ae926e04
#809 fix wrong closed issue count when create closed issue via API
...
Add start count corrector for Repository.NumClosedIssues
9 years ago
Andrey Nering
12d30255a7
Add comment note ( #3093 )
9 years ago
Kim Carlbäcker
3c0c7a9f83
Fix listing team members ( #3048 )
9 years ago
Andrey Nering
d8612f7704
Fix remove folder issues, including initialization failling. ( #2969 )
...
- Prevent panic on creating notice if database is not available
- Prevent incorrect folder on Windows ("/" instead of "\")
9 years ago
Unknwon
0a78d99a4d
models/release: filter input to prevent command line argument vulnerability
9 years ago
Unknwon
0325bec283
#2895 minor fix for bug of xorm
9 years ago
Thomas Boerger
dfad51fe9e
Made the issue stats query more secure with parameterized placeholders ( #2895 )
9 years ago
Unknwon
78b8b63774
#2992 set default style name when empty in AfterSet
9 years ago
Cosmin Stroe
ba314a7a36
Support alphanumeric issue style (ABC-1234) for external issue tracker ( #2992 )
9 years ago
Unknwon
762ab056a2
Fix XORM IN condition table name parse
9 years ago
Thomas Boerger
746c7fd4e7
Followup fix for previous query fix
9 years ago
Thomas Boerger
b5948f2e71
Made the issues query more secure and simpler
9 years ago
Thomas Boerger
79a1bfd963
Try to make the SQL queries cleaner and more secure
9 years ago
Unknwon
b1d41cfa60
#1692 add admin APIs to add/remove a user from teams
9 years ago
Unknwon
98b58fa050
Handle windows deletion when start
...
Fix #2872
9 years ago
Unknwon
e6f927f61a
#1692 api: admin list and create team under organization
9 years ago
Unknwon
ff731ea07d
#2814 LOWER() column value within search
9 years ago
Odin Ugedal
6ccb2d36cf
Remove email from user search
9 years ago
Odin Ugedal
3253e3c5aa
Make user search look in username, name and email
...
Make user search function look in username (lower_name), full name
(full_name) and primary email (email). This will benefit searching after
user in "explore", admin panel and when adding new collaborators.
9 years ago
Unknwon
9bd9ad4205
#1692 add CRUD issue APIs
...
- Fix go-gogs-client#10
- Related to #809
9 years ago
Unknwon
f76d821bda
fix #2804
9 years ago
Unknwon
263304b6b7
#13 fix postgres aggregate
9 years ago
Unknwon
2bf8494332
#13 finish user and repository search
...
Both are possible on explore and admin panel
9 years ago
Marin Jankovski
1314ba219e
Updated and created were appended with _unix. Fresh databases have only the newly named fields.
9 years ago
Unknwon
5267dce210
Fix ref comment from commit create empty feed
9 years ago
Unknwon
eed9966ad6
#2727 fix incompatible SQL in PostgreSQL
9 years ago
Unknwon
ad513a20e9
#2302 Replace time.Time with Unix Timestamp (int64)
9 years ago
Unknwon
13bd16af92
Minor fixes for #2766
9 years ago
Tamás Molnár
9c91e27933
Added: Ability to delete org avatar.
9 years ago
Unknwon
a5b0400be7
#1146 finish new access rights for collaborators
9 years ago
Unknwon
045f14fbd0
#1146 finsih UI work for access mode of collaborators
...
Collaborators have write access as default, and can be changed via repository
collaboration settings page to change between read, write and admin.
9 years ago
Unknwon
414eb22ef9
#1597 fix activitity feeds for pull requests
9 years ago
Unknwon
a2f13eae55
#1157 some avatar setting changes
...
- Allow to delete current avatar
9 years ago
Unknwon
2a931937a8
Update locales
9 years ago
Josh Frye
275464e7fb
Use relative url when showing forked from
9 years ago
Unknwon
e2d370f0da
#1597 fix pull request remote head can't update with force push
9 years ago
Unknwon
5335e671be
#2743 more fixes on SQL errors
9 years ago