From f9207b09479df964872d68842469991042b5497f Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 25 Feb 2024 18:45:56 +0800 Subject: [PATCH 01/10] Refactor Safe modifier (#29392) After this PR: no need to play with the Safe/Escape tricks anymore. See the changes for more details. --- .../administration/mail-templates.en-us.md | 2 +- .../administration/mail-templates.zh-cn.md | 16 ++++++------ modules/templates/helper.go | 25 ++++++++++++++++--- modules/templates/helper_test.go | 5 ++++ templates/admin/packages/list.tmpl | 2 +- templates/admin/repo/list.tmpl | 2 +- templates/admin/stacktrace.tmpl | 2 +- templates/mail/issue/assigned.tmpl | 8 +++--- templates/mail/issue/default.tmpl | 8 +++--- templates/mail/notify/repo_transfer.tmpl | 4 +-- templates/mail/release.tmpl | 6 ++--- templates/org/member/members.tmpl | 4 +-- templates/org/team/members.tmpl | 2 +- templates/org/team/sidebar.tmpl | 2 +- templates/org/team/teams.tmpl | 2 +- templates/repo/commit_page.tmpl | 4 +-- templates/repo/editor/cherry_pick.tmpl | 6 ++--- .../repo/issue/view_content/comments.tmpl | 14 +++++------ templates/repo/issue/view_content/pull.tmpl | 2 +- templates/repo/issue/view_title.tmpl | 18 ++++++------- templates/repo/migrate/migrate.tmpl | 2 +- templates/repo/settings/lfs_file.tmpl | 4 +-- templates/repo/settings/webhook/settings.tmpl | 2 +- templates/repo/wiki/view.tmpl | 8 +++--- templates/user/settings/applications.tmpl | 2 +- templates/user/settings/organization.tmpl | 2 +- 26 files changed, 89 insertions(+), 65 deletions(-) diff --git a/docs/content/administration/mail-templates.en-us.md b/docs/content/administration/mail-templates.en-us.md index 05c41a6a02f0..b642ff4aa7f6 100644 --- a/docs/content/administration/mail-templates.en-us.md +++ b/docs/content/administration/mail-templates.en-us.md @@ -266,7 +266,7 @@ the messages. Here's a list of some of them: | `AppDomain` | - | Any | Gitea's host name | | `EllipsisString` | string, int | Any | Truncates a string to the specified length; adds ellipsis as needed | | `Str2html` | string | Body only | Sanitizes text by removing any HTML tags from it. | -| `Safe` | string | Body only | Takes the input as HTML; can be used for `.ReviewComments.RenderedContent`. | +| `SafeHTML` | string | Body only | Takes the input as HTML; can be used for `.ReviewComments.RenderedContent`. | These are _functions_, not metadata, so they have to be used: diff --git a/docs/content/administration/mail-templates.zh-cn.md b/docs/content/administration/mail-templates.zh-cn.md index 4846f6f398b2..fd455ef3a860 100644 --- a/docs/content/administration/mail-templates.zh-cn.md +++ b/docs/content/administration/mail-templates.zh-cn.md @@ -242,14 +242,14 @@ _主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://go.dev/pkg/text/ 模板系统包含一些函数,可用于进一步处理和格式化消息。以下是其中一些函数的列表: -| 函数名 | 参数 | 可用于 | 用法 | -| ----------------- | ----------- | ------------ | --------------------------------------------------------------------------------- | -| `AppUrl` | - | 任何地方 | Gitea 的 URL | -| `AppName` | - | 任何地方 | 从 `app.ini` 中设置,通常为 "Gitea" | -| `AppDomain` | - | 任何地方 | Gitea 的主机名 | -| `EllipsisString` | string, int | 任何地方 | 将字符串截断为指定长度;根据需要添加省略号 | -| `Str2html` | string | 仅正文部分 | 通过删除其中的 HTML 标签对文本进行清理 | -| `Safe` | string | 仅正文部分 | 将输入作为 HTML 处理;可用于 `.ReviewComments.RenderedContent` 等字段 | +| 函数名 | 参数 | 可用于 | 用法 | +|------------------| ----------- | ------------ | --------------------------------------------------------------------------------- | +| `AppUrl` | - | 任何地方 | Gitea 的 URL | +| `AppName` | - | 任何地方 | 从 `app.ini` 中设置,通常为 "Gitea" | +| `AppDomain` | - | 任何地方 | Gitea 的主机名 | +| `EllipsisString` | string, int | 任何地方 | 将字符串截断为指定长度;根据需要添加省略号 | +| `Str2html` | string | 仅正文部分 | 通过删除其中的 HTML 标签对文本进行清理 | +| `SafeHTML` | string | 仅正文部分 | 将输入作为 HTML 处理;可用于 `.ReviewComments.RenderedContent` 等字段 | 这些都是 _函数_,而不是元数据,因此必须按以下方式使用: diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 691f7547488d..567948749811 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -9,6 +9,7 @@ import ( "html" "html/template" "net/url" + "slices" "strings" "time" @@ -34,7 +35,8 @@ func NewFuncMap() template.FuncMap { // html/template related functions "dict": dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names. "Eval": Eval, - "Safe": Safe, + "SafeHTML": SafeHTML, + "HTMLFormat": HTMLFormat, "Escape": Escape, "QueryEscape": url.QueryEscape, "JSEscape": JSEscapeSafe, @@ -177,8 +179,25 @@ func NewFuncMap() template.FuncMap { } } -// Safe render raw as HTML -func Safe(s any) template.HTML { +func HTMLFormat(s string, rawArgs ...any) template.HTML { + args := slices.Clone(rawArgs) + for i, v := range args { + switch v := v.(type) { + case nil, bool, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64, float32, float64, template.HTML: + // for most basic types (including template.HTML which is safe), just do nothing and use it + case string: + args[i] = template.HTMLEscapeString(v) + case fmt.Stringer: + args[i] = template.HTMLEscapeString(v.String()) + default: + args[i] = template.HTMLEscapeString(fmt.Sprint(v)) + } + } + return template.HTML(fmt.Sprintf(s, args...)) +} + +// SafeHTML render raw as HTML +func SafeHTML(s any) template.HTML { switch v := s.(type) { case string: return template.HTML(v) diff --git a/modules/templates/helper_test.go b/modules/templates/helper_test.go index 739a92f34f93..8f5d633d4f80 100644 --- a/modules/templates/helper_test.go +++ b/modules/templates/helper_test.go @@ -4,6 +4,7 @@ package templates import ( + "html/template" "testing" "github.com/stretchr/testify/assert" @@ -56,3 +57,7 @@ func TestSubjectBodySeparator(t *testing.T) { func TestJSEscapeSafe(t *testing.T) { assert.EqualValues(t, `\u0026\u003C\u003E\'\"`, JSEscapeSafe(`&<>'"`)) } + +func TestHTMLFormat(t *testing.T) { + assert.Equal(t, template.HTML("< < 1"), HTMLFormat("%s %s %d", "<", template.HTML("<"), 1)) +} diff --git a/templates/admin/packages/list.tmpl b/templates/admin/packages/list.tmpl index 04f76748d081..cf860dab2ab1 100644 --- a/templates/admin/packages/list.tmpl +++ b/templates/admin/packages/list.tmpl @@ -88,7 +88,7 @@ {{ctx.Locale.Tr "packages.settings.delete"}}
- {{ctx.Locale.Tr "packages.settings.delete.notice" (``|Safe) (``|Safe)}} + {{ctx.Locale.Tr "packages.settings.delete.notice" (``|SafeHTML) (``|SafeHTML)}}
{{template "base/modal_actions_confirm" .}} diff --git a/templates/admin/repo/list.tmpl b/templates/admin/repo/list.tmpl index c7a6ec7e4e9f..e11247aed499 100644 --- a/templates/admin/repo/list.tmpl +++ b/templates/admin/repo/list.tmpl @@ -101,7 +101,7 @@

{{ctx.Locale.Tr "repo.settings.delete_desc"}}

- {{ctx.Locale.Tr "repo.settings.delete_notices_2" (``|Safe)}}
+ {{ctx.Locale.Tr "repo.settings.delete_notices_2" (``|SafeHTML)}}
{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}
{{template "base/modal_actions_confirm" .}} diff --git a/templates/admin/stacktrace.tmpl b/templates/admin/stacktrace.tmpl index aa5e810cd780..42944615c38b 100644 --- a/templates/admin/stacktrace.tmpl +++ b/templates/admin/stacktrace.tmpl @@ -39,7 +39,7 @@ {{ctx.Locale.Tr "admin.monitor.process.cancel"}}
-

{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (``|Safe)}}

+

{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (``|SafeHTML)}}

{{ctx.Locale.Tr "admin.monitor.process.cancel_desc"}}

{{template "base/modal_actions_confirm" .}} diff --git a/templates/mail/issue/assigned.tmpl b/templates/mail/issue/assigned.tmpl index e80bd2fc31c1..5720319ee845 100644 --- a/templates/mail/issue/assigned.tmpl +++ b/templates/mail/issue/assigned.tmpl @@ -8,14 +8,14 @@ {{.Subject}} -{{$repo_url := printf "%s" (Escape .Issue.Repo.HTMLURL) (Escape .Issue.Repo.FullName)}} -{{$link := printf "#%d" (Escape .Link) .Issue.Index}} +{{$repo_url := HTMLFormat "%s" .Issue.Repo.HTMLURL .Issue.Repo.FullName}} +{{$link := HTMLFormat "#%d" .Link .Issue.Index}}

{{if .IsPull}} - {{.locale.Tr "mail.issue_assigned.pull" .Doer.Name ($link|Safe) ($repo_url|Safe)}} + {{.locale.Tr "mail.issue_assigned.pull" .Doer.Name $link $repo_url}} {{else}} - {{.locale.Tr "mail.issue_assigned.issue" .Doer.Name ($link|Safe) ($repo_url|Safe)}} + {{.locale.Tr "mail.issue_assigned.issue" .Doer.Name $link $repo_url}} {{end}}

diff --git a/templates/mail/issue/default.tmpl b/templates/mail/issue/default.tmpl index 54ae726d71d2..c48797d82780 100644 --- a/templates/mail/issue/default.tmpl +++ b/templates/mail/issue/default.tmpl @@ -22,13 +22,13 @@ {{if .Comment.IsForcePush}} {{$oldCommitUrl := printf "%s/commit/%s" .Comment.Issue.PullRequest.BaseRepo.HTMLURL .Comment.OldCommit}} {{$oldShortSha := ShortSha .Comment.OldCommit}} - {{$oldCommitLink := printf "%[2]s" (Escape $oldCommitUrl) (Escape $oldShortSha)}} + {{$oldCommitLink := HTMLFormat "%[2]s" $oldCommitUrl $oldShortSha}} {{$newCommitUrl := printf "%s/commit/%s" .Comment.Issue.PullRequest.BaseRepo.HTMLURL .Comment.NewCommit}} {{$newShortSha := ShortSha .Comment.NewCommit}} - {{$newCommitLink := printf "%[2]s" (Escape $newCommitUrl) (Escape $newShortSha)}} + {{$newCommitLink := HTMLFormat "%[2]s" $newCommitUrl $newShortSha}} - {{.locale.Tr "mail.issue.action.force_push" .Doer.Name .Comment.Issue.PullRequest.HeadBranch ($oldCommitLink|Safe) ($newCommitLink|Safe)}} + {{.locale.Tr "mail.issue.action.force_push" .Doer.Name .Comment.Issue.PullRequest.HeadBranch $oldCommitLink $newCommitLink}} {{else}} {{.locale.TrN (len .Comment.Commits) "mail.issue.action.push_1" "mail.issue.action.push_n" .Doer.Name .Comment.Issue.PullRequest.HeadBranch (len .Comment.Commits)}} {{end}} @@ -65,7 +65,7 @@ {{$.locale.Tr "mail.issue.in_tree_path" .TreePath}} 
{{.Patch}}
-
{{.RenderedContent | Safe}}
+
{{.RenderedContent | SafeHTML}}
{{end -}} {{if eq .ActionName "push"}} diff --git a/templates/mail/notify/repo_transfer.tmpl b/templates/mail/notify/repo_transfer.tmpl index 1b23593f6ba7..597048ddf496 100644 --- a/templates/mail/notify/repo_transfer.tmpl +++ b/templates/mail/notify/repo_transfer.tmpl @@ -5,10 +5,10 @@ {{.Subject}} -{{$url := printf "%[2]s" (Escape .Link) (Escape .Repo)}} +{{$url := HTMLFormat "%[2]s" .Link .Repo)}}

{{.Subject}}. - {{.locale.Tr "mail.repo.transfer.body" ($url|Safe)}} + {{.locale.Tr "mail.repo.transfer.body" $url}}

--- diff --git a/templates/mail/release.tmpl b/templates/mail/release.tmpl index 96dc7699931e..62a16573c6b2 100644 --- a/templates/mail/release.tmpl +++ b/templates/mail/release.tmpl @@ -11,11 +11,11 @@ -{{$release_url := printf "%s" (.Release.HTMLURL | Escape) (.Release.TagName | Escape)}} -{{$repo_url := printf "%s" (.Release.Repo.HTMLURL | Escape) (.Release.Repo.FullName | Escape)}} +{{$release_url := HTMLFormat "%s" .Release.HTMLURL .Release.TagName}} +{{$repo_url := HTMLFormat "%s" .Release.Repo.HTMLURL .Release.Repo.FullName}}

- {{.locale.Tr "mail.release.new.text" .Release.Publisher.Name ($release_url|Safe) ($repo_url|Safe)}} + {{.locale.Tr "mail.release.new.text" .Release.Publisher.Name $release_url $repo_url}}

{{.locale.Tr "mail.release.title" .Release.Title}}

diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl index 64f1aaa7d2f5..54f84450eb74 100644 --- a/templates/org/member/members.tmpl +++ b/templates/org/member/members.tmpl @@ -73,7 +73,7 @@ {{ctx.Locale.Tr "org.members.leave"}}

-

{{ctx.Locale.Tr "org.members.leave.detail" (``|Safe)}}

+

{{ctx.Locale.Tr "org.members.leave.detail" (``|SafeHTML)}}

{{template "base/modal_actions_confirm" .}} @@ -82,7 +82,7 @@ {{ctx.Locale.Tr "org.members.remove"}}
-

{{ctx.Locale.Tr "org.members.remove.detail" (``|Safe) (``|Safe)}}

+

{{ctx.Locale.Tr "org.members.remove.detail" (``|SafeHTML) (``|SafeHTML)}}

{{template "base/modal_actions_confirm" .}} diff --git a/templates/org/team/members.tmpl b/templates/org/team/members.tmpl index dd4ece14335a..adaf83ae155e 100644 --- a/templates/org/team/members.tmpl +++ b/templates/org/team/members.tmpl @@ -81,7 +81,7 @@ {{ctx.Locale.Tr "org.members.remove"}}
-

{{ctx.Locale.Tr "org.members.remove.detail" (``|Safe) (``|Safe)}}

+

{{ctx.Locale.Tr "org.members.remove.detail" (``|SafeHTML) (``|SafeHTML)}}

{{template "base/modal_actions_confirm" .}} diff --git a/templates/org/team/sidebar.tmpl b/templates/org/team/sidebar.tmpl index 440fa11dc950..9311a46e38f7 100644 --- a/templates/org/team/sidebar.tmpl +++ b/templates/org/team/sidebar.tmpl @@ -88,7 +88,7 @@ {{ctx.Locale.Tr "org.teams.leave"}}
-

{{ctx.Locale.Tr "org.teams.leave.detail" (``|Safe)}}

+

{{ctx.Locale.Tr "org.teams.leave.detail" (``|SafeHTML)}}

{{template "base/modal_actions_confirm" .}} diff --git a/templates/org/team/teams.tmpl b/templates/org/team/teams.tmpl index b518d7d9d738..53c909ee9c81 100644 --- a/templates/org/team/teams.tmpl +++ b/templates/org/team/teams.tmpl @@ -49,7 +49,7 @@ {{ctx.Locale.Tr "org.teams.leave"}}
-

{{ctx.Locale.Tr "org.teams.leave.detail" (``|Safe)}}

+

{{ctx.Locale.Tr "org.teams.leave.detail" (``|SafeHTML)}}

{{template "base/modal_actions_confirm" .}} diff --git a/templates/repo/commit_page.tmpl b/templates/repo/commit_page.tmpl index fbfaa19411bf..115ee9295510 100644 --- a/templates/repo/commit_page.tmpl +++ b/templates/repo/commit_page.tmpl @@ -88,7 +88,7 @@ {{.CsrfTokenHtml}}
@@ -113,7 +113,7 @@
diff --git a/templates/repo/editor/cherry_pick.tmpl b/templates/repo/editor/cherry_pick.tmpl index b65c3a30337f..f9c9eef5aab6 100644 --- a/templates/repo/editor/cherry_pick.tmpl +++ b/templates/repo/editor/cherry_pick.tmpl @@ -11,11 +11,11 @@
{{$shaurl := printf "%s/commit/%s" $.RepoLink (PathEscape .SHA)}} - {{$shalink := printf `%s` (Escape $shaurl) (ShortSha .SHA)}} + {{$shalink := HTMLFormat `%s` $shaurl (ShortSha .SHA)}} {{if eq .CherryPickType "revert"}} - {{ctx.Locale.Tr "repo.editor.revert" ($shalink|Safe)}} + {{ctx.Locale.Tr "repo.editor.revert" $shalink}} {{else}} - {{ctx.Locale.Tr "repo.editor.cherry_pick" ($shalink|Safe)}} + {{ctx.Locale.Tr "repo.editor.cherry_pick" $shalink}} {{end}} {{.Repository.FullName}}
:
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl index 7bd7e8c35d6d..e41f804043b6 100644 --- a/templates/repo/issue/view_content/comments.tmpl +++ b/templates/repo/issue/view_content/comments.tmpl @@ -112,9 +112,9 @@ {{template "shared/user/authorlink" .Poster}} {{$link := printf "%s/commit/%s" $.Repository.Link ($.Issue.PullRequest.MergedCommitID|PathEscape)}} {{if eq $.Issue.PullRequest.Status 3}} - {{ctx.Locale.Tr "repo.issues.comment_manually_pull_merged_at" (printf `%[2]s` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID) | Safe) (printf "%[1]s" ($.BaseTarget|Escape) | Safe) $createdStr}} + {{ctx.Locale.Tr "repo.issues.comment_manually_pull_merged_at" (HTMLFormat `%[2]s` $link (ShortSha $.Issue.PullRequest.MergedCommitID)) (HTMLFormat "%[1]s" $.BaseTarget) $createdStr}} {{else}} - {{ctx.Locale.Tr "repo.issues.comment_pull_merged_at" (printf `%[2]s` ($link|Escape) (ShortSha $.Issue.PullRequest.MergedCommitID) | Safe) (printf "%[1]s" ($.BaseTarget|Escape) | Safe) $createdStr}} + {{ctx.Locale.Tr "repo.issues.comment_pull_merged_at" (HTMLFormat `%[2]s` $link (ShortSha $.Issue.PullRequest.MergedCommitID)) (HTMLFormat "%[1]s" $.BaseTarget) $createdStr}} {{end}}
@@ -595,19 +595,19 @@ {{$oldProjectDisplayHtml := "Unknown Project"}} {{if .OldProject}} {{$trKey := printf "projects.type-%d.display_name" .OldProject.Type}} - {{$oldProjectDisplayHtml = printf `%s` (ctx.Locale.Tr $trKey | Escape) (.OldProject.Title | Escape)}} + {{$oldProjectDisplayHtml = HTMLFormat `%s` (ctx.Locale.Tr $trKey) .OldProject.Title}} {{end}} {{$newProjectDisplayHtml := "Unknown Project"}} {{if .Project}} {{$trKey := printf "projects.type-%d.display_name" .Project.Type}} - {{$newProjectDisplayHtml = printf `%s` (ctx.Locale.Tr $trKey | Escape) (.Project.Title | Escape)}} + {{$newProjectDisplayHtml = HTMLFormat `%s` (ctx.Locale.Tr $trKey) .Project.Title}} {{end}} {{if and (gt .OldProjectID 0) (gt .ProjectID 0)}} - {{ctx.Locale.Tr "repo.issues.change_project_at" ($oldProjectDisplayHtml|Safe) ($newProjectDisplayHtml|Safe) $createdStr}} + {{ctx.Locale.Tr "repo.issues.change_project_at" $oldProjectDisplayHtml $newProjectDisplayHtml $createdStr}} {{else if gt .OldProjectID 0}} - {{ctx.Locale.Tr "repo.issues.remove_project_at" ($oldProjectDisplayHtml|Safe) $createdStr}} + {{ctx.Locale.Tr "repo.issues.remove_project_at" $oldProjectDisplayHtml $createdStr}} {{else if gt .ProjectID 0}} - {{ctx.Locale.Tr "repo.issues.add_project_at" ($newProjectDisplayHtml|Safe) $createdStr}} + {{ctx.Locale.Tr "repo.issues.add_project_at" $newProjectDisplayHtml $createdStr}} {{end}}
diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl index 13d49b61b76c..371c9db6f052 100644 --- a/templates/repo/issue/view_content/pull.tmpl +++ b/templates/repo/issue/view_content/pull.tmpl @@ -39,7 +39,7 @@ {{ctx.Locale.Tr "repo.pulls.merged_success"}}
- {{ctx.Locale.Tr "repo.pulls.merged_info_text" (printf "%s" (.HeadTarget | Escape) | Safe)}} + {{ctx.Locale.Tr "repo.pulls.merged_info_text" (HTMLFormat "%s" .HeadTarget)}}
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl index 9b4657b63475..37cad26c9b39 100644 --- a/templates/repo/issue/view_title.tmpl +++ b/templates/repo/issue/view_title.tmpl @@ -43,31 +43,31 @@ {{end}}
{{if .Issue.IsPull}} - {{$headHref := .HeadTarget|Escape}} + {{$headHref := .HeadTarget}} {{if .HeadBranchLink}} - {{$headHref = printf `%s` (.HeadBranchLink | Escape) $headHref}} + {{$headHref = HTMLFormat `%s` .HeadBranchLink $headHref}} {{end}} - {{$headHref = printf `%s ` $headHref (ctx.Locale.Tr "copy_branch") (.HeadTarget | Escape) (svg "octicon-copy" 14)}} - {{$baseHref := .BaseTarget|Escape}} + {{$headHref = HTMLFormat `%s ` $headHref (ctx.Locale.Tr "copy_branch") .HeadTarget (svg "octicon-copy" 14)}} + {{$baseHref := .BaseTarget}} {{if .BaseBranchLink}} - {{$baseHref = printf `%s` (.BaseBranchLink | Escape) $baseHref}} + {{$baseHref = HTMLFormat `%s` .BaseBranchLink $baseHref}} {{end}} {{if .Issue.PullRequest.HasMerged}} {{$mergedStr:= TimeSinceUnix .Issue.PullRequest.MergedUnix ctx.Locale}} {{if .Issue.OriginalAuthor}} {{.Issue.OriginalAuthor}} - {{ctx.Locale.Tr "repo.pulls.merged_title_desc" .NumCommits ($headHref|Safe) ($baseHref|Safe) $mergedStr}} + {{ctx.Locale.Tr "repo.pulls.merged_title_desc" .NumCommits $headHref $baseHref $mergedStr}} {{else}} {{.Issue.PullRequest.Merger.GetDisplayName}} - {{ctx.Locale.Tr "repo.pulls.merged_title_desc" .NumCommits ($headHref|Safe) ($baseHref|Safe) $mergedStr}} + {{ctx.Locale.Tr "repo.pulls.merged_title_desc" .NumCommits $headHref $baseHref $mergedStr}} {{end}} {{else}} {{if .Issue.OriginalAuthor}} - {{.Issue.OriginalAuthor}} {{ctx.Locale.Tr "repo.pulls.title_desc" .NumCommits ($headHref|Safe) ($baseHref|Safe)}} + {{.Issue.OriginalAuthor}} {{ctx.Locale.Tr "repo.pulls.title_desc" .NumCommits $headHref $baseHref}} {{else}} {{.Issue.Poster.GetDisplayName}} - {{ctx.Locale.Tr "repo.pulls.title_desc" .NumCommits ($headHref|Safe) ($baseHref|Safe)}} + {{ctx.Locale.Tr "repo.pulls.title_desc" .NumCommits $headHref $baseHref}} {{end}} diff --git a/templates/repo/migrate/migrate.tmpl b/templates/repo/migrate/migrate.tmpl index c686f0b832b1..d1abb153748a 100644 --- a/templates/repo/migrate/migrate.tmpl +++ b/templates/repo/migrate/migrate.tmpl @@ -20,7 +20,7 @@ {{.Title}}
- {{(printf "repo.migrate.%s.description" .Name) | ctx.Locale.Tr}} + {{ctx.Locale.Tr (printf "repo.migrate.%s.description" .Name)}}
diff --git a/templates/repo/settings/lfs_file.tmpl b/templates/repo/settings/lfs_file.tmpl index 0aeb2af178b2..7f1d07e46fc3 100644 --- a/templates/repo/settings/lfs_file.tmpl +++ b/templates/repo/settings/lfs_file.tmpl @@ -15,9 +15,9 @@ {{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
{{if .IsMarkup}} - {{if .FileContent}}{{.FileContent | Safe}}{{end}} + {{if .FileContent}}{{.FileContent | SafeHTML}}{{end}} {{else if .IsPlainText}} - 
{{if .FileContent}}{{.FileContent | Safe}}{{end}}
+ 
{{if .FileContent}}{{.FileContent | SafeHTML}}{{end}}
{{else if not .IsTextFile}}
{{if .IsImageFile}} diff --git a/templates/repo/settings/webhook/settings.tmpl b/templates/repo/settings/webhook/settings.tmpl index f636108b379c..3ef8894444a4 100644 --- a/templates/repo/settings/webhook/settings.tmpl +++ b/templates/repo/settings/webhook/settings.tmpl @@ -263,7 +263,7 @@ {{if ne .HookType "matrix"}}{{/* Matrix doesn't make the authorization optional but it is implied by the help string, should be changed.*/}} - {{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("Bearer token123456, Basic YWxhZGRpbjpvcGVuc2VzYW1l" | Safe)}} + {{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("Bearer token123456, Basic YWxhZGRpbjpvcGVuc2VzYW1l" | SafeHTML)}} {{end}}
diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl index 5b296dc2af4e..f3b6be97cf2f 100644 --- a/templates/repo/wiki/view.tmpl +++ b/templates/repo/wiki/view.tmpl @@ -67,13 +67,13 @@
{{if .sidebarTocContent}}
- {{.sidebarTocContent | Safe}} + {{.sidebarTocContent | SafeHTML}}
{{end}}
{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}} - {{.content | Safe}} + {{.content | SafeHTML}}
{{if .sidebarPresent}} @@ -82,7 +82,7 @@ {{svg "octicon-pencil"}} {{end}} {{template "repo/unicode_escape_prompt" dict "EscapeStatus" .sidebarEscapeStatus "root" $}} - {{.sidebarContent | Safe}} + {{.sidebarContent | SafeHTML}}
{{end}} @@ -94,7 +94,7 @@ {{svg "octicon-pencil"}} {{end}} {{template "repo/unicode_escape_prompt" dict "footerEscapeStatus" .sidebarEscapeStatus "root" $}} - {{.footerContent | Safe}} + {{.footerContent | SafeHTML}}
{{end}}
diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl index 8cf76d80a577..7ce9a4b70fb2 100644 --- a/templates/user/settings/applications.tmpl +++ b/templates/user/settings/applications.tmpl @@ -75,7 +75,7 @@ {{ctx.Locale.Tr "settings.select_permissions"}}

- {{ctx.Locale.Tr "settings.access_token_desc" (printf `href="/api/swagger" target="_blank"`) (printf `href="https://docs.gitea.com/development/oauth2-provider#scopes" target="_blank"`)}} + {{ctx.Locale.Tr "settings.access_token_desc" (`href="/api/swagger" target="_blank"`|SafeHTML) (`href="https://docs.gitea.com/development/oauth2-provider#scopes" target="_blank"`|SafeHTML)}}

-

{{ctx.Locale.Tr "org.members.leave.detail" (``|Safe)}}

+

{{ctx.Locale.Tr "org.members.leave.detail" (``|SafeHTML)}}

{{template "base/modal_actions_confirm" .}}
From 0676bf52f95b9c9ac6f5679bd263d844e6a83fa1 Mon Sep 17 00:00:00 2001 From: Yarden Shoham Date: Sun, 25 Feb 2024 14:36:11 +0200 Subject: [PATCH 02/10] Remove jQuery AJAX from the notice selection deletion button (#29381) - Removed all jQuery AJAX calls and replaced with our fetch wrapper - Tested the repo notice selection deletion button functionality and it works as before Signed-off-by: Yarden Shoham --- web_src/js/features/admin/common.js | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/web_src/js/features/admin/common.js b/web_src/js/features/admin/common.js index 044976ea7b6d..5354216e3d9e 100644 --- a/web_src/js/features/admin/common.js +++ b/web_src/js/features/admin/common.js @@ -1,8 +1,9 @@ import $ from 'jquery'; import {checkAppUrl} from '../common-global.js'; import {hideElem, showElem, toggleElem} from '../../utils/dom.js'; +import {POST} from '../../modules/fetch.js'; -const {csrfToken, appSubUrl} = window.config; +const {appSubUrl} = window.config; export function initAdminCommon() { if ($('.page-content.admin').length === 0) { @@ -204,22 +205,18 @@ export function initAdminCommon() { break; } }); - $('#delete-selection').on('click', function (e) { + $('#delete-selection').on('click', async function (e) { e.preventDefault(); const $this = $(this); $this.addClass('loading disabled'); - const ids = []; + const data = new FormData(); $checkboxes.each(function () { if ($(this).checkbox('is checked')) { - ids.push($(this).data('id')); + data.append('ids[]', $(this).data('id')); } }); - $.post($this.data('link'), { - _csrf: csrfToken, - ids - }).done(() => { - window.location.href = $this.data('redirect'); - }); + await POST($this.data('link'), {data}); + window.location.href = $this.data('redirect'); }); } } From ad0a34b492c3d41952ff4648c8bfb7b54c376151 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Sun, 25 Feb 2024 14:05:23 +0100 Subject: [PATCH 03/10] Add `io.Closer` guidelines (#29387) Co-authored-by: Yarden Shoham --- docs/content/contributing/guidelines-backend.en-us.md | 4 ++++ modules/git/blame.go | 4 ++++ modules/git/repo_base_gogit.go | 7 ++++--- modules/git/repo_base_nogogit.go | 4 ++-- modules/indexer/internal/bleve/indexer.go | 2 +- modules/indexer/internal/meilisearch/indexer.go | 3 --- modules/util/filebuffer/file_backed_buffer.go | 1 + 7 files changed, 16 insertions(+), 9 deletions(-) diff --git a/docs/content/contributing/guidelines-backend.en-us.md b/docs/content/contributing/guidelines-backend.en-us.md index 084b3886e84e..3159a5ff7d14 100644 --- a/docs/content/contributing/guidelines-backend.en-us.md +++ b/docs/content/contributing/guidelines-backend.en-us.md @@ -101,6 +101,10 @@ i.e. `services/user`, `models/repository`. Since there are some packages which use the same package name, it is possible that you find packages like `modules/user`, `models/user`, and `services/user`. When these packages are imported in one Go file, it's difficult to know which package we are using and if it's a variable name or an import name. So, we always recommend to use import aliases. To differ from package variables which are commonly in camelCase, just use **snake_case** for import aliases. i.e. `import user_service "code.gitea.io/gitea/services/user"` +### Implementing `io.Closer` + +If a type implements `io.Closer`, calling `Close` multiple times must not fail or `panic` but return an error or `nil`. + ### Important Gotchas - Never write `x.Update(exemplar)` without an explicit `WHERE` clause: diff --git a/modules/git/blame.go b/modules/git/blame.go index 64095a218a31..69e1b08f93b4 100644 --- a/modules/git/blame.go +++ b/modules/git/blame.go @@ -115,6 +115,10 @@ func (r *BlameReader) NextPart() (*BlamePart, error) { // Close BlameReader - don't run NextPart after invoking that func (r *BlameReader) Close() error { + if r.bufferedReader == nil { + return nil + } + err := <-r.done r.bufferedReader = nil _ = r.reader.Close() diff --git a/modules/git/repo_base_gogit.go b/modules/git/repo_base_gogit.go index 9270bb70f073..3ca5eb36c6ed 100644 --- a/modules/git/repo_base_gogit.go +++ b/modules/git/repo_base_gogit.go @@ -88,16 +88,17 @@ func OpenRepository(ctx context.Context, repoPath string) (*Repository, error) { } // Close this repository, in particular close the underlying gogitStorage if this is not nil -func (repo *Repository) Close() (err error) { +func (repo *Repository) Close() error { if repo == nil || repo.gogitStorage == nil { - return + return nil } if err := repo.gogitStorage.Close(); err != nil { gitealog.Error("Error closing storage: %v", err) } + repo.gogitStorage = nil repo.LastCommitCache = nil repo.tagCache = nil - return + return nil } // GoGitRepo gets the go-git repo representation diff --git a/modules/git/repo_base_nogogit.go b/modules/git/repo_base_nogogit.go index 8c6eae5897eb..86b6a9356775 100644 --- a/modules/git/repo_base_nogogit.go +++ b/modules/git/repo_base_nogogit.go @@ -103,7 +103,7 @@ func (repo *Repository) CatFileBatchCheck(ctx context.Context) (WriteCloserError } } -func (repo *Repository) Close() (err error) { +func (repo *Repository) Close() error { if repo == nil { return nil } @@ -123,5 +123,5 @@ func (repo *Repository) Close() (err error) { } repo.LastCommitCache = nil repo.tagCache = nil - return err + return nil } diff --git a/modules/indexer/internal/bleve/indexer.go b/modules/indexer/internal/bleve/indexer.go index ce06b5afcb78..01e53ca63603 100644 --- a/modules/indexer/internal/bleve/indexer.go +++ b/modules/indexer/internal/bleve/indexer.go @@ -92,7 +92,7 @@ func (i *Indexer) Ping(_ context.Context) error { } func (i *Indexer) Close() { - if i == nil { + if i == nil || i.Indexer == nil { return } diff --git a/modules/indexer/internal/meilisearch/indexer.go b/modules/indexer/internal/meilisearch/indexer.go index b037249d4321..f4004849c1d0 100644 --- a/modules/indexer/internal/meilisearch/indexer.go +++ b/modules/indexer/internal/meilisearch/indexer.go @@ -87,8 +87,5 @@ func (i *Indexer) Close() { if i == nil { return } - if i.Client == nil { - return - } i.Client = nil } diff --git a/modules/util/filebuffer/file_backed_buffer.go b/modules/util/filebuffer/file_backed_buffer.go index 6b07bd041386..739543e2977e 100644 --- a/modules/util/filebuffer/file_backed_buffer.go +++ b/modules/util/filebuffer/file_backed_buffer.go @@ -149,6 +149,7 @@ func (b *FileBackedBuffer) Close() error { if b.file != nil { err := b.file.Close() os.Remove(b.file.Name()) + b.file = nil return err } return nil From f79c9e817abaef279c0b33d5460a066170dd3ea6 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Sun, 25 Feb 2024 14:32:13 +0100 Subject: [PATCH 04/10] Use `crypto/sha256` (#29386) Go 1.21 improved the performance of `crypto/sha256`. It's now similar to `minio/sha256-simd`, so we should just use the standard libs. https://go.dev/doc/go1.21#crypto/sha256 https://go-review.googlesource.com/c/go/+/408795 https://github.com/multiformats/go-multihash/pull/173 --- go.mod | 2 +- models/auth/twofactor.go | 2 +- models/migrations/base/hash.go | 2 +- models/migrations/v1_14/v166.go | 2 +- modules/auth/password/hash/pbkdf2.go | 2 +- modules/avatar/hash.go | 3 +-- modules/avatar/identicon/identicon.go | 3 +-- modules/base/tool.go | 2 +- modules/git/last_commit_cache.go | 3 +-- modules/lfs/content_store.go | 3 +-- modules/lfs/pointer.go | 3 +-- modules/secret/secret.go | 3 +-- modules/util/keypair.go | 3 +-- modules/util/keypair_test.go | 2 +- routers/api/packages/chef/auth.go | 3 +-- routers/api/packages/maven/maven.go | 3 +-- services/lfs/server.go | 2 +- services/mailer/token/token.go | 3 +-- services/webhook/deliver.go | 2 +- tests/integration/api_packages_chef_test.go | 2 +- tests/integration/api_packages_container_test.go | 2 +- tests/integration/api_packages_test.go | 2 +- 22 files changed, 22 insertions(+), 32 deletions(-) diff --git a/go.mod b/go.mod index 7a752ec874cf..03f6ad121584 100644 --- a/go.mod +++ b/go.mod @@ -78,7 +78,6 @@ require ( github.com/mholt/archiver/v3 v3.5.1 github.com/microcosm-cc/bluemonday v1.0.26 github.com/minio/minio-go/v7 v7.0.66 - github.com/minio/sha256-simd v1.0.1 github.com/msteinert/pam v1.2.0 github.com/nektos/act v0.2.52 github.com/niklasfasching/go-org v1.7.0 @@ -230,6 +229,7 @@ require ( github.com/mholt/acmez v1.2.0 // indirect github.com/miekg/dns v1.1.58 // indirect github.com/minio/md5-simd v1.1.2 // indirect + github.com/minio/sha256-simd v1.0.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect diff --git a/models/auth/twofactor.go b/models/auth/twofactor.go index 51061e520558..d0c341a192f6 100644 --- a/models/auth/twofactor.go +++ b/models/auth/twofactor.go @@ -6,6 +6,7 @@ package auth import ( "context" "crypto/md5" + "crypto/sha256" "crypto/subtle" "encoding/base32" "encoding/base64" @@ -18,7 +19,6 @@ import ( "code.gitea.io/gitea/modules/timeutil" "code.gitea.io/gitea/modules/util" - "github.com/minio/sha256-simd" "github.com/pquerna/otp/totp" "golang.org/x/crypto/pbkdf2" ) diff --git a/models/migrations/base/hash.go b/models/migrations/base/hash.go index 0debec272b3f..00fd1efd4a3b 100644 --- a/models/migrations/base/hash.go +++ b/models/migrations/base/hash.go @@ -4,9 +4,9 @@ package base import ( + "crypto/sha256" "encoding/hex" - "github.com/minio/sha256-simd" "golang.org/x/crypto/pbkdf2" ) diff --git a/models/migrations/v1_14/v166.go b/models/migrations/v1_14/v166.go index 78f33e8f9bdd..e5731582fdd5 100644 --- a/models/migrations/v1_14/v166.go +++ b/models/migrations/v1_14/v166.go @@ -4,9 +4,9 @@ package v1_14 //nolint import ( + "crypto/sha256" "encoding/hex" - "github.com/minio/sha256-simd" "golang.org/x/crypto/argon2" "golang.org/x/crypto/bcrypt" "golang.org/x/crypto/pbkdf2" diff --git a/modules/auth/password/hash/pbkdf2.go b/modules/auth/password/hash/pbkdf2.go index 9ff6d162fcc3..27382fedb8cb 100644 --- a/modules/auth/password/hash/pbkdf2.go +++ b/modules/auth/password/hash/pbkdf2.go @@ -4,12 +4,12 @@ package hash import ( + "crypto/sha256" "encoding/hex" "strings" "code.gitea.io/gitea/modules/log" - "github.com/minio/sha256-simd" "golang.org/x/crypto/pbkdf2" ) diff --git a/modules/avatar/hash.go b/modules/avatar/hash.go index 4fc28a7739f0..50db9c1943a3 100644 --- a/modules/avatar/hash.go +++ b/modules/avatar/hash.go @@ -4,10 +4,9 @@ package avatar import ( + "crypto/sha256" "encoding/hex" "strconv" - - "github.com/minio/sha256-simd" ) // HashAvatar will generate a unique string, which ensures that when there's a diff --git a/modules/avatar/identicon/identicon.go b/modules/avatar/identicon/identicon.go index 9b7a2faf05b5..63926d5f1908 100644 --- a/modules/avatar/identicon/identicon.go +++ b/modules/avatar/identicon/identicon.go @@ -7,11 +7,10 @@ package identicon import ( + "crypto/sha256" "fmt" "image" "image/color" - - "github.com/minio/sha256-simd" ) const minImageSize = 16 diff --git a/modules/base/tool.go b/modules/base/tool.go index 19fb2c451fdf..168a2220b2a5 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -5,6 +5,7 @@ package base import ( "crypto/sha1" + "crypto/sha256" "encoding/base64" "encoding/hex" "errors" @@ -22,7 +23,6 @@ import ( "code.gitea.io/gitea/modules/setting" "github.com/dustin/go-humanize" - "github.com/minio/sha256-simd" ) // EncodeSha1 string to sha1 hex value. diff --git a/modules/git/last_commit_cache.go b/modules/git/last_commit_cache.go index 7c7baedd2f39..5b62b90b2795 100644 --- a/modules/git/last_commit_cache.go +++ b/modules/git/last_commit_cache.go @@ -4,12 +4,11 @@ package git import ( + "crypto/sha256" "fmt" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" - - "github.com/minio/sha256-simd" ) // Cache represents a caching interface diff --git a/modules/lfs/content_store.go b/modules/lfs/content_store.go index daf8c6cfdda0..0d9c0c98acca 100644 --- a/modules/lfs/content_store.go +++ b/modules/lfs/content_store.go @@ -4,6 +4,7 @@ package lfs import ( + "crypto/sha256" "encoding/hex" "errors" "hash" @@ -12,8 +13,6 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/storage" - - "github.com/minio/sha256-simd" ) var ( diff --git a/modules/lfs/pointer.go b/modules/lfs/pointer.go index 3e5bb8f91d2f..ebde20f82683 100644 --- a/modules/lfs/pointer.go +++ b/modules/lfs/pointer.go @@ -4,6 +4,7 @@ package lfs import ( + "crypto/sha256" "encoding/hex" "errors" "fmt" @@ -12,8 +13,6 @@ import ( "regexp" "strconv" "strings" - - "github.com/minio/sha256-simd" ) const ( diff --git a/modules/secret/secret.go b/modules/secret/secret.go index 9c2ecd181d2c..e70ae1839c4c 100644 --- a/modules/secret/secret.go +++ b/modules/secret/secret.go @@ -7,13 +7,12 @@ import ( "crypto/aes" "crypto/cipher" "crypto/rand" + "crypto/sha256" "encoding/base64" "encoding/hex" "errors" "fmt" "io" - - "github.com/minio/sha256-simd" ) // AesEncrypt encrypts text and given key with AES. diff --git a/modules/util/keypair.go b/modules/util/keypair.go index 97f2d9ebca2d..8b86c142af7c 100644 --- a/modules/util/keypair.go +++ b/modules/util/keypair.go @@ -7,10 +7,9 @@ import ( "crypto" "crypto/rand" "crypto/rsa" + "crypto/sha256" "crypto/x509" "encoding/pem" - - "github.com/minio/sha256-simd" ) // GenerateKeyPair generates a public and private keypair diff --git a/modules/util/keypair_test.go b/modules/util/keypair_test.go index c9925f798810..c6f68c845a47 100644 --- a/modules/util/keypair_test.go +++ b/modules/util/keypair_test.go @@ -7,12 +7,12 @@ import ( "crypto" "crypto/rand" "crypto/rsa" + "crypto/sha256" "crypto/x509" "encoding/pem" "regexp" "testing" - "github.com/minio/sha256-simd" "github.com/stretchr/testify/assert" ) diff --git a/routers/api/packages/chef/auth.go b/routers/api/packages/chef/auth.go index 3aef8281a4ee..a790e9a3631b 100644 --- a/routers/api/packages/chef/auth.go +++ b/routers/api/packages/chef/auth.go @@ -8,6 +8,7 @@ import ( "crypto" "crypto/rsa" "crypto/sha1" + "crypto/sha256" "crypto/x509" "encoding/base64" "encoding/pem" @@ -26,8 +27,6 @@ import ( chef_module "code.gitea.io/gitea/modules/packages/chef" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/auth" - - "github.com/minio/sha256-simd" ) const ( diff --git a/routers/api/packages/maven/maven.go b/routers/api/packages/maven/maven.go index 0b93382b0117..5106395eb1a6 100644 --- a/routers/api/packages/maven/maven.go +++ b/routers/api/packages/maven/maven.go @@ -6,6 +6,7 @@ package maven import ( "crypto/md5" "crypto/sha1" + "crypto/sha256" "crypto/sha512" "encoding/hex" "encoding/xml" @@ -26,8 +27,6 @@ import ( maven_module "code.gitea.io/gitea/modules/packages/maven" "code.gitea.io/gitea/routers/api/packages/helper" packages_service "code.gitea.io/gitea/services/packages" - - "github.com/minio/sha256-simd" ) const ( diff --git a/services/lfs/server.go b/services/lfs/server.go index 62134b7d6063..56714120ad09 100644 --- a/services/lfs/server.go +++ b/services/lfs/server.go @@ -5,6 +5,7 @@ package lfs import ( stdCtx "context" + "crypto/sha256" "encoding/base64" "encoding/hex" "errors" @@ -33,7 +34,6 @@ import ( "code.gitea.io/gitea/modules/storage" "github.com/golang-jwt/jwt/v5" - "github.com/minio/sha256-simd" ) // requestContext contain variables from the HTTP request. diff --git a/services/mailer/token/token.go b/services/mailer/token/token.go index aa7b56718863..8a5a762d6b5f 100644 --- a/services/mailer/token/token.go +++ b/services/mailer/token/token.go @@ -6,14 +6,13 @@ package token import ( "context" crypto_hmac "crypto/hmac" + "crypto/sha256" "encoding/base32" "fmt" "time" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/util" - - "github.com/minio/sha256-simd" ) // A token is a verifiable container describing an action. diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go index 8f728d3aa692..935981d29cee 100644 --- a/services/webhook/deliver.go +++ b/services/webhook/deliver.go @@ -7,6 +7,7 @@ import ( "context" "crypto/hmac" "crypto/sha1" + "crypto/sha256" "crypto/tls" "encoding/hex" "fmt" @@ -29,7 +30,6 @@ import ( webhook_module "code.gitea.io/gitea/modules/webhook" "github.com/gobwas/glob" - "github.com/minio/sha256-simd" ) // Deliver deliver hook task diff --git a/tests/integration/api_packages_chef_test.go b/tests/integration/api_packages_chef_test.go index 4123c7216c4d..05545f11a698 100644 --- a/tests/integration/api_packages_chef_test.go +++ b/tests/integration/api_packages_chef_test.go @@ -11,6 +11,7 @@ import ( "crypto/rand" "crypto/rsa" "crypto/sha1" + "crypto/sha256" "crypto/x509" "encoding/base64" "encoding/pem" @@ -33,7 +34,6 @@ import ( chef_router "code.gitea.io/gitea/routers/api/packages/chef" "code.gitea.io/gitea/tests" - "github.com/minio/sha256-simd" "github.com/stretchr/testify/assert" ) diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go index 509ad424e6cd..9ac6e5256b14 100644 --- a/tests/integration/api_packages_container_test.go +++ b/tests/integration/api_packages_container_test.go @@ -5,6 +5,7 @@ package integration import ( "bytes" + "crypto/sha256" "encoding/base64" "fmt" "net/http" @@ -24,7 +25,6 @@ import ( "code.gitea.io/gitea/modules/test" "code.gitea.io/gitea/tests" - "github.com/minio/sha256-simd" oci "github.com/opencontainers/image-spec/specs-go/v1" "github.com/stretchr/testify/assert" ) diff --git a/tests/integration/api_packages_test.go b/tests/integration/api_packages_test.go index 8c981566b602..daf32e82f973 100644 --- a/tests/integration/api_packages_test.go +++ b/tests/integration/api_packages_test.go @@ -5,6 +5,7 @@ package integration import ( "bytes" + "crypto/sha256" "fmt" "net/http" "strings" @@ -24,7 +25,6 @@ import ( packages_cleanup_service "code.gitea.io/gitea/services/packages/cleanup" "code.gitea.io/gitea/tests" - "github.com/minio/sha256-simd" "github.com/stretchr/testify/assert" ) From ea164aba4b697aa08e4d20d896a8f318c09a6523 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 25 Feb 2024 21:37:35 +0800 Subject: [PATCH 05/10] Make actions animation rotate counterclockwisely (#29378) Because the icon is: ![image](https://github.com/go-gitea/gitea/assets/2114189/be7e78ab-bc64-46d9-8259-fd7f0037471a) So it must rotate counterclockwisely --- web_src/js/components/RepoActionView.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue index c4a7389bc553..380184851912 100644 --- a/web_src/js/components/RepoActionView.vue +++ b/web_src/js/components/RepoActionView.vue @@ -760,7 +760,7 @@ export function initRepositoryActionView() { @keyframes job-status-rotate-keyframes { 100% { - transform: rotate(360deg); + transform: rotate(-360deg); } } From d2f6588b66549b33adf8bac7044d03c89d668470 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 25 Feb 2024 22:02:20 +0800 Subject: [PATCH 06/10] Remove incorrect and unnecessary Escape from templates (#29394) Follow #29165 * some of them are incorrect, which would lead to double escaping (eg: `(print (Escape $.RepoLink)`) * other of them are not necessary, because `Tr` handles strings&HTML automatically Suggest to review by "unified view": https://github.com/go-gitea/gitea/pull/29394/files?diff=unified&w=0 --- modules/templates/helper.go | 4 +- templates/code/searchcombo.tmpl | 2 +- templates/explore/repo_search.tmpl | 2 +- templates/mail/auth/register_notify.tmpl | 2 +- templates/mail/issue/default.tmpl | 18 +++---- templates/package/shared/list.tmpl | 4 +- templates/package/shared/versionlist.tmpl | 2 +- templates/package/view.tmpl | 4 +- .../code/recently_pushed_new_branches.tmpl | 2 +- templates/repo/create_helper.tmpl | 2 +- templates/repo/diff/comments.tmpl | 6 +-- templates/repo/diff/compare.tmpl | 8 ++-- templates/repo/editor/commit_form.tmpl | 2 +- templates/repo/issue/card.tmpl | 6 +-- templates/repo/issue/new_form.tmpl | 2 +- templates/repo/issue/view_content.tmpl | 8 ++-- .../repo/issue/view_content/comments.tmpl | 38 +++++++-------- .../repo/issue/view_content/conversation.tmpl | 2 +- templates/repo/issue/view_content/pull.tmpl | 4 +- .../repo/issue/view_content/sidebar.tmpl | 8 ++-- templates/repo/issue/view_title.tmpl | 6 +-- templates/repo/search.tmpl | 2 +- templates/repo/settings/protected_branch.tmpl | 2 +- templates/repo/wiki/view.tmpl | 2 +- templates/shared/issuelist.tmpl | 6 +-- templates/user/auth/activate.tmpl | 6 +-- templates/user/auth/forgot_passwd.tmpl | 2 +- templates/user/dashboard/feeds.tmpl | 48 +++++++++---------- 28 files changed, 100 insertions(+), 100 deletions(-) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 567948749811..0f397675869c 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -37,7 +37,7 @@ func NewFuncMap() template.FuncMap { "Eval": Eval, "SafeHTML": SafeHTML, "HTMLFormat": HTMLFormat, - "Escape": Escape, + "HTMLEscape": HTMLEscape, "QueryEscape": url.QueryEscape, "JSEscape": JSEscapeSafe, "Str2html": Str2html, // TODO: rename it to SanitizeHTML @@ -218,7 +218,7 @@ func Str2html(s any) template.HTML { panic(fmt.Sprintf("unexpected type %T", s)) } -func Escape(s any) template.HTML { +func HTMLEscape(s any) template.HTML { switch v := s.(type) { case string: return template.HTML(html.EscapeString(v)) diff --git a/templates/code/searchcombo.tmpl b/templates/code/searchcombo.tmpl index d25689091810..d451bc0ad8ce 100644 --- a/templates/code/searchcombo.tmpl +++ b/templates/code/searchcombo.tmpl @@ -7,7 +7,7 @@ {{else if .SearchResults}}

- {{ctx.Locale.Tr "explore.code_search_results" (.Keyword|Escape)}} + {{ctx.Locale.Tr "explore.code_search_results" .Keyword}}

{{template "code/searchresults" .}} {{else if .Keyword}} diff --git a/templates/explore/repo_search.tmpl b/templates/explore/repo_search.tmpl index 7ae4a4ed6f0e..e268670e93ee 100644 --- a/templates/explore/repo_search.tmpl +++ b/templates/explore/repo_search.tmpl @@ -36,7 +36,7 @@ {{if and .PageIsExploreRepositories .OnlyShowRelevant}}
- {{ctx.Locale.Tr "explore.relevant_repositories" ((printf "?only_show_relevant=0&sort=%s&q=%s&language=%s" $.SortType (QueryEscape $.Keyword) (QueryEscape $.Language))|Escape)}} + {{ctx.Locale.Tr "explore.relevant_repositories" (printf "?only_show_relevant=0&sort=%s&q=%s&language=%s" $.SortType (QueryEscape $.Keyword) (QueryEscape $.Language))}}
{{end}}
diff --git a/templates/mail/auth/register_notify.tmpl b/templates/mail/auth/register_notify.tmpl index ec3e09dd5fad..62dbf7d9271e 100644 --- a/templates/mail/auth/register_notify.tmpl +++ b/templates/mail/auth/register_notify.tmpl @@ -11,7 +11,7 @@

{{.locale.Tr "mail.hi_user_x" (.DisplayName|DotEscape)}}


{{.locale.Tr "mail.register_notify.text_1" AppName}}


{{.locale.Tr "mail.register_notify.text_2" .Username}}

{{AppUrl}}user/login


-

{{.locale.Tr "mail.register_notify.text_3" ($set_pwd_url | Escape)}}


+

{{.locale.Tr "mail.register_notify.text_3" $set_pwd_url}}


© {{AppName}}

diff --git a/templates/mail/issue/default.tmpl b/templates/mail/issue/default.tmpl index c48797d82780..79dbe897cc84 100644 --- a/templates/mail/issue/default.tmpl +++ b/templates/mail/issue/default.tmpl @@ -36,26 +36,26 @@ {{end}}

{{if eq .ActionName "close"}} - {{.locale.Tr "mail.issue.action.close" (Escape .Doer.Name) .Issue.Index}} + {{.locale.Tr "mail.issue.action.close" .Doer.Name .Issue.Index}} {{else if eq .ActionName "reopen"}} - {{.locale.Tr "mail.issue.action.reopen" (Escape .Doer.Name) .Issue.Index}} + {{.locale.Tr "mail.issue.action.reopen" .Doer.Name .Issue.Index}} {{else if eq .ActionName "merge"}} - {{.locale.Tr "mail.issue.action.merge" (Escape .Doer.Name) .Issue.Index (Escape .Issue.PullRequest.BaseBranch)}} + {{.locale.Tr "mail.issue.action.merge" .Doer.Name .Issue.Index .Issue.PullRequest.BaseBranch}} {{else if eq .ActionName "approve"}} - {{.locale.Tr "mail.issue.action.approve" (Escape .Doer.Name)}} + {{.locale.Tr "mail.issue.action.approve" .Doer.Name}} {{else if eq .ActionName "reject"}} - {{.locale.Tr "mail.issue.action.reject" (Escape .Doer.Name)}} + {{.locale.Tr "mail.issue.action.reject" .Doer.Name}} {{else if eq .ActionName "review"}} - {{.locale.Tr "mail.issue.action.review" (Escape .Doer.Name)}} + {{.locale.Tr "mail.issue.action.review" .Doer.Name}} {{else if eq .ActionName "review_dismissed"}} - {{.locale.Tr "mail.issue.action.review_dismissed" (Escape .Doer.Name) (Escape .Comment.Review.Reviewer.Name)}} + {{.locale.Tr "mail.issue.action.review_dismissed" .Doer.Name .Comment.Review.Reviewer.Name}} {{else if eq .ActionName "ready_for_review"}} - {{.locale.Tr "mail.issue.action.ready_for_review" (Escape .Doer.Name)}} + {{.locale.Tr "mail.issue.action.ready_for_review" .Doer.Name}} {{end}} {{- if eq .Body ""}} {{if eq .ActionName "new"}} - {{.locale.Tr "mail.issue.action.new" (Escape .Doer.Name) .Issue.Index}} + {{.locale.Tr "mail.issue.action.new" .Doer.Name .Issue.Index}} {{end}} {{else}} {{.Body | Str2html}} diff --git a/templates/package/shared/list.tmpl b/templates/package/shared/list.tmpl index 8c8b113c9706..51e080f49516 100644 --- a/templates/package/shared/list.tmpl +++ b/templates/package/shared/list.tmpl @@ -30,9 +30,9 @@ {{$hasRepositoryAccess = index $.RepositoryAccessMap .Repository.ID}} {{end}} {{if $hasRepositoryAccess}} - {{ctx.Locale.Tr "packages.published_by_in" $timeStr .Creator.HomeLink (.Creator.GetDisplayName | Escape) .Repository.Link (.Repository.FullName | Escape)}} + {{ctx.Locale.Tr "packages.published_by_in" $timeStr .Creator.HomeLink .Creator.GetDisplayName .Repository.Link .Repository.FullName}} {{else}} - {{ctx.Locale.Tr "packages.published_by" $timeStr .Creator.HomeLink (.Creator.GetDisplayName | Escape)}} + {{ctx.Locale.Tr "packages.published_by" $timeStr .Creator.HomeLink .Creator.GetDisplayName}} {{end}} diff --git a/templates/package/shared/versionlist.tmpl b/templates/package/shared/versionlist.tmpl index 4b22dc22b2ae..eee952c096e8 100644 --- a/templates/package/shared/versionlist.tmpl +++ b/templates/package/shared/versionlist.tmpl @@ -25,7 +25,7 @@

{{.Version.LowerVersion}}
- {{ctx.Locale.Tr "packages.published_by" (TimeSinceUnix .Version.CreatedUnix ctx.Locale) .Creator.HomeLink (.Creator.GetDisplayName | Escape)}} + {{ctx.Locale.Tr "packages.published_by" (TimeSinceUnix .Version.CreatedUnix ctx.Locale) .Creator.HomeLink .Creator.GetDisplayName}}
diff --git a/templates/package/view.tmpl b/templates/package/view.tmpl index 65502a6e4d8a..0fa23d67fdbf 100644 --- a/templates/package/view.tmpl +++ b/templates/package/view.tmpl @@ -10,9 +10,9 @@
{{$timeStr := TimeSinceUnix .PackageDescriptor.Version.CreatedUnix ctx.Locale}} {{if .HasRepositoryAccess}} - {{ctx.Locale.Tr "packages.published_by_in" $timeStr .PackageDescriptor.Creator.HomeLink (.PackageDescriptor.Creator.GetDisplayName | Escape) .PackageDescriptor.Repository.Link (.PackageDescriptor.Repository.FullName | Escape)}} + {{ctx.Locale.Tr "packages.published_by_in" $timeStr .PackageDescriptor.Creator.HomeLink .PackageDescriptor.Creator.GetDisplayName .PackageDescriptor.Repository.Link .PackageDescriptor.Repository.FullName}} {{else}} - {{ctx.Locale.Tr "packages.published_by" $timeStr .PackageDescriptor.Creator.HomeLink (.PackageDescriptor.Creator.GetDisplayName | Escape)}} + {{ctx.Locale.Tr "packages.published_by" $timeStr .PackageDescriptor.Creator.HomeLink .PackageDescriptor.Creator.GetDisplayName}} {{end}}
diff --git a/templates/repo/code/recently_pushed_new_branches.tmpl b/templates/repo/code/recently_pushed_new_branches.tmpl index 73c9c451783d..fedba06fade7 100644 --- a/templates/repo/code/recently_pushed_new_branches.tmpl +++ b/templates/repo/code/recently_pushed_new_branches.tmpl @@ -2,7 +2,7 @@
{{$timeSince := TimeSince .CommitTime.AsTime ctx.Locale}} - {{ctx.Locale.Tr "repo.pulls.recently_pushed_new_branches" (Escape .Name) $timeSince}} + {{ctx.Locale.Tr "repo.pulls.recently_pushed_new_branches" .Name $timeSince}}
{{ctx.Locale.Tr "repo.pulls.compare_changes"}} diff --git a/templates/repo/create_helper.tmpl b/templates/repo/create_helper.tmpl index 6ca691592cd5..70c28b72e8bb 100644 --- a/templates/repo/create_helper.tmpl +++ b/templates/repo/create_helper.tmpl @@ -1,3 +1,3 @@ {{if not $.DisableMigrations}} -

{{ctx.Locale.Tr "repo.new_repo_helper" ((print AppSubUrl "/repo/migrate")|Escape)}}

+

{{ctx.Locale.Tr "repo.new_repo_helper" (print AppSubUrl "/repo/migrate")}}

{{end}} diff --git a/templates/repo/diff/comments.tmpl b/templates/repo/diff/comments.tmpl index b795074e4985..e567417fa627 100644 --- a/templates/repo/diff/comments.tmpl +++ b/templates/repo/diff/comments.tmpl @@ -16,17 +16,17 @@ {{.OriginalAuthor}} - {{ctx.Locale.Tr "repo.issues.commented_at" (.HashTag|Escape) $createdStr}} + {{ctx.Locale.Tr "repo.issues.commented_at" .HashTag $createdStr}} {{if $.root.Repository.OriginalURL}} - ({{ctx.Locale.Tr "repo.migrated_from" ($.root.Repository.OriginalURL | Escape) ($.root.Repository.GetOriginalURLHostname | Escape)}}) + ({{ctx.Locale.Tr "repo.migrated_from" $.root.Repository.OriginalURL $.root.Repository.GetOriginalURLHostname}}) {{end}} {{else}} {{template "shared/user/namelink" .Poster}} - {{ctx.Locale.Tr "repo.issues.commented_at" (.HashTag|Escape) $createdStr}} + {{ctx.Locale.Tr "repo.issues.commented_at" .HashTag $createdStr}} {{end}}
diff --git a/templates/repo/diff/compare.tmpl b/templates/repo/diff/compare.tmpl index 7a618ba8e6b9..819bd8a2f097 100644 --- a/templates/repo/diff/compare.tmpl +++ b/templates/repo/diff/compare.tmpl @@ -194,7 +194,7 @@ {{if .HasPullRequest}}
- {{ctx.Locale.Tr "repo.pulls.has_pull_request" (print (Escape $.RepoLink) "/pulls/" .PullRequest.Issue.Index) (Escape $.RepoRelPath) .PullRequest.Index}} + {{ctx.Locale.Tr "repo.pulls.has_pull_request" (print $.RepoLink "/pulls/" .PullRequest.Issue.Index) $.RepoRelPath .PullRequest.Index}}

{{RenderIssueTitle $.Context .PullRequest.Issue.Title ($.Repository.ComposeMetas ctx)}} #{{.PullRequest.Issue.Index}} @@ -202,11 +202,11 @@

{{- if .PullRequest.HasMerged -}} - {{svg "octicon-git-merge" 16}} {{ctx.Locale.Tr "repo.pulls.view"}} + {{svg "octicon-git-merge" 16}} {{ctx.Locale.Tr "repo.pulls.view"}} {{else if .Issue.IsClosed}} - {{svg "octicon-issue-closed" 16}} {{ctx.Locale.Tr "repo.pulls.view"}} + {{svg "octicon-issue-closed" 16}} {{ctx.Locale.Tr "repo.pulls.view"}} {{else}} - {{svg "octicon-git-pull-request" 16}} {{ctx.Locale.Tr "repo.pulls.view"}} + {{svg "octicon-git-pull-request" 16}} {{ctx.Locale.Tr "repo.pulls.view"}} {{end}}
diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl index c8f062b5c548..f0f0f478268c 100644 --- a/templates/repo/editor/commit_form.tmpl +++ b/templates/repo/editor/commit_form.tmpl @@ -26,7 +26,7 @@