Add changelog for 1.11.6 (#11695)

* Add changelog for 1.11.6

* Update CHANGELOG.md

Co-authored-by: techknowlogick <matti@mdranta.net>

* Update CHANGELOG.md

Co-authored-by: techknowlogick <matti@mdranta.net>

* Apply suggestions from @lafriks

* #11459 is bugfix

Co-authored-by: Guillermo Prandi <guillep2k@users.noreply.github.com>
Co-authored-by: techknowlogick <matti@mdranta.net>

CHANGELOG.md

@@ -4,6 +4,55 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.11.6](https://github.com/go-gitea/gitea/releases/tag/v1.11.6) - 2020-05-30
+
+* SECURITY
+  * Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
+  * Use session for retrieving org teams (#11438) (#11439)
+* BUGFIXES
+  * Return json on 500 error from API (#11574) (#11660)
+  * Fix wrong milestone in webhook message (#11596) (#11612)
+  * Prevent (caught) panic on login (#11590) (#11598)
+  * Fix commit page js error (#11527)
+  * Use media links for img in post-process (#10515) (#11504)
+  * Ensure public repositories in private organizations are visible and fix admin organizations list (#11465) (#11475)
+  * Set correct Content-Type value for Gogs/Gitea webhooks (#9504) (#10456) (#11461)
+  * Allow all members of private orgs to see public repos (#11442) (#11459)
+  * Whenever the ctx.Session is updated, release it to save it before sending the redirect (#11456) (#11457)
+  * Forcibly clean and destroy the session on logout (#11447) (#11451)
+  * Fix /api/v1/orgs/* endpoints by changing parameter to :org from :orgname (#11381)
+  * Add tracked time fix to doctor (part of #11111) (#11138)
+  * Fix webpack chunk loading with STATIC_URL_PREFIX (#11526) (#11544)
+  * Remove unnecessary parentheses in wiki/revision.tmpl to allow 1.11 to build on go1.14  (#11481)
+
+## [1.11.5](https://github.com/go-gitea/gitea/releases/tag/v1.11.5) - 2020-05-09
+
+* BUGFIXES
+  * Prevent timer leaks in Workerpool and others (#11333) (#11340)
+  * Fix tracked time issues (#11349) (#11354)
+  * Add NotifySyncPushCommits to indexer notifier (#11309) (#11338)
+  * Allow X in addition to x in tasks (#10979) (#11335)
+  * When delete tracked time through the API return 404 not 500 (#11319) (#11326)
+  * Prevent duplicate records in organizations list when creating a repository (#11303) (#11325)
+  * Manage port in submodule refurl (#11305) (#11323)
+  * api.Context.NotFound(...) should tolerate nil (#11288) (#11306)
+  * Show pull request selection even when unrelated branches (#11239) (#11283)
+  * Repo: milestone: make /milestone/:id endpoint accessible (#11264) (#11282)
+  * Fix GetContents(): Dont't ignore Executables (#11192) (#11209)
+  * Fix submodule paths when AppSubUrl is not root (#11098) (#11176)
+  * Prevent clones and pushes to disabled wiki (#11131) (#11134)
+  * Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl (#11130)
+  * On Repo Deletion: Delete related TrackedTimes too (#11110) (#11125)
+  * Refresh codemirror on show pull comment tab (#11100) (#11122)
+  * Fix merge dialog on protected branch with missing required statuses (#11074) (#11084)
+  * Load pr Issue Poster on API too (#11033) (#11039)
+  * Fix release counter on API repository info (#10968) (#10996)
+  * Generate Diff and Patch direct from Pull head (#10936) (#10938)
+  * Fix rebase conflict detection in git 2.26 (#10929) (#10930)
+* ENHANCEMENT
+  * Fix 404 and 500 image size in small size screen (#11043) (#11049)
+  * Multiple Gitea Doctor improvements (#10943) (#10990) (#10064) (#9095) (#10991)
+
 ## [1.11.4](https://github.com/go-gitea/gitea/releases/tag/v1.11.4) - 2020-04-01
 
 * BUGFIXES

cmd/doctor.go

@@ -0,0 +1,544 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	golog "log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"text/tabwriter"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/migrations"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/options"
+	"code.gitea.io/gitea/modules/setting"
+	"xorm.io/builder"
+
+	"github.com/urfave/cli"
+)
+
+// CmdDoctor represents the available doctor sub-command.
+var CmdDoctor = cli.Command{
+	Name:        "doctor",
+	Usage:       "Diagnose problems",
+	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration.",
+	Action:      runDoctor,
+	Flags: []cli.Flag{
+		cli.BoolFlag{
+			Name:  "list",
+			Usage: "List the available checks",
+		},
+		cli.BoolFlag{
+			Name:  "default",
+			Usage: "Run the default checks (if neither --run or --all is set, this is the default behaviour)",
+		},
+		cli.StringSliceFlag{
+			Name:  "run",
+			Usage: "Run the provided checks - (if --default is set, the default checks will also run)",
+		},
+		cli.BoolFlag{
+			Name:  "all",
+			Usage: "Run all the available checks",
+		},
+		cli.BoolFlag{
+			Name:  "fix",
+			Usage: "Automatically fix what we can",
+		},
+		cli.StringFlag{
+			Name:  "log-file",
+			Usage: `Name of the log file (default: "doctor.log"). Set to "-" to output to stdout, set to "" to disable`,
+		},
+	},
+}
+
+type check struct {
+	title            string
+	name             string
+	isDefault        bool
+	f                func(ctx *cli.Context) ([]string, error)
+	abortIfFailed    bool
+	skipDatabaseInit bool
+}
+
+// checklist represents list for all checks
+var checklist = []check{
+	{
+		// NOTE: this check should be the first in the list
+		title:            "Check paths and basic configuration",
+		name:             "paths",
+		isDefault:        true,
+		f:                runDoctorPathInfo,
+		abortIfFailed:    true,
+		skipDatabaseInit: true,
+	},
+	{
+		title:         "Check Database Version",
+		name:          "check-db-version",
+		isDefault:     true,
+		f:             runDoctorCheckDBVersion,
+		abortIfFailed: true,
+	},
+	{
+		title:     "Check if OpenSSH authorized_keys file is up-to-date",
+		name:      "authorized_keys",
+		isDefault: true,
+		f:         runDoctorAuthorizedKeys,
+	},
+	{
+		title:     "Check if SCRIPT_TYPE is available",
+		name:      "script-type",
+		isDefault: false,
+		f:         runDoctorScriptType,
+	},
+	{
+		title:     "Check if hook files are up-to-date and executable",
+		name:      "hooks",
+		isDefault: false,
+		f:         runDoctorHooks,
+	},
+	{
+		title:     "Recalculate merge bases",
+		name:      "recalculate_merge_bases",
+		isDefault: false,
+		f:         runDoctorPRMergeBase,
+	},
+	{
+		title:     "Check consistency of database",
+		name:      "check-db-consistency",
+		isDefault: true,
+		f:         runDoctorCheckDBConsistency,
+	},
+	// more checks please append here
+}
+
+func runDoctor(ctx *cli.Context) error {
+
+	// Silence the default loggers
+	log.DelNamedLogger("console")
+	log.DelNamedLogger(log.DEFAULT)
+
+	// Now setup our own
+	logFile := ctx.String("log-file")
+	if !ctx.IsSet("log-file") {
+		logFile = "doctor.log"
+	}
+
+	if len(logFile) == 0 {
+		log.NewLogger(1000, "doctor", "console", `{"level":"NONE","stacktracelevel":"NONE","colorize":"%t"}`)
+	} else if logFile == "-" {
+		log.NewLogger(1000, "doctor", "console", `{"level":"trace","stacktracelevel":"NONE"}`)
+	} else {
+		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
+	}
+
+	// Finally redirect the default golog to here
+	golog.SetFlags(0)
+	golog.SetPrefix("")
+	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
+
+	if ctx.IsSet("list") {
+		w := tabwriter.NewWriter(os.Stdout, 0, 8, 0, '\t', 0)
+		_, _ = w.Write([]byte("Default\tName\tTitle\n"))
+		for _, check := range checklist {
+			if check.isDefault {
+				_, _ = w.Write([]byte{'*'})
+			}
+			_, _ = w.Write([]byte{'\t'})
+			_, _ = w.Write([]byte(check.name))
+			_, _ = w.Write([]byte{'\t'})
+			_, _ = w.Write([]byte(check.title))
+			_, _ = w.Write([]byte{'\n'})
+		}
+		return w.Flush()
+	}
+
+	var checks []check
+	if ctx.Bool("all") {
+		checks = checklist
+	} else if ctx.IsSet("run") {
+		addDefault := ctx.Bool("default")
+		names := ctx.StringSlice("run")
+		for i, name := range names {
+			names[i] = strings.ToLower(strings.TrimSpace(name))
+		}
+
+		for _, check := range checklist {
+			if addDefault && check.isDefault {
+				checks = append(checks, check)
+				continue
+			}
+			for _, name := range names {
+				if name == check.name {
+					checks = append(checks, check)
+					break
+				}
+			}
+		}
+	} else {
+		for _, check := range checklist {
+			if check.isDefault {
+				checks = append(checks, check)
+			}
+		}
+	}
+
+	dbIsInit := false
+
+	for i, check := range checks {
+		if !dbIsInit && !check.skipDatabaseInit {
+			// Only open database after the most basic configuration check
+			setting.EnableXORMLog = false
+			if err := initDBDisableConsole(true); err != nil {
+				fmt.Println(err)
+				fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
+				return nil
+			}
+			dbIsInit = true
+		}
+		fmt.Println("[", i+1, "]", check.title)
+		messages, err := check.f(ctx)
+		for _, message := range messages {
+			fmt.Println("-", message)
+		}
+		if err != nil {
+			fmt.Println("Error:", err)
+			if check.abortIfFailed {
+				return nil
+			}
+		} else {
+			fmt.Println("OK.")
+		}
+		fmt.Println()
+	}
+	return nil
+}
+
+func runDoctorPathInfo(ctx *cli.Context) ([]string, error) {
+
+	res := make([]string, 0, 10)
+
+	if fi, err := os.Stat(setting.CustomConf); err != nil || !fi.Mode().IsRegular() {
+		res = append(res, fmt.Sprintf("Failed to find configuration file at '%s'.", setting.CustomConf))
+		res = append(res, fmt.Sprintf("If you've never ran Gitea yet, this is normal and '%s' will be created for you on first run.", setting.CustomConf))
+		res = append(res, "Otherwise check that you are running this command from the correct path and/or provide a `--config` parameter.")
+		return res, fmt.Errorf("can't proceed without a configuration file")
+	}
+
+	setting.NewContext()
+
+	fail := false
+
+	check := func(name, path string, is_dir, required, is_write bool) {
+		res = append(res, fmt.Sprintf("%-25s  '%s'", name+":", path))
+		fi, err := os.Stat(path)
+		if err != nil {
+			if os.IsNotExist(err) && ctx.Bool("fix") && is_dir {
+				if err := os.MkdirAll(path, 0777); err != nil {
+					res = append(res, fmt.Sprintf("    ERROR: %v", err))
+					fail = true
+					return
+				}
+				fi, err = os.Stat(path)
+			}
+		}
+		if err != nil {
+			if required {
+				res = append(res, fmt.Sprintf("    ERROR: %v", err))
+				fail = true
+				return
+			}
+			res = append(res, fmt.Sprintf("    NOTICE: not accessible (%v)", err))
+			return
+		}
+
+		if is_dir && !fi.IsDir() {
+			res = append(res, "    ERROR: not a directory")
+			fail = true
+			return
+		} else if !is_dir && !fi.Mode().IsRegular() {
+			res = append(res, "    ERROR: not a regular file")
+			fail = true
+		} else if is_write {
+			if err := runDoctorWritableDir(path); err != nil {
+				res = append(res, fmt.Sprintf("    ERROR: not writable: %v", err))
+				fail = true
+			}
+		}
+	}
+
+	// Note print paths inside quotes to make any leading/trailing spaces evident
+	check("Configuration File Path", setting.CustomConf, false, true, false)
+	check("Repository Root Path", setting.RepoRootPath, true, true, true)
+	check("Data Root Path", setting.AppDataPath, true, true, true)
+	check("Custom File Root Path", setting.CustomPath, true, false, false)
+	check("Work directory", setting.AppWorkPath, true, true, false)
+	check("Log Root Path", setting.LogRootPath, true, true, true)
+
+	if options.IsDynamic() {
+		// Do not check/report on StaticRootPath if data is embedded in Gitea (-tags bindata)
+		check("Static File Root Path", setting.StaticRootPath, true, true, false)
+	}
+
+	if fail {
+		return res, fmt.Errorf("please check your configuration file and try again")
+	}
+
+	return res, nil
+}
+
+func runDoctorWritableDir(path string) error {
+	// There's no platform-independent way of checking if a directory is writable
+	// https://stackoverflow.com/questions/20026320/how-to-tell-if-folder-exists-and-is-writable
+
+	tmpFile, err := ioutil.TempFile(path, "doctors-order")
+	if err != nil {
+		return err
+	}
+	if err := os.Remove(tmpFile.Name()); err != nil {
+		fmt.Printf("Warning: can't remove temporary file: '%s'\n", tmpFile.Name())
+	}
+	tmpFile.Close()
+	return nil
+}
+
+const tplCommentPrefix = `# gitea public key`
+
+func runDoctorAuthorizedKeys(ctx *cli.Context) ([]string, error) {
+	if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
+		return nil, nil
+	}
+
+	fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
+	f, err := os.Open(fPath)
+	if err != nil {
+		if ctx.Bool("fix") {
+			return []string{fmt.Sprintf("Error whilst opening authorized_keys: %v. Attempting regeneration", err)}, models.RewriteAllPublicKeys()
+		}
+		return nil, err
+	}
+	defer f.Close()
+
+	linesInAuthorizedKeys := map[string]bool{}
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if strings.HasPrefix(line, tplCommentPrefix) {
+			continue
+		}
+		linesInAuthorizedKeys[line] = true
+	}
+	f.Close()
+
+	// now we regenerate and check if there are any lines missing
+	regenerated := &bytes.Buffer{}
+	if err := models.RegeneratePublicKeys(regenerated); err != nil {
+		return nil, err
+	}
+	scanner = bufio.NewScanner(regenerated)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if strings.HasPrefix(line, tplCommentPrefix) {
+			continue
+		}
+		if ok := linesInAuthorizedKeys[line]; ok {
+			continue
+		}
+		if ctx.Bool("fix") {
+			return []string{"authorized_keys is out of date, attempting regeneration"}, models.RewriteAllPublicKeys()
+		}
+		return nil, fmt.Errorf("authorized_keys is out of date and should be regenerated with gitea admin regenerate keys")
+	}
+	return nil, nil
+}
+
+func runDoctorCheckDBVersion(ctx *cli.Context) ([]string, error) {
+	if err := models.NewEngine(context.Background(), migrations.EnsureUpToDate); err != nil {
+		if ctx.Bool("fix") {
+			return []string{fmt.Sprintf("WARN: Got Error %v during ensure up to date", err), "Attempting to migrate to the latest DB version to fix this."}, models.NewEngine(context.Background(), migrations.Migrate)
+		}
+		return nil, err
+	}
+	return nil, nil
+}
+
+func iterateRepositories(each func(*models.Repository) ([]string, error)) ([]string, error) {
+	results := []string{}
+	err := models.Iterate(
+		models.DefaultDBContext(),
+		new(models.Repository),
+		builder.Gt{"id": 0},
+		func(idx int, bean interface{}) error {
+			res, err := each(bean.(*models.Repository))
+			results = append(results, res...)
+			return err
+		},
+	)
+	return results, err
+}
+
+func iteratePRs(repo *models.Repository, each func(*models.Repository, *models.PullRequest) ([]string, error)) ([]string, error) {
+	results := []string{}
+	err := models.Iterate(
+		models.DefaultDBContext(),
+		new(models.PullRequest),
+		builder.Eq{"base_repo_id": repo.ID},
+		func(idx int, bean interface{}) error {
+			res, err := each(repo, bean.(*models.PullRequest))
+			results = append(results, res...)
+			return err
+		},
+	)
+	return results, err
+}
+
+func runDoctorHooks(ctx *cli.Context) ([]string, error) {
+	// Need to iterate across all of the repositories
+	return iterateRepositories(func(repo *models.Repository) ([]string, error) {
+		results, err := models.CheckDelegateHooks(repo.RepoPath())
+		if err != nil {
+			return nil, err
+		}
+		if len(results) > 0 && ctx.Bool("fix") {
+			return []string{fmt.Sprintf("regenerated hooks for %s", repo.FullName())}, models.CreateDelegateHooks(repo.RepoPath())
+		}
+
+		return results, nil
+	})
+}
+
+func runDoctorPRMergeBase(ctx *cli.Context) ([]string, error) {
+	numRepos := 0
+	numPRs := 0
+	numPRsUpdated := 0
+	results, err := iterateRepositories(func(repo *models.Repository) ([]string, error) {
+		numRepos++
+		return iteratePRs(repo, func(repo *models.Repository, pr *models.PullRequest) ([]string, error) {
+			numPRs++
+			results := []string{}
+			pr.BaseRepo = repo
+			repoPath := repo.RepoPath()
+
+			oldMergeBase := pr.MergeBase
+
+			if !pr.HasMerged {
+				var err error
+				pr.MergeBase, err = git.NewCommand("merge-base", "--", pr.BaseBranch, pr.GetGitRefName()).RunInDir(repoPath)
+				if err != nil {
+					var err2 error
+					pr.MergeBase, err2 = git.NewCommand("rev-parse", git.BranchPrefix+pr.BaseBranch).RunInDir(repoPath)
+					if err2 != nil {
+						results = append(results, fmt.Sprintf("WARN: Unable to get merge base for PR ID %d, #%d onto %s in %s/%s", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name))
+						log.Error("Unable to get merge base for PR ID %d, Index %d in %s/%s. Error: %v & %v", pr.ID, pr.Index, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err, err2)
+						return results, nil
+					}
+				}
+			} else {
+				parentsString, err := git.NewCommand("rev-list", "--parents", "-n", "1", pr.MergedCommitID).RunInDir(repoPath)
+				if err != nil {
+					results = append(results, fmt.Sprintf("WARN: Unable to get parents for merged PR ID %d, #%d onto %s in %s/%s", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name))
+					log.Error("Unable to get parents for merged PR ID %d, Index %d in %s/%s. Error: %v", pr.ID, pr.Index, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err)
+					return results, nil
+				}
+				parents := strings.Split(strings.TrimSpace(parentsString), " ")
+				if len(parents) < 2 {
+					return results, nil
+				}
+
+				args := append([]string{"merge-base", "--"}, parents[1:]...)
+				args = append(args, pr.GetGitRefName())
+
+				pr.MergeBase, err = git.NewCommand(args...).RunInDir(repoPath)
+				if err != nil {
+					results = append(results, fmt.Sprintf("WARN: Unable to get merge base for merged PR ID %d, #%d onto %s in %s/%s", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name))
+					log.Error("Unable to get merge base for merged PR ID %d, Index %d in %s/%s. Error: %v", pr.ID, pr.Index, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err)
+					return results, nil
+				}
+			}
+			pr.MergeBase = strings.TrimSpace(pr.MergeBase)
+			if pr.MergeBase != oldMergeBase {
+				if ctx.Bool("fix") {
+					if err := pr.UpdateCols("merge_base"); err != nil {
+						return results, err
+					}
+				} else {
+					results = append(results, fmt.Sprintf("#%d onto %s in %s/%s: MergeBase should be %s but is %s", pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, oldMergeBase, pr.MergeBase))
+				}
+				numPRsUpdated++
+			}
+			return results, nil
+		})
+	})
+
+	if ctx.Bool("fix") {
+		results = append(results, fmt.Sprintf("%d PR mergebases updated of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos))
+	} else {
+		if numPRsUpdated > 0 && err == nil {
+			return results, fmt.Errorf("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos)
+		}
+		results = append(results, fmt.Sprintf("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos))
+	}
+
+	return results, err
+}
+
+func runDoctorScriptType(ctx *cli.Context) ([]string, error) {
+	path, err := exec.LookPath(setting.ScriptType)
+	if err != nil {
+		return []string{fmt.Sprintf("ScriptType %s is not on the current PATH", setting.ScriptType)}, err
+	}
+	return []string{fmt.Sprintf("ScriptType %s is on the current PATH at %s", setting.ScriptType, path)}, nil
+}
+
+func runDoctorCheckDBConsistency(ctx *cli.Context) ([]string, error) {
+	// make sure DB version is uptodate
+	if err := models.NewEngine(context.Background(), migrations.EnsureUpToDate); err != nil {
+		return nil, fmt.Errorf("model version on the database does not match the current Gitea version. Model consistency will not be checked until the database is upgraded")
+	}
+	_, committer, err := models.TxDBContext()
+	if err != nil {
+		return nil, err
+	}
+	sess := committer.(models.Engine)
+	defer committer.Close()
+	var results []string
+
+	//find tracked times without existing issues/pulls
+	count, err := sess.Table("tracked_time").
+		Join("LEFT", "issue", "tracked_time.issue_id=issue.id").
+		Where("issue.id is NULL").
+		Count("id")
+	if err != nil {
+		return nil, err
+	}
+	if count > 0 {
+		if ctx.Bool("fix") {
+			if _, err = sess.In("id", builder.Select("tracked_time.id").
+				From("tracked_time").
+				Join("LEFT", "issue", "tracked_time.issue_id=issue.id").
+				Where(builder.IsNull{"issue.id"})).
+				Delete(models.TrackedTime{}); err != nil {
+				return nil, err
+			}
+			results = append(results, fmt.Sprintf("%d tracked times without existing issue deleted", count))
+		} else {
+			results = append(results, fmt.Sprintf("%d tracked times without existing issue", count))
+		}
+	}
+
+	if ctx.Bool("fix") {
+		return results, committer.Commit()
+	}
+	return results, nil
+}

cmd/hook.go

@@ -19,6 +19,7 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 
 	"github.com/urfave/cli"
 )
@@ -113,15 +114,8 @@ func (d *delayWriter) Close() error {
 	if d == nil {
 		return nil
 	}
-	stopped := d.timer.Stop()
-	if stopped {
-		return nil
-	}
-	select {
-	case <-d.timer.C:
-	default:
-	}
-	if d.buf == nil {
+	stopped := util.StopTimer(d.timer)
+	if stopped || d.buf == nil {
 		return nil
 	}
 	_, err := d.internal.Write(d.buf.Bytes())

docs/config.yaml

@@ -18,7 +18,7 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
-  version: 1.11.2
+  version: 1.11.5
 
 outputs:
   home:

integrations/api_issue_tracked_time_test.go

@@ -60,17 +60,17 @@ func TestAPIDeleteTrackedTime(t *testing.T) {
 	//Deletion not allowed
 	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/%d/times/%d?token=%s", user2.Name, issue2.Repo.Name, issue2.Index, time6.ID, token)
 	session.MakeRequest(t, req, http.StatusForbidden)
-	/* Delete own time <-- ToDo: timout without reason
+
 	time3 := models.AssertExistsAndLoadBean(t, &models.TrackedTime{ID: 3}).(*models.TrackedTime)
 	req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/%d/times/%d?token=%s", user2.Name, issue2.Repo.Name, issue2.Index, time3.ID, token)
 	session.MakeRequest(t, req, http.StatusNoContent)
 	//Delete non existing time
-	session.MakeRequest(t, req, http.StatusInternalServerError) */
+	session.MakeRequest(t, req, http.StatusNotFound)
 
 	//Reset time of user 2 on issue 2
 	trackedSeconds, err := models.GetTrackedSeconds(models.FindTrackedTimesOptions{IssueID: 2, UserID: 2})
 	assert.NoError(t, err)
-	assert.Equal(t, int64(3662), trackedSeconds)
+	assert.Equal(t, int64(3661), trackedSeconds)
 
 	req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/%d/times?token=%s", user2.Name, issue2.Repo.Name, issue2.Index, token)
 	session.MakeRequest(t, req, http.StatusNoContent)

integrations/api_repo_test.go

@@ -209,13 +209,31 @@ func getRepo(t *testing.T, repoID int64) *models.Repository {
 func TestAPIViewRepo(t *testing.T) {
 	defer prepareTestEnv(t)()
 
+	var repo api.Repository
+
 	req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")
 	resp := MakeRequest(t, req, http.StatusOK)
-
-	var repo api.Repository
 	DecodeJSON(t, resp, &repo)
 	assert.EqualValues(t, 1, repo.ID)
 	assert.EqualValues(t, "repo1", repo.Name)
+	assert.EqualValues(t, 1, repo.Releases)
+	assert.EqualValues(t, 1, repo.OpenIssues)
+	assert.EqualValues(t, 2, repo.OpenPulls)
+
+	req = NewRequest(t, "GET", "/api/v1/repos/user12/repo10")
+	resp = MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &repo)
+	assert.EqualValues(t, 10, repo.ID)
+	assert.EqualValues(t, "repo10", repo.Name)
+	assert.EqualValues(t, 1, repo.OpenPulls)
+	assert.EqualValues(t, 1, repo.Forks)
+
+	req = NewRequest(t, "GET", "/api/v1/repos/user5/repo4")
+	resp = MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &repo)
+	assert.EqualValues(t, 4, repo.ID)
+	assert.EqualValues(t, "repo4", repo.Name)
+	assert.EqualValues(t, 1, repo.Stars)
 }
 
 func TestAPIOrgRepos(t *testing.T) {

integrations/git_test.go

@@ -71,7 +71,6 @@ func testGit(t *testing.T, u *url.URL) {
 		t.Run("BranchProtectMerge", doBranchProtectPRMerge(&httpContext, dstPath))
 		t.Run("MergeFork", func(t *testing.T) {
 			t.Run("CreatePRAndMerge", doMergeFork(httpContext, forkedUserCtx, "master", httpContext.Username+":master"))
-			t.Run("DeleteRepository", doAPIDeleteRepository(httpContext))
 			rawTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 			mediaTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 		})
@@ -111,7 +110,6 @@ func testGit(t *testing.T, u *url.URL) {
 			t.Run("BranchProtectMerge", doBranchProtectPRMerge(&sshContext, dstPath))
 			t.Run("MergeFork", func(t *testing.T) {
 				t.Run("CreatePRAndMerge", doMergeFork(sshContext, forkedUserCtx, "master", sshContext.Username+":master"))
-				t.Run("DeleteRepository", doAPIDeleteRepository(sshContext))
 				rawTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 				mediaTest(t, &forkedUserCtx, little, big, littleLFS, bigLFS)
 			})
@@ -419,8 +417,62 @@ func doMergeFork(ctx, baseCtx APITestContext, baseBranch, headBranch string) fun
 			pr, err = doAPICreatePullRequest(ctx, baseCtx.Username, baseCtx.Reponame, baseBranch, headBranch)(t)
 			assert.NoError(t, err)
 		})
+		t.Run("EnsureCanSeePull", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/files", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+		})
+		var diffStr string
+		t.Run("GetDiff", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d.diff", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+			diffStr = resp.Body.String()
+		})
 		t.Run("MergePR", doAPIMergePullRequest(baseCtx, baseCtx.Username, baseCtx.Reponame, pr.Index))
-
+		t.Run("EnsureCanSeePull", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/files", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+		})
+		t.Run("EnsureDiffNoChange", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d.diff", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, diffStr, resp.Body.String())
+		})
+		t.Run("DeleteHeadBranch", doBranchDelete(baseCtx, baseCtx.Username, baseCtx.Reponame, headBranch))
+		t.Run("EnsureCanSeePull", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/files", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+		})
+		t.Run("EnsureDiffNoChange", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d.diff", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, diffStr, resp.Body.String())
+		})
+		t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
+		t.Run("EnsureCanSeePull", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/files", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+			req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			ctx.Session.MakeRequest(t, req, http.StatusOK)
+		})
+		t.Run("EnsureDiffNoChange", func(t *testing.T) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d.diff", url.PathEscape(baseCtx.Username), url.PathEscape(baseCtx.Reponame), pr.Index))
+			resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, diffStr, resp.Body.String())
+		})
 	}
 }
 
@@ -493,3 +545,14 @@ func doPushCreate(ctx APITestContext, u *url.URL) func(t *testing.T) {
 		assert.True(t, repo.IsPrivate)
 	}
 }
+
+func doBranchDelete(ctx APITestContext, owner, repo, branch string) func(*testing.T) {
+	return func(t *testing.T) {
+		csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/branches", url.PathEscape(owner), url.PathEscape(repo)))
+
+		req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/branches/delete?name=%s", url.PathEscape(owner), url.PathEscape(repo), url.QueryEscape(branch)), map[string]string{
+			"_csrf": csrf,
+		})
+		ctx.Session.MakeRequest(t, req, http.StatusOK)
+	}
+}

main.go

@@ -68,6 +68,7 @@ arguments - which can alternatively be run by running the subcommand web.`
 		cmd.CmdMigrate,
 		cmd.CmdKeys,
 		cmd.CmdConvert,
+		cmd.CmdDoctor,
 	}
 	// Now adjust these commands to add our global configuration options
 

models/context.go

@@ -4,6 +4,11 @@
 
 package models
 
+import (
+	"code.gitea.io/gitea/modules/setting"
+	"xorm.io/builder"
+)
+
 // DBContext represents a db context
 type DBContext struct {
 	e Engine
@@ -53,3 +58,10 @@ func WithTx(f func(ctx DBContext) error) error {
 	sess.Close()
 	return err
 }
+
+// Iterate iterates the databases and doing something
+func Iterate(ctx DBContext, tableBean interface{}, cond builder.Cond, fun func(idx int, bean interface{}) error) error {
+	return ctx.e.Where(cond).
+		BufferSize(setting.Database.IterateBufferSize).
+		Iterate(tableBean, fun)
+}

models/issue.go

@@ -74,8 +74,8 @@ var (
 	issueTasksDonePat *regexp.Regexp
 )
 
-const issueTasksRegexpStr = `(^\s*[-*]\s\[[\sx]\]\s.)|(\n\s*[-*]\s\[[\sx]\]\s.)`
-const issueTasksDoneRegexpStr = `(^\s*[-*]\s\[[x]\]\s.)|(\n\s*[-*]\s\[[x]\]\s.)`
+const issueTasksRegexpStr = `(^\s*[-*]\s\[[\sxX]\]\s.)|(\n\s*[-*]\s\[[\sxX]\]\s.)`
+const issueTasksDoneRegexpStr = `(^\s*[-*]\s\[[xX]\]\s.)|(\n\s*[-*]\s\[[xX]\]\s.)`
 const issueMaxDupIndexAttempts = 3
 
 func init() {
@@ -241,7 +241,7 @@ func (issue *Issue) loadReactions(e Engine) (err error) {
 }
 
 func (issue *Issue) loadMilestone(e Engine) (err error) {
-	if issue.Milestone == nil && issue.MilestoneID > 0 {
+	if (issue.Milestone == nil || issue.Milestone.ID != issue.MilestoneID) && issue.MilestoneID > 0 {
 		issue.Milestone, err = getMilestoneByRepoID(e, issue.RepoID, issue.MilestoneID)
 		if err != nil && !IsErrMilestoneNotExist(err) {
 			return fmt.Errorf("getMilestoneByRepoID [repo_id: %d, milestone_id: %d]: %v", issue.RepoID, issue.MilestoneID, err)

models/issue_tracked_time.go

@@ -273,6 +273,10 @@ func DeleteTime(t *TrackedTime) error {
 		return err
 	}
 
+	if err := t.loadAttributes(sess); err != nil {
+		return err
+	}
+
 	if err := deleteTime(sess, t); err != nil {
 		return err
 	}
@@ -312,10 +316,8 @@ func deleteTime(e Engine, t *TrackedTime) error {
 
 // GetTrackedTimeByID returns raw TrackedTime without loading attributes by id
 func GetTrackedTimeByID(id int64) (*TrackedTime, error) {
-	time := &TrackedTime{
-		ID: id,
-	}
-	has, err := x.Get(time)
+	time := new(TrackedTime)
+	has, err := x.ID(id).Get(time)
 	if err != nil {
 		return nil, err
 	} else if !has {

models/migrations/migrations.go

@@ -292,6 +292,52 @@ var migrations = []Migration{
 	NewMigration("Add block on rejected reviews branch protection", addBlockOnRejectedReviews),
 }
 
+// GetCurrentDBVersion returns the current db version
+func GetCurrentDBVersion(x *xorm.Engine) (int64, error) {
+	if err := x.Sync(new(Version)); err != nil {
+		return -1, fmt.Errorf("sync: %v", err)
+	}
+
+	currentVersion := &Version{ID: 1}
+	has, err := x.Get(currentVersion)
+	if err != nil {
+		return -1, fmt.Errorf("get: %v", err)
+	}
+	if !has {
+		return -1, nil
+	}
+	return currentVersion.Version, nil
+}
+
+// ExpectedVersion returns the expected db version
+func ExpectedVersion() int64 {
+	return int64(minDBVersion + len(migrations))
+}
+
+// EnsureUpToDate will check if the db is at the correct version
+func EnsureUpToDate(x *xorm.Engine) error {
+	currentDB, err := GetCurrentDBVersion(x)
+	if err != nil {
+		return err
+	}
+
+	if currentDB < 0 {
+		return fmt.Errorf("Database has not been initialised")
+	}
+
+	if minDBVersion > currentDB {
+		return fmt.Errorf("DB version %d (<= %d) is too old for auto-migration. Upgrade to Gitea 1.6.4 first then upgrade to this version", currentDB, minDBVersion)
+	}
+
+	expected := ExpectedVersion()
+
+	if currentDB != expected {
+		return fmt.Errorf(`Current database version %d is not equal to the expected version %d. Please run "gitea [--config /path/to/app.ini] migrate" to update the database version`, currentDB, expected)
+	}
+
+	return nil
+}
+
 // Migrate database to current version
 func Migrate(x *xorm.Engine) error {
 	if err := x.Sync(new(Version)); err != nil {

models/org.go

@@ -470,12 +470,12 @@ func GetOwnedOrgsByUserIDDesc(userID int64, desc string) ([]*User, error) {
 func GetOrgsCanCreateRepoByUserID(userID int64) ([]*User, error) {
 	orgs := make([]*User, 0, 10)
 
-	return orgs, x.Join("INNER", "`team_user`", "`team_user`.org_id=`user`.id").
-		Join("INNER", "`team`", "`team`.id=`team_user`.team_id").
-		Where("`team_user`.uid=?", userID).
-		And(builder.Eq{"`team`.authorize": AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})).
-		Desc("`user`.updated_unix").
-		Find(&orgs)
+	return orgs, x.Where(builder.In("id", builder.Select("`user`.id").From("`user`").
+		Join("INNER", "`team_user`", "`team_user`.org_id = `user`.id").
+		Join("INNER", "`team`", "`team`.id = `team_user`.team_id").
+		Where(builder.Eq{"`team_user`.uid": userID}).
+		And(builder.Eq{"`team`.authorize": AccessModeOwner}.Or(builder.Eq{"`team`.can_create_org_repo": true})))).
+		Desc("`user`.updated_unix").Find(&orgs)
 }
 
 // GetOrgUsersByUserID returns all organization-user relations by user ID.

models/repo.go

@@ -173,7 +173,6 @@ type Repository struct {
 	NumMilestones       int `xorm:"NOT NULL DEFAULT 0"`
 	NumClosedMilestones int `xorm:"NOT NULL DEFAULT 0"`
 	NumOpenMilestones   int `xorm:"-"`
-	NumReleases         int `xorm:"-"`
 
 	IsPrivate  bool `xorm:"INDEX"`
 	IsEmpty    bool `xorm:"INDEX"`
@@ -364,6 +363,8 @@ func (repo *Repository) innerAPIFormat(e Engine, mode AccessMode, isParent bool)
 		allowSquash = config.AllowSquash
 	}
 
+	numReleases, _ := GetReleaseCountByRepoID(repo.ID, FindReleasesOptions{IncludeDrafts: false, IncludeTags: true})
+
 	return &api.Repository{
 		ID:                        repo.ID,
 		Owner:                     repo.Owner.APIFormat(),
@@ -387,7 +388,7 @@ func (repo *Repository) innerAPIFormat(e Engine, mode AccessMode, isParent bool)
 		Watchers:                  repo.NumWatches,
 		OpenIssues:                repo.NumOpenIssues,
 		OpenPulls:                 repo.NumOpenPulls,
-		Releases:                  repo.NumReleases,
+		Releases:                  int(numReleases),
 		DefaultBranch:             repo.DefaultBranch,
 		Created:                   repo.CreatedUnix.AsTime(),
 		Updated:                   repo.UpdatedUnix.AsTime(),
@@ -968,6 +969,21 @@ func CheckCreateRepository(doer, u *User, name string) error {
 	return nil
 }
 
+func getHookTemplates() (hookNames, hookTpls, giteaHookTpls []string) {
+	hookNames = []string{"pre-receive", "update", "post-receive"}
+	hookTpls = []string{
+		fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
+		fmt.Sprintf("#!/usr/bin/env %s\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\n\"${hook}\" $1 $2 $3\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
+		fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" && test -f \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
+	}
+	giteaHookTpls = []string{
+		fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
+		fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
+		fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
+	}
+	return
+}
+
 // CreateDelegateHooks creates all the hooks scripts for the repo
 func CreateDelegateHooks(repoPath string) error {
 	return createDelegateHooks(repoPath)
@@ -975,21 +991,7 @@ func CreateDelegateHooks(repoPath string) error {
 
 // createDelegateHooks creates all the hooks scripts for the repo
 func createDelegateHooks(repoPath string) (err error) {
-
-	var (
-		hookNames = []string{"pre-receive", "update", "post-receive"}
-		hookTpls  = []string{
-			fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
-			fmt.Sprintf("#!/usr/bin/env %s\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" || continue\n\"${hook}\" $1 $2 $3\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
-			fmt.Sprintf("#!/usr/bin/env %s\ndata=$(cat)\nexitcodes=\"\"\nhookname=$(basename $0)\nGIT_DIR=${GIT_DIR:-$(dirname $0)}\n\nfor hook in ${GIT_DIR}/hooks/${hookname}.d/*; do\ntest -x \"${hook}\" || continue\necho \"${data}\" | \"${hook}\"\nexitcodes=\"${exitcodes} $?\"\ndone\n\nfor i in ${exitcodes}; do\n[ ${i} -eq 0 ] || exit ${i}\ndone\n", setting.ScriptType),
-		}
-		giteaHookTpls = []string{
-			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
-			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
-			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
-		}
-	)
-
+	hookNames, hookTpls, giteaHookTpls := getHookTemplates()
 	hookDir := filepath.Join(repoPath, "hooks")
 
 	for i, hookName := range hookNames {
@@ -1008,16 +1010,94 @@ func createDelegateHooks(repoPath string) (err error) {
 			return fmt.Errorf("write old hook file '%s': %v", oldHookPath, err)
 		}
 
+		if err = ensureExecutable(oldHookPath); err != nil {
+			return fmt.Errorf("Unable to set %s executable. Error %v", oldHookPath, err)
+		}
+
 		if err = os.Remove(newHookPath); err != nil && !os.IsNotExist(err) {
 			return fmt.Errorf("unable to pre-remove new hook file '%s' prior to rewriting: %v", newHookPath, err)
 		}
 		if err = ioutil.WriteFile(newHookPath, []byte(giteaHookTpls[i]), 0777); err != nil {
 			return fmt.Errorf("write new hook file '%s': %v", newHookPath, err)
 		}
+
+		if err = ensureExecutable(newHookPath); err != nil {
+			return fmt.Errorf("Unable to set %s executable. Error %v", oldHookPath, err)
+		}
 	}
 
 	return nil
 }
+func checkExecutable(filename string) bool {
+	fileInfo, err := os.Stat(filename)
+	if err != nil {
+		return false
+	}
+	return (fileInfo.Mode() & 0100) > 0
+}
+
+func ensureExecutable(filename string) error {
+	fileInfo, err := os.Stat(filename)
+	if err != nil {
+		return err
+	}
+	if (fileInfo.Mode() & 0100) > 0 {
+		return nil
+	}
+	mode := fileInfo.Mode() | 0100
+	return os.Chmod(filename, mode)
+}
+
+// CheckDelegateHooks checks the hooks scripts for the repo
+func CheckDelegateHooks(repoPath string) ([]string, error) {
+	hookNames, hookTpls, giteaHookTpls := getHookTemplates()
+
+	hookDir := filepath.Join(repoPath, "hooks")
+	results := make([]string, 0, 10)
+
+	for i, hookName := range hookNames {
+		oldHookPath := filepath.Join(hookDir, hookName)
+		newHookPath := filepath.Join(hookDir, hookName+".d", "gitea")
+
+		cont := false
+		if !com.IsExist(oldHookPath) {
+			results = append(results, fmt.Sprintf("old hook file %s does not exist", oldHookPath))
+			cont = true
+		}
+		if !com.IsExist(oldHookPath + ".d") {
+			results = append(results, fmt.Sprintf("hooks directory %s does not exist", oldHookPath+".d"))
+			cont = true
+		}
+		if !com.IsExist(newHookPath) {
+			results = append(results, fmt.Sprintf("new hook file %s does not exist", newHookPath))
+			cont = true
+		}
+		if cont {
+			continue
+		}
+		contents, err := ioutil.ReadFile(oldHookPath)
+		if err != nil {
+			return results, err
+		}
+		if string(contents) != hookTpls[i] {
+			results = append(results, fmt.Sprintf("old hook file %s is out of date", oldHookPath))
+		}
+		if !checkExecutable(oldHookPath) {
+			results = append(results, fmt.Sprintf("old hook file %s is not executable", oldHookPath))
+		}
+		contents, err = ioutil.ReadFile(newHookPath)
+		if err != nil {
+			return results, err
+		}
+		if string(contents) != giteaHookTpls[i] {
+			results = append(results, fmt.Sprintf("new hook file %s is out of date", newHookPath))
+		}
+		if !checkExecutable(newHookPath) {
+			results = append(results, fmt.Sprintf("new hook file %s is not executable", newHookPath))
+		}
+	}
+	return results, nil
+}
 
 // initRepoCommit temporarily changes with work directory.
 func initRepoCommit(tmpPath string, repo *Repository, u *User) (err error) {
@@ -1528,7 +1608,7 @@ func TransferOwnership(doer *User, newOwnerName string, repo *Repository) error
 	}
 
 	if newOwner.IsOrganization() {
-		if err := newOwner.GetTeams(); err != nil {
+		if err := newOwner.getTeams(sess); err != nil {
 			return fmt.Errorf("GetTeams: %v", err)
 		}
 		for _, t := range newOwner.Teams {
@@ -1888,6 +1968,11 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 		return err
 	}
 
+	if _, err = sess.In("issue_id", deleteCond).
+		Delete(&TrackedTime{}); err != nil {
+		return err
+	}
+
 	attachments = attachments[:0]
 	if err = sess.Join("INNER", "issue", "issue.id = attachment.issue_id").
 		Where("issue.repo_id = ?", repoID).

models/repo_list.go

@@ -214,14 +214,35 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		}
 
 		if opts.Collaborate != util.OptionalBoolFalse {
+			// A Collaboration is:
 			collaborateCond := builder.And(
+				// 1. Repository we don't own
+				builder.Neq{"owner_id": opts.OwnerID},
+				// 2. But we can see because of:
 				builder.Or(
-					builder.Expr("repository.id IN (SELECT repo_id FROM `access` WHERE access.user_id = ?)", opts.OwnerID),
-					builder.In("id", builder.Select("`team_repo`.repo_id").
+					// A. We have access
+					builder.In("`repository`.id",
+						builder.Select("`access`.repo_id").
+							From("access").
+							Where(builder.Eq{"`access`.user_id": opts.OwnerID})),
+					// B. We are in a team for
+					builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").
 						From("team_repo").
 						Where(builder.Eq{"`team_user`.uid": opts.OwnerID}).
-						Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id"))),
-				builder.Neq{"owner_id": opts.OwnerID})
+						Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")),
+					// C. Public repositories in private organizations that we are member of
+					builder.And(
+						builder.Eq{"`repository`.is_private": false},
+						builder.In("`repository`.owner_id",
+							builder.Select("`org_user`.org_id").
+								From("org_user").
+								Join("INNER", "`user`", "`user`.id = `org_user`.org_id").
+								Where(builder.Eq{
+									"`org_user`.uid":    opts.OwnerID,
+									"`user`.type":       UserTypeOrganization,
+									"`user`.visibility": structs.VisibleTypePrivate,
+								})))),
+			)
 			if !opts.Private {
 				collaborateCond = collaborateCond.And(builder.Expr("owner_id NOT IN (SELECT org_id FROM org_user WHERE org_user.uid = ? AND org_user.is_public = ?)", opts.OwnerID, false))
 			}
@@ -340,41 +361,39 @@ func SearchRepositoryByCondition(opts *SearchRepoOptions, cond builder.Cond) (Re
 // accessibleRepositoryCondition takes a user a returns a condition for checking if a repository is accessible
 func accessibleRepositoryCondition(userID int64) builder.Cond {
 	if userID <= 0 {
+		// Public repositories that are not in private or limited organizations
 		return builder.And(
 			builder.Eq{"`repository`.is_private": false},
-			builder.Or(
-				//   A. Aren't in organisations  __OR__
-				builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
-				//   B. Is a public organisation.
-				builder.In("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePublic}))),
-		)
+			builder.NotIn("`repository`.owner_id",
+				builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization}).And(builder.Neq{"visibility": structs.VisibleTypePublic})))
 	}
 
 	return builder.Or(
-		// 1. Be able to see all non-private repositories that either:
+		// 1. All public repositories that are not in private organizations
 		builder.And(
 			builder.Eq{"`repository`.is_private": false},
-			builder.Or(
-				//   A. Aren't in organisations  __OR__
-				builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization})),
-				//   B. Isn't a private organisation. (Limited is OK because we're logged in)
-				builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(builder.Eq{"visibility": structs.VisibleTypePrivate}))),
-		),
-		// 2. Be able to see all repositories that we have access to
-		builder.Or(
-			builder.In("`repository`.id", builder.Select("repo_id").
-				From("`access`").
-				Where(builder.And(
-					builder.Eq{"user_id": userID},
-					builder.Gt{"mode": int(AccessModeNone)}))),
-			builder.In("`repository`.id", builder.Select("id").
-				From("`repository`").
-				Where(builder.Eq{"owner_id": userID}))),
-		// 3. Be able to see all repositories that we are in a team
+			builder.NotIn("`repository`.owner_id",
+				builder.Select("id").From("`user`").Where(builder.Eq{"type": UserTypeOrganization}).And(builder.Eq{"visibility": structs.VisibleTypePrivate}))),
+		// 2. Be able to see all repositories that we own
+		builder.Eq{"`repository`.owner_id": userID},
+		// 3. Be able to see all repositories that we have access to
+		builder.In("`repository`.id", builder.Select("repo_id").
+			From("`access`").
+			Where(builder.And(
+				builder.Eq{"user_id": userID},
+				builder.Gt{"mode": int(AccessModeNone)}))),
+		// 4. Be able to see all repositories that we are in a team
 		builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").
 			From("team_repo").
 			Where(builder.Eq{"`team_user`.uid": userID}).
-			Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")))
+			Join("INNER", "team_user", "`team_user`.team_id = `team_repo`.team_id")),
+		// 5. Be able to see all public repos in private organizations that we are an org_user of
+		builder.And(builder.Eq{"`repository`.is_private": false},
+			builder.In("`repository`.owner_id",
+				builder.Select("`org_user`.org_id").
+					From("org_user").
+					Where(builder.Eq{"`org_user`.uid": userID}))),
+	)
 }
 
 // SearchRepositoryByName takes keyword and part of repository name to search,

models/ssh_key.go

@@ -15,6 +15,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"math/big"
 	"os"
@@ -687,14 +688,29 @@ func rewriteAllPublicKeys(e Engine) error {
 		}
 	}
 
-	err = e.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
-		_, err = t.WriteString((bean.(*PublicKey)).AuthorizedString())
+	if err := regeneratePublicKeys(e, t); err != nil {
+		return err
+	}
+
+	t.Close()
+	return os.Rename(tmpPath, fPath)
+}
+
+// RegeneratePublicKeys regenerates the authorized_keys file
+func RegeneratePublicKeys(t io.Writer) error {
+	return regeneratePublicKeys(x, t)
+}
+
+func regeneratePublicKeys(e Engine, t io.Writer) error {
+	err := e.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
+		_, err = t.Write([]byte((bean.(*PublicKey)).AuthorizedString()))
 		return err
 	})
 	if err != nil {
 		return err
 	}
 
+	fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
 	if com.IsExist(fPath) {
 		f, err := os.Open(fPath)
 		if err != nil {
@@ -707,7 +723,7 @@ func rewriteAllPublicKeys(e Engine) error {
 				scanner.Scan()
 				continue
 			}
-			_, err = t.WriteString(line + "\n")
+			_, err = t.Write([]byte(line + "\n"))
 			if err != nil {
 				f.Close()
 				return err
@@ -715,9 +731,7 @@ func rewriteAllPublicKeys(e Engine) error {
 		}
 		f.Close()
 	}
-
-	t.Close()
-	return os.Rename(tmpPath, fPath)
+	return nil
 }
 
 // ________                .__                 ____  __.

modules/context/api.go

@@ -7,6 +7,7 @@ package context
 
 import (
 	"fmt"
+	"net/http"
 	"net/url"
 	"strings"
 
@@ -64,18 +65,18 @@ type APINotFound struct{}
 // swagger:response redirect
 type APIRedirect struct{}
 
-// Error responses error message to client with given message.
+// Error responds with an error message to client with given obj as the message.
 // If status is 500, also it prints error to log.
 func (ctx *APIContext) Error(status int, title string, obj interface{}) {
 	var message string
 	if err, ok := obj.(error); ok {
 		message = err.Error()
 	} else {
-		message = obj.(string)
+		message = fmt.Sprintf("%s", obj)
 	}
 
-	if status == 500 {
-		log.Error("%s: %s", title, message)
+	if status == http.StatusInternalServerError {
+		log.ErrorWithSkip(1, "%s: %s", title, message)
 	}
 
 	ctx.JSON(status, APIError{
@@ -84,6 +85,22 @@ func (ctx *APIContext) Error(status int, title string, obj interface{}) {
 	})
 }
 
+// InternalServerError responds with an error message to the client with the error as a message
+// and the file and line of the caller.
+func (ctx *APIContext) InternalServerError(err error) {
+	log.ErrorWithSkip(1, "InternalServerError: %v", err)
+
+	var message string
+	if macaron.Env != macaron.PROD {
+		message = err.Error()
+	}
+
+	ctx.JSON(http.StatusInternalServerError, APIError{
+		Message: message,
+		URL:     setting.API.SwaggerURL,
+	})
+}
+
 func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
 	page := NewPagination(total, pageSize, curPage, 0)
 	paginater := page.Paginater
@@ -212,6 +229,11 @@ func (ctx *APIContext) NotFound(objs ...interface{}) {
 	var message = "Not Found"
 	var errors []string
 	for _, obj := range objs {
+		// Ignore nil
+		if obj == nil {
+			continue
+		}
+
 		if err, ok := obj.(error); ok {
 			errors = append(errors, err.Error())
 		} else {

modules/context/repo.go

@@ -396,7 +396,7 @@ func RepoAssignment() macaron.Handler {
 			ctx.Data["RepoExternalIssuesLink"] = unit.ExternalTrackerConfig().ExternalTrackerURL
 		}
 
-		count, err := models.GetReleaseCountByRepoID(ctx.Repo.Repository.ID, models.FindReleasesOptions{
+		ctx.Data["NumReleases"], err = models.GetReleaseCountByRepoID(ctx.Repo.Repository.ID, models.FindReleasesOptions{
 			IncludeDrafts: false,
 			IncludeTags:   true,
 		})
@@ -404,7 +404,6 @@ func RepoAssignment() macaron.Handler {
 			ctx.ServerError("GetReleaseCountByRepoID", err)
 			return
 		}
-		ctx.Repo.Repository.NumReleases = int(count)
 
 		ctx.Data["Title"] = owner.Name + "/" + repo.Name
 		ctx.Data["Repository"] = repo

modules/git/submodule.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"net"
 	"net/url"
+	"path"
 	"regexp"
 	"strings"
 )
@@ -38,7 +39,7 @@ func NewSubModuleFile(c *Commit, refURL, refID string) *SubModuleFile {
 	}
 }
 
-func getRefURL(refURL, urlPrefix, parentPath string) string {
+func getRefURL(refURL, urlPrefix, repoFullName string) string {
 	if refURL == "" {
 		return ""
 	}
@@ -51,14 +52,14 @@ func getRefURL(refURL, urlPrefix, parentPath string) string {
 		urlPrefixHostname = prefixURL.Host
 	}
 
+	if strings.HasSuffix(urlPrefix, "/") {
+		urlPrefix = urlPrefix[:len(urlPrefix)-1]
+	}
+
+	// FIXME: Need to consider branch - which will require changes in modules/git/commit.go:GetSubModules
 	// Relative url prefix check (according to git submodule documentation)
 	if strings.HasPrefix(refURI, "./") || strings.HasPrefix(refURI, "../") {
-		// ...construct and return correct submodule url here...
-		idx := strings.Index(parentPath, "/src/")
-		if idx == -1 {
-			return refURI
-		}
-		return strings.TrimSuffix(urlPrefix, "/") + parentPath[:idx] + "/" + refURI
+		return urlPrefix + path.Clean(path.Join("/", repoFullName, refURI))
 	}
 
 	if !strings.Contains(refURI, "://") {
@@ -69,16 +70,16 @@ func getRefURL(refURL, urlPrefix, parentPath string) string {
 
 			m := match[0]
 			refHostname := m[2]
-			path := m[3]
+			pth := m[3]
 
-			if !strings.HasPrefix(path, "/") {
-				path = "/" + path
+			if !strings.HasPrefix(pth, "/") {
+				pth = "/" + pth
 			}
 
 			if urlPrefixHostname == refHostname {
-				return prefixURL.Scheme + "://" + urlPrefixHostname + path
+				return urlPrefix + path.Clean(path.Join("/", pth))
 			}
-			return "http://" + refHostname + path
+			return "http://" + refHostname + pth
 		}
 	}
 
@@ -97,7 +98,7 @@ func getRefURL(refURL, urlPrefix, parentPath string) string {
 	for _, scheme := range supportedSchemes {
 		if ref.Scheme == scheme {
 			if urlPrefixHostname == refHostname {
-				return prefixURL.Scheme + "://" + prefixURL.Host + ref.Path
+				return urlPrefix + path.Clean(path.Join("/", ref.Path))
 			} else if ref.Scheme == "http" || ref.Scheme == "https" {
 				if len(ref.User.Username()) > 0 {
 					return ref.Scheme + "://" + fmt.Sprintf("%v", ref.User) + "@" + ref.Host + ref.Path
@@ -113,8 +114,8 @@ func getRefURL(refURL, urlPrefix, parentPath string) string {
 }
 
 // RefURL guesses and returns reference URL.
-func (sf *SubModuleFile) RefURL(urlPrefix string, parentPath string) string {
-	return getRefURL(sf.refURL, urlPrefix, parentPath)
+func (sf *SubModuleFile) RefURL(urlPrefix string, repoFullName string) string {
+	return getRefURL(sf.refURL, urlPrefix, repoFullName)
 }
 
 // RefID returns reference ID.

modules/git/submodule_test.go

@@ -17,21 +17,21 @@ func TestGetRefURL(t *testing.T) {
 		parentPath string
 		expect     string
 	}{
-		{"git://github.com/user1/repo1", "/", "/", "http://github.com/user1/repo1"},
-		{"https://localhost/user1/repo1.git", "/", "/", "https://localhost/user1/repo1"},
-		{"http://localhost/user1/repo1.git", "/", "/", "http://localhost/user1/repo1"},
-		{"git@github.com:user1/repo1.git", "/", "/", "http://github.com/user1/repo1"},
-		{"ssh://git@git.zefie.net:2222/zefie/lge_g6_kernel_scripts.git", "/", "/", "http://git.zefie.net/zefie/lge_g6_kernel_scripts"},
-		{"git@git.zefie.net:2222/zefie/lge_g6_kernel_scripts.git", "/", "/", "http://git.zefie.net/2222/zefie/lge_g6_kernel_scripts"},
-		{"git@try.gitea.io:go-gitea/gitea", "https://try.gitea.io/go-gitea/gitea", "/", "https://try.gitea.io/go-gitea/gitea"},
-		{"ssh://git@try.gitea.io:9999/go-gitea/gitea", "https://try.gitea.io/go-gitea/gitea", "/", "https://try.gitea.io/go-gitea/gitea"},
-		{"git://git@try.gitea.io:9999/go-gitea/gitea", "https://try.gitea.io/go-gitea/log", "/", "https://try.gitea.io/go-gitea/gitea"},
-		{"ssh://git@127.0.0.1:9999/go-gitea/gitea", "https://127.0.0.1:3000/go-gitea/log", "/", "https://127.0.0.1:3000/go-gitea/gitea"},
-		{"https://gitea.com:3000/user1/repo1.git", "https://127.0.0.1:3000/go-gitea/gitea", "/", "https://gitea.com:3000/user1/repo1"},
-		{"https://username:password@github.com/username/repository.git", "/", "/", "https://username:password@github.com/username/repository"},
+		{"git://github.com/user1/repo1", "/", "user1/repo2", "http://github.com/user1/repo1"},
+		{"https://localhost/user1/repo1.git", "/", "user1/repo2", "https://localhost/user1/repo1"},
+		{"http://localhost/user1/repo1.git", "/", "owner/reponame", "http://localhost/user1/repo1"},
+		{"git@github.com:user1/repo1.git", "/", "owner/reponame", "http://github.com/user1/repo1"},
+		{"ssh://git@git.zefie.net:2222/zefie/lge_g6_kernel_scripts.git", "/", "zefie/lge_g6_kernel", "http://git.zefie.net/zefie/lge_g6_kernel_scripts"},
+		{"git@git.zefie.net:2222/zefie/lge_g6_kernel_scripts.git", "/", "zefie/lge_g6_kernel", "http://git.zefie.net/2222/zefie/lge_g6_kernel_scripts"},
+		{"git@try.gitea.io:go-gitea/gitea", "https://try.gitea.io/", "go-gitea/sdk", "https://try.gitea.io/go-gitea/gitea"},
+		{"ssh://git@try.gitea.io:9999/go-gitea/gitea", "https://try.gitea.io/", "go-gitea/sdk", "https://try.gitea.io/go-gitea/gitea"},
+		{"git://git@try.gitea.io:9999/go-gitea/gitea", "https://try.gitea.io/", "go-gitea/sdk", "https://try.gitea.io/go-gitea/gitea"},
+		{"ssh://git@127.0.0.1:9999/go-gitea/gitea", "https://127.0.0.1:3000/", "go-gitea/sdk", "https://127.0.0.1:3000/go-gitea/gitea"},
+		{"https://gitea.com:3000/user1/repo1.git", "https://127.0.0.1:3000/", "user/repo2", "https://gitea.com:3000/user1/repo1"},
+		{"https://username:password@github.com/username/repository.git", "/", "username/repository2", "https://username:password@github.com/username/repository"},
 		{"somethingbad", "https://127.0.0.1:3000/go-gitea/gitea", "/", ""},
-		{"git@localhost:user/repo", "https://localhost/user/repo2", "/", "https://localhost/user/repo"},
-		{"../path/to/repo.git/", "https://localhost/user/repo2/src/branch/master/test", "/", "../path/to/repo.git/"},
+		{"git@localhost:user/repo", "https://localhost/", "user2/repo1", "https://localhost/user/repo"},
+		{"../path/to/repo.git/", "https://localhost/", "user/repo2", "https://localhost/user/path/to/repo.git"},
 	}
 
 	for _, kase := range kases {

modules/markup/html.go

@@ -290,7 +290,7 @@ func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
 	}
 
 	for _, node := range nodes {
-		ctx.visitNode(node)
+		ctx.visitNode(node, true)
 	}
 
 	// Create buffer in which the data will be placed again. We know that the
@@ -313,7 +313,7 @@ func (ctx *postProcessCtx) postProcess(rawHTML []byte) ([]byte, error) {
 	return res, nil
 }
 
-func (ctx *postProcessCtx) visitNode(node *html.Node) {
+func (ctx *postProcessCtx) visitNode(node *html.Node, visitText bool) {
 	// Add user-content- to IDs if they don't already have them
 	for idx, attr := range node.Attr {
 		if attr.Key == "id" && !(strings.HasPrefix(attr.Val, "user-content-") || blackfridayExtRegex.MatchString(attr.Val)) {
@@ -323,13 +323,37 @@ func (ctx *postProcessCtx) visitNode(node *html.Node) {
 	// We ignore code, pre and already generated links.
 	switch node.Type {
 	case html.TextNode:
-		ctx.textNode(node)
+		if visitText {
+			ctx.textNode(node)
+		}
 	case html.ElementNode:
-		if node.Data == "a" || node.Data == "code" || node.Data == "pre" {
+		if node.Data == "img" {
+			attrs := node.Attr
+			for idx, attr := range attrs {
+				if attr.Key != "src" {
+					continue
+				}
+				link := []byte(attr.Val)
+				if len(link) > 0 && !IsLink(link) {
+					prefix := ctx.urlPrefix
+					if ctx.isWikiMarkdown {
+						prefix = util.URLJoin(prefix, "wiki", "raw")
+					}
+					prefix = strings.Replace(prefix, "/src/", "/media/", 1)
+
+					lnk := string(link)
+					lnk = util.URLJoin(prefix, lnk)
+					link = []byte(lnk)
+				}
+				node.Attr[idx].Val = string(link)
+			}
+		} else if node.Data == "a" {
+			visitText = false
+		} else if node.Data == "code" || node.Data == "pre" {
 			return
 		}
 		for n := node.FirstChild; n != nil; n = n.NextSibling {
-			ctx.visitNode(n)
+			ctx.visitNode(n, visitText)
 		}
 	}
 	// ignore everything else

modules/migrations/github.go

@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/migrations/base"
 	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 
 	"github.com/google/go-github/v24/github"
 	"golang.org/x/oauth2"
@@ -121,7 +122,7 @@ func (g *GithubDownloaderV3) sleep() {
 		timer := time.NewTimer(time.Until(g.rate.Reset.Time))
 		select {
 		case <-g.ctx.Done():
-			timer.Stop()
+			util.StopTimer(timer)
 			return
 		case <-timer.C:
 		}

modules/notification/indexer/indexer.go

@@ -124,6 +124,12 @@ func (r *indexerNotifier) NotifyPushCommits(pusher *models.User, repo *models.Re
 	}
 }
 
+func (r *indexerNotifier) NotifySyncPushCommits(pusher *models.User, repo *models.Repository, refName, oldCommitID, newCommitID string, commits *models.PushCommits) {
+	if setting.Indexer.RepoIndexerEnabled && refName == git.BranchPrefix+repo.DefaultBranch {
+		code_indexer.UpdateRepoIndexer(repo)
+	}
+}
+
 func (r *indexerNotifier) NotifyIssueChangeContent(doer *models.User, issue *models.Issue, oldContent string) {
 	issue_indexer.UpdateIssueIndexer(issue)
 }

modules/options/dynamic.go

@@ -98,3 +98,8 @@ func fileFromDir(name string) ([]byte, error) {
 
 	return []byte{}, fmt.Errorf("Asset file does not exist: %s", name)
 }
+
+// IsDynamic will return false when using embedded data (-tags bindata)
+func IsDynamic() bool {
+	return true
+}

modules/options/static.go

@@ -112,3 +112,8 @@ func fileFromDir(name string) ([]byte, error) {
 
 	return ioutil.ReadAll(f)
 }
+
+// IsDynamic will return false when using embedded data (-tags bindata)
+func IsDynamic() bool {
+	return false
+}

modules/queue/queue_wrapped.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // WrappedQueueType is the type for a wrapped delayed starting queue
@@ -77,7 +78,7 @@ func (q *delayedStarter) setInternal(atShutdown func(context.Context, func()), h
 			t := time.NewTimer(sleepTime)
 			select {
 			case <-ctx.Done():
-				t.Stop()
+				util.StopTimer(t)
 			case <-t.C:
 			}
 		}

modules/queue/workerpool.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/util"
 )
 
 // WorkerPool takes
@@ -56,12 +57,7 @@ func (p *WorkerPool) pushBoost(data Data) {
 		p.lock.Unlock()
 		select {
 		case p.dataChan <- data:
-			if timer.Stop() {
-				select {
-				case <-timer.C:
-				default:
-				}
-			}
+			util.StopTimer(timer)
 		case <-timer.C:
 			p.lock.Lock()
 			if p.blockTimeout > ourTimeout || (p.numberOfWorkers > p.maxNumberOfWorkers && p.maxNumberOfWorkers >= 0) {
@@ -277,12 +273,7 @@ func (p *WorkerPool) doWork(ctx context.Context) {
 			timer := time.NewTimer(delay)
 			select {
 			case <-ctx.Done():
-				if timer.Stop() {
-					select {
-					case <-timer.C:
-					default:
-					}
-				}
+				util.StopTimer(timer)
 				if len(data) > 0 {
 					log.Trace("Handling: %d data, %v", len(data), data)
 					p.handle(data...)
@@ -290,12 +281,7 @@ func (p *WorkerPool) doWork(ctx context.Context) {
 				log.Trace("Worker shutting down")
 				return
 			case datum, ok := <-p.dataChan:
-				if timer.Stop() {
-					select {
-					case <-timer.C:
-					default:
-					}
-				}
+				util.StopTimer(timer)
 				if !ok {
 					// the dataChan has been closed - we should finish up:
 					if len(data) > 0 {

modules/repofiles/content.go

@@ -159,7 +159,7 @@ func GetContents(repo *models.Repository, treePath, ref string, forList bool) (*
 	}
 
 	// Now populate the rest of the ContentsResponse based on entry type
-	if entry.IsRegular() {
+	if entry.IsRegular() || entry.IsExecutable() {
 		contentsResponse.Type = string(ContentTypeRegular)
 		if blobResponse, err := GetBlobBySHA(repo, entry.ID.String()); err != nil {
 			return nil, err

modules/session/virtual.go

@@ -107,10 +107,11 @@ func init() {
 
 // VirtualStore represents a virtual session store implementation.
 type VirtualStore struct {
-	p    *VirtualSessionProvider
-	sid  string
-	lock sync.RWMutex
-	data map[interface{}]interface{}
+	p        *VirtualSessionProvider
+	sid      string
+	lock     sync.RWMutex
+	data     map[interface{}]interface{}
+	released bool
 }
 
 // NewVirtualStore creates and returns a virtual session store.
@@ -164,7 +165,7 @@ func (s *VirtualStore) Release() error {
 		// Now ensure that we don't exist!
 		realProvider := s.p.provider
 
-		if realProvider.Exist(s.sid) {
+		if !s.released && realProvider.Exist(s.sid) {
 			// This is an error!
 			return fmt.Errorf("new sid '%s' already exists", s.sid)
 		}
@@ -172,12 +173,19 @@ func (s *VirtualStore) Release() error {
 		if err != nil {
 			return err
 		}
+		if err := realStore.Flush(); err != nil {
+			return err
+		}
 		for key, value := range s.data {
 			if err := realStore.Set(key, value); err != nil {
 				return err
 			}
 		}
-		return realStore.Release()
+		err = realStore.Release()
+		if err == nil {
+			s.released = true
+		}
+		return err
 	}
 	return nil
 }

modules/util/timer.go

@@ -0,0 +1,21 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package util
+
+import (
+	"time"
+)
+
+// StopTimer is a utility function to safely stop a time.Timer and clean its channel
+func StopTimer(t *time.Timer) bool {
+	stopped := t.Stop()
+	if !stopped {
+		select {
+		case <-t.C:
+		default:
+		}
+	}
+	return stopped
+}

options/locale/locale_en-US.ini

@@ -1062,6 +1062,7 @@ pulls.data_broken = This pull request is broken due to missing fork information.
 pulls.files_conflicted = This pull request has changes conflicting with the target branch.
 pulls.is_checking = "Merge conflict checking is in progress. Try again in few moments."
 pulls.required_status_check_failed = Some required checks were not successful.
+pulls.required_status_check_missing = Some required checks are missing.
 pulls.required_status_check_administrator = As an administrator, you may still merge this pull request.
 pulls.blocked_by_approvals = "This Pull Request doesn't have enough approvals yet. %d of %d approvals granted."
 pulls.blocked_by_rejection = "This Pull Request has changes requested by an official reviewer."

routers/api/v1/api.go

@@ -382,7 +382,7 @@ func orgAssignment(args ...bool) macaron.Handler {
 
 		var err error
 		if assignOrg {
-			ctx.Org.Organization, err = models.GetOrgByName(ctx.Params(":orgname"))
+			ctx.Org.Organization, err = models.GetOrgByName(ctx.Params(":org"))
 			if err != nil {
 				if models.IsErrOrgNotExist(err) {
 					ctx.NotFound()
@@ -808,7 +808,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Get("/user/orgs", reqToken(), org.ListMyOrgs)
 		m.Get("/users/:username/orgs", org.ListUserOrgs)
 		m.Post("/orgs", reqToken(), bind(api.CreateOrgOption{}), org.Create)
-		m.Group("/orgs/:orgname", func() {
+		m.Group("/orgs/:org", func() {
 			m.Get("/repos", user.ListOrgRepos)
 			m.Combo("").Get(org.Get).
 				Patch(reqToken(), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit).
@@ -850,7 +850,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 			})
 			m.Group("/repos", func() {
 				m.Get("", org.GetTeamRepos)
-				m.Combo("/:orgname/:reponame").
+				m.Combo("/:org/:reponame").
 					Put(org.AddTeamRepository).
 					Delete(org.RemoveTeamRepository)
 			})

routers/api/v1/repo/issue_tracked_time.go

@@ -5,6 +5,7 @@
 package repo
 
 import (
+	"fmt"
 	"net/http"
 	"time"
 
@@ -289,7 +290,15 @@ func DeleteTime(ctx *context.APIContext) {
 
 	time, err := models.GetTrackedTimeByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		ctx.Error(500, "GetTrackedTimeByID", err)
+		if models.IsErrNotExist(err) {
+			ctx.NotFound(err)
+			return
+		}
+		ctx.Error(http.StatusInternalServerError, "GetTrackedTimeByID", err)
+		return
+	}
+	if time.Deleted {
+		ctx.NotFound(fmt.Errorf("tracked time [%d] already deleted", time.ID))
 		return
 	}
 

routers/install.go

@@ -384,6 +384,11 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
 			ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
 			return
 		}
+
+		if err = ctx.Session.Release(); err != nil {
+			ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
+			return
+		}
 	}
 
 	log.Info("First-time run install finished!")

routers/private/serv.go

@@ -329,8 +329,27 @@ func ServCommand(ctx *macaron.Context) {
 		results.RepoID = repo.ID
 	}
 
-	// Finally if we're trying to touch the wiki we should init it
 	if results.IsWiki {
+		// Ensure the wiki is enabled before we allow access to it
+		if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil {
+			if models.IsErrUnitTypeNotExist(err) {
+				ctx.JSON(http.StatusForbidden, map[string]interface{}{
+					"results": results,
+					"type":    "ErrForbidden",
+					"err":     "repository wiki is disabled",
+				})
+				return
+			}
+			log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err)
+			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
+				"results": results,
+				"type":    "InternalServerError",
+				"err":     fmt.Sprintf("Failed to get the wiki unit in %s/%s Error: %v", ownerName, repoName, err),
+			})
+			return
+		}
+
+		// Finally if we're trying to touch the wiki we should init it
 		if err = wiki_service.InitWiki(repo); err != nil {
 			log.Error("Failed to initialize the wiki in %-v Error: %v", repo, err)
 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{

routers/repo/commit.go

@@ -201,6 +201,8 @@ func FileHistory(ctx *context.Context) {
 func Diff(ctx *context.Context) {
 	ctx.Data["PageIsDiff"] = true
 	ctx.Data["RequireHighlightJS"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["RequireTribute"] = true
 
 	userName := ctx.Repo.Owner.Name
 	repoName := ctx.Repo.Repository.Name

routers/repo/compare.go

@@ -320,9 +320,6 @@ func PrepareCompareDiff(
 	compareInfo.Commits = models.ParseCommitsWithStatus(compareInfo.Commits, headRepo)
 	ctx.Data["Commits"] = compareInfo.Commits
 	ctx.Data["CommitCount"] = compareInfo.Commits.Len()
-	if ctx.Data["CommitCount"] == 0 {
-		ctx.Data["PageIsComparePull"] = false
-	}
 
 	if compareInfo.Commits.Len() == 1 {
 		c := compareInfo.Commits.Front().Value.(models.SignCommitWithStatuses)

routers/repo/http.go

@@ -29,6 +29,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	repo_service "code.gitea.io/gitea/services/repository"
 )
@@ -135,6 +136,16 @@ func HTTP(ctx *context.Context) {
 		environ      []string
 	)
 
+	// don't allow anonymous pulls if organization is not public
+	if isPublicPull {
+		if err := repo.GetOwner(); err != nil {
+			ctx.ServerError("GetOwner", err)
+			return
+		}
+
+		askAuth = askAuth || (repo.Owner.Visibility != structs.VisibleTypePublic)
+	}
+
 	// check access
 	if askAuth {
 		authUsername = ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
@@ -313,6 +324,19 @@ func HTTP(ctx *context.Context) {
 		}
 	}
 
+	if isWiki {
+		// Ensure the wiki is enabled before we allow access to it
+		if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil {
+			if models.IsErrUnitTypeNotExist(err) {
+				ctx.HandleText(http.StatusForbidden, "repository wiki is disabled")
+				return
+			}
+			log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err)
+			ctx.ServerError("GetUnit(UnitTypeWiki) for "+repo.FullName(), err)
+			return
+		}
+	}
+
 	environ = append(environ, models.ProtectedBranchRepoID+fmt.Sprintf("=%d", repo.ID))
 
 	w := ctx.Resp

routers/repo/pull.go

@@ -413,9 +413,7 @@ func PrepareViewPullInfo(ctx *context.Context, issue *models.Issue) *git.Compare
 			}
 			return false
 		}
-		state := pull_service.MergeRequiredContextsCommitStatus(commitStatuses, pull.ProtectedBranch.StatusCheckContexts)
-		ctx.Data["RequiredStatusCheckState"] = state
-		ctx.Data["IsRequiredStatusCheckSuccess"] = state.IsSuccess()
+		ctx.Data["RequiredStatusCheckState"] = pull_service.MergeRequiredContextsCommitStatus(commitStatuses, pull.ProtectedBranch.StatusCheckContexts)
 	}
 
 	ctx.Data["HeadBranchMovedOn"] = headBranchSha != sha

routers/routes/routes.go

@@ -668,6 +668,14 @@ func RegisterRoutes(m *macaron.Macaron) {
 
 	m.Post("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), context.UnitTypes(), repo.Action)
 
+	// Grouping for those endpoints not requiring authentication
+	m.Group("/:username/:reponame", func() {
+		m.Group("/milestone", func() {
+			m.Get("/:id", repo.MilestoneIssuesAndPulls)
+		}, reqRepoIssuesOrPullsReader, context.RepoRef())
+	}, context.RepoAssignment(), context.UnitTypes())
+
+	// Grouping for those endpoints that do require authentication
 	m.Group("/:username/:reponame", func() {
 		m.Group("/issues", func() {
 			m.Combo("/new").Get(context.RepoRef(), repo.NewIssue).
@@ -723,9 +731,6 @@ func RegisterRoutes(m *macaron.Macaron) {
 			m.Post("/:id/:action", repo.ChangeMilestonStatus)
 			m.Post("/delete", repo.DeleteMilestone)
 		}, context.RepoMustNotBeArchived(), reqRepoIssuesOrPullsWriter, context.RepoRef())
-		m.Group("/milestone", func() {
-			m.Get("/:id", repo.MilestoneIssuesAndPulls)
-		}, reqRepoIssuesOrPullsReader, context.RepoRef())
 		m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
 			Get(repo.SetDiffViewStyle, repo.CompareDiff).
 			Post(context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)

routers/user/auth.go

@@ -81,14 +81,18 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
 	}
 
 	isSucceed = true
-	err = ctx.Session.Set("uid", u.ID)
-	if err != nil {
+
+	// Set session IDs
+	if err := ctx.Session.Set("uid", u.ID); err != nil {
 		return false, err
 	}
-	err = ctx.Session.Set("uname", u.Name)
-	if err != nil {
+	if err := ctx.Session.Set("uname", u.Name); err != nil {
 		return false, err
 	}
+	if err := ctx.Session.Release(); err != nil {
+		return false, err
+	}
+
 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
 	return true, nil
 }
@@ -203,14 +207,16 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 	}
 
 	// User needs to use 2FA, save data and redirect to 2FA page.
-	err = ctx.Session.Set("twofaUid", u.ID)
-	if err != nil {
-		ctx.ServerError("UserSignIn", err)
+	if err := ctx.Session.Set("twofaUid", u.ID); err != nil {
+		ctx.ServerError("UserSignIn: Unable to set twofaUid in session", err)
 		return
 	}
-	err = ctx.Session.Set("twofaRemember", form.Remember)
-	if err != nil {
-		ctx.ServerError("UserSignIn", err)
+	if err := ctx.Session.Set("twofaRemember", form.Remember); err != nil {
+		ctx.ServerError("UserSignIn: Unable to set twofaRemember in session", err)
+		return
+	}
+	if err := ctx.Session.Release(); err != nil {
+		ctx.ServerError("UserSignIn: Unable to save session", err)
 		return
 	}
 
@@ -407,10 +413,14 @@ func U2FChallenge(ctx *context.Context) {
 		ctx.ServerError("u2f.NewChallenge", err)
 		return
 	}
-	if err = ctx.Session.Set("u2fChallenge", challenge); err != nil {
-		ctx.ServerError("UserSignIn", err)
+	if err := ctx.Session.Set("u2fChallenge", challenge); err != nil {
+		ctx.ServerError("UserSignIn: unable to set u2fChallenge in session", err)
 		return
 	}
+	if err := ctx.Session.Release(); err != nil {
+		ctx.ServerError("UserSignIn: unable to store session", err)
+	}
+
 	ctx.JSON(200, challenge.SignRequest(regs.ToRegistrations()))
 }
 
@@ -494,13 +504,14 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR
 	_ = ctx.Session.Delete("twofaRemember")
 	_ = ctx.Session.Delete("u2fChallenge")
 	_ = ctx.Session.Delete("linkAccount")
-	err := ctx.Session.Set("uid", u.ID)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("uid", u.ID); err != nil {
+		log.Error("Error setting uid %d in session: %v", u.ID, err)
 	}
-	err = ctx.Session.Set("uname", u.Name)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("uname", u.Name); err != nil {
+		log.Error("Error setting uname %s session: %v", u.Name, err)
+	}
+	if err := ctx.Session.Release(); err != nil {
+		log.Error("Unable to store session: %v", err)
 	}
 
 	// Language setting of the user overwrites the one previously set
@@ -593,9 +604,11 @@ func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context
 
 	if u == nil {
 		// no existing user is found, request attach or new account
-		err = ctx.Session.Set("linkAccountGothUser", gothUser)
-		if err != nil {
-			log.Error(fmt.Sprintf("Error setting session: %v", err))
+		if err := ctx.Session.Set("linkAccountGothUser", gothUser); err != nil {
+			log.Error("Error setting linkAccountGothUser in session: %v", err)
+		}
+		if err := ctx.Session.Release(); err != nil {
+			log.Error("Error storing session: %v", err)
 		}
 		ctx.Redirect(setting.AppSubURL + "/user/link_account")
 		return
@@ -610,13 +623,14 @@ func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context
 			return
 		}
 
-		err = ctx.Session.Set("uid", u.ID)
-		if err != nil {
-			log.Error(fmt.Sprintf("Error setting session: %v", err))
+		if err := ctx.Session.Set("uid", u.ID); err != nil {
+			log.Error("Error setting uid in session: %v", err)
 		}
-		err = ctx.Session.Set("uname", u.Name)
-		if err != nil {
-			log.Error(fmt.Sprintf("Error setting session: %v", err))
+		if err := ctx.Session.Set("uname", u.Name); err != nil {
+			log.Error("Error setting uname in session: %v", err)
+		}
+		if err := ctx.Session.Release(); err != nil {
+			log.Error("Error storing session: %v", err)
 		}
 
 		// Clear whatever CSRF has right now, force to generate a new one
@@ -645,13 +659,14 @@ func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context
 	}
 
 	// User needs to use 2FA, save data and redirect to 2FA page.
-	err = ctx.Session.Set("twofaUid", u.ID)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("twofaUid", u.ID); err != nil {
+		log.Error("Error setting twofaUid in session: %v", err)
 	}
-	err = ctx.Session.Set("twofaRemember", false)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("twofaRemember", false); err != nil {
+		log.Error("Error setting twofaRemember in session: %v", err)
+	}
+	if err := ctx.Session.Release(); err != nil {
+		log.Error("Error storing session: %v", err)
 	}
 
 	// If U2F is enrolled -> Redirect to U2F instead
@@ -816,17 +831,17 @@ func LinkAccountPostSignIn(ctx *context.Context, signInForm auth.SignInForm) {
 	}
 
 	// User needs to use 2FA, save data and redirect to 2FA page.
-	err = ctx.Session.Set("twofaUid", u.ID)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("twofaUid", u.ID); err != nil {
+		log.Error("Error setting twofaUid in session: %v", err)
 	}
-	err = ctx.Session.Set("twofaRemember", signInForm.Remember)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("twofaRemember", signInForm.Remember); err != nil {
+		log.Error("Error setting twofaRemember in session: %v", err)
 	}
-	err = ctx.Session.Set("linkAccount", true)
-	if err != nil {
-		log.Error(fmt.Sprintf("Error setting session: %v", err))
+	if err := ctx.Session.Set("linkAccount", true); err != nil {
+		log.Error("Error setting linkAccount in session: %v", err)
+	}
+	if err := ctx.Session.Release(); err != nil {
+		log.Error("Error storing session: %v", err)
 	}
 
 	// If U2F is enrolled -> Redirect to U2F instead
@@ -988,11 +1003,8 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
 }
 
 func handleSignOut(ctx *context.Context) {
-	_ = ctx.Session.Delete("uid")
-	_ = ctx.Session.Delete("uname")
-	_ = ctx.Session.Delete("socialId")
-	_ = ctx.Session.Delete("socialName")
-	_ = ctx.Session.Delete("socialEmail")
+	_ = ctx.Session.Flush()
+	_ = ctx.Session.Destroy(ctx.Context)
 	ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
 	ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
@@ -1187,14 +1199,16 @@ func Activate(ctx *context.Context) {
 
 		log.Trace("User activated: %s", user.Name)
 
-		err = ctx.Session.Set("uid", user.ID)
-		if err != nil {
-			log.Error(fmt.Sprintf("Error setting session: %v", err))
+		if err := ctx.Session.Set("uid", user.ID); err != nil {
+			log.Error(fmt.Sprintf("Error setting uid in session: %v", err))
 		}
-		err = ctx.Session.Set("uname", user.Name)
-		if err != nil {
-			log.Error(fmt.Sprintf("Error setting session: %v", err))
+		if err := ctx.Session.Set("uname", user.Name); err != nil {
+			log.Error(fmt.Sprintf("Error setting uname in session: %v", err))
 		}
+		if err := ctx.Session.Release(); err != nil {
+			log.Error("Error storing session: %v", err)
+		}
+
 		ctx.Flash.Success(ctx.Tr("auth.account_activated"))
 		ctx.Redirect(setting.AppSubURL + "/")
 		return

routers/user/auth_openid.go

@@ -128,9 +128,12 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) {
 	url += "&openid.sreg.optional=nickname%2Cemail"
 
 	log.Trace("Form-passed openid-remember: %t", form.Remember)
-	err = ctx.Session.Set("openid_signin_remember", form.Remember)
-	if err != nil {
-		log.Error("SignInOpenIDPost: Could not set session: %v", err.Error())
+
+	if err := ctx.Session.Set("openid_signin_remember", form.Remember); err != nil {
+		log.Error("SignInOpenIDPost: Could not set openid_signin_remember in session: %v", err)
+	}
+	if err := ctx.Session.Release(); err != nil {
+		log.Error("SignInOpenIDPost: Unable to save changes to the session: %v", err)
 	}
 
 	ctx.Redirect(url)
@@ -227,23 +230,22 @@ func signInOpenIDVerify(ctx *context.Context) {
 		}
 	}
 
-	err = ctx.Session.Set("openid_verified_uri", id)
-	if err != nil {
-		log.Error("signInOpenIDVerify: Could not set session: %v", err.Error())
+	if err := ctx.Session.Set("openid_verified_uri", id); err != nil {
+		log.Error("signInOpenIDVerify: Could not set openid_verified_uri in session: %v", err)
 	}
-
-	err = ctx.Session.Set("openid_determined_email", email)
-	if err != nil {
-		log.Error("signInOpenIDVerify: Could not set session: %v", err.Error())
+	if err := ctx.Session.Set("openid_determined_email", email); err != nil {
+		log.Error("signInOpenIDVerify: Could not set openid_determined_email in session: %v", err)
 	}
 
 	if u != nil {
 		nickname = u.LowerName
 	}
 
-	err = ctx.Session.Set("openid_determined_username", nickname)
-	if err != nil {
-		log.Error("signInOpenIDVerify: Could not set session: %v", err.Error())
+	if err := ctx.Session.Set("openid_determined_username", nickname); err != nil {
+		log.Error("signInOpenIDVerify: Could not set openid_determined_username in session: %v", err)
+	}
+	if err := ctx.Session.Release(); err != nil {
+		log.Error("signInOpenIDVerify: Unable to save changes to the session: %v", err)
 	}
 
 	if u != nil || !setting.Service.EnableOpenIDSignUp {

routers/user/oauth.go

@@ -229,6 +229,11 @@ func AuthorizeOAuth(ctx *context.Context, form auth.AuthorizationForm) {
 			}, form.RedirectURI)
 			return
 		}
+		// Here we're just going to try to release the session early
+		if err := ctx.Session.Release(); err != nil {
+			// we'll tolerate errors here as they *should* get saved elsewhere
+			log.Error("Unable to save changes to the session: %v", err)
+		}
 	case "":
 		break
 	default:
@@ -287,6 +292,11 @@ func AuthorizeOAuth(ctx *context.Context, form auth.AuthorizationForm) {
 		log.Error(err.Error())
 		return
 	}
+	// Here we're just going to try to release the session early
+	if err := ctx.Session.Release(); err != nil {
+		// we'll tolerate errors here as they *should* get saved elsewhere
+		log.Error("Unable to save changes to the session: %v", err)
+	}
 	ctx.HTML(200, tplGrantAccess)
 }
 

routers/user/setting/security_twofa.go

@@ -15,6 +15,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/pquerna/otp"
@@ -28,18 +29,22 @@ func RegenerateScratchTwoFactor(ctx *context.Context) {
 
 	t, err := models.GetTwoFactorByUID(ctx.User.ID)
 	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		if models.IsErrTwoFactorNotEnrolled(err) {
+			ctx.Flash.Error(ctx.Tr("setting.twofa_not_enrolled"))
+			ctx.Redirect(setting.AppSubURL + "/user/settings/security")
+		}
+		ctx.ServerError("SettingsTwoFactor: Failed to GetTwoFactorByUID", err)
 		return
 	}
 
 	token, err := t.GenerateScratchToken()
 	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: Failed to GenerateScratchToken", err)
 		return
 	}
 
 	if err = models.UpdateTwoFactor(t); err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: Failed to UpdateTwoFactor", err)
 		return
 	}
 
@@ -54,12 +59,21 @@ func DisableTwoFactor(ctx *context.Context) {
 
 	t, err := models.GetTwoFactorByUID(ctx.User.ID)
 	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		if models.IsErrTwoFactorNotEnrolled(err) {
+			ctx.Flash.Error(ctx.Tr("setting.twofa_not_enrolled"))
+			ctx.Redirect(setting.AppSubURL + "/user/settings/security")
+		}
+		ctx.ServerError("SettingsTwoFactor: Failed to GetTwoFactorByUID", err)
 		return
 	}
 
 	if err = models.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		if models.IsErrTwoFactorNotEnrolled(err) {
+			// There is a potential DB race here - we must have been disabled by another request in the intervening period
+			ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))
+			ctx.Redirect(setting.AppSubURL + "/user/settings/security")
+		}
+		ctx.ServerError("SettingsTwoFactor: Failed to DeleteTwoFactorByID", err)
 		return
 	}
 
@@ -74,7 +88,7 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 	if uri != nil {
 		otpKey, err = otp.NewKeyFromURL(uri.(string))
 		if err != nil {
-			ctx.ServerError("SettingsTwoFactor: NewKeyFromURL: ", err)
+			ctx.ServerError("SettingsTwoFactor: Failed NewKeyFromURL: ", err)
 			return false
 		}
 	}
@@ -87,7 +101,7 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 			AccountName: ctx.User.Name,
 		})
 		if err != nil {
-			ctx.ServerError("SettingsTwoFactor", err)
+			ctx.ServerError("SettingsTwoFactor: totpGenerate Failed", err)
 			return false
 		}
 	}
@@ -95,27 +109,33 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 	ctx.Data["TwofaSecret"] = otpKey.Secret()
 	img, err := otpKey.Image(320, 240)
 	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: otpKey image generation failed", err)
 		return false
 	}
 
 	var imgBytes bytes.Buffer
 	if err = png.Encode(&imgBytes, img); err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: otpKey png encoding failed", err)
 		return false
 	}
 
 	ctx.Data["QrUri"] = template.URL("data:image/png;base64," + base64.StdEncoding.EncodeToString(imgBytes.Bytes()))
-	err = ctx.Session.Set("twofaSecret", otpKey.Secret())
-	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+
+	if err := ctx.Session.Set("twofaSecret", otpKey.Secret()); err != nil {
+		ctx.ServerError("SettingsTwoFactor: Failed to set session for twofaSecret", err)
 		return false
 	}
-	err = ctx.Session.Set("twofaUri", otpKey.String())
-	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+
+	if err := ctx.Session.Set("twofaUri", otpKey.String()); err != nil {
+		ctx.ServerError("SettingsTwoFactor: Failed to set session for twofaUri", err)
 		return false
 	}
+
+	// Here we're just going to try to release the session early
+	if err := ctx.Session.Release(); err != nil {
+		// we'll tolerate errors here as they *should* get saved elsewhere
+		log.Error("Unable to save changes to the session: %v", err)
+	}
 	return true
 }
 
@@ -126,12 +146,14 @@ func EnrollTwoFactor(ctx *context.Context) {
 
 	t, err := models.GetTwoFactorByUID(ctx.User.ID)
 	if t != nil {
-		// already enrolled
-		ctx.ServerError("SettingsTwoFactor", err)
+		// already enrolled - we should redirect back!
+		log.Warn("Trying to re-enroll %-v in twofa when already enrolled", ctx.User)
+		ctx.Flash.Error(ctx.Tr("setting.twofa_is_enrolled"))
+		ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		return
 	}
 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: GetTwoFactorByUID", err)
 		return
 	}
 
@@ -150,11 +172,12 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
 	t, err := models.GetTwoFactorByUID(ctx.User.ID)
 	if t != nil {
 		// already enrolled
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.Flash.Error(ctx.Tr("setting.twofa_is_enrolled"))
+		ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		return
 	}
 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: Failed to check if already enrolled with GetTwoFactorByUID", err)
 		return
 	}
 
@@ -181,30 +204,37 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
 	}
 	err = t.SetSecret(secret)
 	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: Failed to set secret", err)
 		return
 	}
 	token, err := t.GenerateScratchToken()
 	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		ctx.ServerError("SettingsTwoFactor: Failed to generate scratch token", err)
 		return
 	}
 
+	// Now we have to delete the secrets - because if we fail to insert then it's highly likely that they have already been used
+	// If we can detect the unique constraint failure below we can move this to after the NewTwoFactor
+	if err := ctx.Session.Delete("twofaSecret"); err != nil {
+		// tolerate this failure - it's more important to continue
+		log.Error("Unable to delete twofaSecret from the session: Error: %v", err)
+	}
+	if err := ctx.Session.Delete("twofaUri"); err != nil {
+		// tolerate this failure - it's more important to continue
+		log.Error("Unable to delete twofaUri from the session: Error: %v", err)
+	}
+	if err := ctx.Session.Release(); err != nil {
+		// tolerate this failure - it's more important to continue
+		log.Error("Unable to save changes to the session: %v", err)
+	}
+
 	if err = models.NewTwoFactor(t); err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
+		// FIXME: We need to handle a unique constraint fail here it's entirely possible that another request has beaten us.
+		// If there is a unique constraint fail we should just tolerate the error
+		ctx.ServerError("SettingsTwoFactor: Failed to save two factor", err)
 		return
 	}
 
-	err = ctx.Session.Delete("twofaSecret")
-	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
-		return
-	}
-	err = ctx.Session.Delete("twofaUri")
-	if err != nil {
-		ctx.ServerError("SettingsTwoFactor", err)
-		return
-	}
 	ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", token))
 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 }

routers/user/setting/security_u2f.go

@@ -10,6 +10,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/tstranex/u2f"
@@ -26,9 +27,8 @@ func U2FRegister(ctx *context.Context, form auth.U2FRegistrationForm) {
 		ctx.ServerError("NewChallenge", err)
 		return
 	}
-	err = ctx.Session.Set("u2fChallenge", challenge)
-	if err != nil {
-		ctx.ServerError("Session.Set", err)
+	if err := ctx.Session.Set("u2fChallenge", challenge); err != nil {
+		ctx.ServerError("Unable to set session key for u2fChallenge", err)
 		return
 	}
 	regs, err := models.GetU2FRegistrationsByUID(ctx.User.ID)
@@ -42,11 +42,15 @@ func U2FRegister(ctx *context.Context, form auth.U2FRegistrationForm) {
 			return
 		}
 	}
-	err = ctx.Session.Set("u2fName", form.Name)
-	if err != nil {
-		ctx.ServerError("", err)
+	if err := ctx.Session.Set("u2fName", form.Name); err != nil {
+		ctx.ServerError("Unable to set session key for u2fName", err)
 		return
 	}
+	// Here we're just going to try to release the session early
+	if err := ctx.Session.Release(); err != nil {
+		// we'll tolerate errors here as they *should* get saved elsewhere
+		log.Error("Unable to save changes to the session: %v", err)
+	}
 	ctx.JSON(200, u2f.NewWebRegisterRequest(challenge, regs.ToRegistrations()))
 }
 

services/pull/merge.go

@@ -211,17 +211,34 @@ func Merge(pr *models.PullRequest, doer *models.User, baseGitRepo *git.Repositor
 		if err := git.NewCommand("rebase", baseBranch).RunInDirPipeline(tmpBasePath, &outbuf, &errbuf); err != nil {
 			// Rebase will leave a REBASE_HEAD file in .git if there is a conflict
 			if _, statErr := os.Stat(filepath.Join(tmpBasePath, ".git", "REBASE_HEAD")); statErr == nil {
-				// The original commit SHA1 that is failing will be in .git/rebase-apply/original-commit
-				commitShaBytes, readErr := ioutil.ReadFile(filepath.Join(tmpBasePath, ".git", "rebase-apply", "original-commit"))
-				if readErr != nil {
-					// Abandon this attempt to handle the error
+				var commitSha string
+				ok := false
+				failingCommitPaths := []string{
+					filepath.Join(tmpBasePath, ".git", "rebase-apply", "original-commit"), // Git < 2.26
+					filepath.Join(tmpBasePath, ".git", "rebase-merge", "stopped-sha"),     // Git >= 2.26
+				}
+				for _, failingCommitPath := range failingCommitPaths {
+					if _, statErr := os.Stat(filepath.Join(failingCommitPath)); statErr == nil {
+						commitShaBytes, readErr := ioutil.ReadFile(filepath.Join(failingCommitPath))
+						if readErr != nil {
+							// Abandon this attempt to handle the error
+							log.Error("git rebase staging on to base [%s:%s -> %s:%s]: %v\n%s\n%s", pr.HeadRepo.FullName(), pr.HeadBranch, pr.BaseRepo.FullName(), pr.BaseBranch, err, outbuf.String(), errbuf.String())
+							return fmt.Errorf("git rebase staging on to base [%s:%s -> %s:%s]: %v\n%s\n%s", pr.HeadRepo.FullName(), pr.HeadBranch, pr.BaseRepo.FullName(), pr.BaseBranch, err, outbuf.String(), errbuf.String())
+						}
+						commitSha = strings.TrimSpace(string(commitShaBytes))
+						ok = true
+						break
+					}
+				}
+				if !ok {
+					log.Error("Unable to determine failing commit sha for this rebase message. Cannot cast as models.ErrRebaseConflicts.")
 					log.Error("git rebase staging on to base [%s:%s -> %s:%s]: %v\n%s\n%s", pr.HeadRepo.FullName(), pr.HeadBranch, pr.BaseRepo.FullName(), pr.BaseBranch, err, outbuf.String(), errbuf.String())
 					return fmt.Errorf("git rebase staging on to base [%s:%s -> %s:%s]: %v\n%s\n%s", pr.HeadRepo.FullName(), pr.HeadBranch, pr.BaseRepo.FullName(), pr.BaseBranch, err, outbuf.String(), errbuf.String())
 				}
-				log.Debug("RebaseConflict at %s [%s:%s -> %s:%s]: %v\n%s\n%s", strings.TrimSpace(string(commitShaBytes)), pr.HeadRepo.FullName(), pr.HeadBranch, pr.BaseRepo.FullName(), pr.BaseBranch, err, outbuf.String(), errbuf.String())
+				log.Debug("RebaseConflict at %s [%s:%s -> %s:%s]: %v\n%s\n%s", commitSha, pr.HeadRepo.FullName(), pr.HeadBranch, pr.BaseRepo.FullName(), pr.BaseBranch, err, outbuf.String(), errbuf.String())
 				return models.ErrRebaseConflicts{
 					Style:     mergeStyle,
-					CommitSHA: strings.TrimSpace(string(commitShaBytes)),
+					CommitSHA: commitSha,
 					StdOut:    outbuf.String(),
 					StdErr:    errbuf.String(),
 					Err:       err,
@@ -268,6 +285,10 @@ func Merge(pr *models.PullRequest, doer *models.User, baseGitRepo *git.Repositor
 			return err
 		}
 
+		if err = pr.Issue.LoadPoster(); err != nil {
+			log.Error("LoadPoster: %v", err)
+			return fmt.Errorf("LoadPoster: %v", err)
+		}
 		sig := pr.Issue.Poster.NewGitSig()
 		if signArg == "" {
 			if err := git.NewCommand("commit", fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email), "-m", message).RunInDirTimeoutEnvPipeline(env, -1, tmpBasePath, &outbuf, &errbuf); err != nil {

services/pull/patch.go

@@ -31,32 +31,19 @@ func DownloadPatch(pr *models.PullRequest, w io.Writer, patch bool) error {
 
 // DownloadDiffOrPatch will write the patch for the pr to the writer
 func DownloadDiffOrPatch(pr *models.PullRequest, w io.Writer, patch bool) error {
-	// Clone base repo.
-	tmpBasePath, err := createTemporaryRepo(pr)
-	if err != nil {
-		log.Error("CreateTemporaryPath: %v", err)
+	if err := pr.LoadBaseRepo(); err != nil {
+		log.Error("Unable to load base repository ID %d for pr #%d [%d]", pr.BaseRepoID, pr.Index, pr.ID)
 		return err
 	}
-	defer func() {
-		if err := models.RemoveTemporaryPath(tmpBasePath); err != nil {
-			log.Error("DownloadDiff: RemoveTemporaryPath: %s", err)
-		}
-	}()
 
-	gitRepo, err := git.OpenRepository(tmpBasePath)
+	gitRepo, err := git.OpenRepository(pr.BaseRepo.RepoPath())
 	if err != nil {
 		return fmt.Errorf("OpenRepository: %v", err)
 	}
 	defer gitRepo.Close()
-
-	pr.MergeBase, err = git.NewCommand("merge-base", "--", "base", "tracking").RunInDir(tmpBasePath)
-	if err != nil {
-		pr.MergeBase = "base"
-	}
-	pr.MergeBase = strings.TrimSpace(pr.MergeBase)
-	if err := gitRepo.GetDiffOrPatch(pr.MergeBase, "tracking", w, patch); err != nil {
-		log.Error("Unable to get patch file from %s to %s in %s/%s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.MustOwner().Name, pr.BaseRepo.Name, err)
-		return fmt.Errorf("Unable to get patch file from %s to %s in %s/%s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.MustOwner().Name, pr.BaseRepo.Name, err)
+	if err := gitRepo.GetDiffOrPatch(pr.MergeBase, pr.GetGitRefName(), w, patch); err != nil {
+		log.Error("Unable to get patch file from %s to %s in %s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.FullName(), err)
+		return fmt.Errorf("Unable to get patch file from %s to %s in %s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.FullName(), err)
 	}
 	return nil
 }

templates/base/head.tmpl

@@ -84,7 +84,11 @@
         for the JavaScript code in this page.
 	*/`}}
 	</script>
-
+	<script>
+		window.config = {
+			StaticUrlPrefix: '{{StaticUrlPrefix}}'
+		}
+	</script>
 	<link rel="shortcut icon" href="{{StaticUrlPrefix}}/img/favicon.png" />
 	<link rel="mask-icon" href="{{StaticUrlPrefix}}/img/gitea-safari.svg" color="#609926">
 	<link rel="preload" href="{{StaticUrlPrefix}}/vendor/assets/font-awesome/css/font-awesome.min.css" as="style" onload="this.rel='stylesheet'">

templates/repo/diff/compare.tmpl

@@ -59,7 +59,7 @@
 
 	{{if .IsNothingToCompare}}
     	<div class="ui segment">{{.i18n.Tr "repo.pulls.nothing_to_compare"}}</div>
-	{{else if .PageIsComparePull}}
+	{{else if and .PageIsComparePull (gt .CommitCount 0)}}
 		{{if .HasPullRequest}}
         	<div class="ui segment">
         		{{.i18n.Tr "repo.pulls.has_pull_request" $.RepoLink $.RepoRelPath .PullRequest.Index | Safe}}

templates/repo/header.tmpl

@@ -86,7 +86,7 @@
 
 				{{if and (.Permission.CanRead $.UnitTypeReleases) (not .IsEmptyRepo) }}
 				<a class="{{if .PageIsReleaseList}}active{{end}} item" href="{{.RepoLink}}/releases">
-					<i class="octicon octicon-tag"></i> {{.i18n.Tr "repo.releases"}} <span class="ui {{if not .Repository.NumReleases}}gray{{else}}blue{{end}} small label">{{.Repository.NumReleases}}</span>
+					<i class="octicon octicon-tag"></i> {{.i18n.Tr "repo.releases"}} <span class="ui {{if not .NumReleases}}gray{{else}}blue{{end}} small label">{{.NumReleases}}</span>
 				</a>
 				{{end}}
 

templates/repo/issue/view_content/pull.tmpl

@@ -43,7 +43,7 @@
 	{{else if .IsBlockedByApprovals}}red
 	{{else if .IsBlockedByRejection}}red
 	{{else if and .EnableStatusCheck (or .RequiredStatusCheckState.IsFailure .RequiredStatusCheckState.IsError)}}red
-	{{else if and .EnableStatusCheck (or .RequiredStatusCheckState.IsPending .RequiredStatusCheckState.IsWarning)}}yellow
+	{{else if and .EnableStatusCheck (or (not $.LatestCommitStatus) .RequiredStatusCheckState.IsPending .RequiredStatusCheckState.IsWarning)}}yellow
 	{{else if .Issue.PullRequest.IsChecking}}yellow
 	{{else if .Issue.PullRequest.CanAutoMerge}}green
 	{{else}}red{{end}}"><span class="mega-octicon octicon-git-merge"></span></a>
@@ -112,7 +112,7 @@
 					<span class="octicon octicon-sync"></span>
 					{{$.i18n.Tr "repo.pulls.is_checking"}}
 				</div>
-			{{else if and (not .Issue.PullRequest.CanAutoMerge) .EnableStatusCheck (not .IsRequiredStatusCheckSuccess)}}
+			{{else if and (not .Issue.PullRequest.CanAutoMerge) .EnableStatusCheck (not .RequiredStatusCheckState.IsSuccess)}}
 				<div class="item text red">
 					<span class="octicon octicon-x"></span>
 					{{$.i18n.Tr "repo.pulls.required_status_check_failed"}}
@@ -123,9 +123,14 @@
 					<span class="octicon octicon-x"></span>
 					{{$.i18n.Tr "repo.pulls.required_status_check_failed"}}
 				</div>
+				{{else if and .EnableStatusCheck (not .RequiredStatusCheckState.IsSuccess)}}
+				<div class="item text red">
+					<span class="octicon octicon-x"></span>
+					{{$.i18n.Tr "repo.pulls.required_status_check_missing"}}
+				</div>
 				{{end}}
-				{{if or $.IsRepoAdmin (not .EnableStatusCheck) .IsRequiredStatusCheckSuccess}}
-					{{if and $.IsRepoAdmin .EnableStatusCheck (not .IsRequiredStatusCheckSuccess)}}
+				{{if or $.IsRepoAdmin (not .EnableStatusCheck) .RequiredStatusCheckState.IsSuccess}}
+					{{if and $.IsRepoAdmin .EnableStatusCheck (not .RequiredStatusCheckState.IsSuccess)}}
 						<div class="item text yellow">
 							<span class="octicon octicon-primitive-dot"></span>
 							{{$.i18n.Tr "repo.pulls.required_status_check_administrator"}}

templates/repo/settings/webhook/gitea.tmpl

@@ -1,40 +1,40 @@
-{{if eq .HookType "gitea"}}
-	<p>{{.i18n.Tr "repo.settings.add_webhook_desc" "https://docs.gitea.io/en-us/webhooks/" | Str2html}}</p>
-	<form class="ui form" action="{{.BaseLink}}/gitea/{{or .Webhook.ID "new"}}" method="post">
-		{{.CsrfTokenHtml}}
-		<div class="required field {{if .Err_PayloadURL}}error{{end}}">
-			<label for="payload_url">{{.i18n.Tr "repo.settings.payload_url"}}</label>
-			<input id="payload_url" name="payload_url" type="url" value="{{.Webhook.URL}}" autofocus required>
-		</div>
-		<div class="field">
-			<label>{{.i18n.Tr "repo.settings.http_method"}}</label>
-			<div class="ui selection dropdown">
-				<input type="hidden" id="http_method" name="http_method" value="{{if .Webhook.HTTPMethod}}{{.Webhook.HTTPMethod}}{{else}}POST{{end}}">
-				<div class="default text"></div>
-				<i class="dropdown icon"></i>
-				<div class="menu">
-					<div class="item" data-value="POST">POST</div>
-					<div class="item" data-value="GET">GET</div>
-				</div>
-			</div>
-		</div>
-		<div class="field">
-			<label>{{.i18n.Tr "repo.settings.content_type"}}</label>
-			<div class="ui selection dropdown">
-				<input type="hidden" id="content_type" name="content_type" value="{{if .Webhook.ContentType}}{{.Webhook.ContentType}}{{else}}application/json{{end}}">
-				<div class="default text"></div>
-				<i class="dropdown icon"></i>
-				<div class="menu">
-					<div class="item" data-value="1">application/json</div>
-					<div class="item" data-value="2">application/x-www-form-urlencoded</div>
-				</div>
-			</div>
-		</div>
-		<input class="fake" type="password">
-		<div class="field {{if .Err_Secret}}error{{end}}">
-			<label for="secret">{{.i18n.Tr "repo.settings.secret"}}</label>
-			<input id="secret" name="secret" type="password" value="{{.Webhook.Secret}}" autocomplete="off">
-		</div>
-		{{template "repo/settings/webhook/settings" .}}
-	</form>
-{{end}}
+{{if eq .HookType "gitea"}}
+	<p>{{.i18n.Tr "repo.settings.add_webhook_desc" "https://docs.gitea.io/en-us/webhooks/" | Str2html}}</p>
+	<form class="ui form" action="{{.BaseLink}}/gitea/{{or .Webhook.ID "new"}}" method="post">
+		{{.CsrfTokenHtml}}
+		<div class="required field {{if .Err_PayloadURL}}error{{end}}">
+			<label for="payload_url">{{.i18n.Tr "repo.settings.payload_url"}}</label>
+			<input id="payload_url" name="payload_url" type="url" value="{{.Webhook.URL}}" autofocus required>
+		</div>
+		<div class="field">
+			<label>{{.i18n.Tr "repo.settings.http_method"}}</label>
+			<div class="ui selection dropdown">
+				<input type="hidden" id="http_method" name="http_method" value="{{if .Webhook.HTTPMethod}}{{.Webhook.HTTPMethod}}{{else}}POST{{end}}">
+				<div class="default text"></div>
+				<i class="dropdown icon"></i>
+				<div class="menu">
+					<div class="item" data-value="POST">POST</div>
+					<div class="item" data-value="GET">GET</div>
+				</div>
+			</div>
+		</div>
+		<div class="field">
+			<label>{{.i18n.Tr "repo.settings.content_type"}}</label>
+			<div class="ui selection dropdown">
+				<input type="hidden" id="content_type" name="content_type" value="{{if .Webhook.ContentType}}{{.Webhook.ContentType}}{{else}}1{{end}}">
+				<div class="default text"></div>
+				<i class="dropdown icon"></i>
+				<div class="menu">
+					<div class="item" data-value="1">application/json</div>
+					<div class="item" data-value="2">application/x-www-form-urlencoded</div>
+				</div>
+			</div>
+		</div>
+		<input class="fake" type="password">
+		<div class="field {{if .Err_Secret}}error{{end}}">
+			<label for="secret">{{.i18n.Tr "repo.settings.secret"}}</label>
+			<input id="secret" name="secret" type="password" value="{{.Webhook.Secret}}" autocomplete="off">
+		</div>
+		{{template "repo/settings/webhook/settings" .}}
+	</form>
+{{end}}

templates/repo/settings/webhook/gogs.tmpl

@@ -9,7 +9,7 @@
 		<div class="field">
 			<label>{{.i18n.Tr "repo.settings.content_type"}}</label>
 			<div class="ui selection dropdown">
-				<input type="hidden" id="content_type" name="content_type" value="{{if .Webhook.ContentType}}{{.Webhook.ContentType}}{{else}}application/json{{end}}">
+				<input type="hidden" id="content_type" name="content_type" value="{{if .Webhook.ContentType}}{{.Webhook.ContentType}}{{else}}1{{end}}">
 				<div class="default text"></div>
 				<i class="dropdown icon"></i>
 				<div class="menu">

templates/repo/view_list.tmpl

@@ -64,7 +64,7 @@
 					<td>
 						<span class="truncate">
 							<span class="octicon octicon-file-submodule"></span>
-							{{$refURL := $commit.RefURL AppUrl $.BranchLink}}
+							{{$refURL := $commit.RefURL AppUrl $.Repository.FullName}}
 							{{if $refURL}}
 								<a href="{{$refURL}}">{{$entry.Name}}</a> @ <a href="{{$refURL}}/commit/{{$commit.RefID}}">{{ShortSha $commit.RefID}}</a>
 							{{else}}

templates/repo/wiki/revision.tmpl

@@ -21,7 +21,7 @@
 					{{else if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}}
 						<input id="repo-clone-url" value="{{$.WikiCloneLink.SSH}}" readonly>
 					{{end}}
-					{{if or ((not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)))}}
+					{{if or (not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH))}}
 						<button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url">
 							<i class="octicon octicon-clippy"></i>
 						</button>

templates/status/404.tmpl

@@ -1,7 +1,7 @@
 {{template "base/head" .}}
 {{if .IsRepo}}<div class="repository">{{template "repo/header" .}}</div>{{end}}
 <div class="ui container center">
-	<p style="margin-top: 100px"><img src="{{StaticUrlPrefix}}/img/404.png" alt="404"/></p>
+	<p style="margin-top: 100px"><img class="ui centered image" src="{{StaticUrlPrefix}}/img/404.png" alt="404"/></p>
 	<div class="ui divider"></div>
 	<br>
 	{{if .ShowFooterVersion}}<p>Application Version: {{AppVer}}</p>{{end}}

templates/status/500.tmpl

@@ -1,6 +1,6 @@
 {{template "base/head" .}}
 <div class="ui container center">
-	<p style="margin-top: 100px"><img src="{{StaticUrlPrefix}}/img/500.png" alt="500"/></p>
+	<p style="margin-top: 100px"><img class="ui centered image" src="{{StaticUrlPrefix}}/img/500.png" alt="500"/></p>
 	<div class="ui divider"></div>
 	<br>
 	{{if .ErrorMsg}}<p>An error has occurred :</p>

templates/user/settings/account.tmpl

@@ -92,7 +92,7 @@
 								<form action="{{AppSubUrl}}/user/settings/account/email" method="post">
 									{{$.CsrfTokenHtml}}
 									<input name="_method" type="hidden" value="SENDACTIVATION">
-									<input name="id" type="hidden" value="{{if .IsPrimary}}PRIMARY{{else}}}.ID{{end}}">
+									<input name="id" type="hidden" value="{{if .IsPrimary}}PRIMARY{{else}}{{.ID}}{{end}}">
 									{{if $.ActivationsPending}}
 										<button disabled class="ui blue tiny button">{{$.i18n.Tr "settings.activations_pending"}}</button>
 									{{else}}

web_src/js/index.js

@@ -1098,6 +1098,7 @@ function initRepository() {
     $repoComparePull.find('button.show-form').on('click', function (e) {
       e.preventDefault();
       $repoComparePull.find('.pullrequest-form').show();
+      autoSimpleMDE.codemirror.refresh();
       $(this).parent().hide();
     });
   }

web_src/js/publicPath.js

@@ -1,8 +1,10 @@
-/* This sets up webpack's chunk loading to load resources from the same
-  directory where it loaded index.js from. This file must be imported
-  before any lazy-loading is being attempted. */
+// This sets up the URL prefix used in webpack's chunk loading.
+// This file must be imported before any lazy-loading is being attempted.
+const { StaticUrlPrefix } = window.config;
 
-if (document.currentScript && document.currentScript.src) {
+if (StaticUrlPrefix) {
+  __webpack_public_path__ = StaticUrlPrefix.endsWith('/') ? StaticUrlPrefix : `${StaticUrlPrefix}/`;
+} else if (document.currentScript && document.currentScript.src) {
   const url = new URL(document.currentScript.src);
   __webpack_public_path__ = `${url.pathname.replace(/\/[^/]*$/, '')}/`;
 } else {