Commit graph

18841 commits

Author SHA1 Message Date
Earl Warren
0bba3e2158 Merge pull request '[v7.0/forgejo] Add class tw-break-anywhere' (#3720) from bp-v7.0/forgejo-b45fbe1 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3720
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-12 10:48:49 +00:00
0ko
6334a48043 Add class tw-break-anywhere
very partial port of 9946353282 (diff-38f10be6b48c74bcacbf9f6e15cc8582a45b7a6cbd1cdd8efec8e592575290c5) to fix a few picked areas where lack of it causes bugs.

(cherry picked from commit b45fbe1dcc)
2024-05-11 18:13:28 +00:00
Earl Warren
ba1f73f550 Merge pull request '[v7.0/forgejo] templates: Be more forgiving about missing package metadata' (#3705) from bp-v7.0/forgejo-ac4d535 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3705
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-10 18:47:36 +00:00
Gergely Nagy
00cfe9aef9 templates: Be more forgiving about missing package metadata
When rendering templates for packages, be more forgiving about missing
metadata. For some repository types - like maven - metadata is uploaded
separately. If that upload fails, or does not happen, there will be no
metadata.

In that case, Forgejo should handle it gracefully, and render as much of
the information as possible, without erroring out. Rendering without
metadata allows one to delete a partial package, while if we throw
errors, that becomes a whole lot harder.

This patch adjusts the generic metadata template, and also the maven
template. There may be more cases of the same problem lying around.

Fixes #3663.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ac4d535dbf)
2024-05-10 18:10:25 +00:00
Earl Warren
d8fda28dfc Merge pull request '[v7.0/forgejo] Fix some 7.0 missing variables' (#3688) from bp-v7.0/forgejo-0dc35c9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3688
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 19:30:27 +00:00
Earl Warren
7afee47817 Merge pull request '[v7.0/forgejo] Teach activities.GetFeeds() how to avoid returning duplicates' (#3687) from bp-v7.0/forgejo-9cb2aa9 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3687
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 19:29:39 +00:00
0ko
887c050ea3 [THEME] Fix some 7.0 missing variables
(cherry picked from commit 0dc35c9df9)
2024-05-09 18:52:33 +00:00
Gergely Nagy
9ba48419ba Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9cb2aa989a)
2024-05-09 18:37:30 +00:00
Earl Warren
283b678146 Merge pull request '[v7.0/forgejo] Fix an incorrect form submission in repo-issue.js' (#3677) from bp-v7.0/forgejo-f4dd53d into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3677
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-08 21:49:06 +00:00
Gergely Nagy
b6be9fb901 Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f4dd53d79d)
2024-05-08 21:16:08 +00:00
Earl Warren
767d292c83 Merge pull request '[v7.0/forgejo] Cumulative English improvements (May 2024)' (#3674) from bp-v7.0/forgejo-b11eddf into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3674
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 19:16:24 +00:00
0ko
8d3c6251a7 [I18N] English improvements (May 2024)
- `editor.commit_id_not_matching` was reported by https://codeberg.org/kita. I confirmed the meaning on next.forgejo.org.
- `additional_repo_units_hint` was suggested by https://codeberg.org/leana8959.

(cherry picked from commit b11eddfaa8)
2024-05-08 17:09:24 +00:00
Earl Warren
94ce24cf92 Merge pull request '[v7.0/forgejo] fix(security): CVE-2024-24788 malformed DNS message' (#3673) from bp-v7.0/forgejo-f3045f0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3673
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:02:19 +00:00
Earl Warren
696ed328fb fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
(cherry picked from commit f3045f0519)
2024-05-08 14:47:59 +00:00
Earl Warren
dd3487dbbf Merge pull request '[v1.22/gitea] week 2024-19 cherry pick v7.0' (#3659) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3659
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:48:50 +00:00
Earl Warren
18249e58be Merge pull request '[v7.0/forgejo] Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed' (#3660) from earl-warren/forgejo:wip-v7.0-chi-binding into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3660
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-07 08:56:40 +00:00
Earl Warren
f8a3482cdb
Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed
(cherry picked from commit 58bf120eba)

Conflicts: trivial context conflicts
2024-05-07 08:35:25 +01:00
yp05327
da993b09ad
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 6a4bc0289d)
2024-05-07 08:21:38 +01:00
Kemal Zebari
6ae15bc15e
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
(cherry picked from commit e388822e9d)
2024-05-07 08:17:35 +01:00
Giteabot
f30c648037
Ignore useless error message "broken pipe" (#30801) (#30842)
Backport #30801 by wxiaoguang

Fix #30792

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ab2ef1ae49bc5e81d0debac85aee687a64fde8b3)
2024-05-07 08:15:36 +01:00
Giteabot
248a5b8d7a
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6d83f5eddc0f394f6386e80b86a3221f6f4925ff)
2024-05-07 08:14:22 +01:00
Kemal Zebari
5678e9ab20
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 9cd0441cd3)
2024-05-07 08:12:34 +01:00
silverwind
a7124df0c5
Add hover outline to heatmap squares (#30828)
Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

(cherry picked from commit 6f89d5e3a0886d02ead732005f593ae003f78f78)
2024-05-07 08:09:44 +01:00
wxiaoguang
abf40ee957
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
(cherry picked from commit 4e35e5b8ae)
2024-05-07 07:59:45 +01:00
Earl Warren
7be345f88e Merge pull request '[v7.0/forgejo] Improve repo filter names' (#3641) from bp-v7.0/forgejo-82f7308 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3641
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-05 14:49:03 +00:00
0ko
8b1d84797f [I18N] Improve repo filter names
(cherry picked from commit 82f7308e1b)
2024-05-05 12:15:56 +00:00
Earl Warren
ba0ed5823c Merge pull request '[UI] Fix commit messages breaking out of event history' (#3640) from 0ko/forgejo:ui-fix-break-out into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3640
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:12:09 +00:00
0ko
e59f92dec8 [UI] Fix commit messages breaking out of event history
Regression of 8b54d38cbe.
This is 7.0 specific path for the issue. The design of this area is not compatible with 8.0, and thus there's no startightforward way to make it look like on 8.0.
2024-05-05 15:40:25 +05:00
forgejo-backport-action
10b919d3ca [v7.0/forgejo] [I18N] Translations update from Weblate (#3631)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3508

Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3631
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-04 19:24:41 +00:00
Earl Warren
f45a6cb3b7 Merge pull request '[v7.0/forgejo] FIX gogs migration if gogs is hosted at a subpath' (#3588) from bp-v7.0/forgejo-4a2959b into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3588
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-03 17:17:00 +00:00
Otto
5b6a375d05 Merge pull request '[v7.0/forgejo] Fix text selection color' (#3611) from bp-v7.0/forgejo-787b16a into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3611
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 22:06:17 +00:00
Earl Warren
ac34a68a93 Merge pull request 'Port Fix checkbox field markup' (#3592) from 0ko/forgejo:a-commit into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3592
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 18:10:20 +00:00
Earl Warren
fcf85b12af Merge pull request '[v7.0/forgejo] UI: Actions: Replace runs list description semicolon' (#3582) from bp-v7.0/forgejo-870a1c8 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3582
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 18:01:28 +00:00
Earl Warren
2949bbcad1 Merge pull request '[v7.0/forgejo] Show repo count in blocked users tab' (#3609) from bp-v7.0/forgejo-d50efa6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3609
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 17:49:17 +00:00
0ko
b23d4ec4bb [THEME] fix text selection color
regression of c2280a2009

(cherry picked from commit 787b16a7be)
2024-05-02 17:46:07 +00:00
Panagiotis "Ivory" Vasilopoulos
d758633c91 UI: Actions: Replace runs list description semicolon
The current format makes the text look somewhat like this:

```
testing.yml #15065 :Commit 103306f00c pushed by n0toose
```

This looks wrong. We will have to work on that list at a later point
in time anyways, as well as make the way that we separate information
in subheaders in lists like this one more consistent.

However, this should do for now.

This change should make each entry look like this instead:

```
testing.yml #15065 - Commit 103306f00c pushed by n0toose
```

(cherry picked from commit 870a1c85c7)
2024-05-02 17:10:28 +00:00
JakobDev
d449fcff0a Show repo count in blocked users tab (#3601)
Fixes #3595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3601
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit d50efa626a)
2024-05-02 17:10:06 +00:00
Earl Warren
a7400b1812 Merge pull request 'Upgrade github.com/editorconfig-checker/editorconfig-checker to v2.8.0' (#3610) from earl-warren/forgejo:wip-lint-editorconfig into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3610
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: thefox <thefox@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 17:09:33 +00:00
Earl Warren
a6d31a30a2
Upgrade github.com/editorconfig-checker/editorconfig-checker to v2.8.0
Manual backport: https://codeberg.org/forgejo/forgejo/pulls/3181
because it conflicts with a number of evolutions in how the tools are
upgraded in the development branch.
2024-05-02 17:38:26 +01:00
forgejo-backport-action
4b79a98910 Fix inconsistent required field (#3591)
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3591
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-01 19:05:43 +00:00
silverwind
b917571d81 Fix checkbox field markup (#30666)
Fixes https://github.com/go-gitea/gitea/issues/30664.

Previous use was not a supported way by fomantic and the misuse only
became visible after the checkbox migration.

(cherry picked from commit 1a2ae64b16f10b8d1e17197d18b9eb373faf58db)
2024-05-01 23:31:42 +05:00
varp0n
c91f7d3599 FIX gogs migration if gogs is hosted at a subpath (#3572)
Also add a test for GogsDownloaderFactory.New() to make sure
that the URL of the source repository is parsed correctly.

When the source gogs instance is hosted at a subpath like `https://git.example.com/gogs/<username>/<reponame>` the migration fails.
This PR fixes that.

Co-authored-by: hecker <tomas.hecker@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3572
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: varp0n <tom@gkstn.de>
Co-committed-by: varp0n <tom@gkstn.de>
(cherry picked from commit 4a2959b3ec)
2024-05-01 16:32:17 +00:00
Earl Warren
9d1ffeaf8d Merge pull request '[skip ci] [v7.0/forgejo] docs(release-notes): 7.0.2' (#3586) from earl-warren/forgejo:wip-release-notes-v7.0.2 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3586
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-01 14:35:52 +00:00
Earl Warren
9db70035b1
[skip ci] docs(release-notes): 7.0.2
(cherry picked from commit a050b546b9)
2024-05-01 15:05:28 +02:00
Earl Warren
ad0b97c7c2 Merge pull request '[v1.22/gitea] week 2024-18 cherry pick v7.0 (take 2)' (#3580) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3580
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-01 12:36:57 +00:00
Earl Warren
61230e72b5 Merge pull request '[v7.0/forgejo] Fix Issue watching / unwatching on the web ui' (#3585) from algernon/forgejo:backport/v7.0/3562 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3585
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 12:26:04 +00:00
forgejo-backport-action
50b7009603 [v7.0/forgejo] Add inline attachments to comments and prevent double handling of mails (#3566)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3504

If incoming email is configured and an email is sent, inline attachments are currently not added to the comment if it has the `Content-Disposition: inline` instead of `Content-Disposition: attachment` as e.g. with Apple Mail.

This adds inline attachments (`Content-Disposition: inline`) that *have a filename* as attachment to the comment. Other elements with `Content-Disposition: inline` are not attached as attachment to the comment.

In addition, a check has been added to prevent mails from being processed twice.

Fixes #3496

Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3566
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-01 12:19:38 +00:00
Gergely Nagy
36b8e68eee
Add a test case for unsubscribing from an issue
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy
f83ae0fad2
tests: Support creating a declarative repo without AutoInit
To be able to easily test cases where the repository does not have any
code, where the git repo itself is completely uninitialized, lets
support a case where the `AutoInit` property is false.

For the sake of backwards compatibility, if the option is not set either
way, it will default to `true`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy
6f35a5ab90
Fix Issue watching / unwatching on the web ui
When subscribing or unsubscribing to/from an issue on the web ui, the
request was posted to a route handled by `repo.IssueWatch`. This
function used `ctx.Req.PostForm.Get()`, erroneously.

`request.PostForm` is *only* available if `request.ParseForm()` has been
called before it. The function in question did not do that. Under some
circumstances, something, somewhere did end up calling `ParseForm()`,
but not in every scenario.

Since we do not need to check for multiple values, the easiest fix here
is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if
necessary.

Fixes #3516.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00