Changelog for 1.15.11 (#18455 )

## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29 * SECURITY * Only view milestones from current repo (#18414) (#18418) * BUGFIXES * Fix broken when no commits and default branch is not master (#18422) (#18424) * Fix commit's time (#18375) (#18409) * Fix restore without topic failure (#18387) (#18401) * Fix mermaid import in 1.15 (it uses ESModule now) (#18382) * Update to go/text 0.3.7 (#18336) * MISC * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
Fix broken when no commits and default branch is not master (#18424 )
2026-02-10 09:58:08 +00:00 · 2022-01-30 01:27:13 +01:00 · 2022-01-28 14:48:18 +08:00 · 2022-01-26 22:09:35 +00:00 · 2022-01-26 11:16:13 +08:00 · 2022-01-25 21:50:02 +00:00
55 changed files with 1173 additions and 562 deletions
@@ -4,6 +4,50 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

+
+## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29
+
+* SECURITY
+  * Only view milestones from current repo (#18414) (#18418)
+* BUGFIXES
+  * Fix broken when no commits and default branch is not master (#18422) (#18424)
+  * Fix commit's time (#18375) (#18409)
+  * Fix restore without topic failure (#18387) (#18401)
+  * Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
+  * Update to go/text 0.3.7 (#18336)
+* MISC
+  * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
+
+## [1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14
+
+* BUGFIXES
+  * Fix inconsistent PR comment counts (#18260) (#18261)
+  * Fix release link broken (#18252) (#18253)
+  * Fix update user from site administration page bug (#18250) (#18251)
+  * Set HeadCommit when creating tags (#18116) (#18173)
+  * Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
+  * Fix purple color in suggested label colors (#18241) (#18242)
+* SECURITY
+  * Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
+
+## [1.15.9](https://github.com/go-gitea/gitea/releases/tag/v1.15.9) - 2021-12-30
+
+* BUGFIXES
+  * Fix wrong redirect on org labels (#18128) (#18134)
+  * Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
+  * Revert "Fix delete u2f keys bug (#18042)" (#18107)
+  * Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
+  * Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
+  * Reset locale on login (#17734) (#18100)
+  * Correctly handle failed migrations (#17575) (#18099)
+  * Instead of using routerCtx just escape the url before routing (#18086) (#18098)
+  * Quote references to the user table in consistency checks (#18072) (#18073)
+  * Add NotFound handler (#18062) (#18067)
+  * Ensure that git repository is closed before transfer (#18049) (#18057)
+  * Use common sessioner for API and web routes (#18114)
+* TRANSLATION
+  * Fix code search result hint on zh-CN (#18053)
+
 ## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-20

 * BUGFIXES
@@ -128,7 +128,7 @@ require (
 	golang.org/x/net v0.0.0-20211020060615-d418f374d309
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
-	golang.org/x/text v0.3.6
+	golang.org/x/text v0.3.7
 	golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6 // indirect
 	golang.org/x/tools v0.1.0
 	google.golang.org/protobuf v1.27.1 // indirect
@@ -1485,8 +1485,9 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -33,6 +33,7 @@ func TestLinksNoLogin(t *testing.T) {
 		"/user/forgot_password",
 		"/api/swagger",
 		"/user2/repo1",
+		"/user2/repo1/",
 		"/user2/repo1/projects",
 		"/user2/repo1/projects/1",
 		"/assets/img/404.png",
@@ -18,7 +18,7 @@ func TestSignOut(t *testing.T) {
 	session.MakeRequest(t, req, http.StatusFound)

 	// try to view a private repo, should fail
-	req = NewRequest(t, "GET", "/user2/repo2/")
+	req = NewRequest(t, "GET", "/user2/repo2")
 	session.MakeRequest(t, req, http.StatusNotFound)

 	// invalidate cached cookies for user2, for subsequent tests
@@ -1145,17 +1145,17 @@ type IssuesOptions struct {
 func sortIssuesSession(sess *xorm.Session, sortType string, priorityRepoID int64) {
 	switch sortType {
 	case "oldest":
-		sess.Asc("issue.created_unix")
+		sess.Asc("issue.created_unix").Asc("issue.id")
 	case "recentupdate":
-		sess.Desc("issue.updated_unix")
+		sess.Desc("issue.updated_unix").Desc("issue.created_unix").Desc("issue.id")
 	case "leastupdate":
-		sess.Asc("issue.updated_unix")
+		sess.Asc("issue.updated_unix").Asc("issue.created_unix").Asc("issue.id")
 	case "mostcomment":
-		sess.Desc("issue.num_comments")
+		sess.Desc("issue.num_comments").Desc("issue.created_unix").Desc("issue.id")
 	case "leastcomment":
-		sess.Asc("issue.num_comments")
+		sess.Asc("issue.num_comments").Desc("issue.created_unix").Desc("issue.id")
 	case "priority":
-		sess.Desc("issue.priority")
+		sess.Desc("issue.priority").Desc("issue.created_unix").Desc("issue.id")
 	case "nearduedate":
 		// 253370764800 is 01/01/9999 @ 12:00am (UTC)
 		sess.Join("LEFT", "milestone", "issue.milestone_id = milestone.id").
@@ -1163,17 +1163,25 @@ func sortIssuesSession(sess *xorm.Session, sortType string, priorityRepoID int64
 				"WHEN issue.deadline_unix = 0 AND (milestone.deadline_unix = 0 OR milestone.deadline_unix IS NULL) THEN 253370764800 " +
 				"WHEN milestone.deadline_unix = 0 OR milestone.deadline_unix IS NULL THEN issue.deadline_unix " +
 				"WHEN milestone.deadline_unix < issue.deadline_unix OR issue.deadline_unix = 0 THEN milestone.deadline_unix " +
-				"ELSE issue.deadline_unix END ASC")
+				"ELSE issue.deadline_unix END ASC").
+			Desc("issue.created_unix").
+			Desc("issue.id")
 	case "farduedate":
 		sess.Join("LEFT", "milestone", "issue.milestone_id = milestone.id").
 			OrderBy("CASE " +
 				"WHEN milestone.deadline_unix IS NULL THEN issue.deadline_unix " +
 				"WHEN milestone.deadline_unix < issue.deadline_unix OR issue.deadline_unix = 0 THEN milestone.deadline_unix " +
-				"ELSE issue.deadline_unix END DESC")
+				"ELSE issue.deadline_unix END DESC").
+			Desc("issue.created_unix").
+			Desc("issue.id")
 	case "priorityrepo":
-		sess.OrderBy("CASE WHEN issue.repo_id = " + strconv.FormatInt(priorityRepoID, 10) + " THEN 1 ELSE 2 END, issue.created_unix DESC")
+		sess.OrderBy("CASE " +
+			"WHEN issue.repo_id = " + strconv.FormatInt(priorityRepoID, 10) + " THEN 1 " +
+			"ELSE 2 END ASC").
+			Desc("issue.created_unix").
+			Desc("issue.id")
 	default:
-		sess.Desc("issue.created_unix")
+		sess.Desc("issue.created_unix").Desc("issue.id")
 	}
 }

@@ -762,13 +762,12 @@ func updateCommentInfos(e *xorm.Session, opts *CreateCommentOptions, comment *Co
 			}
 		}
 		fallthrough
-	case CommentTypeReview:
-		fallthrough
 	case CommentTypeComment:
 		if _, err = e.Exec("UPDATE `issue` SET num_comments=num_comments+1 WHERE id=?", opts.Issue.ID); err != nil {
 			return err
 		}
-
+		fallthrough
+	case CommentTypeReview:
 		// Check attachments
 		attachments, err := getAttachmentsByUUIDs(e, opts.Attachments)
 		if err != nil {
@@ -127,22 +127,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
 	return &mile, nil
 }

-// GetMilestoneByID returns the milestone via id .
-func GetMilestoneByID(id int64) (*Milestone, error) {
-	return getMilestoneByID(x, id)
-}
-
-func getMilestoneByID(e Engine, id int64) (*Milestone, error) {
-	var m Milestone
-	has, err := e.ID(id).Get(&m)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
-	}
-	return &m, nil
-}
-
 // UpdateMilestone updates information of given milestone.
 func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
 	sess := x.NewSession()
@@ -1095,7 +1095,7 @@ func updateUser(e Engine, u *User, changePrimaryEmail bool) error {
 			if _, err := e.Insert(&emailAddress); err != nil {
 				return err
 			}
-		} else if _, err := e.ID(emailAddress).Cols("is_primary").Update(&EmailAddress{
+		} else if _, err := e.ID(emailAddress.ID).Cols("is_primary").Update(&EmailAddress{
 			IsPrimary: true,
 		}); err != nil {
 			return err
@@ -223,6 +223,9 @@ func APIAuth(authMethod auth.Auth) func(*APIContext) {
 		// Get user from session if logged in.
 		ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
 		if ctx.User != nil {
+			if ctx.Locale.Language() != ctx.User.Language {
+				ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
+			}
 			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
 			ctx.IsSigned = true
 			ctx.Data["IsSigned"] = ctx.IsSigned
@@ -642,6 +642,9 @@ func Auth(authMethod auth.Auth) func(*Context) {
 	return func(ctx *Context) {
 		ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
 		if ctx.User != nil {
+			if ctx.Locale.Language() != ctx.User.Language {
+				ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
+			}
 			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
 			ctx.IsSigned = true
 			ctx.Data["IsSigned"] = ctx.IsSigned
@@ -670,9 +673,6 @@ func Contexter() func(next http.Handler) http.Handler {
 			var startTime = time.Now()
 			var link = setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/")

-			chiCtx := chi.RouteContext(req.Context())
-			chiCtx.RoutePath = req.URL.EscapedPath()
-
 			var ctx = Context{
 				Resp:    NewResponse(resp),
 				Cache:   mc.GetCache(),
@@ -159,13 +159,13 @@ func checkDBConsistency(logger log.Logger, autofix bool) error {
 			"lfs_lock", "repository", "lfs_lock.repo_id=repository.id"),
 		// find collaborations without users
 		genericOrphanCheck("Collaborations without existing user",
-			"collaboration", "user", "collaboration.user_id=user.id"),
+			"collaboration", "user", "collaboration.user_id=`user`.id"),
 		// find collaborations without repository
 		genericOrphanCheck("Collaborations without existing repository",
 			"collaboration", "repository", "collaboration.repo_id=repository.id"),
 		// find access without users
 		genericOrphanCheck("Access entries without existing user",
-			"access", "user", "access.user_id=user.id"),
+			"access", "user", "access.user_id=`user`.id"),
 		// find access without repository
 		genericOrphanCheck("Access entries without existing repository",
 			"access", "repository", "access.repo_id=repository.id"),
@@ -75,16 +75,16 @@ func InitRepository(repoPath string, bare bool) error {

 // IsEmpty Check if repository is empty.
 func (repo *Repository) IsEmpty() (bool, error) {
-	var errbuf strings.Builder
-	if err := NewCommand("log", "-1").RunInDirPipeline(repo.Path, nil, &errbuf); err != nil {
-		if strings.Contains(errbuf.String(), "fatal: bad default revision 'HEAD'") ||
-			strings.Contains(errbuf.String(), "fatal: your current branch 'master' does not have any commits yet") {
-			return true, nil
-		}
+	var errbuf, output strings.Builder
+	if err := NewCommand("rev-list", "--all", "--count", "--max-count=1").RunInDirPipeline(repo.Path, &output, &errbuf); err != nil {
 		return true, fmt.Errorf("check empty: %v - %s", err, errbuf.String())
 	}

-	return false, nil
+	c, err := strconv.Atoi(strings.TrimSpace(output.String()))
+	if err != nil {
+		return true, fmt.Errorf("check empty: convert %s to count failed: %v", output.String(), err)
+	}
+	return c == 0, nil
 }

 // CloneRepoOptions options when clone a repository
@@ -98,6 +98,9 @@ func (r *RepositoryRestorer) GetTopics() ([]string, error) {

 	bs, err := ioutil.ReadFile(p)
 	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, nil
+		}
 		return nil, err
 	}

@@ -58,6 +58,9 @@ func runMigrateTask(t *models.Task) (err error) {
 		t.EndTime = timeutil.TimeStampNow()
 		t.Status = structs.TaskStatusFailed
 		t.Message = err.Error()
+		// Ensure that the repo loaded before we zero out the repo ID from the task - thus ensuring that we can delete it
+		_ = t.LoadRepo()
+
 		t.RepoID = 0
 		if err := t.UpdateCols("status", "errors", "repo_id", "end_time"); err != nil {
 			log.Error("Task UpdateCols failed: %v", err)
@@ -92,7 +92,7 @@ func CreateMigrateTask(doer, u *models.User, opts base.MigrateOptions) (*models.
 		return nil, err
 	}

-	var task = models.Task{
+	var task = &models.Task{
 		DoerID:         doer.ID,
 		OwnerID:        u.ID,
 		Type:           structs.TaskTypeMigrateRepo,
@@ -100,7 +100,7 @@ func CreateMigrateTask(doer, u *models.User, opts base.MigrateOptions) (*models.
 		PayloadContent: string(bs),
 	}

-	if err := models.CreateTask(&task); err != nil {
+	if err := models.CreateTask(task); err != nil {
 		return nil, err
 	}

@@ -128,5 +128,5 @@ func CreateMigrateTask(doer, u *models.User, opts base.MigrateOptions) (*models.
 		return nil, err
 	}

-	return &task, nil
+	return task, nil
 }
@@ -31,7 +31,10 @@ func Open(uriStr string) (io.ReadCloser, error) {
 	switch strings.ToLower(u.Scheme) {
 	case "http", "https":
 		f, err := http.Get(uriStr)
-		return f.Body, err
+		if err != nil {
+			return nil, err
+		}
+		return f.Body, nil
 	case "file":
 		return os.Open(u.Path)
 	default:
@@ -896,11 +896,12 @@ migrate.migrate = Migrate From %s
 migrate.migrating = Migrating from <b>%s</b> ...
 migrate.migrating_failed = Migrating from <b>%s</b> failed.
 migrate.migrating_failed.error = Error: %s
-migrate.github.description = Migrating data from Github.com or Github Enterprise.
-migrate.git.description = Migrating or Mirroring git data from Git services
-migrate.gitlab.description = Migrating data from GitLab.com or Self-Hosted gitlab server.
-migrate.gitea.description = Migrating data from Gitea.com or Self-Hosted Gitea server.
-migrate.gogs.description = Migrating data from notabug.org or other Self-Hosted Gogs server.
+migrate.github.description = Migrate data from github.com or other Github instances.
+migrate.git.description = Migrate a repository only from any Git service.
+migrate.gitlab.description = Migrate data from gitlab.com or other GitLab instances.
+migrate.gitea.description = Migrate data from gitea.com or other Gitea instances.
+migrate.gogs.description = Migrate data from notabug.org or other Gogs instances.
+migrate.onedev.description = Migrate data from code.onedev.io or other OneDev instances.
 migrate.migrating_git = Migrating Git Data
 migrate.migrating_topics = Migrating Topics
 migrate.migrating_milestones = Migrating Milestones
@@ -630,8 +630,8 @@ last_used=上次使用在
 no_activity=没有最近活动
 can_read_info=读取
 can_write_info=写入
-key_state_desc=7 天内使用过该密钥 
-token_state_desc=7 天内使用过该密钥 
+key_state_desc=7 天内使用过该密钥
+token_state_desc=7 天内使用过该密钥
 principal_state_desc=7 天内使用过该规则
 show_openid=在个人信息上显示
 hide_openid=在个人信息上隐藏
@@ -808,7 +808,7 @@ watchers=关注者
 stargazers=称赞者
 forks=派生仓库
 pick_reaction=选择你的表情
-reactions_more=再加载 %d 
+reactions_more=再加载 %d
 unit_disabled=站点管理员已禁用此仓库单元。
 language_other=其它
 adopt_search=输入用户名以搜索未被收录的仓库... (留空以查找全部)
@@ -1611,7 +1611,7 @@ search=搜索
 search.search_repo=搜索仓库...
 search.fuzzy=模糊
 search.match=匹配
-search.results=在 <a href="%s"> %s </a> 中搜索 "%s" 的结果
+search.results=在 <a href="%[2]s"> %[3]s </a> 中搜索 "%[1]s" 的结果

 settings=设置
 settings.desc=设置是你可以管理仓库设置的地方
@@ -9,10 +9,10 @@
    "@claviska/jquery-minicolors": "2.3.5",
    "@primer/octicons": "13.0.0",
    "add-asset-webpack-plugin": "2.0.1",
-    "codemirror": "5.61.0",
+    "codemirror": "5.65.0",
    "css-loader": "5.2.4",
    "dropzone": "5.9.2",
-    "easymde": "2.15.0",
+    "easymde": "2.16.1",
    "esbuild-loader": "2.13.0",
    "escape-goat": "4.0.0",
    "fast-glob": "3.2.5",
@@ -22,7 +22,7 @@
    "less": "4.1.1",
    "less-loader": "8.1.1",
    "license-checker-webpack-plugin": "0.2.1",
-    "mermaid": "8.10.1",
+    "mermaid": "8.13.8",
    "mini-css-extract-plugin": "1.6.0",
    "monaco-editor": "0.24.0",
    "monaco-editor-webpack-plugin": "3.1.0",
@@ -87,7 +87,6 @@ import (
 	"code.gitea.io/gitea/services/forms"

 	"gitea.com/go-chi/binding"
-	"gitea.com/go-chi/session"
 	"github.com/go-chi/cors"
 )

@@ -547,20 +546,10 @@ func bind(obj interface{}) http.HandlerFunc {
 }

 // Routes registers all v1 APIs routes to web application.
-func Routes() *web.Route {
+func Routes(sessioner func(next http.Handler) http.Handler) *web.Route {
 	var m = web.NewRoute()

-	m.Use(session.Sessioner(session.Options{
-		Provider:       setting.SessionConfig.Provider,
-		ProviderConfig: setting.SessionConfig.ProviderConfig,
-		CookieName:     setting.SessionConfig.CookieName,
-		CookiePath:     setting.SessionConfig.CookiePath,
-		Gclifetime:     setting.SessionConfig.Gclifetime,
-		Maxlifetime:    setting.SessionConfig.Maxlifetime,
-		Secure:         setting.SessionConfig.Secure,
-		SameSite:       setting.SessionConfig.SameSite,
-		Domain:         setting.SessionConfig.Domain,
-	}))
+	m.Use(sessioner)
 	m.Use(securityHeaders())
 	if setting.CORSConfig.Enabled {
 		m.Use(cors.Handler(cors.Options{
@@ -96,6 +96,11 @@ func Transfer(ctx *context.APIContext) {
 		}
 	}

+	if ctx.Repo.GitRepo != nil {
+		ctx.Repo.GitRepo.Close()
+		ctx.Repo.GitRepo = nil
+	}
+
 	if err := repo_service.StartRepositoryTransfer(ctx.User, newOwner, ctx.Repo.Repository, teams); err != nil {
 		if models.IsErrRepoTransferInProgress(err) {
 			ctx.Error(http.StatusConflict, "CreatePendingRepositoryTransfer", err)
@@ -22,6 +22,9 @@ func Middlewares() []func(http.Handler) http.Handler {
 	var handlers = []func(http.Handler) http.Handler{
 		func(next http.Handler) http.Handler {
 			return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+				// First of all escape the URL RawPath to ensure that all routing is done using a correctly escaped URL
+				req.URL.RawPath = req.URL.EscapedPath()
+
 				next.ServeHTTP(context.NewResponse(resp), req)
 			})
 		},
@@ -40,6 +40,8 @@ import (
 	pull_service "code.gitea.io/gitea/services/pull"
 	"code.gitea.io/gitea/services/repository"
 	"code.gitea.io/gitea/services/webhook"
+
+	"gitea.com/go-chi/session"
 )

 // NewServices init new services
@@ -144,8 +146,20 @@ func NormalRoutes() *web.Route {
 		r.Use(middle)
 	}

-	r.Mount("/", web_routers.Routes())
-	r.Mount("/api/v1", apiv1.Routes())
+	sessioner := session.Sessioner(session.Options{
+		Provider:       setting.SessionConfig.Provider,
+		ProviderConfig: setting.SessionConfig.ProviderConfig,
+		CookieName:     setting.SessionConfig.CookieName,
+		CookiePath:     setting.SessionConfig.CookiePath,
+		Gclifetime:     setting.SessionConfig.Gclifetime,
+		Maxlifetime:    setting.SessionConfig.Maxlifetime,
+		Secure:         setting.SessionConfig.Secure,
+		SameSite:       setting.SessionConfig.SameSite,
+		Domain:         setting.SessionConfig.Domain,
+	})
+
+	r.Mount("/", web_routers.Routes(sessioner))
+	r.Mount("/api/v1", apiv1.Routes(sessioner))
 	r.Mount("/api/internal", private.Routes())
 	return r
 }
@@ -94,7 +94,7 @@ func DeleteLabel(ctx *context.Context) {
 func InitializeLabels(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.InitializeLabelsForm)
 	if ctx.HasError() {
-		ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+		ctx.Redirect(ctx.Org.OrgLink + "/labels")
 		return
 	}

@@ -51,17 +51,15 @@ const (
 	issueTemplateTitleKey = "IssueTemplateTitle"
 )

-var (
-	// IssueTemplateCandidates issue templates
-	IssueTemplateCandidates = []string{
-		"ISSUE_TEMPLATE.md",
-		"issue_template.md",
-		".gitea/ISSUE_TEMPLATE.md",
-		".gitea/issue_template.md",
-		".github/ISSUE_TEMPLATE.md",
-		".github/issue_template.md",
-	}
-)
+// IssueTemplateCandidates issue templates
+var IssueTemplateCandidates = []string{
+	"ISSUE_TEMPLATE.md",
+	"issue_template.md",
+	".gitea/ISSUE_TEMPLATE.md",
+	".gitea/issue_template.md",
+	".github/ISSUE_TEMPLATE.md",
+	".github/issue_template.md",
+}

 // MustAllowUserComment checks to make sure if an issue is locked.
 // If locked and user has permissions to write to the repository,
@@ -239,7 +237,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
 		}
 	}

-	var issueList = models.IssueList(issues)
+	issueList := models.IssueList(issues)
 	approvalCounts, err := issueList.GetApprovalCounts()
 	if err != nil {
 		ctx.ServerError("ApprovalCounts", err)
@@ -422,7 +420,6 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repos
 }

 func retrieveProjects(ctx *context.Context, repo *models.Repository) {
-
 	var err error

 	ctx.Data["OpenProjects"], _, err = models.GetProjects(models.ProjectSearchOptions{
@@ -781,7 +778,7 @@ func NewIssue(ctx *context.Context) {

 	milestoneID := ctx.QueryInt64("milestone")
 	if milestoneID > 0 {
-		milestone, err := models.GetMilestoneByID(milestoneID)
+		milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
 		if err != nil {
 			log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
 		} else {
@@ -865,7 +862,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
 	// Check milestone.
 	milestoneID := form.MilestoneID
 	if milestoneID > 0 {
-		ctx.Data["Milestone"], err = repo.GetMilestoneByID(milestoneID)
+		ctx.Data["Milestone"], err = models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
 		if err != nil {
 			ctx.ServerError("GetMilestoneByID", err)
 			return nil, nil, 0, 0
@@ -2446,7 +2443,7 @@ func filterXRefComments(ctx *context.Context, issue *models.Issue) error {
 // GetIssueAttachments returns attachments for the issue
 func GetIssueAttachments(ctx *context.Context) {
 	issue := GetActionIssue(ctx)
-	var attachments = make([]*api.Attachment, len(issue.Attachments))
+	attachments := make([]*api.Attachment, len(issue.Attachments))
 	for i := 0; i < len(issue.Attachments); i++ {
 		attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i])
 	}
@@ -2460,7 +2457,7 @@ func GetCommentAttachments(ctx *context.Context) {
 		ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
 		return
 	}
-	var attachments = make([]*api.Attachment, 0)
+	attachments := make([]*api.Attachment, 0)
 	if comment.Type == models.CommentTypeComment {
 		if err := comment.LoadAttachments(); err != nil {
 			ctx.ServerError("LoadAttachments", err)
@@ -77,7 +77,14 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam
 	case migrations.IsTwoFactorAuthError(err):
 		ctx.RenderWithErr(ctx.Tr("form.2fa_auth_required"), tpl, form)
 	case models.IsErrReachLimitOfRepo(err):
-		ctx.RenderWithErr(ctx.Tr("repo.form.reach_limit_of_creation", owner.MaxCreationLimit()), tpl, form)
+		var msg string
+		maxCreationLimit := owner.MaxCreationLimit()
+		if maxCreationLimit == 1 {
+			msg = ctx.Tr("repo.form.reach_limit_of_creation_1", maxCreationLimit)
+		} else {
+			msg = ctx.Tr("repo.form.reach_limit_of_creation_n", maxCreationLimit)
+		}
+		ctx.RenderWithErr(msg, tpl, form)
 	case models.IsErrRepoAlreadyExist(err):
 		ctx.Data["Err_RepoName"] = true
 		ctx.RenderWithErr(ctx.Tr("form.repo_name_been_taken"), tpl, form)
@@ -268,7 +268,7 @@ func DeleteMilestone(ctx *context.Context) {
 // MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
 func MilestoneIssuesAndPulls(ctx *context.Context) {
 	milestoneID := ctx.ParamsInt64(":id")
-	milestone, err := models.GetMilestoneByID(milestoneID)
+	milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
 	if err != nil {
 		if models.IsErrMilestoneNotExist(err) {
 			ctx.NotFound("GetMilestoneByID", err)
@@ -158,7 +158,14 @@ func Create(ctx *context.Context) {
 func handleCreateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form interface{}) {
 	switch {
 	case models.IsErrReachLimitOfRepo(err):
-		ctx.RenderWithErr(ctx.Tr("repo.form.reach_limit_of_creation", owner.MaxCreationLimit()), tpl, form)
+		var msg string
+		maxCreationLimit := owner.MaxCreationLimit()
+		if maxCreationLimit == 1 {
+			msg = ctx.Tr("repo.form.reach_limit_of_creation_1", maxCreationLimit)
+		} else {
+			msg = ctx.Tr("repo.form.reach_limit_of_creation_n", maxCreationLimit)
+		}
+		ctx.RenderWithErr(msg, tpl, form)
 	case models.IsErrRepoAlreadyExist(err):
 		ctx.Data["Err_RepoName"] = true
 		ctx.RenderWithErr(ctx.Tr("form.repo_name_been_taken"), tpl, form)
@@ -319,6 +326,11 @@ func acceptOrRejectRepoTransfer(ctx *context.Context, accept bool) error {
 	}

 	if accept {
+		if ctx.Repo.GitRepo != nil {
+			ctx.Repo.GitRepo.Close()
+			ctx.Repo.GitRepo = nil
+		}
+
 		if err := repo_service.TransferOwnership(repoTransfer.Doer, repoTransfer.Recipient, ctx.Repo.Repository, repoTransfer.Teams); err != nil {
 			return err
 		}
@@ -533,7 +533,12 @@ func SettingsPost(ctx *context.Context) {
 		}

 		if !ctx.Repo.Owner.CanCreateRepo() {
-			ctx.Flash.Error(ctx.Tr("repo.form.reach_limit_of_creation", ctx.User.MaxCreationLimit()))
+			maxCreationLimit := ctx.Repo.Owner.MaxCreationLimit()
+			if maxCreationLimit == 1 {
+				ctx.Flash.Error(ctx.Tr("repo.form.reach_limit_of_creation_1", maxCreationLimit))
+			} else {
+				ctx.Flash.Error(ctx.Tr("repo.form.reach_limit_of_creation_n", maxCreationLimit))
+			}
 			ctx.Redirect(repo.Link() + "/settings")
 			return
 		}
@@ -619,6 +619,13 @@ func Home(ctx *context.Context) {
 		if ctx.Repo.Repository.IsBeingCreated() {
 			task, err := models.GetMigratingTask(ctx.Repo.Repository.ID)
 			if err != nil {
+				if models.IsErrTaskDoesNotExist(err) {
+					ctx.Data["Repo"] = ctx.Repo
+					ctx.Data["CloneAddr"] = ""
+					ctx.Data["Failed"] = true
+					ctx.HTML(http.StatusOK, tplMigrating)
+					return
+				}
 				ctx.ServerError("models.GetMigratingTask", err)
 				return
 			}
@@ -584,6 +584,10 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR

 	middleware.SetLocaleCookie(ctx.Resp, u.Language, 0)

+	if ctx.Locale.Language() != u.Language {
+		ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
+	}
+
 	// Clear whatever CSRF has right now, force to generate a new one
 	middleware.DeleteCSRFCookie(ctx.Resp)

@@ -6,6 +6,7 @@ package user

 import (
 	"net/http"
+	"strconv"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
@@ -16,6 +17,12 @@ import (
 func TaskStatus(ctx *context.Context) {
 	task, opts, err := models.GetMigratingTaskByID(ctx.ParamsInt64("task"), ctx.User.ID)
 	if err != nil {
+		if models.IsErrTaskDoesNotExist(err) {
+			ctx.JSON(http.StatusNotFound, map[string]interface{}{
+				"error": "task `" + strconv.FormatInt(ctx.ParamsInt64("task"), 10) + "` does not exist",
+			})
+			return
+		}
 		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"err": err,
 		})
@@ -39,7 +39,6 @@ import (
 	_ "code.gitea.io/gitea/modules/session"

 	"gitea.com/go-chi/captcha"
-	"gitea.com/go-chi/session"
 	"github.com/NYTimes/gziphandler"
 	"github.com/go-chi/chi/middleware"
 	"github.com/go-chi/cors"
@@ -71,7 +70,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
 }

 // Routes returns all web routes
-func Routes() *web.Route {
+func Routes(sessioner func(next http.Handler) http.Handler) *web.Route {
 	routes := web.NewRoute()

 	routes.Use(public.AssetsHandler(&public.Options{
@@ -80,17 +79,7 @@ func Routes() *web.Route {
 		CorsHandler: CorsHandler(),
 	}))

-	routes.Use(session.Sessioner(session.Options{
-		Provider:       setting.SessionConfig.Provider,
-		ProviderConfig: setting.SessionConfig.ProviderConfig,
-		CookieName:     setting.SessionConfig.CookieName,
-		CookiePath:     setting.SessionConfig.CookiePath,
-		Gclifetime:     setting.SessionConfig.Gclifetime,
-		Maxlifetime:    setting.SessionConfig.Maxlifetime,
-		Secure:         setting.SessionConfig.Secure,
-		SameSite:       setting.SessionConfig.SameSite,
-		Domain:         setting.SessionConfig.Domain,
-	}))
+	routes.Use(sessioner)

 	routes.Use(Recovery())

@@ -1036,4 +1025,9 @@ func RegisterRoutes(m *web.Route) {
 	if setting.API.EnableSwagger {
 		m.Get("/swagger.v1.json", SwaggerV1Json)
 	}
+	m.NotFound(func(w http.ResponseWriter, req *http.Request) {
+		ctx := context.GetContext(req)
+		ctx.NotFound("", nil)
+	})
+
 }
@@ -69,13 +69,17 @@ func createTag(gitRepo *git.Repository, rel *models.Release, msg string) (bool,
 			created = true
 			rel.LowerTagName = strings.ToLower(rel.TagName)

+			commits := repository.NewPushCommits()
+			commits.HeadCommit = repository.CommitToPushCommit(commit)
+			commits.CompareURL = rel.Repo.ComposeCompareURL(git.EmptySHA, commit.ID.String())
+
 			notification.NotifyPushCommits(
 				rel.Publisher, rel.Repo,
 				&repository.PushUpdateOptions{
 					RefFullName: git.TagPrefix + rel.TagName,
 					OldCommitID: git.EmptySHA,
 					NewCommitID: commit.ID.String(),
-				}, repository.NewPushCommits())
+				}, commits)
 			notification.NotifyCreateRef(rel.Publisher, rel.Repo, "tag", git.TagPrefix+rel.TagName)
 			rel.CreatedUnix = timeutil.TimeStampNow()
 		}
@@ -115,13 +115,22 @@ func pushUpdates(optsList []*repo_module.PushUpdateOptions) error {
 				delTags = append(delTags, tagName)
 				notification.NotifyDeleteRef(pusher, repo, "tag", opts.RefFullName)
 			} else { // is new tag
+				newCommit, err := gitRepo.GetCommit(opts.NewCommitID)
+				if err != nil {
+					return fmt.Errorf("gitRepo.GetCommit: %v", err)
+				}
+
+				commits := repo_module.NewPushCommits()
+				commits.HeadCommit = repo_module.CommitToPushCommit(newCommit)
+				commits.CompareURL = repo.ComposeCompareURL(git.EmptySHA, opts.NewCommitID)
+
 				notification.NotifyPushCommits(
 					pusher, repo,
 					&repo_module.PushUpdateOptions{
 						RefFullName: git.TagPrefix + tagName,
 						OldCommitID: git.EmptySHA,
 						NewCommitID: opts.NewCommitID,
-					}, repo_module.NewPushCommits())
+					}, commits)

 				addTags = append(addTags, tagName)
 				notification.NotifyCreateRef(pusher, repo, "tag", opts.RefFullName)
@@ -76,7 +76,11 @@
 							<pre class="commit-body" style="display: none;">{{RenderCommitBody .Message $.RepoLink $.Repository.ComposeMetas}}</pre>
 							{{end}}
 						</td>
-						<td class="text right aligned">{{TimeSince .Author.When $.Lang}}</td>
+						{{if .Committer}}
+							<td class="text right aligned">{{TimeSince .Committer.When $.Lang}}</td>
+						{{else}}
+							<td class="text right aligned">{{TimeSince .Author.When $.Lang}}</td>
+						{{end}}
 					</tr>
 				{{end}}
 			</tbody>
@@ -5,7 +5,7 @@
 <a class="color" style="background-color:#006b75" data-color-hex="#006b75"></a>
 <a class="color" style="background-color:#207de5" data-color-hex="#207de5"></a>
 <a class="color" style="background-color:#0052cc" data-color-hex="#0052cc"></a>
-<a class="color" style="background-color:#53e917" data-color-hex="#53e917"></a>
+<a class="color" style="background-color:#5319e7" data-color-hex="#5319e7"></a>
 <a class="color" style="background-color:#f6c6c7" data-color-hex="#f6c6c7"></a>
 <a class="color" style="background-color:#fad8c7" data-color-hex="#fad8c7"></a>
 <a class="color" style="background-color:#fef2c0" data-color-hex="#fef2c0"></a>
@@ -26,19 +26,16 @@

 					{{template "repo/migrate/options" .}}

-					<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
-					<div id="migrate_items">
-						<div class="inline field">
-							<label>{{.i18n.Tr "repo.migrate_items"}}</label>
-							<div class="ui checkbox">
-								<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
-							</div>
-							<div class="ui checkbox">
-								<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
-							</div>
+					<div class="inline field">
+						<label>{{.i18n.Tr "repo.migrate_items"}}</label>
+						<div class="ui checkbox">
+							<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
+							<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
 						</div>
+					</div>
+
+					<div id="migrate_items">
+						<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
@@ -61,6 +58,13 @@
 								<label>{{.i18n.Tr "repo.migrate_items_releases" | Safe}}</label>
 							</div>
 						</div>
+						<div class="inline field">
+							<label></label>
+							<div class="ui checkbox">
+								<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
+								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
+							</div>
+						</div>
 					</div>

 					<div class="ui divider"></div>
@@ -26,19 +26,15 @@

 					{{template "repo/migrate/options" .}}

-					<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
-					<div id="migrate_items">
-						<div class="inline field">
-							<label>{{.i18n.Tr "repo.migrate_items"}}</label>
-							<div class="ui checkbox">
-								<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
-							</div>
-							<div class="ui checkbox">
-								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
-							</div>
+					<div class="inline field">
+						<label>{{.i18n.Tr "repo.migrate_items"}}</label>
+						<div class="ui checkbox">
+							<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
+							<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
 						</div>
+					</div>
+					<div id="migrate_items">
+						<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
@@ -61,6 +57,13 @@
 								<label>{{.i18n.Tr "repo.migrate_items_releases" | Safe}}</label>
 							</div>
 						</div>
+						<div class="inline field">
+							<label></label>
+							<div class="ui checkbox">
+								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
+								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
+							</div>
+						</div>
 					</div>

 					<div class="ui divider"></div>
@@ -26,19 +26,15 @@

 					{{template "repo/migrate/options" .}}

-					<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
-					<div id="migrate_items">
-						<div class="inline field">
-							<label>{{.i18n.Tr "repo.migrate_items"}}</label>
-							<div class="ui checkbox">
-								<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
-							</div>
-							<div class="ui checkbox">
-								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
-							</div>
+					<div class="inline field">
+						<label>{{.i18n.Tr "repo.migrate_items"}}</label>
+						<div class="ui checkbox">
+							<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
+							<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
 						</div>
+					</div>
+					<div id="migrate_items">
+						<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
@@ -61,6 +57,13 @@
 								<label>{{.i18n.Tr "repo.migrate_items_releases" | Safe}}</label>
 							</div>
 						</div>
+						<div class="inline field">
+							<label></label>
+							<div class="ui checkbox">
+								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
+								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
+							</div>
+						</div>
 					</div>

 					<div class="ui divider"></div>
@@ -26,19 +26,16 @@

 					{{template "repo/migrate/options" .}}

-					<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
-					<div id="migrate_items">
-						<div class="inline field">
-							<label>{{.i18n.Tr "repo.migrate_items"}}</label>
-							<div class="ui checkbox">
-								<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
-							</div>
-							<div class="ui checkbox">
-								<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
-								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
-							</div>
+					<div class="inline field">
+						<label>{{.i18n.Tr "repo.migrate_items"}}</label>
+						<div class="ui checkbox">
+							<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
+							<label>{{.i18n.Tr "repo.migrate_items_wiki" | Safe}}</label>
 						</div>
+					</div>
+
+					<div id="migrate_items">
+						<span class="help">{{.i18n.Tr "repo.migrate.migrate_items_options"}}</span>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
@@ -50,6 +47,13 @@
 								<label>{{.i18n.Tr "repo.migrate_items_issues" | Safe}}</label>
 							</div>
 						</div>
+						<div class="inline field">
+							<label></label>
+							<div class="ui checkbox">
+								<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
+								<label>{{.i18n.Tr "repo.migrate_items_milestones" | Safe}}</label>
+							</div>
+						</div>
 						<!-- Gogs do not support it
 						<div class="inline field">
 							<label></label>
@@ -25,7 +25,11 @@
 								<p id="repo_migrating_progress_message"></p>
 							</div>
 							<div id="repo_migrating_failed" hidden>
-								<p>{{.i18n.Tr "repo.migrate.migrating_failed" .CloneAddr | Safe}}</p>
+								{{if .CloneAddr}}
+									<p>{{.i18n.Tr "repo.migrate.migrating_failed" .CloneAddr | Safe}}</p>
+								{{else}}
+									<p>{{.i18n.Tr "repo.migrate.migrating_failed" "<nil>" | Safe}}</p>
+								{{end}}
 								<p id="repo_migrating_failed_error"></p>
 							</div>
 							{{if and .Failed .Permission.IsAdmin}}
@@ -99,7 +99,7 @@
 									<a href="{{AppSubUrl}}/{{.Publisher.Name}}">{{.Publisher.Name}}</a>
 								</span>
 								{{ end }}
-								<span class="ahead"><a href="{{$.RepoLink}}/compare/{{.TagName | EscapePound}}...{{.Target}}">{{$.i18n.Tr "repo.release.ahead.commits" .NumCommitsBehind | Str2html}}</a> {{$.i18n.Tr "repo.release.ahead.target" $.DefaultBranch}}</span>
+								<span class="ahead"><a href="{{$.RepoLink}}/compare/{{.TagName | EscapePound}}...{{if .Target}}{{.Target}}{{else}}{{$.DefaultBranch}}{{end}}">{{$.i18n.Tr "repo.release.ahead.commits" .NumCommitsBehind | Str2html}}</a> {{$.i18n.Tr "repo.release.ahead.target" $.DefaultBranch}}</span>
 							</p>
 							<div class="download">
 							{{if $.Permission.CanRead $.UnitTypeCode}}
@@ -135,7 +135,7 @@
 									<span class="time">{{TimeSinceUnix .CreatedUnix $.Lang}}</span>
 								{{end}}
 								{{if not .IsDraft}}
-									| <span class="ahead"><a href="{{$.RepoLink}}/compare/{{.TagName | EscapePound}}...{{.Target}}">{{$.i18n.Tr "repo.release.ahead.commits" .NumCommitsBehind | Str2html}}</a> {{$.i18n.Tr "repo.release.ahead.target" .Target}}</span>
+									| <span class="ahead"><a href="{{$.RepoLink}}/compare/{{.TagName | EscapePound}}...{{if .Target}}{{.Target}}{{else}}{{$.DefaultBranch}}{{end}}">{{$.i18n.Tr "repo.release.ahead.commits" .NumCommitsBehind | Str2html}}</a> {{$.i18n.Tr "repo.release.ahead.target" .Target}}</span>
 								{{end}}
 							</p>
 							<div class="markup desc">
@@ -30,7 +30,7 @@
 				{{end}}
 				</span>
 			</th>
-			<th class="text grey right age">{{if .LatestCommit.Author}}{{TimeSince .LatestCommit.Author.When $.Lang}}{{end}}</th>
+			<th class="text grey right age">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{TimeSince .LatestCommit.Committer.When $.Lang}}{{end}}{{end}}</th>
 		</tr>
 	</thead>
 	<tbody>
@@ -117,7 +117,7 @@
 								</div>
 							{{end}}
 							{{if .Content}}
-								<div class="content">
+								<div class="markup content">
 									{{.RenderedContent|Str2html}}
 								</div>
 							{{end}}
@@ -8,7 +8,7 @@
 			{{range .U2FRegistrations}}
 				<div class="item">
 					<div class="right floated content">
-						<button class="ui red tiny button delete-button" modal-id="delete-registration" data-url="{{$.Link}}/u2f/delete" data-id="{{.ID}}">
+						<button class="ui red tiny button delete-button" id="delete-registration" data-url="{{$.Link}}/u2f/delete" data-id="{{.ID}}">
 						{{$.i18n.Tr "settings.delete_key"}}
 						</button>
 					</div>
@@ -251,6 +251,13 @@ func (t Tag) Parent() Tag {

 // ParseExtension parses s as an extension and returns it on success.
 func ParseExtension(s string) (ext string, err error) {
+	defer func() {
+		if recover() != nil {
+			ext = ""
+			err = ErrSyntax
+		}
+	}()
+
 	scan := makeScannerString(s)
 	var end int
 	if n := len(scan.token); n != 1 {
@@ -461,7 +468,14 @@ func (t Tag) findTypeForKey(key string) (start, sep, end int, hasExt bool) {
 // ParseBase parses a 2- or 3-letter ISO 639 code.
 // It returns a ValueError if s is a well-formed but unknown language identifier
 // or another error if another error occurred.
-func ParseBase(s string) (Language, error) {
+func ParseBase(s string) (l Language, err error) {
+	defer func() {
+		if recover() != nil {
+			l = 0
+			err = ErrSyntax
+		}
+	}()
+
 	if n := len(s); n < 2 || 3 < n {
 		return 0, ErrSyntax
 	}
@@ -472,7 +486,14 @@ func ParseBase(s string) (Language, error) {
 // ParseScript parses a 4-letter ISO 15924 code.
 // It returns a ValueError if s is a well-formed but unknown script identifier
 // or another error if another error occurred.
-func ParseScript(s string) (Script, error) {
+func ParseScript(s string) (scr Script, err error) {
+	defer func() {
+		if recover() != nil {
+			scr = 0
+			err = ErrSyntax
+		}
+	}()
+
 	if len(s) != 4 {
 		return 0, ErrSyntax
 	}
@@ -489,7 +510,14 @@ func EncodeM49(r int) (Region, error) {
 // ParseRegion parses a 2- or 3-letter ISO 3166-1 or a UN M.49 code.
 // It returns a ValueError if s is a well-formed but unknown region identifier
 // or another error if another error occurred.
-func ParseRegion(s string) (Region, error) {
+func ParseRegion(s string) (r Region, err error) {
+	defer func() {
+		if recover() != nil {
+			r = 0
+			err = ErrSyntax
+		}
+	}()
+
 	if n := len(s); n < 2 || 3 < n {
 		return 0, ErrSyntax
 	}
@@ -578,7 +606,14 @@ type Variant struct {

 // ParseVariant parses and returns a Variant. An error is returned if s is not
 // a valid variant.
-func ParseVariant(s string) (Variant, error) {
+func ParseVariant(s string) (v Variant, err error) {
+	defer func() {
+		if recover() != nil {
+			v = Variant{}
+			err = ErrSyntax
+		}
+	}()
+
 	s = strings.ToLower(s)
 	if id, ok := variantIndex[s]; ok {
 		return Variant{id, s}, nil
@@ -232,6 +232,13 @@ func Parse(s string) (t Tag, err error) {
 	if s == "" {
 		return Und, ErrSyntax
 	}
+	defer func() {
+		if recover() != nil {
+			t = Und
+			err = ErrSyntax
+			return
+		}
+	}()
 	if len(s) <= maxAltTaglen {
 		b := [maxAltTaglen]byte{}
 		for i, c := range s {
@@ -43,6 +43,13 @@ func Parse(s string) (t Tag, err error) {
 // https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
 // The resulting tag is canonicalized using the canonicalization type c.
 func (c CanonType) Parse(s string) (t Tag, err error) {
+	defer func() {
+		if recover() != nil {
+			t = Tag{}
+			err = language.ErrSyntax
+		}
+	}()
+
 	tt, err := language.Parse(s)
 	if err != nil {
 		return makeTag(tt), err
@@ -79,6 +86,13 @@ func Compose(part ...interface{}) (t Tag, err error) {
 // tag is returned after canonicalizing using CanonType c. If one or more errors
 // are encountered, one of the errors is returned.
 func (c CanonType) Compose(part ...interface{}) (t Tag, err error) {
+	defer func() {
+		if recover() != nil {
+			t = Tag{}
+			err = language.ErrSyntax
+		}
+	}()
+
 	var b language.Builder
 	if err = update(&b, part...); err != nil {
 		return und, err
@@ -142,6 +156,14 @@ var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight")
 // Tags with a weight of zero will be dropped. An error will be returned if the
 // input could not be parsed.
 func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) {
+	defer func() {
+		if recover() != nil {
+			tag = nil
+			q = nil
+			err = language.ErrSyntax
+		}
+	}()
+
 	var entry string
 	for s != "" {
 		if entry, s = split(s, ','); entry == "" {
@@ -921,7 +921,7 @@ golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/svc
 golang.org/x/sys/windows/svc/debug
-# golang.org/x/text v0.3.6
+# golang.org/x/text v0.3.7
 ## explicit
 golang.org/x/text/encoding
 golang.org/x/text/encoding/charmap
@@ -2959,8 +2959,8 @@ $(() => {
 function showDeletePopup() {
  const $this = $(this);
  let filter = '';
-  if ($this.attr('modal-id')) {
-    filter += `#${$this.attr('modal-id')}`;
+  if ($this.attr('id')) {
+    filter += `#${$this.attr('id')}`;
  }

  const dialog = $(`.delete.modal${filter}`);
@@ -11,7 +11,7 @@ function displayError(el, err) {
 export async function renderMermaid(els) {
  if (!els || !els.length) return;

-  const mermaid = await import(/* webpackChunkName: "mermaid" */'mermaid');
+  const {default: mermaid} = await import(/* webpackChunkName: "mermaid" */'mermaid');

  mermaid.initialize({
    mermaid: {
@@ -135,7 +135,6 @@ textarea:focus,
 .form {
  .help {
    color: #999999;
-    padding-top: .6em;
    padding-bottom: .6em;
    display: inline-block;
  }
Author	SHA1	Message	Date
zeripath	147bcc3d0f	Changelog for 1.15.11 (#18455 ) ## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29 * SECURITY * Only view milestones from current repo (#18414) (#18418) * BUGFIXES * Fix broken when no commits and default branch is not master (#18422) (#18424) * Fix commit's time (#18375) (#18409) * Fix restore without topic failure (#18387) (#18401) * Fix mermaid import in 1.15 (it uses ESModule now) (#18382) * Update to go/text 0.3.7 (#18336) * MISC * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)	2022-01-30 01:27:13 +01:00
Lunny Xiao	ce272f2e53	Fix broken when no commits and default branch is not master (#18424 ) * Fix broken when no commits and default branch is not master * Fix IsEmpty check * Improve codes	2022-01-28 14:48:18 +08:00
zeripath	9d9ad1b59f	Only view milestones from current repo (#18414 ) (#18418 ) Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-01-26 22:09:35 +00:00
Lunny Xiao	df57524c49	Fix restore without topic failure (#18387 ) (#18401 ) Co-authored-by: zeripath <art27@cantab.net>	2022-01-26 11:16:13 +08:00
Gusted	d60b5f1e89	Fix commit's time (#18375 ) (#18409 ) - Backport of #18375	2022-01-25 21:50:02 +00:00
wxiaoguang	f7f4129f52	Fix mermaid import (it uses ESModule now) (#18382 )	2022-01-24 21:40:51 +08:00
zeripath	21838225ab	Update to go/text 0.3.7 (#18336 ) Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-01-19 15:44:01 -05:00
wxiaoguang	95f39457de	Backport: Upgrade EasyMDE 2.16.1 (package-lock.json) (#18301 ) * Upgrade EasyMDE 2.16.1 * Update CodeMirror 5.65.0 * Update caniuse-lite (suggested by npm)	2022-01-17 18:32:26 +08:00
wxiaoguang	6cb5069bf6	Upgrade EasyMDE to 2.16.1 (#18279 )	2022-01-15 19:18:30 +08:00
Richard Mahn	a6f9ebfeb9	Changelog for 1.15.10 (#18274 ) [1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14 * BUGFIXES * Fix inconsistent PR comment counts (#18260) (#18261) * Fix release link broken (#18252) (#18253) * Fix update user from site administration page bug (#18250) (#18251) * Set HeadCommit when creating tags (#18116) (#18173) * Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152) * Fix purple color in suggested label colors (#18241) (#18242) * SECURITY * Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)	2022-01-14 18:48:42 +00:00
Lunny Xiao	14de28b876	Fix release link broken (#18253 ) * Fix release link broken * Fix unsupported compare * Fix another place	2022-01-14 02:49:25 +01:00
Norwin	e4120bbc89	fix regression from #16075 (#18261 ) we don't want reviews to count towards comments, as this needs changes in other components as well (eg repo stats cron job, etc).	2022-01-14 00:13:08 +08:00
Lunny Xiao	37abfcaf8a	Fix update user bug (#18251 )	2022-01-12 22:10:03 +08:00
silverwind	c719841f0d	Fix purple color in suggested label colors (#18242 ) This looks like a typo that was introduced when these colors were added, causing what is supposed to be purple show up as green.	2022-01-11 12:12:51 -06:00
silverwind	f9e150002e	Fix mermaid rendering in milestone dashboard (#18214 ) Fixes: https://github.com/go-gitea/gitea/issues/18200	2022-01-09 00:59:36 +08:00
zeripath	2f4f2852fc	Bump mermaid from 8.10.1 to 8.13.8 (#18198 ) (#18206 ) Updates to latest mermaid. Backport #18198 Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-01-07 17:26:14 -05:00
Lunny Xiao	b25a571bc9	Set HeadCommit when creating tags. (#18116 ) (#18173 ) Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-01-04 02:22:10 +01:00
Gusted	f9bbed028c	Use correct translation key for error messages due to max repo limits (#18135 & #18153 ) (#18152 ) - Backport #18135 - Backport #18153	2022-01-02 02:39:23 +00:00
Lunny Xiao	7e084341fe	Fix wrong redirect on org labels (#18128 ) (#18134 ) * Fix wrong redirect on org labels (#18128) Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2021-12-30 17:08:42 +01:00
DuckDuckWhale	7d75eede04	Doc: add missing bug fix to changelog (#18133 )	2021-12-30 16:42:25 +01:00
zeripath	3db98bef99	Changelog v1.15.9 (#18115 ) * BUGFIXES * Revert "Fix delete u2f keys bug (#18042)" (#18107) * Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104) * Prevent NPE if gitea uploader fails to open url (#18080) (#18101) * Reset locale on login (#17734) (#18100) * Correctly handle failed migrations (#17575) (#18099) * Instead of using routerCtx just escape the url before routing (#18086) (#18098) * Quote references to the user table in consistency checks (#18072) (#18073) * Add NotFound handler (#18062) (#18067) * Ensure that git repository is closed before transfer (#18049) (#18057) * Use common sessioner for API and web routes (#18114) * TRANSLATION * Fix code search result hint on zh-CN (#18053) Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2021-12-30 13:03:04 +08:00
DuckDuckWhale	484fe075f4	Fix: unstable sort skips/duplicates issues across pages (#18095 ) When viewing issues in sorted order, some issues are duplicated across pages and some are missing. This is caused by the lack of tie-breakers in database queries, making pagination inconsistent. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2021-12-29 19:44:34 +08:00
zeripath	de3216ee55	Use common sessioner for API and web routes (#18114 ) * Use common sessioner for API and web routes Since the regenerate session ID PR some users of the memory session provider have been reporting difficulties with getting API results. I am uncertain as to why this is happening - but I think that the sessioner being created twice may be a potential cause for this. Therefore this PR attempts to move this out to a common sessioner as it is in 1.16. Fix #18070 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update routers/init.go	2021-12-28 22:15:01 +00:00
Lunny Xiao	353d88a42e	Migrating wiki don't require token, so we should move it out of the require form (#17645 ) (#18104 ) * Migrating wiki don't require token, so we should move it out of the require form * Fix lint Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2021-12-27 09:33:32 +08:00
Lunny Xiao	a17fce31a9	Revert "Fix delete u2f keys bug (#18042 )" (#18107 ) This reverts commit `91f5be889a`.	2021-12-26 22:57:00 +08:00
zeripath	71e1ebfa60	Instead of using routerCtx just escape the url before routing (#18086 ) (#18098 ) Backport #18086 A consequence of forcibly setting the RoutePath to the escaped url is that the auto routing to endpoints without terminal slashes fails (Causing #18060.) This failure raises the possibility that forcibly setting the RoutePath causes other unexpected behaviors too. Therefore, instead we should simply pre-escape the URL in the process registering handler. Then the request URL will be properly escaped for all the following calls. Fix #17938 Fix #18060 Replace #18062 Replace #17997 Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-12-26 10:32:04 +00:00
zeripath	afe9d2cadd	Prevent NPE if gitea uploader fails to open url (#18080 ) (#18101 ) Backport #18080 If http.Get() returns an error return nil and err before attempting to use the broken file. Thanks to walker xiong for spotting this bug. Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-12-26 09:22:10 +00:00
zeripath	012e45a4c1	Correctly handle failed migrations (#17575 ) (#18099 ) * Correctly handle failed migrations There is a bug in handling failed migrations whereby the migration task gets decoupled from the migration repository. This leads to a failure of the task to get deleted with the repository and also leads to the migration failed page resulting in a ISE. This PR removes the zeroing out of the task id from the migration but also makes the migration handler tolerate missing tasks much nicer. Fix #17571 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2021-12-25 15:45:51 +00:00
zeripath	d25ff0d695	Reset locale on login (#17734 ) (#18100 ) Backport #17734 When logging in reset the user's locale to ensure that it matches their preferred locale. Fix #15612 Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-12-25 21:31:23 +08:00
zeripath	6eaebda1b5	Quote references to the user table in consistency checks (#18072 ) (#18073 ) Backport #18072 Although #17487 ensured that the table was quoted in the join it missed that the query part of the check also needed to be quoted. Fix #17485 Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-12-22 23:29:05 +00:00
zeripath	6100935a77	Add NotFound handler (#18062 ) (#18067 ) Backport #18062 PR #17997 means that urls with terminal '/' are no longer immediately mapped to the url without a terminal slash. However, it has revealed that the NotFound handler appears to have been lost. This PR adds back in a NotFound handler that simply redirects to a path without the terminal slash or runs the NotFound handler. Fix #18060 Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-12-22 15:26:37 +00:00
zeripath	6de75224de	Ensure that git repository is closed before transfer (#18049 ) (#18057 ) Backport #18049 Repository Transfer requires that the repository directory is renamed - which is not possible on Windows if the git repository is open. Fix #17885 Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-12-21 18:27:46 +00:00
Lunny Xiao	9086916eb7	Fix code search result hint on zh-CN (#18053 )	2021-12-21 16:08:06 +08:00