Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check webhooks slice length before calling xorm #20642

Merged
merged 4 commits into from
Aug 4, 2022
Merged

Check webhooks slice length before calling xorm #20642

merged 4 commits into from
Aug 4, 2022

Conversation

gabriel-vasile
Copy link
Contributor

xorm.db.Insert errors for empty slices. Fixes: #20641

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Aug 3, 2022
@codecov-commenter
Copy link

Codecov Report

Merging #20642 (5ae9cc4) into main (335e918) will increase coverage by 0.04%.
The diff coverage is 38.54%.

@@            Coverage Diff             @@
##             main   #20642      +/-   ##
==========================================
+ Coverage   46.82%   46.86%   +0.04%     
==========================================
  Files         979      979              
  Lines      135831   135939     +108     
==========================================
+ Hits        63606    63711     +105     
+ Misses      64415    64407       -8     
- Partials     7810     7821      +11
Impacted Files Coverage Δ
cmd/admin.go 0.00% <0.00%> (ø)
models/webhook/webhook.go 67.84% <0.00%> (-0.98%) ⬇️
routers/install/install.go 1.76% <0.00%> (-0.01%) ⬇️
routers/web/admin/auths.go 46.35% <0.00%> (ø)
services/auth/source/smtp/auth.go 0.00% <0.00%> (ø)
services/auth/source/smtp/source.go 14.28% <ø> (ø)
services/auth/source/smtp/source_authenticate.go 0.00% <0.00%> (ø)
services/forms/auth_form.go 100.00% <ø> (ø)
services/forms/user_form.go 45.36% <ø> (ø)
services/mailer/mailer.go 29.50% <18.51%> (+1.33%) ⬆️
... and 22 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 3, 2022
@techknowlogick techknowlogick added this to the 1.18.0 milestone Aug 3, 2022
@techknowlogick techknowlogick merged commit cf06e20 into go-gitea:main Aug 4, 2022
@lunny
Copy link
Member

lunny commented Aug 4, 2022

Please send backport to v1.17

vsysoev pushed a commit to IntegraSDL/gitea that referenced this pull request Aug 10, 2022
@gabriel-vasile @lafriks
@jolheiser @lunny
Check webhooks slice length before calling xorm (go-gitea#20642)
94e79ac 
xorm.db.Insert errors for empty slices. Fixes: go-gitea#20641

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
lunny added a commit to lunny/gitea that referenced this pull request Aug 12, 2022
@gabriel-vasile @lafriks
@jolheiser @lunny
Check webhooks slice length before calling xorm (go-gitea#20642)
25389ab 
xorm.db.Insert errors for empty slices. Fixes: go-gitea#20641

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@lunny lunny mentioned this pull request Aug 12, 2022
Merged
@lunny lunny added the backport/done All backports for this PR have been created label Aug 12, 2022
lafriks added a commit that referenced this pull request Aug 12, 2022
@lunny @lafriks
@jolheiser @gabriel-vasile
Check webhooks slice length before calling xorm (#20642) (#20768)
ac9792c 
Fixes: #20641

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gabriel Vasile <gabriel.vasile@email.com>
zeripath added a commit to zeripath/gitea that referenced this pull request Aug 17, 2022
@zeripath
Changelog 1.17.1
db4ccde 
 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (go-gitea#20831) (go-gitea#20832)
* FEATURES
  * Add support for NuGet API keys (go-gitea#20721) (go-gitea#20734)
* ENHANCEMENTS
  * Display project in issue list (go-gitea#20583)
  * Add disable download source configuration (go-gitea#20548) (go-gitea#20579)
* BUGFIXES
  * Use the total issue count for UI (go-gitea#20785) (go-gitea#20827)
  * Add proxy host into allow list (go-gitea#20798) (go-gitea#20819)
  * Add missing translation for queue flush workers (go-gitea#20791) (go-gitea#20792)
  * Improve comment header for mobile (go-gitea#20781) (go-gitea#20789)
  * Fix git.Init for doctor sub-command (go-gitea#20782) (go-gitea#20783)
  * Check webhooks slice length before calling xorm (go-gitea#20642) (go-gitea#20768)
  * Remove manual rollback for failed generated repositories (go-gitea#20639) (go-gitea#20762)
  * Use correct field name in npm template (go-gitea#20675) (go-gitea#20760)
  * Keep download count on Container tag overwrite (go-gitea#20728) (go-gitea#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (go-gitea#20702) (go-gitea#20707)
  * Use request timeout for git service rpc (go-gitea#20689) (go-gitea#20693)
  * Send correct NuGet status codes (go-gitea#20647) (go-gitea#20677)
  * Use correct context to get package content (go-gitea#20673) (go-gitea#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (go-gitea#20584) (go-gitea#20663)
  * Add default commit messages to PR for squash merge (go-gitea#20618) (go-gitea#20645)
  * Fix package upload for files >32mb (go-gitea#20622) (go-gitea#20635)
  * Fix the new-line copy-paste for rendered code (go-gitea#20612)
  * Clean up and fix clone button script (go-gitea#20415 & go-gitea#20600) (go-gitea#20599)
  *  Fix default merge style (go-gitea#20564) (go-gitea#20565)
  * Add repository condition for issue count (go-gitea#20454) (go-gitea#20496)
* MISC
  * Make branch icon stand out more (go-gitea#20726) (go-gitea#20774)
  * Fix loading button with invalid form (go-gitea#20754) (go-gitea#20759)
  * Add username check to doctor (go-gitea#20140) (go-gitea#20671)
  * Enable Wire 2 for Internal SSH Server (go-gitea#20616) (go-gitea#20617)
  *  Fix SecToTime edge-cases (go-gitea#20610) (go-gitea#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Aug 17, 2022
Merged
techknowlogick added a commit that referenced this pull request Aug 18, 2022
@zeripath @techknowlogick
@delvh @lafriks @lunny
Changelog 1.17.1 (#20833)
7374861 
* Changelog 1.17.1

 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (#20831) (#20832)
* FEATURES
  * Add support for NuGet API keys (#20721) (#20734)
* ENHANCEMENTS
  * Display project in issue list (#20583)
  * Add disable download source configuration (#20548) (#20579)
* BUGFIXES
  * Use the total issue count for UI (#20785) (#20827)
  * Add proxy host into allow list (#20798) (#20819)
  * Add missing translation for queue flush workers (#20791) (#20792)
  * Improve comment header for mobile (#20781) (#20789)
  * Fix git.Init for doctor sub-command (#20782) (#20783)
  * Check webhooks slice length before calling xorm (#20642) (#20768)
  * Remove manual rollback for failed generated repositories (#20639) (#20762)
  * Use correct field name in npm template (#20675) (#20760)
  * Keep download count on Container tag overwrite (#20728) (#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
  * Use request timeout for git service rpc (#20689) (#20693)
  * Send correct NuGet status codes (#20647) (#20677)
  * Use correct context to get package content (#20673) (#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
  * Add default commit messages to PR for squash merge (#20618) (#20645)
  * Fix package upload for files >32mb (#20622) (#20635)
  * Fix the new-line copy-paste for rendered code (#20612)
  * Clean up and fix clone button script (#20415 & #20600) (#20599)
  *  Fix default merge style (#20564) (#20565)
  * Add repository condition for issue count (#20454) (#20496)
* MISC
  * Make branch icon stand out more (#20726) (#20774)
  * Fix loading button with invalid form (#20754) (#20759)
  * Add username check to doctor (#20140) (#20671)
  * Enable Wire 2 for Internal SSH Server (#20616) (#20617)
  *  Fix SecToTime edge-cases (#20610) (#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: John Olheiser <john+github@jolheiser.com>

* Update CHANGELOG.md

Co-authored-by: delvh <dev.lh@web.de>

* Update CHANGELOG.md

* Update CHANGELOG.md

* update changelog

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john+github@jolheiser.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
jolheiser pushed a commit to jolheiser/gitea that referenced this pull request Aug 22, 2022
@zeripath @techknowlogick
@delvh @lafriks @lunny @jolheiser
Changelog 1.17.1 (go-gitea#20833)
67738a0 
* Changelog 1.17.1

 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (go-gitea#20831) (go-gitea#20832)
* FEATURES
  * Add support for NuGet API keys (go-gitea#20721) (go-gitea#20734)
* ENHANCEMENTS
  * Display project in issue list (go-gitea#20583)
  * Add disable download source configuration (go-gitea#20548) (go-gitea#20579)
* BUGFIXES
  * Use the total issue count for UI (go-gitea#20785) (go-gitea#20827)
  * Add proxy host into allow list (go-gitea#20798) (go-gitea#20819)
  * Add missing translation for queue flush workers (go-gitea#20791) (go-gitea#20792)
  * Improve comment header for mobile (go-gitea#20781) (go-gitea#20789)
  * Fix git.Init for doctor sub-command (go-gitea#20782) (go-gitea#20783)
  * Check webhooks slice length before calling xorm (go-gitea#20642) (go-gitea#20768)
  * Remove manual rollback for failed generated repositories (go-gitea#20639) (go-gitea#20762)
  * Use correct field name in npm template (go-gitea#20675) (go-gitea#20760)
  * Keep download count on Container tag overwrite (go-gitea#20728) (go-gitea#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (go-gitea#20702) (go-gitea#20707)
  * Use request timeout for git service rpc (go-gitea#20689) (go-gitea#20693)
  * Send correct NuGet status codes (go-gitea#20647) (go-gitea#20677)
  * Use correct context to get package content (go-gitea#20673) (go-gitea#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (go-gitea#20584) (go-gitea#20663)
  * Add default commit messages to PR for squash merge (go-gitea#20618) (go-gitea#20645)
  * Fix package upload for files >32mb (go-gitea#20622) (go-gitea#20635)
  * Fix the new-line copy-paste for rendered code (go-gitea#20612)
  * Clean up and fix clone button script (go-gitea#20415 & go-gitea#20600) (go-gitea#20599)
  *  Fix default merge style (go-gitea#20564) (go-gitea#20565)
  * Add repository condition for issue count (go-gitea#20454) (go-gitea#20496)
* MISC
  * Make branch icon stand out more (go-gitea#20726) (go-gitea#20774)
  * Fix loading button with invalid form (go-gitea#20754) (go-gitea#20759)
  * Add username check to doctor (go-gitea#20140) (go-gitea#20671)
  * Enable Wire 2 for Internal SSH Server (go-gitea#20616) (go-gitea#20617)
  *  Fix SecToTime edge-cases (go-gitea#20610) (go-gitea#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: John Olheiser <john+github@jolheiser.com>

* Update CHANGELOG.md

Co-authored-by: delvh <dev.lh@web.de>

* Update CHANGELOG.md

* Update CHANGELOG.md

* update changelog

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john+github@jolheiser.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
lunny added a commit that referenced this pull request Aug 23, 2022
@jolheiser @zeripath
@techknowlogick @delvh @lafriks @lunny
Changelog 1.17.1 (#20833) (#20919)
fa8fc5d 
* Changelog 1.17.1 (#20833)

* Changelog 1.17.1

 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (#20831) (#20832)
* FEATURES
  * Add support for NuGet API keys (#20721) (#20734)
* ENHANCEMENTS
  * Display project in issue list (#20583)
  * Add disable download source configuration (#20548) (#20579)
* BUGFIXES
  * Use the total issue count for UI (#20785) (#20827)
  * Add proxy host into allow list (#20798) (#20819)
  * Add missing translation for queue flush workers (#20791) (#20792)
  * Improve comment header for mobile (#20781) (#20789)
  * Fix git.Init for doctor sub-command (#20782) (#20783)
  * Check webhooks slice length before calling xorm (#20642) (#20768)
  * Remove manual rollback for failed generated repositories (#20639) (#20762)
  * Use correct field name in npm template (#20675) (#20760)
  * Keep download count on Container tag overwrite (#20728) (#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
  * Use request timeout for git service rpc (#20689) (#20693)
  * Send correct NuGet status codes (#20647) (#20677)
  * Use correct context to get package content (#20673) (#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
  * Add default commit messages to PR for squash merge (#20618) (#20645)
  * Fix package upload for files >32mb (#20622) (#20635)
  * Fix the new-line copy-paste for rendered code (#20612)
  * Clean up and fix clone button script (#20415 & #20600) (#20599)
  *  Fix default merge style (#20564) (#20565)
  * Add repository condition for issue count (#20454) (#20496)
* MISC
  * Make branch icon stand out more (#20726) (#20774)
  * Fix loading button with invalid form (#20754) (#20759)
  * Add username check to doctor (#20140) (#20671)
  * Enable Wire 2 for Internal SSH Server (#20616) (#20617)
  *  Fix SecToTime edge-cases (#20610) (#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: John Olheiser <john+github@jolheiser.com>

* Update CHANGELOG.md

Co-authored-by: delvh <dev.lh@web.de>

* Update CHANGELOG.md

* Update CHANGELOG.md

* update changelog

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john+github@jolheiser.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* update changelog

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
vsysoev pushed a commit to IntegraSDL/gitea that referenced this pull request Aug 28, 2022
@jolheiser @zeripath
@techknowlogick @delvh @lafriks @lunny
Changelog 1.17.1 (go-gitea#20833) (go-gitea#20919)
8bdf690 
* Changelog 1.17.1 (go-gitea#20833)

* Changelog 1.17.1

 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (go-gitea#20831) (go-gitea#20832)
* FEATURES
  * Add support for NuGet API keys (go-gitea#20721) (go-gitea#20734)
* ENHANCEMENTS
  * Display project in issue list (go-gitea#20583)
  * Add disable download source configuration (go-gitea#20548) (go-gitea#20579)
* BUGFIXES
  * Use the total issue count for UI (go-gitea#20785) (go-gitea#20827)
  * Add proxy host into allow list (go-gitea#20798) (go-gitea#20819)
  * Add missing translation for queue flush workers (go-gitea#20791) (go-gitea#20792)
  * Improve comment header for mobile (go-gitea#20781) (go-gitea#20789)
  * Fix git.Init for doctor sub-command (go-gitea#20782) (go-gitea#20783)
  * Check webhooks slice length before calling xorm (go-gitea#20642) (go-gitea#20768)
  * Remove manual rollback for failed generated repositories (go-gitea#20639) (go-gitea#20762)
  * Use correct field name in npm template (go-gitea#20675) (go-gitea#20760)
  * Keep download count on Container tag overwrite (go-gitea#20728) (go-gitea#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (go-gitea#20702) (go-gitea#20707)
  * Use request timeout for git service rpc (go-gitea#20689) (go-gitea#20693)
  * Send correct NuGet status codes (go-gitea#20647) (go-gitea#20677)
  * Use correct context to get package content (go-gitea#20673) (go-gitea#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (go-gitea#20584) (go-gitea#20663)
  * Add default commit messages to PR for squash merge (go-gitea#20618) (go-gitea#20645)
  * Fix package upload for files >32mb (go-gitea#20622) (go-gitea#20635)
  * Fix the new-line copy-paste for rendered code (go-gitea#20612)
  * Clean up and fix clone button script (go-gitea#20415 & go-gitea#20600) (go-gitea#20599)
  *  Fix default merge style (go-gitea#20564) (go-gitea#20565)
  * Add repository condition for issue count (go-gitea#20454) (go-gitea#20496)
* MISC
  * Make branch icon stand out more (go-gitea#20726) (go-gitea#20774)
  * Fix loading button with invalid form (go-gitea#20754) (go-gitea#20759)
  * Add username check to doctor (go-gitea#20140) (go-gitea#20671)
  * Enable Wire 2 for Internal SSH Server (go-gitea#20616) (go-gitea#20617)
  *  Fix SecToTime edge-cases (go-gitea#20610) (go-gitea#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: John Olheiser <john+github@jolheiser.com>

* Update CHANGELOG.md

Co-authored-by: delvh <dev.lh@web.de>

* Update CHANGELOG.md

* Update CHANGELOG.md

* update changelog

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john+github@jolheiser.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* update changelog

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lafriks lafriks lafriks approved these changes

@silverwind silverwind silverwind approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.

Repo generated from template fails when template has no webhooks
8 participants
@gabriel-vasile @codecov-commenter @lunny @silverwind @lafriks @techknowlogick @GiteaBot @jolheiser