Changelog for release v1.4.1 (#3891)

* Changelog for release v1.4.1

* Fix typo

CHANGELOG.md

@@ -4,6 +4,23 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.4.1](https://github.com/go-gitea/gitea/releases/tag/v1.4.1) - 2018-05-03
+* BREAKING
+  * Add "error" as reserved username (#3882) (#3886)
+* SECURITY
+  * Do not allow inactive users to access repositories using private key (#3887) (#3889)
+  * Fix path cleanup in file editor, when initilizing new repository and LFS oids  (#3871) (#3873)
+  * Remove unnecessary allowed safe HTML (#3778) (#3779)
+  * Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
+* BUGFIXES
+  * Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
+  * Fix GPG expire time display when time is zero (#3584) (#3884)
+  * Fix to update only issue last update time when adding a comment (#3855) (#3860)
+  * Fix repository star count after deleting user (#3781) (#3783)
+  * Use the active branch for the code tab (#3720) (#3776)
+  * Set default branch name on first push (#3715) (#3723)
+  * Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
+
 ## [1.4.0](https://github.com/go-gitea/gitea/releases/tag/v1.4.0) - 2018-03-25
 * BREAKING
   * Drop deprecated GOGS\_WORK\_DIR use (#2946)

cmd/serv.go

@@ -230,6 +230,12 @@ func runServ(c *cli.Context) error {
 				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 			}
 
+			if !user.IsActive || user.ProhibitLogin {
+				fail("Your account is not active or has been disabled by Administrator",
+					"User %s is disabled and have no access to repository %s",
+					user.Name, repoPath)
+			}
+
 			mode, err := models.AccessLevel(user.ID, repo)
 			if err != nil {
 				fail("Internal error", "Failed to check access: %v", err)

docs/content/page/index.en-us.md

@@ -2,6 +2,7 @@
 date: "2016-11-08T16:00:00+02:00"
 title: "Documentation"
 slug: "documentation"
+url: "/en-us/"
 weight: 10
 toc: true
 draft: false

docs/content/page/index.fr-fr.md

@@ -2,6 +2,7 @@
 date: "2017-08-23T09:00:00+02:00"
 title: "Documentation"
 slug: "documentation"
+url: "/fr-fr/"
 weight: 10
 toc: true
 draft: false

docs/content/page/index.zh-cn.md

@@ -2,6 +2,7 @@
 date: "2016-11-08T16:00:00+02:00"
 title: "文档"
 slug: "documentation"
+url: "/zh-cn/"
 weight: 10
 toc: true
 draft: false

docs/content/page/index.zh-tw.md

@@ -2,6 +2,7 @@
 date: "2016-11-08T16:00:00+02:00"
 title: "文件"
 slug: "documentation"
+url: "/zh-tw/"
 weight: 10
 toc: true
 draft: false

docs/scripts/trans-copy

@@ -28,6 +28,8 @@ for SOURCE in $(find ${ROOT}/content -type f -iname *.en-us.md); do
     if [[ ! -f ${DEST} ]]; then
       echo "Creating fallback for ${DEST#${ROOT}/content/}"
       cp ${SOURCE} ${DEST}
+      sed -i.bak "s/en\-us/${LOCALE}/g" ${DEST}
+      rm ${DEST}.bak
     fi
   done
 done

models/action.go

@@ -523,6 +523,11 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 		return fmt.Errorf("GetRepositoryByName [owner_id: %d, name: %s]: %v", opts.RepoOwnerID, opts.RepoName, err)
 	}
 
+	refName := git.RefEndName(opts.RefFullName)
+	if repo.IsBare && refName != repo.DefaultBranch {
+		repo.DefaultBranch = refName
+	}
+
 	// Change repository bare status and update last updated time.
 	repo.IsBare = repo.IsBare && opts.Commits.Len <= 0
 	if err = UpdateRepository(repo, false); err != nil {
@@ -563,7 +568,6 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 		return fmt.Errorf("Marshal: %v", err)
 	}
 
-	refName := git.RefEndName(opts.RefFullName)
 	if err = NotifyWatchers(&Action{
 		ActUserID: pusher.ID,
 		ActUser:   pusher,

models/git_diff_test.go

@@ -21,16 +21,16 @@ func assertLineEqual(t *testing.T, d1 *DiffLine, d2 *DiffLine) {
 
 func TestDiffToHTML(t *testing.T) {
 	assertEqual(t, "+foo <span class=\"added-code\">bar</span> biz", diffToHTML([]dmp.Diff{
-		{dmp.DiffEqual, "foo "},
-		{dmp.DiffInsert, "bar"},
-		{dmp.DiffDelete, " baz"},
-		{dmp.DiffEqual, " biz"},
+		{Type: dmp.DiffEqual, Text: "foo "},
+		{Type: dmp.DiffInsert, Text: "bar"},
+		{Type: dmp.DiffDelete, Text: " baz"},
+		{Type: dmp.DiffEqual, Text: " biz"},
 	}, DiffLineAdd))
 
 	assertEqual(t, "-foo <span class=\"removed-code\">bar</span> biz", diffToHTML([]dmp.Diff{
-		{dmp.DiffEqual, "foo "},
-		{dmp.DiffDelete, "bar"},
-		{dmp.DiffInsert, " baz"},
-		{dmp.DiffEqual, " biz"},
+		{Type: dmp.DiffEqual, Text: "foo "},
+		{Type: dmp.DiffDelete, Text: "bar"},
+		{Type: dmp.DiffInsert, Text: " baz"},
+		{Type: dmp.DiffEqual, Text: " biz"},
 	}, DiffLineDel))
 }

models/issue_comment.go

@@ -418,7 +418,7 @@ func createComment(e *xorm.Session, opts *CreateCommentOptions) (_ *Comment, err
 	}
 
 	// update the issue's updated_unix column
-	if err = updateIssueCols(e, opts.Issue); err != nil {
+	if err = updateIssueCols(e, opts.Issue, "updated_unix"); err != nil {
 		return nil, err
 	}
 

models/repo.go

@@ -163,6 +163,7 @@ func NewRepoContext() {
 type Repository struct {
 	ID            int64  `xorm:"pk autoincr"`
 	OwnerID       int64  `xorm:"UNIQUE(s)"`
+	OwnerName     string `xorm:"-"`
 	Owner         *User  `xorm:"-"`
 	LowerName     string `xorm:"UNIQUE(s) INDEX NOT NULL"`
 	Name          string `xorm:"INDEX NOT NULL"`
@@ -223,9 +224,17 @@ func (repo *Repository) MustOwner() *User {
 	return repo.mustOwner(x)
 }
 
+// MustOwnerName always returns valid owner name to avoid
+// conceptually impossible error handling.
+// It returns "error" and logs error details when error
+// occurs.
+func (repo *Repository) MustOwnerName() string {
+	return repo.mustOwnerName(x)
+}
+
 // FullName returns the repository full name
 func (repo *Repository) FullName() string {
-	return repo.MustOwner().Name + "/" + repo.Name
+	return repo.MustOwnerName() + "/" + repo.Name
 }
 
 // HTMLURL returns the repository HTML URL
@@ -477,6 +486,41 @@ func (repo *Repository) mustOwner(e Engine) *User {
 	return repo.Owner
 }
 
+func (repo *Repository) getOwnerName(e Engine) error {
+	if len(repo.OwnerName) > 0 {
+		return nil
+	}
+
+	if repo.Owner != nil {
+		repo.OwnerName = repo.Owner.Name
+		return nil
+	}
+
+	u := new(User)
+	has, err := e.ID(repo.OwnerID).Cols("name").Get(u)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrUserNotExist{repo.OwnerID, "", 0}
+	}
+	repo.OwnerName = u.Name
+	return nil
+}
+
+// GetOwnerName returns the repository owner name
+func (repo *Repository) GetOwnerName() error {
+	return repo.getOwnerName(x)
+}
+
+func (repo *Repository) mustOwnerName(e Engine) string {
+	if err := repo.getOwnerName(e); err != nil {
+		log.Error(4, "Error loading repository owner name: %v", err)
+		return "error"
+	}
+
+	return repo.OwnerName
+}
+
 // ComposeMetas composes a map of metas for rendering external issue tracker URL.
 func (repo *Repository) ComposeMetas() map[string]string {
 	unit, err := repo.GetUnit(UnitTypeExternalTracker)
@@ -588,7 +632,7 @@ func (repo *Repository) GetBaseRepo() (err error) {
 }
 
 func (repo *Repository) repoPath(e Engine) string {
-	return RepoPath(repo.mustOwner(e).Name, repo.Name)
+	return RepoPath(repo.mustOwnerName(e), repo.Name)
 }
 
 // RepoPath returns the repository path
@@ -1131,7 +1175,7 @@ type CreateRepoOptions struct {
 }
 
 func getRepoInitFile(tp, name string) ([]byte, error) {
-	cleanedName := strings.TrimLeft(name, "./")
+	cleanedName := strings.TrimLeft(path.Clean("/"+name), "/")
 	relPath := path.Join("options", tp, cleanedName)
 
 	// Use custom file when available.
@@ -2133,7 +2177,7 @@ func ReinitMissingRepositories() error {
 // SyncRepositoryHooks rewrites all repositories' pre-receive, update and post-receive hooks
 // to make sure the binary and custom conf path are up-to-date.
 func SyncRepositoryHooks() error {
-	return x.Where("id > 0").Iterate(new(Repository),
+	return x.Cols("owner_id", "name").Where("id > 0").Iterate(new(Repository),
 		func(idx int, bean interface{}) error {
 			if err := createDelegateHooks(bean.(*Repository).RepoPath()); err != nil {
 				return fmt.Errorf("SyncRepositoryHook: %v", err)

models/user.go

@@ -651,7 +651,7 @@ func NewGhostUser() *User {
 }
 
 var (
-	reservedUsernames    = []string{"assets", "css", "explore", "img", "js", "less", "plugins", "debug", "raw", "install", "api", "avatars", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "new", ".", ".."}
+	reservedUsernames    = []string{"assets", "css", "explore", "img", "js", "less", "plugins", "debug", "raw", "install", "api", "avatars", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "error", "new", ".", ".."}
 	reservedUserPatterns = []string{"*.keys"}
 )
 
@@ -934,7 +934,7 @@ func deleteUser(e *xorm.Session, u *User) error {
 	if err = e.Table("star").Cols("star.repo_id").
 		Where("star.uid = ?", u.ID).Find(&starredRepoIDs); err != nil {
 		return fmt.Errorf("get all stars: %v", err)
-	} else if _, err = e.Decr("num_watches").In("id", starredRepoIDs).Update(new(Repository)); err != nil {
+	} else if _, err = e.Decr("num_stars").In("id", starredRepoIDs).Update(new(Repository)); err != nil {
 		return fmt.Errorf("decrease repository num_stars: %v", err)
 	}
 	// ***** END: Star *****

models/wiki.go

@@ -67,7 +67,7 @@ func WikiPath(userName, repoName string) string {
 
 // WikiPath returns wiki data path for given repository.
 func (repo *Repository) WikiPath() string {
-	return WikiPath(repo.MustOwner().Name, repo.Name)
+	return WikiPath(repo.MustOwnerName(), repo.Name)
 }
 
 // HasWiki returns true if repository has wiki.

modules/lfs/server.go

@@ -83,6 +83,8 @@ type link struct {
 	ExpiresAt time.Time         `json:"expires_at,omitempty"`
 }
 
+var oidRegExp = regexp.MustCompile(`^[A-Fa-f0-9]+$`)
+
 // ObjectOidHandler is the main request routing entry point into LFS server functions
 func ObjectOidHandler(ctx *context.Context) {
 
@@ -217,6 +219,12 @@ func PostHandler(ctx *context.Context) {
 
 	if !authenticate(ctx, repository, rv.Authorization, true) {
 		requireAuth(ctx)
+		return
+	}
+
+	if !oidRegExp.MatchString(rv.Oid) {
+		writeStatus(ctx, 404)
+		return
 	}
 
 	meta, err := models.NewLFSMetaObject(&models.LFSMetaObject{Oid: rv.Oid, Size: rv.Size, RepositoryID: repository.ID})
@@ -284,10 +292,12 @@ func BatchHandler(ctx *context.Context) {
 			continue
 		}
 
-		// Object is not found
-		meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
-		if err == nil {
-			responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
+		if oidRegExp.MatchString(object.Oid) {
+			// Object is not found
+			meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
+			if err == nil {
+				responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
+			}
 		}
 	}
 

modules/util/time_stamp.go

@@ -59,3 +59,8 @@ func (ts TimeStamp) FormatLong() string {
 func (ts TimeStamp) FormatShort() string {
 	return ts.Format("Jan 02, 2006")
 }
+
+// IsZero is zero time
+func (ts TimeStamp) IsZero() bool {
+	return ts.AsTime().IsZero()
+}

routers/repo/editor.go

@@ -163,7 +163,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
 		branchName = form.NewBranchName
 	}
 
-	form.TreePath = strings.Trim(form.TreePath, " /")
+	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
 	treeNames, treePaths := getParentTreeFields(form.TreePath)
 
 	ctx.Data["TreePath"] = form.TreePath
@@ -477,7 +477,7 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
 		branchName = form.NewBranchName
 	}
 
-	form.TreePath = strings.Trim(form.TreePath, " /")
+	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
 	treeNames, treePaths := getParentTreeFields(form.TreePath)
 	if len(treeNames) == 0 {
 		// We must at least have one element for user to input.

routers/repo/http.go

@@ -184,33 +184,33 @@ func HTTP(ctx *context.Context) {
 					return
 				}
 			}
+		}
 
-			if !isPublicPull {
-				has, err := models.HasAccess(authUser.ID, repo, accessMode)
-				if err != nil {
-					ctx.ServerError("HasAccess", err)
-					return
-				} else if !has {
-					if accessMode == models.AccessModeRead {
-						has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
-						if err != nil {
-							ctx.ServerError("HasAccess2", err)
-							return
-						} else if !has {
-							ctx.HandleText(http.StatusForbidden, "User permission denied")
-							return
-						}
-					} else {
+		if !isPublicPull {
+			has, err := models.HasAccess(authUser.ID, repo, accessMode)
+			if err != nil {
+				ctx.ServerError("HasAccess", err)
+				return
+			} else if !has {
+				if accessMode == models.AccessModeRead {
+					has, err = models.HasAccess(authUser.ID, repo, models.AccessModeWrite)
+					if err != nil {
+						ctx.ServerError("HasAccess2", err)
+						return
+					} else if !has {
 						ctx.HandleText(http.StatusForbidden, "User permission denied")
 						return
 					}
-				}
-
-				if !isPull && repo.IsMirror {
-					ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
+				} else {
+					ctx.HandleText(http.StatusForbidden, "User permission denied")
 					return
 				}
 			}
+
+			if !isPull && repo.IsMirror {
+				ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
+				return
+			}
 		}
 
 		if !repo.CheckUnitUser(authUser.ID, authUser.IsAdmin, unitType) {

routers/repo/issue_label_test.go

@@ -32,7 +32,7 @@ func TestInitializeLabels(t *testing.T) {
 	ctx := test.MockContext(t, "user2/repo1/labels/initialize")
 	test.LoadUser(t, ctx, 2)
 	test.LoadRepo(t, ctx, 2)
-	InitializeLabels(ctx, auth.InitializeLabelsForm{"Default"})
+	InitializeLabels(ctx, auth.InitializeLabelsForm{TemplateName: "Default"})
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 	models.AssertExistsAndLoadBean(t, &models.Label{
 		RepoID: 2,

templates/repo/branch/list.tmpl

@@ -69,12 +69,12 @@
 <div class="ui small basic delete modal">
 	<div class="ui icon header">
 		<i class="trash icon"></i>
-		{{.i18n.Tr "repo.branch.delete_html"| Safe}} <span class="branch-name"></span>
+		{{.i18n.Tr "repo.branch.delete_html"}} <span class="branch-name"></span>
 	</div>
 	<div class="content">
-		<p>{{.i18n.Tr "repo.branch.delete_desc" | Safe}}</p>
+		<p>{{.i18n.Tr "repo.branch.delete_desc"}}</p>
 		{{.i18n.Tr "repo.branch.delete_notices_1" | Safe}}<br>
-		{{.i18n.Tr "repo.branch.delete_notices_html" | Safe}} <span class="branch-name"></span><br>
+		{{.i18n.Tr "repo.branch.delete_notices_html"}} <span class="branch-name"></span><br>
 	</div>
 	{{template "base/delete_modal_actions" .}}
 </div>

templates/repo/create.tmpl

@@ -36,7 +36,7 @@
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{.i18n.Tr "repo.repo_name"}}</label>
 						<input id="repo_name" name="repo_name" value="{{.repo_name}}" autofocus required>
-						<span class="help">{{.i18n.Tr "repo.repo_name_helper" | Safe}}</span>
+						<span class="help">{{.i18n.Tr "repo.repo_name_helper"}}</span>
 					</div>
 					<div class="inline field">
 						<label>{{.i18n.Tr "repo.visibility"}}</label>

templates/repo/editor/commit_form.tmpl

@@ -14,8 +14,7 @@
 					<input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" {{if eq .commit_choice "direct"}}checked{{end}}>
 					<label>
 						<i class="octicon octicon-git-commit" height="16" width="14"></i>
-						{{$branchName := .BranchName | Str2html}}
-						{{.i18n.Tr "repo.editor.commit_directly_to_this_branch" $branchName | Safe}}
+						{{.i18n.Tr "repo.editor.commit_directly_to_this_branch" (.BranchName|Escape) | Safe}}
 					</label>
 				</div>
 			</div>

templates/repo/header.tmpl

@@ -48,7 +48,7 @@
 	<div class="ui tabs container">
 		<div class="ui tabular stackable menu navbar">
 			{{if .Repository.UnitEnabled $.UnitTypeCode}}
-			<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}">
+			<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/branch/{{.BranchName}}{{end}}">
 				<i class="octicon octicon-code"></i> {{.i18n.Tr "repo.code"}}
 			</a>
 			{{end}}

templates/repo/home.tmpl

@@ -73,7 +73,7 @@
 						{{else if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}}
 							<input id="repo-clone-url" value="{{$.CloneLink.SSH}}" readonly>
 						{{end}}
-						{{if or ((not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)))}}
+						{{if or (not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH))}}
 							<button class="ui basic icon button poping up clipboard" id="clipboard-btn" data-original="{{.i18n.Tr "repo.copy_link"}}" data-success="{{.i18n.Tr "repo.copy_link_success"}}" data-error="{{.i18n.Tr "repo.copy_link_error"}}" data-content="{{.i18n.Tr "repo.copy_link"}}" data-variation="inverted tiny" data-clipboard-target="#repo-clone-url">
 								<i class="octicon octicon-clippy"></i>
 							</button>

templates/repo/issue/view_content.tmpl

@@ -134,12 +134,12 @@
 <div class="ui small basic delete modal">
 	<div class="ui icon header">
 		<i class="trash icon"></i>
-		{{.i18n.Tr "repo.branch.delete" .HeadTarget | Safe}}
+		{{.i18n.Tr "repo.branch.delete" .HeadTarget }}
 	</div>
 	<div class="content">
-		<p>{{.i18n.Tr "repo.branch.delete_desc" | Safe}}</p>
+		<p>{{.i18n.Tr "repo.branch.delete_desc"}}</p>
 		{{.i18n.Tr "repo.branch.delete_notices_1" | Safe}}<br>
-		{{.i18n.Tr "repo.branch.delete_notices_2" .HeadTarget | Safe}}<br>
+		{{.i18n.Tr "repo.branch.delete_notices_2" .HeadTarget}}<br>
 	</div>
 	{{template "base/delete_modal_actions" .}}
 </div>

templates/repo/issue/view_content/comments.tmpl

@@ -145,7 +145,7 @@
 				<img src="{{.Poster.RelAvatarLink}}">
 			</a>
 			<span class="text grey"><a href="{{.Poster.HomeLink}}">{{.Poster.Name}}</a>
-			{{$.i18n.Tr "repo.issues.delete_branch_at" .CommitSHA $createdStr | Safe}}
+			{{$.i18n.Tr "repo.issues.delete_branch_at" (.CommitSHA|Escape) $createdStr | Safe}}
 			</span>
 		</div>
     {{else if eq .Type 12}}

templates/repo/settings/options.tmpl

@@ -302,7 +302,7 @@
 		</div>
 		<div class="content">
 			<div class="ui warning message text left">
-				{{.i18n.Tr "repo.settings.convert_notices_1" | Safe}}
+				{{.i18n.Tr "repo.settings.convert_notices_1"}}
 			</div>
 			<form class="ui form" action="{{.Link}}" method="post">
 				{{.CsrfTokenHtml}}
@@ -333,8 +333,8 @@
 		</div>
 		<div class="content">
 			<div class="ui warning message text left">
-				{{.i18n.Tr "repo.settings.transfer_notices_1" | Safe}} <br>
-				{{.i18n.Tr "repo.settings.transfer_notices_2" | Safe}}
+				{{.i18n.Tr "repo.settings.transfer_notices_1"}} <br>
+				{{.i18n.Tr "repo.settings.transfer_notices_2"}}
 			</div>
 			<form class="ui form" action="{{.Link}}" method="post">
 				{{.CsrfTokenHtml}}
@@ -371,7 +371,7 @@
 				{{.i18n.Tr "repo.settings.delete_notices_1" | Safe}}<br>
 				{{.i18n.Tr "repo.settings.delete_notices_2" .Repository.FullName | Safe}}
 				{{if .Repository.NumForks}}<br>
-				{{.i18n.Tr "repo.settings.delete_notices_fork_1" | Safe}}
+				{{.i18n.Tr "repo.settings.delete_notices_fork_1"}}
 				{{end}}
 			</div>
 			<form class="ui form" action="{{.Link}}" method="post">

templates/user/settings/keys_gpg.tmpl

@@ -26,7 +26,7 @@
 					<div class="activity meta">
 						<i>{{$.i18n.Tr "settings.add_on"}} <span>{{.AddedUnix.FormatShort}}</span></i>
 						-
-						<i>{{if .ExpiredUnix}}{{$.i18n.Tr "settings.valid_until"}} <span>{{.ExpiredUnix.FormatShort}}</span>{{else}}{{$.i18n.Tr "settings.valid_forever"}}{{end}}</i>
+						<i>{{if not .ExpiredUnix.IsZero}}{{$.i18n.Tr "settings.valid_until"}} <span>{{.ExpiredUnix.FormatShort}}</span>{{else}}{{$.i18n.Tr "settings.valid_forever"}}{{end}}</i>
 					</div>
 				</div>
 			</div>