1.7.0 changelog (#5802)

* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof

CHANGELOG.md

@@ -4,7 +4,11 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
-## [1.7.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-02
+## [1.7.0](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-22
+* SECURITY
+  * Do not display the raw OpenID error in the UI (#5705) (#5712)
+  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
+  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
 * BREAKING
   * Restrict permission check on repositories and fix some problems (#5314)
   * Show only opened milestones on issues page milestone filter (#5051)
@@ -23,6 +27,13 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Give user a link to create PR after push (#4716)
   * Add rebase with merge commit merge style (#3844) (#4052)
 * BUGFIXES
+  * Disallow empty titles (#5785) (#5794) 
+  * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
+  * Don't close issues via commits on non-default branch. (#5622) (#5643)
+  * Fix commit page showing status for current default branch (#5650) (#5653)
+  * Only count users own actions for heatmap contributions (#5647) (#5655)
+  * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
+  * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
   * Fix bug on modifying sshd username (#5624)
   * Delete tags in mirror which are removed for original repo. (#5609)
   * Fix wrong text getting saved on editing second comment on an issue. (#5608)
@@ -149,6 +160,18 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
   * Git-Trees API (#5403)
   * Only chown directories during docker setup if necessary. Fix #4425 (#5064)
 
+## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
+* BUGFIX
+  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
+  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
+  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
+
+## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
+* SECURITY
+  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
+* BUGFIX
+  * Fix wrong text getting saved on editing second comment on an issue (#5608)
+
 ## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
 * SECURITY
   * Sanitize uploaded file names (#5571) (#5573)

Gopkg.lock

@@ -406,11 +406,11 @@
   version = "v0.6.0"
 
 [[projects]]
-  digest = "1:931a62a1aacc37a5e4c309a111642ec4da47b4dc453cd4ba5481b12eedb04a5d"
+  digest = "1:d366480c27ab51b3f7e995f25503063e7a6ebc7feb269df2499c33471f35cd62"
   name = "github.com/go-xorm/xorm"
   packages = ["."]
   pruneopts = "NUT"
-  revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"
+  revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
 
 [[projects]]
   branch = "master"

Gopkg.toml

@@ -38,7 +38,7 @@ ignored = ["google.golang.org/appengine*"]
 
 [[override]]
   name = "github.com/go-xorm/xorm"
-  revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"
+  revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
 
 [[override]]
   name = "github.com/go-xorm/builder"

cmd/cmd.go

@@ -9,10 +9,11 @@ package cmd
 import (
 	"errors"
 	"fmt"
-	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+
 	"github.com/urfave/cli"
 )
 
@@ -24,7 +25,7 @@ func argsSet(c *cli.Context, args ...string) error {
 			return errors.New(a + " is not set")
 		}
 
-		if len(strings.TrimSpace(c.String(a))) == 0 {
+		if util.IsEmptyString(a) {
 			return errors.New(a + " is required")
 		}
 	}

models/action.go

@@ -476,8 +476,34 @@ func getIssueFromRef(repo *Repository, ref string) (*Issue, error) {
 	return issue, nil
 }
 
+func changeIssueStatus(repo *Repository, doer *User, ref string, refMarked map[int64]bool, status bool) error {
+	issue, err := getIssueFromRef(repo, ref)
+	if err != nil {
+		return err
+	}
+
+	if issue == nil || refMarked[issue.ID] {
+		return nil
+	}
+	refMarked[issue.ID] = true
+
+	if issue.RepoID != repo.ID || issue.IsClosed == status {
+		return nil
+	}
+
+	issue.Repo = repo
+	if err = issue.ChangeStatus(doer, status); err != nil {
+		// Don't return an error when dependencies are open as this would let the push fail
+		if IsErrDependenciesLeft(err) {
+			return nil
+		}
+		return err
+	}
+	return nil
+}
+
 // UpdateIssuesCommit checks if issues are manipulated by commit message.
-func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) error {
+func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, branchName string) error {
 	// Commits are appended in the reverse order.
 	for i := len(commits) - 1; i >= 0; i-- {
 		c := commits[i]
@@ -500,51 +526,21 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) err
 			}
 		}
 
+		// Change issue status only if the commit has been pushed to the default branch.
+		if repo.DefaultBranch != branchName {
+			continue
+		}
+
 		refMarked = make(map[int64]bool)
-		// FIXME: can merge this one and next one to a common function.
 		for _, ref := range issueCloseKeywordsPat.FindAllString(c.Message, -1) {
-			issue, err := getIssueFromRef(repo, ref)
-			if err != nil {
-				return err
-			}
-
-			if issue == nil || refMarked[issue.ID] {
-				continue
-			}
-			refMarked[issue.ID] = true
-
-			if issue.RepoID != repo.ID || issue.IsClosed {
-				continue
-			}
-
-			issue.Repo = repo
-			if err = issue.ChangeStatus(doer, true); err != nil {
-				// Don't return an error when dependencies are open as this would let the push fail
-				if IsErrDependenciesLeft(err) {
-					return nil
-				}
+			if err := changeIssueStatus(repo, doer, ref, refMarked, true); err != nil {
 				return err
 			}
 		}
 
 		// It is conflict to have close and reopen at same time, so refsMarked doesn't need to reinit here.
 		for _, ref := range issueReopenKeywordsPat.FindAllString(c.Message, -1) {
-			issue, err := getIssueFromRef(repo, ref)
-			if err != nil {
-				return err
-			}
-
-			if issue == nil || refMarked[issue.ID] {
-				continue
-			}
-			refMarked[issue.ID] = true
-
-			if issue.RepoID != repo.ID || !issue.IsClosed {
-				continue
-			}
-
-			issue.Repo = repo
-			if err = issue.ChangeStatus(doer, false); err != nil {
+			if err := changeIssueStatus(repo, doer, ref, refMarked, false); err != nil {
 				return err
 			}
 		}
@@ -609,7 +605,7 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 			opts.Commits.CompareURL = repo.ComposeCompareURL(opts.OldCommitID, opts.NewCommitID)
 		}
 
-		if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits); err != nil {
+		if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits, refName); err != nil {
 			log.Error(4, "updateIssuesCommit: %v", err)
 		}
 	}

models/action_test.go

@@ -227,10 +227,37 @@ func TestUpdateIssuesCommit(t *testing.T) {
 
 	AssertNotExistsBean(t, commentBean)
 	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 2}, "is_closed=1")
-	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits))
+	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, repo.DefaultBranch))
 	AssertExistsAndLoadBean(t, commentBean)
 	AssertExistsAndLoadBean(t, issueBean, "is_closed=1")
 	CheckConsistencyFor(t, &Action{})
+
+	// Test that push to a non-default branch closes no issue.
+	pushCommits = []*PushCommit{
+		{
+			Sha1:           "abcdef1",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user4@example.com",
+			AuthorName:     "User Four",
+			Message:        "close #1",
+		},
+	}
+	repo = AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
+	commentBean = &Comment{
+		Type:      CommentTypeCommitRef,
+		CommitSHA: "abcdef1",
+		PosterID:  user.ID,
+		IssueID:   6,
+	}
+	issueBean = &Issue{RepoID: repo.ID, Index: 1}
+
+	AssertNotExistsBean(t, commentBean)
+	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 1}, "is_closed=1")
+	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, "non-existing-branch"))
+	AssertExistsAndLoadBean(t, commentBean)
+	AssertNotExistsBean(t, issueBean, "is_closed=1")
+	CheckConsistencyFor(t, &Action{})
 }
 
 func testCorrectRepoAction(t *testing.T, opts CommitRepoActionOptions, actionBean *Action) {

models/issue.go

@@ -1402,7 +1402,7 @@ func UpdateIssueMentions(e Engine, issueID int64, mentions []string) error {
 		}
 
 		memberIDs := make([]int64, 0, user.NumMembers)
-		orgUsers, err := GetOrgUsersByOrgID(user.ID)
+		orgUsers, err := getOrgUsersByOrgID(e, user.ID)
 		if err != nil {
 			return fmt.Errorf("GetOrgUsersByOrgID [%d]: %v", user.ID, err)
 		}

models/issue_assignees.go

@@ -44,7 +44,11 @@ func (issue *Issue) loadAssignees(e Engine) (err error) {
 
 // GetAssigneesByIssue returns everyone assigned to that issue
 func GetAssigneesByIssue(issue *Issue) (assignees []*User, err error) {
-	err = issue.loadAssignees(x)
+	return getAssigneesByIssue(x, issue)
+}
+
+func getAssigneesByIssue(e Engine, issue *Issue) (assignees []*User, err error) {
+	err = issue.loadAssignees(e)
 	if err != nil {
 		return assignees, err
 	}
@@ -173,7 +177,7 @@ func (issue *Issue) changeAssignee(sess *xorm.Session, doer *User, assigneeID in
 		issue.PullRequest.Issue = issue
 		apiPullRequest := &api.PullRequestPayload{
 			Index:       issue.Index,
-			PullRequest: issue.PullRequest.APIFormat(),
+			PullRequest: issue.PullRequest.apiFormat(sess),
 			Repository:  issue.Repo.innerAPIFormat(sess, mode, false),
 			Sender:      doer.APIFormat(),
 		}

models/issue_mail.go

@@ -48,7 +48,7 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content
 	}
 
 	// Assignees must receive any communications
-	assignees, err := GetAssigneesByIssue(issue)
+	assignees, err := getAssigneesByIssue(e, issue)
 	if err != nil {
 		return err
 	}

models/issue_user.go

@@ -54,7 +54,7 @@ func newIssueUsers(e Engine, repo *Repository, issue *Issue) error {
 func updateIssueAssignee(e *xorm.Session, issue *Issue, assigneeID int64) (removed bool, err error) {
 
 	// Check if the user exists
-	assignee, err := GetUserByID(assigneeID)
+	assignee, err := getUserByID(e, assigneeID)
 	if err != nil {
 		return false, err
 	}

models/org.go

@@ -393,8 +393,12 @@ func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {
 
 // GetOrgUsersByOrgID returns all organization-user relations by organization ID.
 func GetOrgUsersByOrgID(orgID int64) ([]*OrgUser, error) {
+	return getOrgUsersByOrgID(x, orgID)
+}
+
+func getOrgUsersByOrgID(e Engine, orgID int64) ([]*OrgUser, error) {
 	ous := make([]*OrgUser, 0, 10)
-	err := x.
+	err := e.
 		Where("org_id=?", orgID).
 		Find(&ous)
 	return ous, err

models/repo_watch.go

@@ -113,15 +113,15 @@ func notifyWatchers(e Engine, act *Action) error {
 
 		switch act.OpType {
 		case ActionCommitRepo, ActionPushTag, ActionDeleteTag, ActionDeleteBranch:
-			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeCode) {
+			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeCode) {
 				continue
 			}
 		case ActionCreateIssue, ActionCommentIssue, ActionCloseIssue, ActionReopenIssue:
-			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeIssues) {
+			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeIssues) {
 				continue
 			}
 		case ActionCreatePullRequest, ActionMergePullRequest, ActionClosePullRequest, ActionReopenPullRequest:
-			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypePullRequests) {
+			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypePullRequests) {
 				continue
 			}
 		}

models/ssh_key.go

@@ -844,6 +844,11 @@ func DeleteDeployKey(doer *User, id int64) error {
 		if err = deletePublicKeys(sess, key.KeyID); err != nil {
 			return err
 		}
+
+		// after deleted the public keys, should rewrite the public keys file
+		if err = rewriteAllPublicKeys(sess); err != nil {
+			return err
+		}
 	}
 
 	return sess.Commit()

models/user_heatmap.go

@@ -32,12 +32,22 @@ func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) {
 		groupByName = groupBy
 	}
 
-	err := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
+	sess := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
 		Table("action").
 		Where("user_id = ?", user.ID).
-		And("created_unix > ?", (util.TimeStampNow() - 31536000)).
-		GroupBy(groupByName).
+		And("created_unix > ?", (util.TimeStampNow() - 31536000))
+
+	// * Heatmaps for individual users only include actions that the user themself
+	//   did.
+	// * For organizations actions by all users that were made in owned
+	//   repositories are counted.
+	if user.Type == UserTypeIndividual {
+		sess = sess.And("act_user_id = ?", user.ID)
+	}
+
+	err := sess.GroupBy(groupByName).
 		OrderBy("timestamp").
 		Find(&hdata)
+
 	return hdata, err
 }

modules/public/public.go

@@ -117,7 +117,7 @@ func (opts *Options) handle(ctx *macaron.Context, log *log.Logger, opt *Options)
 	if fi.IsDir() {
 		// Redirect if missing trailing slash.
 		if !strings.HasSuffix(ctx.Req.URL.Path, "/") {
-			http.Redirect(ctx.Resp, ctx.Req.Request, ctx.Req.URL.Path+"/", http.StatusFound)
+			http.Redirect(ctx.Resp, ctx.Req.Request, path.Clean(ctx.Req.URL.Path+"/"), http.StatusFound)
 			return true
 		}
 

modules/util/util.go

@@ -98,3 +98,8 @@ func Min(a, b int) int {
 	}
 	return a
 }
+
+// IsEmptyString checks if the provided string is empty
+func IsEmptyString(s string) bool {
+	return len(strings.TrimSpace(s)) == 0
+}

modules/util/util_test.go

@@ -77,3 +77,20 @@ func TestIsExternalURL(t *testing.T) {
 		assert.Equal(t, test.Expected, IsExternalURL(test.RawURL))
 	}
 }
+
+func TestIsEmptyString(t *testing.T) {
+
+	cases := []struct {
+		s        string
+		expected bool
+	}{
+		{"", true},
+		{" ", true},
+		{"   ", true},
+		{"  a", false},
+	}
+
+	for _, v := range cases {
+		assert.Equal(t, v.expected, IsEmptyString(v.s))
+	}
+}

options/locale/locale_en-US.ini

@@ -655,6 +655,7 @@ ext_issues.desc = Link to an external issue tracker.
 
 issues.desc = Organize bug reports, tasks and milestones.
 issues.new = New Issue
+issues.new.title_empty = Title cannot be empty
 issues.new.labels = Labels
 issues.new.no_label = No Label
 issues.new.clear_labels = Clear labels

options/locale/locale_lv-LV.ini

@@ -859,6 +859,7 @@ pulls.title_wip_desc=`<a href="#">Sāciet virsrakstu ar <strong>%s</strong></a>,
 pulls.cannot_merge_work_in_progress=Šis izmaiņu pieprasījums ir atzīmēts, ka pie tā vēl notiek izstrāde. Noņemiet <strong>%s</strong> no virsraksta sākuma, kad tas ir pabeigts.
 pulls.data_broken=Izmaiņu pieprasījums ir bojāts, jo dzēsta informācija no atdalītā repozitorija.
 pulls.is_checking=Notiek konfliktu pārbaude, mirkli uzgaidiet un atjaunojiet lapu.
+pulls.blocked_by_approvals=Šim izmaiņu pieprasījumam nav nepieciešamais apstiprinājumu daudzums. %d no %d apstiprinājumi piešķirti.
 pulls.can_auto_merge_desc=Šo izmaiņu pieprasījumu var automātiski sapludināt.
 pulls.cannot_auto_merge_desc=Šis izmaiņu pieprasījums nevar tikt automātiski sapludināts konfliktu dēļ.
 pulls.cannot_auto_merge_helper=Sapludiniet manuāli, lai atrisinātu konfliktus.
@@ -867,6 +868,7 @@ pulls.no_merge_helper=Lai sapludinātu šo izmaiņu pieprasījumu, iespējojiet
 pulls.no_merge_wip=Šo izmaiņu pieprasījumu nav iespējams sapludināt, jo tas ir atzīmēts, ka darbs pie tā vēl nav pabeigts.
 pulls.merge_pull_request=Izmaiņu pieprasījuma sapludināšana
 pulls.rebase_merge_pull_request=Pārbāzēt un sapludināt
+pulls.rebase_merge_commit_pull_request=Pārbāzēt un sapludināt (--no-ff)
 pulls.squash_merge_pull_request=Saspiest un sapludināt
 pulls.invalid_merge_option=Nav iespējams izmantot šādu sapludināšanas veidu šim izmaiņu pieprasījumam.
 pulls.open_unmerged_pull_exists=`Jūs nevarat veikt atkārtotas atvēršanas darbību, jo jau eksistē izmaiņu pieprasījums (#%d) ar šādu sapludināšanas informāciju.`
@@ -1012,6 +1014,7 @@ settings.pulls_desc=Iespējot repozitorija izmaiņu pieprasījumus
 settings.pulls.ignore_whitespace=Pārbaudot konfliktus, ignorēt izmaiņas atstarpēs
 settings.pulls.allow_merge_commits=Iespējot revīziju sapludināšanu
 settings.pulls.allow_rebase_merge=Iespējot pārbāzēšanu sapludinot revīzijas
+settings.pulls.allow_rebase_merge_commit=Iespējot pārbāzēšanu sapludinot revīzijas (--no-ff)
 settings.pulls.allow_squash_commits=Iespējot saspiešanu sapludinot revīzijas
 settings.admin_settings=Administratora iestatījumi
 settings.admin_enable_health_check=Iespējot veselības pārbaudi (git fsck) šim repozitorijam
@@ -1098,6 +1101,7 @@ settings.event_issue_comment_desc=Problēmas komentārs pievienots, labots vai d
 settings.event_release=Laidiens
 settings.event_release_desc=Publicēts, atjaunots vai dzēsts laidiens repozitorijā.
 settings.event_pull_request=Izmaiņu pieprasījums
+settings.event_pull_request_desc=Izmaiņu pieprasījums izveidots, slēgts, atkārtoti atvērts, labots, apstiprināts, noraidīts, recenzēts, piešķirts, pievienots vai noņemts atbildīgais, pievienota etiķete, noņemta etiķete, pievienots vai noņemts atskaites punkts.
 settings.event_push=Izmaiņu nosūtīšana
 settings.event_push_desc=Git izmaiņu nosūtīšana uz repozitoriju.
 settings.event_repository=Repozitorijs
@@ -1148,6 +1152,10 @@ settings.protect_merge_whitelist_committers=Iespējot sapludināšanas ierobežo
 settings.protect_merge_whitelist_committers_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumus šajā atzarā.
 settings.protect_merge_whitelist_users=Lietotāji, kas var veikt izmaiņu sapludināšanu:
 settings.protect_merge_whitelist_teams=Komandas, kas var veikt izmaiņu sapludināšanu:
+settings.protect_required_approvals=Vajadzīgi apstiprinājumi:
+settings.protect_required_approvals_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumu, kam veikts noteikts daudzums pozitīvu recenziju.
+settings.protect_approvals_whitelist_users=Lietotāji, kas var veikt recenzijas:
+settings.protect_approvals_whitelist_teams=Komandas, kas var veikt recenzijas:
 settings.add_protected_branch=Iespējot aizsargāšanu
 settings.delete_protected_branch=Atspējot aizsargāšanu
 settings.update_protect_branch_success=Atzara aizsardzība atzaram '%s' tika saglabāta.
@@ -1158,6 +1166,7 @@ settings.default_branch_desc=Norādiet noklusēto repozitorija atzaru izmaiņu p
 settings.choose_branch=Izvēlieties atzaru…
 settings.no_protected_branch=Nav neviena aizsargātā atzara.
 settings.edit_protected_branch=Labot
+settings.protected_branch_required_approvals_min=Pieprasīto recenziju skaits nevar būt negatīvs.
 
 diff.browse_source=Pārlūkot izejas kodu
 diff.parent=vecāks

routers/repo/commit.go

@@ -201,7 +201,7 @@ func Diff(ctx *context.Context) {
 		commitID = commit.ID.String()
 	}
 
-	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, ctx.Repo.Commit.ID.String(), 0)
+	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, commitID, 0)
 	if err != nil {
 		log.Error(3, "GetLatestCommitStatus: %v", err)
 	}

routers/repo/editor.go

@@ -163,7 +163,11 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
 		branchName = form.NewBranchName
 	}
 
-	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
+	form.TreePath = cleanUploadFileName(form.TreePath)
+	if len(form.TreePath) == 0 {
+		ctx.Error(500, "Upload file name is invalid")
+		return
+	}
 	treeNames, treePaths := getParentTreeFields(form.TreePath)
 
 	ctx.Data["TreePath"] = form.TreePath
@@ -373,6 +377,13 @@ func DeleteFile(ctx *context.Context) {
 func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
 	ctx.Data["PageIsDelete"] = true
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+
+	ctx.Repo.TreePath = cleanUploadFileName(ctx.Repo.TreePath)
+	if len(ctx.Repo.TreePath) == 0 {
+		ctx.Error(500, "Delete file name is invalid")
+		return
+	}
+
 	ctx.Data["TreePath"] = ctx.Repo.TreePath
 	canCommit := renderCommitRights(ctx)
 
@@ -477,7 +488,12 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
 		branchName = form.NewBranchName
 	}
 
-	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
+	form.TreePath = cleanUploadFileName(form.TreePath)
+	if len(form.TreePath) == 0 {
+		ctx.Error(500, "Upload file name is invalid")
+		return
+	}
+
 	treeNames, treePaths := getParentTreeFields(form.TreePath)
 	if len(treeNames) == 0 {
 		// We must at least have one element for user to input.

routers/repo/issue.go

@@ -355,7 +355,7 @@ func setTemplateIfExists(ctx *context.Context, ctxDataKey string, possibleFiles
 	}
 }
 
-// NewIssue render createing issue page
+// NewIssue render creating issue page
 func NewIssue(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.issues.new")
 	ctx.Data["PageIsIssueList"] = true
@@ -494,6 +494,11 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
 		return
 	}
 
+	if util.IsEmptyString(form.Title) {
+		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplIssueNew, form)
+		return
+	}
+
 	issue := &models.Issue{
 		RepoID:      repo.ID,
 		Title:       form.Title,

routers/repo/pull.go

@@ -22,6 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 
 	"github.com/Unknwon/com"
 )
@@ -860,6 +861,16 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
 		return
 	}
 
+	if util.IsEmptyString(form.Title) {
+		PrepareCompareDiff(ctx, headUser, headRepo, headGitRepo, prInfo, baseBranch, headBranch)
+		if ctx.Written() {
+			return
+		}
+
+		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplComparePull, form)
+		return
+	}
+
 	patch, err := headGitRepo.GetPatch(prInfo.MergeBase, headBranch)
 	if err != nil {
 		ctx.ServerError("GetPatch", err)

routers/repo/wiki.go

@@ -341,6 +341,11 @@ func NewWikiPost(ctx *context.Context, form auth.NewWikiForm) {
 		return
 	}
 
+	if util.IsEmptyString(form.Title) {
+		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplWikiNew, form)
+		return
+	}
+
 	wikiName := models.NormalizeWikiName(form.Title)
 	if err := ctx.Repo.Repository.AddWikiPage(ctx.User, wikiName, form.Content, form.Message); err != nil {
 		if models.IsErrWikiReservedName(err) {

routers/user/auth_openid.go

@@ -115,7 +115,8 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) {
 	redirectTo := setting.AppURL + "user/login/openid"
 	url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
 	if err != nil {
-		ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
+		log.Error(1, "Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
+		ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
 		return
 	}
 

templates/admin/dashboard.tmpl

@@ -100,7 +100,7 @@
 				<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_usage"}}</dt>
 				<dd>{{.SysStatus.MSpanInuse}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_obtained"}}</dt>
-				<dd>{{.SysStatus.HeapSys}}</dd>
+				<dd>{{.SysStatus.MSpanSys}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_usage"}}</dt>
 				<dd>{{.SysStatus.MCacheInuse}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_obtained"}}</dt>

vendor/github.com/go-xorm/xorm/dialect_postgres.go

@@ -822,7 +822,7 @@ func (db *postgres) SqlType(c *core.Column) string {
 	case core.NVarchar:
 		res = core.Varchar
 	case core.Uuid:
-		res = core.Uuid
+		return core.Uuid
 	case core.Blob, core.TinyBlob, core.MediumBlob, core.LongBlob:
 		return core.Bytea
 	case core.Double:
@@ -834,6 +834,10 @@ func (db *postgres) SqlType(c *core.Column) string {
 		res = t
 	}
 
+	if strings.EqualFold(res, "bool") {
+		// for bool, we don't need length information
+		return res
+	}
 	hasLen1 := (c.Length > 0)
 	hasLen2 := (c.Length2 > 0)
 

vendor/github.com/go-xorm/xorm/engine.go

@@ -481,7 +481,8 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
 		}
 
 		cols := table.ColumnsSeq()
-		colNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))
+		colNames := engine.dialect.Quote(strings.Join(cols, engine.dialect.Quote(", ")))
+		destColNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))
 
 		rows, err := engine.DB().Query("SELECT " + colNames + " FROM " + engine.Quote(table.Name))
 		if err != nil {
@@ -496,7 +497,7 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
 				return err
 			}
 
-			_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+colNames+") VALUES (")
+			_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+destColNames+") VALUES (")
 			if err != nil {
 				return err
 			}