Fix url validation in webhook add/edit API #34492

lunny · 2025-05-16T21:59:31Z

ChristopherHX

Seems like edithook might be able to get more tests. At least I am now aware of an undetected bug from my side workflow_job can not be enabled via an edit api request (will follow up on this very soon).

@lunny

Backport #34492 by @lunny Fix #34491 Co-authored-by: Lunny Xiao <[email protected]>

* giteaofficial/main: [skip ci] Updated translations via Crowdin Fix edithook api can not update package, status and workflow_job events (go-gitea#34495) Fix url validation in webhook add/edit API (go-gitea#34492) Add R-HNF to the TRANSLATORS file (go-gitea#34494) Add missing setting load in dump-repo command (go-gitea#34479) nix flake update (go-gitea#34476) Fix get / delete runner to use consistent http 404 and 500 status (go-gitea#34480) Change "rejected" to "changes requested" in 3rd party PR review notification (go-gitea#34481) Add migrations tests (go-gitea#34456) Fix project board view (go-gitea#34470)

## Checklist - [x] go to the last cherry-pick PR (forgejo/forgejo#7804) to figure out how far it went: [gitea@a2024953c5](go-gitea/gitea@a202495) - [x] cherry-pick and open PR (forgejo/forgejo#7909) - [ ] have the PR pass the CI - end-to-end (specially important if there are actions related changes) - [ ] add `run-end-to-end` label - [ ] check the result - [ ] write release notes - [ ] assign reviewers - [ ] 48h later, last call - merge 1 hour after the last call ## Legend - ❓ - No decision about the commit has been made. - 🍒 - The commit has been cherry picked. - ⏩ - The commit has been skipped. - 💡 - The commit has been skipped, but should be ported to Forgejo. - ✍️ - The commit has been skipped, and a port to Forgejo already exists. ## Commits - 🍒 [`gitea`](go-gitea/gitea@e92c4f1) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/56fa2caef32c4b0e5017f4b09188ad1dfc8d3603) Add missing setting load in dump-repo command ([gitea#34479](go-gitea/gitea#34479)) - 🍒 [`gitea`](go-gitea/gitea@7b518bc) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/6e5299606a1bd42cb45ed472a84ba797cf2fa790) Change "rejected" to "changes requested" in 3rd party PR review notification ([gitea#34481](go-gitea/gitea#34481)) ## TODO - 💡 [`gitea`](go-gitea/gitea@9723810) Fix url validation in webhook add/edit API ([gitea#34492](go-gitea/gitea#34492)) Relevant input validation but test needs more backport. ------ - 💡 [`gitea`](go-gitea/gitea@59df03b) Fix get / delete runner to use consistent http 404 and 500 status ([gitea#34480](go-gitea/gitea#34480)) It may be relevant to Forgejo as well ------ - 💡 [`gitea`](go-gitea/gitea@1e2f351) Add endpoint deleting workflow run ([gitea#34337](go-gitea/gitea#34337)) Actions, it would be worth having in Forgejo as well. ------ - 💡 [`gitea`](go-gitea/gitea@5cb4cbf) Fix repo broken check ([gitea#34444](go-gitea/gitea#34444)) Check wether this is relevant to us, port if yes. ------ - 💡 [`gitea`](go-gitea/gitea@355e9a9) Add a webhook push test for dev branch ([gitea#34421](go-gitea/gitea#34421)) Enhances webhook integration tests. ------ - 💡 [`gitea`](go-gitea/gitea@34281bc) Fix bug webhook milestone is not right. ([gitea#34419](go-gitea/gitea#34419)) Testcode diverged, port required. ------ - 💡 [`gitea`](go-gitea/gitea@780e92e) Only git operations should update `last changed` of a repository ([gitea#34388](go-gitea/gitea#34388)) Port required, would benefit from additional tests. ------ - 💡 [`gitea`](go-gitea/gitea@b07e039) When updating comment, if the content is the same, just return and not update the databse ([gitea#34422](go-gitea/gitea#34422)) Codebase diverged, port required. ------ - 💡 [`gitea`](go-gitea/gitea@71a1187) Fix incorrect divergence cache after switching default branch ([gitea#34370](go-gitea/gitea#34370)) Depends on previous gitea changes, port needed. ------ - 💡 [`gitea`](go-gitea/gitea@4c611bf) Add a button editing action secret ([gitea#34348](go-gitea/gitea#34348)) This is an interesting feature and it has tests as well. Feature request covering this: https://codeberg.org/forgejo/forgejo/issues/7882 ------ - 💡 [`gitea`](go-gitea/gitea@2fbc8f9) Fix LFS file not stored in LFS when uploaded/edited via API or web UI ([gitea#34367](go-gitea/gitea#34367)) Our code diverged - pls. check relevance & maybe port. ------ - 💡 [`gitea`](go-gitea/gitea@020e774) feat: add label 'state' to metric 'gitea_users' ([gitea#34326](go-gitea/gitea#34326)) Adjust our existing tests while porting this. ------ ## Skipped - ⏩ [`gitea`](go-gitea/gitea@ec10c6b) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@d89eed9) Fix edithook api can not update package, status and workflow_job events ([gitea#34495](go-gitea/gitea#34495)) - gitea actions specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@b6c0667) Add R-HNF to the TRANSLATORS file ([gitea#34494](go-gitea/gitea#34494)) - gitea translators update specific ------ - ⏩ [`gitea`](go-gitea/gitea@6fbf0e6) nix flake update ([gitea#34476](go-gitea/gitea#34476)) - gitea dependency update specific ------ - ⏩ [`gitea`](go-gitea/gitea@c24f4b3) Add migrations tests ([gitea#34456](go-gitea/gitea#34456)) ------ - ⏩ [`gitea`](go-gitea/gitea@bf338bb) Fix project board view ([gitea#34470](go-gitea/gitea#34470)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@319d03f) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@dd500ce) Fix Workflow run Not Found page ([gitea#34459](go-gitea/gitea#34459)) - gitea actions specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@b6bf128) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@a0595ad) Fix remove org user failure on mssql ([gitea#34449](go-gitea/gitea#34449)) ------ - ⏩ [`gitea`](go-gitea/gitea@b5fd3e7) Fix comment textarea scroll issue in Firefox ([gitea#34438](go-gitea/gitea#34438)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@4011e22) Fix releases sidebar navigation link ([gitea#34436](go-gitea/gitea#34436)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@0902d42) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@4a98ab0) Remove legacy template helper functions ([gitea#34426](go-gitea/gitea#34426)) - gitea specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@9b8609e) Fix GetUsersByEmails ([gitea#34423](go-gitea/gitea#34423)) - gitea specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@0f63a5e) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@ad27144) Fix a bug when uploading file via lfs ssh command ([gitea#34408](go-gitea/gitea#34408)) :skiP: present with PR #7752 ------ - ⏩ [`gitea`](go-gitea/gitea@8b16ab7) Merge and tweak markup editor expander CSS ([gitea#34409](go-gitea/gitea#34409)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@2ecd73d) Bump `@github/relative-time-element` to v4.4.8 ([gitea#34413](go-gitea/gitea#34413)) - gitea dependency update specific ------ - ⏩ [`gitea`](go-gitea/gitea@179068f) Refactor commit message rendering and fix bugs ([gitea#34412](go-gitea/gitea#34412)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@44aadc3) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@f63822f) Fix autofocus behavior ([gitea#34397](go-gitea/gitea#34397)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@82071ee) [skip ci] Updated translations via Crowdin ------ - ⏩ [`gitea`](go-gitea/gitea@bbfc21e) Fix "The sidebar of the repository file list does not have a fixed height #34298" ([gitea#34321](go-gitea/gitea#34321)) - gitea ui specific specific ------ - ⏩ [`gitea`](go-gitea/gitea@dd886d7) Update JS and PY dependencies ([gitea#34391](go-gitea/gitea#34391)) - gitea dependency update specific ------ - ⏩ [`gitea`](go-gitea/gitea@2a660b4) Upgrade go-github v61 -> v71 ([gitea#34385](go-gitea/gitea#34385)) - gitea dependency update specific ------ - ⏩ [`gitea`](go-gitea/gitea@6bd8fe5) Bump `@github/relative-time-element` to v4.4.7 ([gitea#34384](go-gitea/gitea#34384)) - gitea dependency update specific ------ <details> <summary><h2>Stats</h2></summary> <br> Between [`gitea@a2024953c5`](go-gitea/gitea@a202495) and [`gitea@ec10c6ba5a`](go-gitea/gitea@ec10c6b), **41** commits have been reviewed. We picked **2**, skipped **27**, and decided to port **12**. </details> Co-authored-by: Sebastian Weigand <[email protected]> Co-authored-by: Lunny Xiao <[email protected]> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7909 Reviewed-by: Earl Warren <[email protected]> Co-authored-by: Michael Jerger <[email protected]> Co-committed-by: Michael Jerger <[email protected]>

Fix url validation in webhook add/edit API

e9e1fab

lunny added type/bug backport/v1.24 This PR should be backported to Gitea 1.24 labels May 16, 2025

GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 16, 2025

github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels May 16, 2025

lunny mentioned this pull request May 16, 2025

Add gitea cloudbase/garm#393

Merged

techknowlogick approved these changes May 16, 2025

View reviewed changes

GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 16, 2025

ChristopherHX approved these changes May 17, 2025

View reviewed changes

GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 17, 2025

techknowlogick enabled auto-merge (squash) May 17, 2025 19:40

techknowlogick added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label May 17, 2025

Merge branch 'main' into lunny/fix_url_validation_webhook_api

2de04b3

techknowlogick merged commit 9723810 into go-gitea:main May 17, 2025
26 checks passed

GiteaBot added this to the 1.25.0 milestone May 17, 2025

GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request May 17, 2025

Fix url validation in webhook add/edit API (go-gitea#34492)

7e2b114

GiteaBot mentioned this pull request May 17, 2025

Fix url validation in webhook add/edit API (#34492) #34496

Merged

GiteaBot added backport/done All backports for this PR have been created and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels May 17, 2025

lunny added a commit that referenced this pull request May 17, 2025

Fix url validation in webhook add/edit API (#34492) (#34496)

8bf4f2c

Backport #34492 by @lunny Fix #34491 Co-authored-by: Lunny Xiao <[email protected]>

lunny deleted the lunny/fix_url_validation_webhook_api branch May 17, 2025 22:32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Fix url validation in webhook add/edit API #34492

Fix url validation in webhook add/edit API #34492

Uh oh!

lunny commented May 16, 2025

Uh oh!

ChristopherHX left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Fix url validation in webhook add/edit API #34492

Fix url validation in webhook add/edit API #34492

Uh oh!

Conversation

lunny commented May 16, 2025

Uh oh!

ChristopherHX left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!