Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Add Index to comment for migrations and mirroring (go-gitea#18806)
  Support ignore all santize for external renderer (go-gitea#18984)

Author: zjjhot

custom/conf/app.example.ini

@@ -2125,6 +2125,8 @@ PATH =
 ;RENDER_COMMAND = "asciidoc --out-file=- -"
 ;; Don't pass the file on STDIN, pass the filename as argument instead.
 ;IS_INPUT_FILE = false
+; Don't filter html tags and attributes if true
+;DISABLE_SANITIZER = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -1003,13 +1003,13 @@ IS_INPUT_FILE = false
    command. Multiple extensions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
+- DISABLE_SANITIZER: **false** Don't filter html tags and attributes if true. Don't change this to true except you know what that means.
 
 Two special environment variables are passed to the render command:
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
 
-
-Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
+If `DISABLE_SANITIZER` is false, Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
 
 ```ini
 [markup.sanitizer.TeX]

docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@@ -318,6 +318,33 @@ IS_INPUT_FILE = false
 - FILE_EXTENSIONS: 关联的文档的扩展名，多个扩展名用都好分隔。
 - RENDER_COMMAND: 工具的命令行命令及参数。
 - IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。
+- DISABLE_SANITIZER: **false** 如果为 true 则不过滤 HTML 标签和属性。除非你知道这意味着什么，否则不要设置为 true。
+
+以下两个环境变量将会被传递给渲染命令：
+
+- `GITEA_PREFIX_SRC`：包含当前的`src`路径的URL前缀，可以被用于链接的前缀。
+- `GITEA_PREFIX_RAW`：包含当前的`raw`路径的URL前缀，可以被用于图片的前缀。
+
+如果 `DISABLE_SANITIZER` 为 false，则 Gitea 支持自定义渲染 HTML 的净化策略。以下例子将用 pandoc 支持 KaTeX 输出。
+
+```ini
+[markup.sanitizer.TeX]
+; Pandoc renders TeX segments as <span>s with the "math" class, optionally
+; with "inline" or "display" classes depending on context.
+ELEMENT = span
+ALLOW_ATTR = class
+REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
+ALLOW_DATA_URI_IMAGES = true
+```
+
+- `ELEMENT`: 将要被应用到该策略的 HTML 元素，不能为空。
+- `ALLOW_ATTR`: 将要被应用到该策略的属性，不能为空。
+- `REGEXP`: 正则表达式，用来匹配属性的内容。如果为空，则跟属性内容无关。
+- `ALLOW_DATA_URI_IMAGES`: **false** 允许 data uri 图片 (`<img src="data:image/png;base64,..."/>`)。
+
+多个净化规则可以被同时定义，只要section名称最后一位不重复即可。如： `[markup.sanitizer.TeX-2]`。
+为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 seciton。
+如果此规则没有匹配到任何渲染类型，它将会被应用到所有的渲染类型。
 
 ## Time (`time`)
 

integrations/dump_restore_test.go

@@ -178,7 +178,9 @@ func (c *compareDump) assertEquals(repoBefore, repoAfter *repo_model.Repository)
 	assert.GreaterOrEqual(c.t, len(issues), 1)
 	for _, issue := range issues {
 		filename := filepath.Join("comments", fmt.Sprintf("%d.yml", issue.Number))
-		comments, ok := c.assertEqual(filename, []base.Comment{}, compareFields{}).([]*base.Comment)
+		comments, ok := c.assertEqual(filename, []base.Comment{}, compareFields{
+			"Index": {ignore: true},
+		}).([]*base.Comment)
 		assert.True(c.t, ok)
 		for _, comment := range comments {
 			assert.EqualValues(c.t, issue.Number, comment.IssueIndex)

modules/markup/csv/csv.go

@@ -46,6 +46,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	}
 }
 
+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+	return false
+}
+
 func writeField(w io.Writer, element, class, field string) error {
 	if _, err := io.WriteString(w, "<"); err != nil {
 		return err

modules/markup/external/external.go

@@ -54,6 +54,11 @@ func (p *Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return p.MarkupSanitizerRules
 }
 
+// SanitizerDisabled disabled sanitize if return true
+func (p *Renderer) SanitizerDisabled() bool {
+	return p.DisableSanitizer
+}
+
 func envMark(envName string) string {
 	if runtime.GOOS == "windows" {
 		return "%" + envName + "%"

modules/markup/markdown/markdown.go

@@ -221,6 +221,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return []setting.MarkupSanitizerRule{}
 }
 
+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+	return false
+}
+
 // Render implements markup.Renderer
 func (Renderer) Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error {
 	return render(ctx, input, output)

modules/markup/orgmode/orgmode.go

@@ -47,6 +47,11 @@ func (Renderer) SanitizerRules() []setting.MarkupSanitizerRule {
 	return []setting.MarkupSanitizerRule{}
 }
 
+// SanitizerDisabled disabled sanitize if return true
+func (Renderer) SanitizerDisabled() bool {
+	return false
+}
+
 // Render renders orgmode rawbytes to HTML
 func Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error {
 	htmlWriter := org.NewHTMLWriter()

modules/markup/renderer.go

@@ -81,6 +81,7 @@ type Renderer interface {
 	Extensions() []string
 	NeedPostProcess() bool
 	SanitizerRules() []setting.MarkupSanitizerRule
+	SanitizerDisabled() bool
 	Render(ctx *RenderContext, input io.Reader, output io.Writer) error
 }
 
@@ -127,6 +128,12 @@ func RenderString(ctx *RenderContext, content string) (string, error) {
 	return buf.String(), nil
 }
 
+type nopCloser struct {
+	io.Writer
+}
+
+func (nopCloser) Close() error { return nil }
+
 func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Writer) error {
 	var wg sync.WaitGroup
 	var err error
@@ -136,18 +143,25 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
 		_ = pw.Close()
 	}()
 
-	pr2, pw2 := io.Pipe()
-	defer func() {
-		_ = pr2.Close()
-		_ = pw2.Close()
-	}()
-
-	wg.Add(1)
-	go func() {
-		err = SanitizeReader(pr2, renderer.Name(), output)
-		_ = pr2.Close()
-		wg.Done()
-	}()
+	var pr2 io.ReadCloser
+	var pw2 io.WriteCloser
+
+	if !renderer.SanitizerDisabled() {
+		pr2, pw2 = io.Pipe()
+		defer func() {
+			_ = pr2.Close()
+			_ = pw2.Close()
+		}()
+
+		wg.Add(1)
+		go func() {
+			err = SanitizeReader(pr2, renderer.Name(), output)
+			_ = pr2.Close()
+			wg.Done()
+		}()
+	} else {
+		pw2 = nopCloser{output}
+	}
 
 	wg.Add(1)
 	go func() {

modules/migration/comment.go

@@ -9,7 +9,8 @@ import "time"
 
 // Comment is a standard comment information
 type Comment struct {
-	IssueIndex  int64  `yaml:"issue_index"`
+	IssueIndex  int64 `yaml:"issue_index"`
+	Index       int64
 	PosterID    int64  `yaml:"poster_id"`
 	PosterName  string `yaml:"poster_name"`
 	PosterEmail string `yaml:"poster_email"`

modules/setting/markup.go

@@ -29,6 +29,7 @@ type MarkupRenderer struct {
 	IsInputFile          bool
 	NeedPostProcess      bool
 	MarkupSanitizerRules []MarkupSanitizerRule
+	DisableSanitizer     bool
 }
 
 // MarkupSanitizerRule defines the policy for whitelisting attributes on
@@ -144,11 +145,12 @@ func newMarkupRenderer(name string, sec *ini.Section) {
 	}
 
 	ExternalMarkupRenderers = append(ExternalMarkupRenderers, &MarkupRenderer{
-		Enabled:         sec.Key("ENABLED").MustBool(false),
-		MarkupName:      name,
-		FileExtensions:  exts,
-		Command:         command,
-		IsInputFile:     sec.Key("IS_INPUT_FILE").MustBool(false),
-		NeedPostProcess: sec.Key("NEED_POSTPROCESS").MustBool(true),
+		Enabled:          sec.Key("ENABLED").MustBool(false),
+		MarkupName:       name,
+		FileExtensions:   exts,
+		Command:          command,
+		IsInputFile:      sec.Key("IS_INPUT_FILE").MustBool(false),
+		NeedPostProcess:  sec.Key("NEED_POSTPROCESS").MustBool(true),
+		DisableSanitizer: sec.Key("DISABLE_SANITIZER").MustBool(false),
 	})
 }

options/locale/locale_pt-PT.ini

@@ -1785,6 +1785,7 @@ settings.pulls.allow_rebase_merge_commit=Habilitar mudança de base com cometime
 settings.pulls.allow_squash_commits=Habilitar cometimentos de condensação para integrar
 settings.pulls.allow_manual_merge=Habilitar a marcação dos pedidos de integração como tendo sido executados manualmente
 settings.pulls.enable_autodetect_manual_merge=Habilitar a identificação automática de integrações manuais (obs.: nalguns casos especiais a avaliação pode ser errada)
+settings.pulls.allow_rebase_update=Habilitar a modificação do ramo do pedido de integração através da mudança de base
 settings.pulls.default_delete_branch_after_merge=Eliminar o ramo do pedido de integração depois de finalizada a integração, como predefinição
 settings.projects_desc=Habilitar projectos no repositório
 settings.admin_settings=Configurações do administrador

services/migrations/codebase.go

@@ -371,6 +371,7 @@ func (d *CodebaseDownloader) GetIssues(page, perPage int) ([]*base.Issue, bool,
 			poster := d.tryGetUser(note.UserID.Value)
 			comments = append(comments, &base.Comment{
 				IssueIndex:  issue.TicketID.Value,
+				Index:       note.ID.Value,
 				PosterID:    poster.ID,
 				PosterName:  poster.Name,
 				PosterEmail: poster.Email,
@@ -481,7 +482,11 @@ func (d *CodebaseDownloader) GetPullRequests(page, perPage int) ([]*base.PullReq
 				Type    string `xml:"type,attr"`
 				Comment []struct {
 					Content string `xml:"content"`
-					UserID  struct {
+					ID      struct {
+						Value int64  `xml:",chardata"`
+						Type  string `xml:"type,attr"`
+					} `xml:"id"`
+					UserID struct {
 						Value int64  `xml:",chardata"`
 						Type  string `xml:"type,attr"`
 					} `xml:"user-id"`
@@ -528,6 +533,7 @@ func (d *CodebaseDownloader) GetPullRequests(page, perPage int) ([]*base.PullReq
 			poster := d.tryGetUser(comment.UserID.Value)
 			comments = append(comments, &base.Comment{
 				IssueIndex:  number,
+				Index:       comment.ID.Value,
 				PosterID:    poster.ID,
 				PosterName:  poster.Name,
 				PosterEmail: poster.Email,

services/migrations/gitea_downloader.go

@@ -473,6 +473,7 @@ func (g *GiteaDownloader) GetComments(opts base.GetCommentOptions) ([]*base.Comm
 
 			allComments = append(allComments, &base.Comment{
 				IssueIndex:  opts.Context.LocalID(),
+				Index:       comment.ID,
 				PosterID:    comment.Poster.ID,
 				PosterName:  comment.Poster.UserName,
 				PosterEmail: comment.Poster.Email,

services/migrations/github.go

@@ -532,6 +532,7 @@ func (g *GithubDownloaderV3) getComments(issueContext base.IssueContext) ([]*bas
 
 			allComments = append(allComments, &base.Comment{
 				IssueIndex:  issueContext.LocalID(),
+				Index:       comment.GetID(),
 				PosterID:    comment.GetUser().GetID(),
 				PosterName:  comment.GetUser().GetLogin(),
 				PosterEmail: comment.GetUser().GetEmail(),
@@ -607,6 +608,7 @@ func (g *GithubDownloaderV3) GetAllComments(page, perPage int) ([]*base.Comment,
 		issueIndex, _ := strconv.ParseInt((*comment.IssueURL)[idx+1:], 10, 64)
 		allComments = append(allComments, &base.Comment{
 			IssueIndex:  issueIndex,
+			Index:       comment.GetID(),
 			PosterID:    comment.GetUser().GetID(),
 			PosterName:  comment.GetUser().GetLogin(),
 			PosterEmail: comment.GetUser().GetEmail(),

services/migrations/gitlab.go

@@ -485,6 +485,7 @@ func (g *GitlabDownloader) GetComments(opts base.GetCommentOptions) ([]*base.Com
 				for _, note := range comment.Notes {
 					allComments = append(allComments, &base.Comment{
 						IssueIndex:  context.LocalID(),
+						Index:       int64(note.ID),
 						PosterID:    int64(note.Author.ID),
 						PosterName:  note.Author.Username,
 						PosterEmail: note.Author.Email,
@@ -496,6 +497,7 @@ func (g *GitlabDownloader) GetComments(opts base.GetCommentOptions) ([]*base.Com
 				c := comment.Notes[0]
 				allComments = append(allComments, &base.Comment{
 					IssueIndex:  context.LocalID(),
+					Index:       int64(c.ID),
 					PosterID:    int64(c.Author.ID),
 					PosterName:  c.Author.Username,
 					PosterEmail: c.Author.Email,

services/migrations/gogs.go

@@ -236,6 +236,7 @@ func (g *GogsDownloader) GetComments(opts base.GetCommentOptions) ([]*base.Comme
 		}
 		allComments = append(allComments, &base.Comment{
 			IssueIndex:  opts.Context.LocalID(),
+			Index:       comment.ID,
 			PosterID:    comment.Poster.ID,
 			PosterName:  comment.Poster.Login,
 			PosterEmail: comment.Poster.Email,

services/migrations/onedev.go

@@ -379,6 +379,7 @@ func (d *OneDevDownloader) GetComments(opts base.GetCommentOptions) ([]*base.Com
 	}
 
 	rawComments := make([]struct {
+		ID      int64     `json:"id"`
 		Date    time.Time `json:"date"`
 		UserID  int64     `json:"userId"`
 		Content string    `json:"content"`
@@ -429,6 +430,7 @@ func (d *OneDevDownloader) GetComments(opts base.GetCommentOptions) ([]*base.Com
 		poster := d.tryGetUser(comment.UserID)
 		comments = append(comments, &base.Comment{
 			IssueIndex:  context.LocalID(),
+			Index:       comment.ID,
 			PosterID:    poster.ID,
 			PosterName:  poster.Name,
 			PosterEmail: poster.Email,