Merge branch 'main' into improve-code-review-comment

Author: Gusted

modules/git/command.go

@@ -40,6 +40,7 @@ type Command struct {
 	parentContext    context.Context
 	desc             string
 	globalArgsLength int
+	brokenArgs       []string
 }
 
 func (c *Command) String() string {
@@ -50,6 +51,7 @@ func (c *Command) String() string {
 }
 
 // NewCommand creates and returns a new Git Command based on given command and arguments.
+// Each argument should be safe to be trusted. User-provided arguments should be passed to AddDynamicArguments instead.
 func NewCommand(ctx context.Context, args ...string) *Command {
 	// Make an explicit copy of globalCommandArgs, otherwise append might overwrite it
 	cargs := make([]string, len(globalCommandArgs))
@@ -63,11 +65,13 @@ func NewCommand(ctx context.Context, args ...string) *Command {
 }
 
 // NewCommandNoGlobals creates and returns a new Git Command based on given command and arguments only with the specify args and don't care global command args
+// Each argument should be safe to be trusted. User-provided arguments should be passed to AddDynamicArguments instead.
 func NewCommandNoGlobals(args ...string) *Command {
 	return NewCommandContextNoGlobals(DefaultContext, args...)
 }
 
 // NewCommandContextNoGlobals creates and returns a new Git Command based on given command and arguments only with the specify args and don't care global command args
+// Each argument should be safe to be trusted. User-provided arguments should be passed to AddDynamicArguments instead.
 func NewCommandContextNoGlobals(ctx context.Context, args ...string) *Command {
 	return &Command{
 		name:          GitExecutable,
@@ -89,12 +93,28 @@ func (c *Command) SetDescription(desc string) *Command {
 	return c
 }
 
-// AddArguments adds new argument(s) to the command.
+// AddArguments adds new argument(s) to the command. Each argument must be safe to be trusted.
+// User-provided arguments should be passed to AddDynamicArguments instead.
 func (c *Command) AddArguments(args ...string) *Command {
 	c.args = append(c.args, args...)
 	return c
 }
 
+// AddDynamicArguments adds new dynamic argument(s) to the command.
+// The arguments may come from user input and can not be trusted, so no leading '-' is allowed to avoid passing options
+func (c *Command) AddDynamicArguments(args ...string) *Command {
+	for _, arg := range args {
+		if arg != "" && arg[0] == '-' {
+			c.brokenArgs = append(c.brokenArgs, arg)
+		}
+	}
+	if len(c.brokenArgs) != 0 {
+		return c
+	}
+	c.args = append(c.args, args...)
+	return c
+}
+
 // RunOpts represents parameters to run the command. If UseContextTimeout is specified, then Timeout is ignored.
 type RunOpts struct {
 	Env               []string
@@ -138,8 +158,14 @@ func CommonCmdServEnvs() []string {
 	return commonBaseEnvs()
 }
 
+var ErrBrokenCommand = errors.New("git command is broken")
+
 // Run runs the command with the RunOpts
 func (c *Command) Run(opts *RunOpts) error {
+	if len(c.brokenArgs) != 0 {
+		log.Error("git command is broken: %s, broken args: %s", c.String(), strings.Join(c.brokenArgs, " "))
+		return ErrBrokenCommand
+	}
 	if opts == nil {
 		opts = &RunOpts{}
 	}

modules/git/command_test.go

@@ -26,4 +26,19 @@ func TestRunWithContextStd(t *testing.T) {
 		assert.Contains(t, err.Error(), "exit status 129 - unknown option:")
 		assert.Empty(t, stdout)
 	}
+
+	cmd = NewCommand(context.Background())
+	cmd.AddDynamicArguments("-test")
+	assert.ErrorIs(t, cmd.Run(&RunOpts{}), ErrBrokenCommand)
+
+	cmd = NewCommand(context.Background())
+	cmd.AddDynamicArguments("--test")
+	assert.ErrorIs(t, cmd.Run(&RunOpts{}), ErrBrokenCommand)
+
+	subCmd := "version"
+	cmd = NewCommand(context.Background()).AddDynamicArguments(subCmd) // for test purpose only, the sub-command should never be dynamic for production
+	stdout, stderr, err = cmd.RunStdString(&RunOpts{})
+	assert.NoError(t, err)
+	assert.Empty(t, stderr)
+	assert.Contains(t, stdout, "git version")
 }

modules/git/commit.go

@@ -166,7 +166,7 @@ func AllCommitsCount(ctx context.Context, repoPath string, hidePRRefs bool, file
 // CommitsCountFiles returns number of total commits of until given revision.
 func CommitsCountFiles(ctx context.Context, repoPath string, revision, relpath []string) (int64, error) {
 	cmd := NewCommand(ctx, "rev-list", "--count")
-	cmd.AddArguments(revision...)
+	cmd.AddDynamicArguments(revision...)
 	if len(relpath) > 0 {
 		cmd.AddArguments("--")
 		cmd.AddArguments(relpath...)

modules/git/repo_commit.go

@@ -161,7 +161,7 @@ func (repo *Repository) searchCommits(id SHA1, opts SearchCommitsOptions) ([]*Co
 				// add previous arguments except for --grep and --all
 				hashCmd.AddArguments(args...)
 				// add keyword as <commit>
-				hashCmd.AddArguments(v)
+				hashCmd.AddDynamicArguments(v)
 
 				// search with given constraints for commit matching sha hash of v
 				hashMatching, _, err := hashCmd.RunStdBytes(&RunOpts{Dir: repo.Path})
@@ -211,14 +211,17 @@ func (repo *Repository) CommitsByFileAndRange(revision, file string, page int) (
 	}()
 	go func() {
 		stderr := strings.Builder{}
-		err := NewCommand(repo.Ctx, "rev-list", revision,
+		gitCmd := NewCommand(repo.Ctx, "rev-list",
 			"--max-count="+strconv.Itoa(setting.Git.CommitsRangeSize*page),
-			"--skip="+strconv.Itoa(skip), "--", file).
-			Run(&RunOpts{
-				Dir:    repo.Path,
-				Stdout: stdoutWriter,
-				Stderr: &stderr,
-			})
+			"--skip="+strconv.Itoa(skip),
+		)
+		gitCmd.AddDynamicArguments(revision)
+		gitCmd.AddArguments("--", file)
+		err := gitCmd.Run(&RunOpts{
+			Dir:    repo.Path,
+			Stdout: stdoutWriter,
+			Stderr: &stderr,
+		})
 		if err != nil {
 			_ = stdoutWriter.CloseWithError(ConcatenateError(err, (&stderr).String()))
 		} else {

modules/git/repo_stats.go

@@ -61,15 +61,15 @@ func (repo *Repository) GetCodeActivityStats(fromTime time.Time, branch string)
 		_ = stdoutWriter.Close()
 	}()
 
-	args := []string{"log", "--numstat", "--no-merges", "--pretty=format:---%n%h%n%aN%n%aE%n", "--date=iso", fmt.Sprintf("--since='%s'", since)}
+	gitCmd := NewCommand(repo.Ctx, "log", "--numstat", "--no-merges", "--pretty=format:---%n%h%n%aN%n%aE%n", "--date=iso", fmt.Sprintf("--since='%s'", since))
 	if len(branch) == 0 {
-		args = append(args, "--branches=*")
+		gitCmd.AddArguments("--branches=*")
 	} else {
-		args = append(args, "--first-parent", branch)
+		gitCmd.AddArguments("--first-parent").AddDynamicArguments(branch)
 	}
 
 	stderr := new(strings.Builder)
-	err = NewCommand(repo.Ctx, args...).Run(&RunOpts{
+	err = gitCmd.Run(&RunOpts{
 		Env:    []string{},
 		Dir:    repo.Path,
 		Stdout: stdoutWriter,

modules/gitgraph/graph.go

@@ -24,35 +24,30 @@ func GetCommitGraph(r *git.Repository, page, maxAllowedColors int, hidePRRefs bo
 		page = 1
 	}
 
-	args := make([]string, 0, 12+len(branches)+len(files))
-
-	args = append(args, "--graph", "--date-order", "--decorate=full")
+	graphCmd := git.NewCommand(r.Ctx, "log", "--graph", "--date-order", "--decorate=full")
 
 	if hidePRRefs {
-		args = append(args, "--exclude="+git.PullPrefix+"*")
+		graphCmd.AddArguments("--exclude=" + git.PullPrefix + "*")
 	}
 
 	if len(branches) == 0 {
-		args = append(args, "--all")
+		graphCmd.AddArguments("--all")
 	}
 
-	args = append(args,
+	graphCmd.AddArguments(
 		"-C",
 		"-M",
 		fmt.Sprintf("-n %d", setting.UI.GraphMaxCommitNum*page),
 		"--date=iso",
 		fmt.Sprintf("--pretty=format:%s", format))
 
 	if len(branches) > 0 {
-		args = append(args, branches...)
+		graphCmd.AddDynamicArguments(branches...)
 	}
-	args = append(args, "--")
 	if len(files) > 0 {
-		args = append(args, files...)
+		graphCmd.AddArguments("--")
+		graphCmd.AddArguments(files...)
 	}
-
-	graphCmd := git.NewCommand(r.Ctx, "log")
-	graphCmd.AddArguments(args...)
 	graph := NewGraph()
 
 	stderr := new(strings.Builder)

options/locale/locale_tr-TR.ini

@@ -268,8 +268,11 @@ users=Kullanıcılar
 organizations=Organizasyonlar
 search=Ara
 code=Kod
+search.type.tooltip=Arama türü
 search.fuzzy=Belirsiz
+search.fuzzy.tooltip=Arama terimine benzeyen sonuçları da içer
 search.match=Eşleştir
+search.match.tooltip=Sadece arama terimiyle tamamen eşleşen sonuçları içer
 code_search_unavailable=Kod arama şu an mevcut değil. Lütfen site yöneticinizle bağlantıya geçin.
 repo_no_results=Eşleşen bir depo bulunamadı.
 user_no_results=Eşleşen kullanıcı bulunamadı.
@@ -507,6 +510,7 @@ activity=Genel Aktivite
 followers=Takipçiler
 starred=Yıldızlanmış depolar
 watched=İzlenen Depolar
+code=Kod
 projects=Projeler
 following=Takip Edilenler
 follow=Takip Et
@@ -1763,8 +1767,11 @@ activity.git_stats_deletion_n=%d silme oldu
 
 search=Ara
 search.search_repo=Depo ara
+search.type.tooltip=Arama türü
 search.fuzzy=Belirsiz
+search.fuzzy.tooltip=Arama terimine benzeyen sonuçları da içer
 search.match=Eşleştir
+search.match.tooltip=Sadece arama terimiyle tamamen eşleşen sonuçları içer
 search.results="%s" için <a href="%s">%s</a> içinde sonuçları ara
 search.code_no_results=Arama teriminizle eşleşen bir kaynak kod bulunamadı.
 search.code_search_unavailable=Kod arama şu an mevcut değil. Lütfen site yöneticisiyle iletişime geçin.
@@ -1898,6 +1905,7 @@ settings.confirm_delete=Depoyu Sil
 settings.add_collaborator=Katkıcı Ekle
 settings.add_collaborator_success=Katkıcı eklendi.
 settings.add_collaborator_inactive_user=Etkin olmayan bir kullanıcı katkıcı olarak eklenemez.
+settings.add_collaborator_owner=Bir sahip katkıcı olarak eklenemez.
 settings.add_collaborator_duplicate=Katkıcı bu depoya zaten eklenmiş.
 settings.delete_collaborator=Sil
 settings.collaborator_deletion=Katkıcıyı Sil
@@ -2309,6 +2317,7 @@ create_org=Organizasyon Oluştur
 repo_updated=Güncellendi
 people=İnsanlar
 teams=Takımlar
+code=Kod
 lower_members=üyeler
 lower_repositories=depo
 create_new_team=Yeni Takım
@@ -3033,6 +3042,9 @@ pin=Pin bildirimi
 mark_as_read=Okundu olarak işaretle
 mark_as_unread=Okunmadı olarak işaretle
 mark_all_as_read=Tümünü okundu olarak işaretle
+subscriptions=Abonelikler
+watching=İzleniyor
+no_subscriptions=Abonelik yok
 
 [gpg]
 default_key=Varsayılan anahtarla imzalanmış

options/locale/locale_zh-TW.ini

@@ -268,8 +268,11 @@ users=使用者
 organizations=組織
 search=搜尋
 code=程式碼
+search.type.tooltip=搜尋類型
 search.fuzzy=模糊
+search.fuzzy.tooltip=包含近似關鍵字的結果
 search.match=符合
+search.match.tooltip=只包含完全符合關鍵字的結果
 code_search_unavailable=現在無法使用程式碼搜尋。請與網站管理員聯絡。
 repo_no_results=沒有找到符合的儲存庫。
 user_no_results=沒有找到符合的使用者。
@@ -505,6 +508,7 @@ activity=公開動態
 followers=追蹤者
 starred=已加星號
 watched=關注的儲存庫
+code=程式碼
 projects=專案
 following=追蹤中
 follow=追蹤
@@ -852,7 +856,7 @@ license_helper_desc=授權條款定義了他人使用您原始碼的允許和禁
 readme=讀我檔案
 readme_helper=選擇讀我檔案範本。
 readme_helper_desc=這是您能為專案撰寫完整描述的地方。
-auto_init=初始化儲存庫 (加入 .gitignore、授權條款和讀我檔案)
+auto_init=初始化儲存庫 (加入 .gitignore、授權條款、讀我檔案)
 trust_model_helper=選擇簽署驗證的信任模型。可用的選項:
 trust_model_helper_collaborator=協作者: 信任協作者的簽署
 trust_model_helper_committer=提交者: 信任與提交者相符的簽署
@@ -1134,7 +1138,7 @@ commits.commits=次程式碼提交
 commits.no_commits=沒有共同的提交。「%s」和「%s」的歷史完全不同。
 commits.nothing_to_compare=這些分支是相同的。
 commits.search=搜尋提交歷史...
-commits.search.tooltip=你可以用「author:」、「committer:」、「after:」或「before:」作為關鍵詞的前綴，例如：「revert author:Alice before:2019-04-01」。
+commits.search.tooltip=你可以用「author:」、「committer:」、「after:」、「before:」等作為關鍵字的前綴，例如: 「revert author:Alice before:2019-04-01」。
 commits.find=搜尋
 commits.search_all=所有分支
 commits.author=作者
@@ -1229,6 +1233,8 @@ issues.new.add_reviewer_title=請求審核
 issues.choose.get_started=開始
 issues.choose.blank=預設
 issues.choose.blank_about=從預設範本建立問題。
+issues.choose.ignore_invalid_templates=已忽略無效的範本
+issues.choose.invalid_templates=找到了 %v 個無效的範本
 issues.no_ref=未指定分支或標籤
 issues.create=建立問題
 issues.new_label=新增標籤
@@ -1759,8 +1765,11 @@ activity.git_stats_deletion_n=刪除 %d 行
 
 search=搜尋
 search.search_repo=搜尋儲存庫
+search.type.tooltip=搜尋類型
 search.fuzzy=模糊
+search.fuzzy.tooltip=包含近似關鍵字的結果
 search.match=符合
+search.match.tooltip=只包含完全符合關鍵字的結果
 search.results=在 <a href="%s"> %s </a> 中搜尋 "%s" 的结果
 search.code_no_results=找不到符合您關鍵字的原始碼。
 search.code_search_unavailable=現在無法使用程式碼搜尋。請與網站管理員聯絡。
@@ -1893,7 +1902,8 @@ settings.update_settings_success=已更新儲存庫的設定。
 settings.confirm_delete=刪除儲存庫
 settings.add_collaborator=增加協作者
 settings.add_collaborator_success=成功增加協作者！
-settings.add_collaborator_inactive_user=無法加入未啟用的使用者為協作者。
+settings.add_collaborator_inactive_user=無法將未啟用的使用者加入為協作者。
+settings.add_collaborator_owner=無法將擁有者加入為協作者。
 settings.add_collaborator_duplicate=此協作者早已被加入此儲存庫。
 settings.delete_collaborator=移除
 settings.collaborator_deletion=移除協作者
@@ -1952,6 +1962,8 @@ settings.event_delete=刪除
 settings.event_delete_desc=刪除分支或標籤。
 settings.event_fork=Fork
 settings.event_fork_desc=儲存庫已被 fork。
+settings.event_wiki=Uncyclo
+settings.event_wiki_desc=建立、重新命名、編輯、刪除 Uncyclo 頁面。
 settings.event_release=版本發布
 settings.event_release_desc=在儲存庫中發布、更新或刪除版本。
 settings.event_push=推送
@@ -2303,6 +2315,7 @@ create_org=建立組織
 repo_updated=更新於
 people=成員
 teams=團隊
+code=程式碼
 lower_members=名成員
 lower_repositories=個儲存庫
 create_new_team=建立團隊
@@ -3027,6 +3040,9 @@ pin=固定通知
 mark_as_read=標記為已讀
 mark_as_unread=標記為未讀
 mark_all_as_read=標記所有為已讀
+subscriptions=訂閱
+watching=正在關注
+no_subscriptions=沒有訂閱
 
 [gpg]
 default_key=使用預設金鑰簽署
@@ -3086,6 +3102,7 @@ container.details.platform=平台
 container.details.repository_site=儲存庫網站
 container.details.documentation_site=文件網站
 container.pull=透過下列命令拉取映像檔:
+container.digest=摘要:
 container.documentation=關於 Container registry 的詳情請參閱<a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/container/">說明文件</a>。
 container.multi_arch=作業系統 / 架構
 container.layers=映像檔 Layers
@@ -3129,6 +3146,8 @@ rubygems.dependencies.development=開發相依性
 rubygems.required.ruby=需要的 Ruby 版本
 rubygems.required.rubygems=需要的 RubyGem 版本
 rubygems.documentation=關於 RubyGems registry 的詳情請參閱<a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/rubygems/">說明文件</a>。
+vagrant.install=執行下列命令以新增 Vagrant box:
+vagrant.documentation=關於 Vagrant registry 的詳情請參閱<a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/vagrant/">說明文件</a>。
 settings.link=連結此套件到儲存庫
 settings.link.description=如果您將套件連結到儲存庫，該套件會顯示在儲存庫的套件清單。
 settings.link.select=選擇儲存庫