Fix various bugs (#37096)

* Fix #36001
* Fix #35498
* Fix #35395
* Fix #35160
* Fix #35058
* Fix #35445

modules/generate/generate.go

@@ -54,13 +54,13 @@ func DecodeJwtSecretBase64(src string) ([]byte, error) {
 }
 
 // NewJwtSecretWithBase64 generates a jwt secret with its base64 encoded value intended to be used for saving into config file
-func NewJwtSecretWithBase64() ([]byte, string, error) {
+func NewJwtSecretWithBase64() ([]byte, string) {
 	bytes := make([]byte, defaultJwtSecretLen)
-	_, err := io.ReadFull(rand.Reader, bytes)
+	_, err := rand.Read(bytes)
 	if err != nil {
-		return nil, "", err
+		panic(err) // rand.Read never fails
 	}
-	return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
+	return bytes, base64.RawURLEncoding.EncodeToString(bytes)
 }
 
 // NewSecretKey generate a new value intended to be used by SECRET_KEY.

modules/generate/generate_test.go

@@ -25,10 +25,12 @@ func TestDecodeJwtSecretBase64(t *testing.T) {
 }
 
 func TestNewJwtSecretWithBase64(t *testing.T) {
-	secret, encoded, err := NewJwtSecretWithBase64()
-	assert.NoError(t, err)
+	secret, encoded := NewJwtSecretWithBase64()
 	assert.Len(t, secret, 32)
 	decoded, err := DecodeJwtSecretBase64(encoded)
 	assert.NoError(t, err)
 	assert.Equal(t, secret, decoded)
+
+	secret2, _ := NewJwtSecretWithBase64()
+	assert.NotEqual(t, secret, secret2)
 }

modules/markup/markdown/markdown_test.go

@@ -583,3 +583,20 @@ func TestMarkdownLink(t *testing.T) {
 	assert.Equal(t, `<p><a href="https://example.com/__init__.py" rel="nofollow">https://example.com/__init__.py</a></p>
 `, string(result))
 }
+
+func TestMarkdownUlDir(t *testing.T) {
+	defer test.MockVariableValue(&markup.RenderBehaviorForTesting.DisableAdditionalAttributes, false)()
+	result, err := markdown.RenderString(markup.NewTestRenderContext(), `
+* a
+  * b
+`)
+	assert.NoError(t, err)
+	assert.Equal(t, `<ul dir="auto">
+<li>a
+<ul>
+<li>b</li>
+</ul>
+</li>
+</ul>
+`, string(result))
+}

modules/markup/markdown/transform_list.go

@@ -81,5 +81,16 @@ func (g *ASTTransformer) transformList(_ *markup.RenderContext, v *ast.List, rc
 			v.AppendChild(v, newChild)
 		}
 	}
-	g.applyElementDir(v)
+
+	nestedList := false
+	for p := v.Parent(); p != nil; p = p.Parent() {
+		if _, ok := p.(*ast.List); ok {
+			nestedList = true
+			break
+		}
+	}
+	if !nestedList {
+		// "dir=auto" should be only added to top-level "ul". https://github.com/go-gitea/gitea/issues/35058
+		g.applyElementDir(v)
+	}
 }

modules/setting/lfs.go

@@ -81,10 +81,7 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 	jwtSecretBase64 := loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
 	LFS.JWTSecretBytes, err = generate.DecodeJwtSecretBase64(jwtSecretBase64)
 	if err != nil {
-		LFS.JWTSecretBytes, jwtSecretBase64, err = generate.NewJwtSecretWithBase64()
-		if err != nil {
-			return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
-		}
+		LFS.JWTSecretBytes, jwtSecretBase64 = generate.NewJwtSecretWithBase64()
 
 		// Save secret
 		saveCfg, err := rootCfg.PrepareSaving()

modules/setting/oauth2.go

@@ -139,10 +139,7 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 	if InstallLock {
 		jwtSecretBytes, err := generate.DecodeJwtSecretBase64(jwtSecretBase64)
 		if err != nil {
-			jwtSecretBytes, jwtSecretBase64, err = generate.NewJwtSecretWithBase64()
-			if err != nil {
-				log.Fatal("error generating JWT secret: %v", err)
-			}
+			jwtSecretBytes, jwtSecretBase64 = generate.NewJwtSecretWithBase64()
 			saveCfg, err := rootCfg.PrepareSaving()
 			if err != nil {
 				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
@@ -162,10 +159,7 @@ var generalSigningSecret atomic.Pointer[[]byte]
 func GetGeneralTokenSigningSecret() []byte {
 	old := generalSigningSecret.Load()
 	if old == nil || len(*old) == 0 {
-		jwtSecret, _, err := generate.NewJwtSecretWithBase64()
-		if err != nil {
-			log.Fatal("Unable to generate general JWT secret: %v", err)
-		}
+		jwtSecret, _ := generate.NewJwtSecretWithBase64()
 		if generalSigningSecret.CompareAndSwap(old, &jwtSecret) {
 			return jwtSecret
 		}