* Add changelog for 1.6.3 and 1.7.0-rc2
Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove 1.7.0 entries
Signed-off-by: Jonas Franz <info@jonasfranz.software>

This commit wraps more of the TreePaths with cleanUploadFileName
Signed-off-by: Andrew Thornton <art27@cantab.net>

* comments: Fix an incorrent DOM element selection.

This commit fixes a bug that was causing text from previously edited
comment to get saved when two comments were edited one after other.
Text area with id of `#content` isn't unique on the page but it was
being treated as unique by the event handling code.

Fixes: #5581.

* templates: Remove `id` from textarea in commit edit form.

An element is assigned an `id` only if it is unique for the whole page
but in this case there can be multiple textarea so it should have one.

There are likely problems remaining with the way that initCommentForm
is creating its elements. I suspect that a malformed avatar url could
be used maliciously.

* fix issue indexer bug reindex when restart gitea

* also fix code indexer reindex when gitea restart

Before:

$ curl 0.0.0.0:3001
<a href="https://gitea.example.com:3000//">Found</a>.

After:

$ curl 0.0.0.0:3001
<a href="https://gitea.example.com:3000/">Found</a>.

Fixes #5536

* Fix the Let's Encrypt handler by listening on a valid address

Also handle errors in the HTTP server go routine, return a fatal error
when something goes wrong.

Thanks to @gbl08ma for finding the actual bug

Here is an example of the error handling:

    2018/12/11 14:23:07 [....io/gitea/cmd/web.go:87 func1()] [E] Failed to
    start the Let's Encrypt handler on port 30: listen tcp 0.0.0.0:30: bind:
    permission denied

Closes #5280

* Fix a typo

* fix wiki page when wiki path is exist but empty

* improve the error check

right now the `closed_at` field for json responses is not filled during
the `APIIssue` creation for api responses.

For a closed issue you get a result like:
```json
"state":"open","comments":0,"created_at":"2018-11-29T16:39:24+01:00",
"updated_at":"2018-11-30T10:49:19+01:00","closed_at":null,
"due_date":null,"pull_request":null}
```
which has no information about the closing date. (which exists in the
db and ui)
with this PR the result changes to this:

```json
:null,"assignee":null,"assignees":null,
"state":"closed",
"comments":0,"created_at":"2018-11-29T16:43:05+01:00",
"updated_at":"2018-12-02T19:17:05+01:00",
"closed_at":"2018-12-02T19:17:05+01:00",
"due_date":null,"pull_request":null}
```

fixes: https://github.com/go-gitea/gitea/issues/5446

Signed-off-by: Roman <romaaan.git@gmail.com>

right now, the url is displayed with an anchor tag with no classes. If
the url is really really long, the url will break out of the containing
div and (depending on the url length) the browser shows the horizontal
scrollbar.
This pr makes use of the already existing css class `dont-break-out`
which gives all the anchor the necessary properties to prevent the
break.
Another solution could be to introduce some classes like
`text text-break-word`, but that would duplicate the `dont-break-out`
class just for text elements that use the `text` class.

fixes: https://github.com/go-gitea/gitea/issues/5416

Signed-off-by: Roman <romaaan.git@gmail.com>

Backported #5383 on v1.6: API: '/orgs/:org/repos': return private repos with read access (#5310) (#3829) (#5393)
Signed-off-by: Daniel Balko <inxonic+github@gmail.com>

* add changelog of v1.6.0

* improve changelog

* Remove field from migration to support upgrades from older version

That will ensure the field does not get queried in the Select if it does
not exist yet:

```
[I] [SQL] SELECT "id", "repo_id", "index", "poster_id", "name", "content", "milestone_id", "priority", "assignee_id", "is_closed", "is_pull", "num_comments", "ref", "deadline_unix", "created_unix", "updated_unix
[...itea/routers/init.go:60 GlobalInit()] [E] Failed to initialize ORM engine: migrate: do migrate: pq: column "ref" does not exist
```

see #5318

* Skip remove stale watcher migration if not required

Otherwise the migration will fail if executed from a older database
version without multiple IssueWatch feature.

```
2018/11/11 23:51:14 [I] [SQL] SELECT DISTINCT "issue_watch"."user_id", "issue"."repo_id" FROM "issue_watch" INNER JOIN issue ON issue_watch.issue_id = issue.id WHERE (issue_watch.is_watching = $1) LIMIT 50 []int
[...itea/routers/init.go:60 GlobalInit()] [E] Failed to initialize ORM engine: migrate: do migrate: pq: relation "issue_watch" does not exist
```

see #5318

* Fix markdown image with link

* Add gitea copyright notice

* add a test for markdown image with link

* remove svg related variables

* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware

* Added flags of default cmd CmdWeb to app-wide flags
* If command *is* specified app-wide flags are ignored

Backport of #5200
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

This commit will reduce join star, repo_topic, topic tables on repo search, so that fix extra columns problem on mssql (#5136) (#5229)

* This commit will reduce join star, repo_topic, topic tables on repo search, so that fix extra columns problem on mssql

* fix tests

* Updated dependency manager via `dep ensure -update code.gitea.io/sdk`
* Gopkg.toml was not changed as sdk version is set to "master"
* affects webhooks for: Delete, Fork, IssueComment, Release
* also contains changes from go-gitea/go-sdk#125 and hence a swagger update
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
Resolves: #4732, #5173