Joshua Rüsweg [Mon, 21 Mar 2022 14:52:44 +0000 (15:52 +0100)]
Merge pull request #4708 from WoltLab/5.5-self-exclude
Forbid plugins to exclude itself
joshuaruesweg [Mon, 21 Mar 2022 14:45:34 +0000 (15:45 +0100)]
Add missing `@since` tag for `INVALID_EXCLUDED_PACKAGE_VERSION_NUBMER` constant
joshuaruesweg [Mon, 21 Mar 2022 14:36:48 +0000 (15:36 +0100)]
Forbid plugins to exclude themselves
Joshua Rüsweg [Mon, 21 Mar 2022 14:20:15 +0000 (15:20 +0100)]
Merge pull request #4707 from WoltLab/5.5-exclusion
Support explicit `*` for excluded parameters
joshuaruesweg [Mon, 21 Mar 2022 13:06:44 +0000 (14:06 +0100)]
Add cleanup script to clean invalid excluded versions
joshuaruesweg [Mon, 21 Mar 2022 12:16:01 +0000 (13:16 +0100)]
Support explicit `*` for excluded parameters
Tim Düsterhus [Mon, 21 Mar 2022 10:10:54 +0000 (11:10 +0100)]
Update composer dependencies
Tim Düsterhus [Mon, 21 Mar 2022 10:10:30 +0000 (11:10 +0100)]
Merge branch '5.4'
Tim Düsterhus [Mon, 21 Mar 2022 10:08:46 +0000 (11:08 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 21 Mar 2022 10:03:59 +0000 (11:03 +0100)]
Merge pull request #4706 from WoltLab/guzzle-psr7-backport
Update guzzlehttp/psr7 to a custom fork
Tim Düsterhus [Sun, 20 Mar 2022 14:22:29 +0000 (15:22 +0100)]
Update guzzlehttp/psr7 to a custom fork
see WoltLab/guzzle-psr7@
ff7be9fcf7da87f971990b1a61d8a7f2b5aeac9b
see WoltLab/guzzle-psr7@
986596de01529f6e837a5cadfef9ec714ace7914
Tim Düsterhus [Fri, 18 Mar 2022 14:01:46 +0000 (15:01 +0100)]
Merge branch '5.4'
Tim Düsterhus [Fri, 18 Mar 2022 13:59:50 +0000 (14:59 +0100)]
Prevent possible brick when the upgrade to 5.5 fails between unpacking of files and unpacking of acptemplates
Tim Düsterhus [Fri, 18 Mar 2022 11:45:05 +0000 (12:45 +0100)]
Merge pull request #4705 from WoltLab/acp-security-headers
Add additional security headers to ACP requests
Tim Düsterhus [Fri, 18 Mar 2022 11:36:49 +0000 (12:36 +0100)]
Add additional security headers to ACP requests
Alexander Ebert [Thu, 17 Mar 2022 16:41:10 +0000 (17:41 +0100)]
Release 5.4.15
Alexander Ebert [Thu, 17 Mar 2022 16:36:32 +0000 (17:36 +0100)]
Release 5.3.21
Alexander Ebert [Thu, 17 Mar 2022 16:34:59 +0000 (17:34 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Thu, 17 Mar 2022 16:33:49 +0000 (17:33 +0100)]
Release 5.2.20
Alexander Ebert [Thu, 17 Mar 2022 16:32:53 +0000 (17:32 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Thu, 17 Mar 2022 16:31:13 +0000 (17:31 +0100)]
Release 3.1.28
Alexander Ebert [Thu, 17 Mar 2022 14:43:27 +0000 (15:43 +0100)]
Release 3.1.28
Tim Düsterhus [Thu, 17 Mar 2022 13:31:44 +0000 (14:31 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:28:38 +0000 (14:28 +0100)]
Merge branch '5.2' into 5.3
WoltLab [Thu, 17 Mar 2022 13:27:24 +0000 (13:27 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:25:53 +0000 (14:25 +0100)]
Merge branch '3.1' into 5.2
WoltLab [Thu, 17 Mar 2022 13:23:56 +0000 (13:23 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:22:22 +0000 (14:22 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:21:34 +0000 (14:21 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Thu, 17 Mar 2022 13:20:55 +0000 (14:20 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
(cherry picked from commit
81b770284267db5dc8c8df86e303a20c3ccb8dce)
Tim Düsterhus [Thu, 17 Mar 2022 13:12:25 +0000 (14:12 +0100)]
Merge branch 'cronjobLogList-xss' into 3.1
Tim Düsterhus [Thu, 17 Mar 2022 08:10:12 +0000 (09:10 +0100)]
Fix XSS in the cronjob's error message in cronjobLogList
This can happen if untrusted information, such as the HTTP response body for a
failed Guzzle request, is embedded into the error message.
Thanks to @SoftCreatR for responsibly reporting the issue.
Alexander Ebert [Wed, 16 Mar 2022 19:01:43 +0000 (20:01 +0100)]
Release 5.4.15 dev 3
WoltLab [Wed, 16 Mar 2022 17:31:50 +0000 (17:31 +0000)]
Updating minified JavaScript files
WoltLab [Wed, 16 Mar 2022 17:17:31 +0000 (17:17 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 16 Mar 2022 16:56:52 +0000 (17:56 +0100)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Wed, 16 Mar 2022 16:56:23 +0000 (17:56 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 16 Mar 2022 16:56:10 +0000 (17:56 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
Marcel Werk [Wed, 16 Mar 2022 10:25:20 +0000 (11:25 +0100)]
Merge branch '5.4'
Marcel Werk [Wed, 16 Mar 2022 10:20:11 +0000 (11:20 +0100)]
An array as query string resulted in an error
Tim Düsterhus [Wed, 16 Mar 2022 08:43:54 +0000 (09:43 +0100)]
Merge branch '5.4'
joshuaruesweg [Wed, 16 Mar 2022 08:28:37 +0000 (09:28 +0100)]
Remove `Template.grammar.jison`
joshuaruesweg [Wed, 16 Mar 2022 08:24:48 +0000 (09:24 +0100)]
Delete old JS dir, before recompile TS
This ensures, that there are no superfluous files commited in the JS dir.
Tim Düsterhus [Wed, 16 Mar 2022 08:02:41 +0000 (09:02 +0100)]
Merge pull request #4702 from WoltLab/5.4-unfurl-charset
Catch `ValueError` while convert encoding
joshuaruesweg [Tue, 15 Mar 2022 18:00:53 +0000 (19:00 +0100)]
Catch `ValueError` while convert encoding
Since PHP 8.0 the function `mb_convert_encoding` throws an `ValueError` if the given charset is unknown. Prior to this, a PHP notice is thrown.
Fixes #4697
Alexander Ebert [Tue, 15 Mar 2022 17:12:54 +0000 (18:12 +0100)]
Release 5.4.15 dev 2
Tim Düsterhus [Tue, 15 Mar 2022 15:33:21 +0000 (16:33 +0100)]
Merge branch '5.4'
Tim Düsterhus [Tue, 15 Mar 2022 15:31:19 +0000 (16:31 +0100)]
Merge pull request #4701 from WoltLab/mysql-search-plus-min-token
Do not add the `+` prefix to search terms shorter than InnoDB's ft_min_token_size
Tim Düsterhus [Tue, 15 Mar 2022 14:40:39 +0000 (15:40 +0100)]
Do not add the `+` prefix to search terms shorter than InnoDB's ft_min_token_size
see https://www.woltlab.com/community/thread/294842-suchindex-richtig-vorbereiten/
Tim Düsterhus [Tue, 15 Mar 2022 14:39:53 +0000 (15:39 +0100)]
Add MysqlSearchEngine::getMinTokenSize() as a replacement for getFulltextMinimumWordLength()
This new method is private, because it is considered an implementation detail.
WoltLab [Mon, 14 Mar 2022 10:31:50 +0000 (10:31 +0000)]
Updating minified JavaScript files
Marcel Werk [Mon, 14 Mar 2022 09:31:25 +0000 (10:31 +0100)]
Merge branch '5.4'
Marcel Werk [Mon, 14 Mar 2022 09:30:12 +0000 (10:30 +0100)]
Merge branch '5.3' into 5.4
Marcel Werk [Mon, 14 Mar 2022 09:27:14 +0000 (10:27 +0100)]
Only revert points when revoking a reaction
Tim Düsterhus [Fri, 11 Mar 2022 09:08:41 +0000 (10:08 +0100)]
Use explicit `return null` in DatabaseObjectList::search()
Tim Düsterhus [Thu, 10 Mar 2022 16:30:13 +0000 (17:30 +0100)]
Merge pull request #4699 from WoltLab/ds-store
Rerun the .DS_Store deletion script
Alexander Ebert [Thu, 10 Mar 2022 16:08:07 +0000 (17:08 +0100)]
Gracefully handle integers exceeding 32bit
See https://www.woltlab.com/community/thread/294731-profilfeld-wert-integer/
Tim Düsterhus [Thu, 10 Mar 2022 14:47:57 +0000 (15:47 +0100)]
Rerun the .DS_Store deletion script
Apparently some installations still contain .DS_Store files assigned to
official packages. These might come from 5.3 installations that were
immediately upgraded to 5.4.4 or higher, without going through 5.4.3.
see
2bd8c2dba79878269981aac94c1ad51e94b2308e
Alexander Ebert [Thu, 10 Mar 2022 11:48:11 +0000 (12:48 +0100)]
Release 5.4.15 dev 1
WoltLab [Thu, 10 Mar 2022 10:45:53 +0000 (10:45 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 9 Mar 2022 18:28:07 +0000 (19:28 +0100)]
Set `toFloat()` to `protected` for compatibility
Alexander Ebert [Wed, 9 Mar 2022 18:06:45 +0000 (19:06 +0100)]
Missing conversion of localized search values
Fixes https://www.woltlab.com/community/thread/294505-eingabefeld-profilfeld-dezimalzeichen-problem/
Alexander Ebert [Wed, 9 Mar 2022 18:05:41 +0000 (19:05 +0100)]
Moved the conversion of localized values to floats
Alexander Ebert [Wed, 9 Mar 2022 16:50:23 +0000 (17:50 +0100)]
Show the erroneous tab on submit
Fixes https://www.woltlab.com/community/thread/294204-meldung-bei-nicht-erfolgreichem-box-speichern-wegen-quellcode-modus/
Alexander Ebert [Wed, 9 Mar 2022 16:19:40 +0000 (17:19 +0100)]
Workaround for the selection of the quote tooltip
Fixes https://www.woltlab.com/community/thread/294684-sprung-zum-seitenanfang-beim-markieren-auf-mobilen-ger%C3%A4ten/
Alexander Ebert [Wed, 9 Mar 2022 15:14:14 +0000 (16:14 +0100)]
Improved the UX for page object id suggestions
See https://www.woltlab.com/community/thread/294550-men%C3%BCpunkt-mit-artikelbezug-artikel-id-heraussuchen-klick-%C3%B6ffnet-artikel/
Tim Düsterhus [Wed, 9 Mar 2022 14:33:24 +0000 (15:33 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 9 Mar 2022 14:23:47 +0000 (15:23 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 14:16:41 +0000 (15:16 +0100)]
Upgrade to `actions/checkout@v3`
Tim Düsterhus [Wed, 9 Mar 2022 14:14:53 +0000 (15:14 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 9 Mar 2022 14:14:35 +0000 (15:14 +0100)]
Upgrade to `actions/checkout@v3`
Tim Düsterhus [Wed, 9 Mar 2022 13:51:56 +0000 (14:51 +0100)]
Delete compiled JS files where the TS source no longer exists
Tim Düsterhus [Wed, 9 Mar 2022 13:50:59 +0000 (14:50 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 9 Mar 2022 13:44:09 +0000 (14:44 +0100)]
Update npm dependencies
Tim Düsterhus [Wed, 9 Mar 2022 13:08:53 +0000 (14:08 +0100)]
Add missing space in indentation in LikeAction
Tim Düsterhus [Wed, 9 Mar 2022 12:55:24 +0000 (13:55 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 12:49:18 +0000 (13:49 +0100)]
Validate the `pageNo` in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 12:48:52 +0000 (13:48 +0100)]
Validate that the userID matches a user in UserFollowingAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:48:19 +0000 (13:48 +0100)]
Validate the `pageNo` in UserFollowingAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:47:42 +0000 (13:47 +0100)]
Validate that the userID matches a user in UserFollowAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:47:01 +0000 (13:47 +0100)]
Validate the `pageNo` in UserFollowAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:46:29 +0000 (13:46 +0100)]
Validate the `pageNo` in MediaAction::validateGetSearchResultList()
Tim Düsterhus [Wed, 9 Mar 2022 12:45:45 +0000 (13:45 +0100)]
Validate the `pageNo` in LikeAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:45:05 +0000 (13:45 +0100)]
Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 11:19:20 +0000 (12:19 +0100)]
Validate the limit and offset in Database::handleLimitParameter()
Tim Düsterhus [Wed, 9 Mar 2022 09:47:07 +0000 (10:47 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 9 Mar 2022 09:46:52 +0000 (10:46 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 09:40:02 +0000 (10:40 +0100)]
Simplify condition in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 09:39:36 +0000 (10:39 +0100)]
Validate that the userID matches a user in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 09:38:04 +0000 (10:38 +0100)]
Validate that the userID matches a user in UserProfileVisitorAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 09:33:51 +0000 (10:33 +0100)]
Fix typing of RuntimeCache's getObject() method
Alexander Ebert [Tue, 8 Mar 2022 18:12:26 +0000 (19:12 +0100)]
Disabled `input[type="date"]` were not initialized
See https://www.woltlab.com/community/thread/294503-ansicht-bei-einem-datumsfeld-fehlerhaft-plus-konsolenfehler-disabled/
Alexander Ebert [Tue, 8 Mar 2022 13:43:23 +0000 (14:43 +0100)]
`Escape` key now triggers `onBeforeClose`
See https://www.woltlab.com/community/thread/294772-closeconfirmmessage-onbeforeclose-bei-esc-taste/
Alexander Ebert [Tue, 8 Mar 2022 13:37:45 +0000 (14:37 +0100)]
Apply the “user online” formatting to mentions
See https://www.woltlab.com/community/thread/294551-fehlende-benutzer-online-markierung-in-erw%C3%A4hnungen/
Tim Düsterhus [Tue, 8 Mar 2022 12:27:01 +0000 (13:27 +0100)]
Merge pull request #4696 from WoltLab/BREACH
Protect the XSRF token against BREACH attacks
Tim Düsterhus [Tue, 8 Mar 2022 12:23:49 +0000 (13:23 +0100)]
Prefill the xsrfTokenInput with a static `NOT_MODIFIED`
Tim Düsterhus [Tue, 8 Mar 2022 11:06:08 +0000 (12:06 +0100)]
Add the `xsrfTokenInput` class to the XSRF token form fields
This allows the JavaScript to detect the fields an fill in the token. The value
remains the actual token for now until we're confident that the XsrfToken.ts
logic works reliably in all cases.
Tim Düsterhus [Tue, 8 Mar 2022 11:04:58 +0000 (12:04 +0100)]
Add WoltLabSuite/Core/Form/XsrfToken.ts to automatically insert the XSRF-TOKEN into matching inputs
This is in preparation of removing the XSRF-TOKEN value from the HTML source
code to prevent BREACH.