GitHub/WoltLab/WCF.git
19 months agoForce replace some HTML tags before sending messages to the search index
Alexander Ebert [Wed, 29 Mar 2023 16:24:45 +0000 (18:24 +0200)]
Force replace some HTML tags before sending messages to the search index

Stripping the HTML can cause certain words to be accidentally joined when there is no symbol between them that is recognized by the tokenizer. Inserting a whitespace at tag positions that are known to be prone is a stop-gap solution until we find a more stable replacement strategy.

See #4652 and WoltLab/com.woltlab.wcf.elasticSearch#14

19 months agoMerge pull request #5372 from WoltLab/article-permissions
Tim Düsterhus [Tue, 28 Mar 2023 12:57:51 +0000 (14:57 +0200)]
Merge pull request #5372 from WoltLab/article-permissions

Fix several article related permissions

19 months agoCheck edit permissions before showing edit link in ACP's article list
Tim Düsterhus [Tue, 28 Mar 2023 12:19:40 +0000 (14:19 +0200)]
Check edit permissions before showing edit link in ACP's article list

19 months agoUnify visibility of articles in ACP's article list with frontend
Tim Düsterhus [Tue, 28 Mar 2023 12:17:40 +0000 (14:17 +0200)]
Unify visibility of articles in ACP's article list with frontend

19 months agoAllow users that may contribute articles to see their own articles independent of...
Tim Düsterhus [Tue, 28 Mar 2023 12:12:34 +0000 (14:12 +0200)]
Allow users that may contribute articles to see their own articles independent of publication status in lists

19 months agoUnify default publication status for users that may manage articles and users that...
Tim Düsterhus [Tue, 28 Mar 2023 12:06:18 +0000 (14:06 +0200)]
Unify default publication status for users that may manage articles and users that may manage their own articles

19 months agoAllow users that may manage own articles to view them independent of publication...
Tim Düsterhus [Tue, 28 Mar 2023 12:03:05 +0000 (14:03 +0200)]
Allow users that may manage own articles to view them independent of publication status

19 months agoAllow users that may manage own articles to actually create articles
Tim Düsterhus [Tue, 28 Mar 2023 11:57:50 +0000 (13:57 +0200)]
Allow users that may manage own articles to actually create articles

20 months agoUpdate to TypeScript 5.0
Tim Düsterhus [Fri, 17 Mar 2023 09:47:31 +0000 (10:47 +0100)]
Update to TypeScript 5.0

20 months agoUpdate eslint
Tim Düsterhus [Fri, 17 Mar 2023 09:37:41 +0000 (10:37 +0100)]
Update eslint

20 months agoRelease 5.5.10 5.5.10
Alexander Ebert [Thu, 16 Mar 2023 15:43:22 +0000 (16:43 +0100)]
Release 5.5.10

20 months agoMerge branch '5.4' into 5.5
Alexander Ebert [Thu, 16 Mar 2023 15:32:19 +0000 (16:32 +0100)]
Merge branch '5.4' into 5.5

20 months agoRelease 5.4.26 5.4.26
Alexander Ebert [Thu, 16 Mar 2023 15:25:26 +0000 (16:25 +0100)]
Release 5.4.26

20 months agoMerge branch '5.3' into 5.4
Alexander Ebert [Thu, 16 Mar 2023 15:21:37 +0000 (16:21 +0100)]
Merge branch '5.3' into 5.4

20 months agoRelease 5.3.27 5.3.27
Alexander Ebert [Thu, 16 Mar 2023 15:06:57 +0000 (16:06 +0100)]
Release 5.3.27

20 months agoUpdating minified JavaScript files
WoltLab [Thu, 16 Mar 2023 14:58:18 +0000 (14:58 +0000)]
Updating minified JavaScript files

20 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Thu, 16 Mar 2023 14:54:32 +0000 (15:54 +0100)]
Merge branch '5.4' into 5.5

20 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Thu, 16 Mar 2023 14:54:21 +0000 (15:54 +0100)]
Merge branch '5.3' into 5.4

20 months agoMerge branch 'edit-permissions' into 5.3
Tim Düsterhus [Thu, 16 Mar 2023 14:50:46 +0000 (15:50 +0100)]
Merge branch 'edit-permissions' into 5.3

20 months agoRelease 5.5.10 dev 1 5.5.10_dev_1
Alexander Ebert [Mon, 13 Mar 2023 11:52:57 +0000 (12:52 +0100)]
Release 5.5.10 dev 1

20 months agoUpdating minified JavaScript files
WoltLab [Mon, 13 Mar 2023 11:51:33 +0000 (11:51 +0000)]
Updating minified JavaScript files

20 months agoFix the handling of external links in the mobile main menu
Alexander Ebert [Mon, 13 Mar 2023 11:27:47 +0000 (12:27 +0100)]
Fix the handling of external links in the mobile main menu

See https://www.woltlab.com/community/thread/299236-externe-hauptmen%C3%BC-links-werden-trotz-einstellung-im-acp-mobil-nicht-in-neuem-tab/

20 months agoCheck if the article is readable in Article::canEdit()
Tim Düsterhus [Fri, 10 Mar 2023 12:47:35 +0000 (13:47 +0100)]
Check if the article is readable in Article::canEdit()

Previously an editor could access the contents of an inaccessible article by
directly navigating to the edit form.

20 months agoMerge pull request #5353 from WoltLab/article-edit
Tim Düsterhus [Fri, 10 Mar 2023 12:30:44 +0000 (13:30 +0100)]
Merge pull request #5353 from WoltLab/article-edit

Fix Article::canEdit() permission for article contributors

20 months agoFix Article::canEdit() permission for article contributors
Tim Düsterhus [Fri, 10 Mar 2023 12:22:12 +0000 (13:22 +0100)]
Fix Article::canEdit() permission for article contributors

The previous return value was non-sense, because `false` is already the
default. Users that may contribute articles may edit their own articles until
they are published, thus this must `return true`.

This was introduced in a40df44c036bd6201e4e8f9cef5fb878dba4dd4f.

20 months agoMerge pull request #5344 from nice42q/patch-1
Alexander Ebert [Thu, 9 Mar 2023 16:17:26 +0000 (17:17 +0100)]
Merge pull request #5344 from nice42q/patch-1

Resize Upright Videos

20 months agoMerge pull request #5347 from WoltLab/user-option-disabled
Tim Düsterhus [Thu, 9 Mar 2023 15:58:19 +0000 (16:58 +0100)]
Merge pull request #5347 from WoltLab/user-option-disabled

Check if a user option is disabled in UserOption::isVisible() and ::isEditable()

20 months agoCheck if a user option is disabled in UserOption::isVisible() and ::isEditable()
Tim Düsterhus [Thu, 9 Mar 2023 14:10:28 +0000 (15:10 +0100)]
Check if a user option is disabled in UserOption::isVisible() and ::isEditable()

see https://www.woltlab.com/community/thread/299193-gender-birthday-location-still-shows-in-profile-even-if-the-fields-are-disabled/

20 months agoMerge pull request #5343 from WoltLab/media-clipboard-bad-merge
Tim Düsterhus [Wed, 8 Mar 2023 09:52:04 +0000 (10:52 +0100)]
Merge pull request #5343 from WoltLab/media-clipboard-bad-merge

Fix bad merge in Media/Clipboard.ts

20 months agoResize Upright Videos
Luke [Wed, 8 Mar 2023 09:31:53 +0000 (10:31 +0100)]
Resize Upright Videos

'vh' 1% of the viewport's height.

Responsive style for all devices

20 months agoFix bad merge in Media/Clipboard.ts
Tim Düsterhus [Wed, 8 Mar 2023 09:22:34 +0000 (10:22 +0100)]
Fix bad merge in Media/Clipboard.ts

The `_didInit = true` assignment added in
3510ed70b5abcd0786cca33469812b2781024cc9 got lost during the TypeScript
transformation in b5030e676de80fc60f7619c0149999cfed394499.

Fixes #5341

20 months agoUpdating minified JavaScript files
WoltLab [Tue, 7 Mar 2023 15:23:39 +0000 (15:23 +0000)]
Updating minified JavaScript files

20 months agoUpdate npm dependencies in extra/
Tim Düsterhus [Tue, 7 Mar 2023 15:22:04 +0000 (16:22 +0100)]
Update npm dependencies in extra/

20 months agoMerge pull request #5340 from WoltLab/x-frame-options-phrase
Tim Düsterhus [Tue, 7 Mar 2023 11:27:12 +0000 (12:27 +0100)]
Merge pull request #5340 from WoltLab/x-frame-options-phrase

Drop misleading “deprecated” note in `wcf.acp.option.http_send_x_frame_options`

20 months agoDrop misleading “deprecated” note in `wcf.acp.option.http_send_x_frame_options`
Tim Düsterhus [Tue, 7 Mar 2023 08:24:04 +0000 (09:24 +0100)]
Drop misleading “deprecated” note in `wcf.acp.option.http_send_x_frame_options`

Not the “disallowing of frame embeds” is deprecated, but the disabling of the
disallowing. This becomes clear when reading the description, but not when just
reading the option name + parenthesis.

Drop the parenthesis entirely, the description is quite clear and the ACP index
page will also show a warning if the option still is enabled.

see https://www.woltlab.com/community/thread/299182-einbindung-in-einem-frame-verhindern-veraltet-nicht-empfohlen/

20 months agoFix missing deletion of articles after deletion of a category
Marcel Werk [Mon, 6 Mar 2023 15:36:13 +0000 (16:36 +0100)]
Fix missing deletion of articles after deletion of a category

20 months agoFix missing custom confirm messages when deleting categories
Marcel Werk [Mon, 6 Mar 2023 15:29:01 +0000 (16:29 +0100)]
Fix missing custom confirm messages when deleting categories

20 months agoFix missing deletion of subscriptions of article categories
Marcel Werk [Mon, 6 Mar 2023 15:01:02 +0000 (16:01 +0100)]
Fix missing deletion of subscriptions of article categories

Deleting article categories did not remove attached subscriptions.

20 months agoSuppress the HTML encoding of values encoded by `|encodeJS`
Alexander Ebert [Mon, 6 Mar 2023 13:08:55 +0000 (14:08 +0100)]
Suppress the HTML encoding of values encoded by `|encodeJS`

This causes entities to be encoded, but the implementation expects them to be plain text.

See https://www.woltlab.com/community/thread/298737-sonderzeichen-in-umfragen/

20 months agoHandle `NULL` groupDescription in UserGroup::getDescription()
Tim Düsterhus [Mon, 6 Mar 2023 10:34:22 +0000 (11:34 +0100)]
Handle `NULL` groupDescription in UserGroup::getDescription()

see a48f51b3c73abff7e4fe9a5016b976682cb5ab3c
see #4694

20 months agoFix exception when editing a user rank with a broken image
Marcel Werk [Fri, 3 Mar 2023 14:52:46 +0000 (15:52 +0100)]
Fix exception when editing a user rank with a broken image

Closes #4860

20 months agoUpdate GitHub workflows to node.js 18
Tim Düsterhus [Fri, 3 Mar 2023 11:27:08 +0000 (12:27 +0100)]
Update GitHub workflows to node.js 18

21 months agoCreate the initial article category with explicit description
Tim Düsterhus [Fri, 24 Feb 2023 14:21:08 +0000 (15:21 +0100)]
Create the initial article category with explicit description

see #5323

21 months agoFix PHP 8.1 compatibility in AbstractCategoryEditForm for NULL description
Tim Düsterhus [Fri, 24 Feb 2023 14:20:12 +0000 (15:20 +0100)]
Fix PHP 8.1 compatibility in AbstractCategoryEditForm for NULL description

see #5323

21 months agoFix stack trace rendering for strings with single quotes
Tim Düsterhus [Mon, 20 Feb 2023 14:53:15 +0000 (15:53 +0100)]
Fix stack trace rendering for strings with single quotes

21 months agoMerge pull request #5311 from WoltLab/about-me-validation
Tim Düsterhus [Mon, 20 Feb 2023 09:55:22 +0000 (10:55 +0100)]
Merge pull request #5311 from WoltLab/about-me-validation

Fix aboutMe validation

21 months agoReduce the maximum length for the aboutMe and signature to 65000
Tim Düsterhus [Mon, 20 Feb 2023 09:12:03 +0000 (10:12 +0100)]
Reduce the maximum length for the aboutMe and signature to 65000

This is a nice round number and gives some additional wiggle room for HTML
processing changes in UserRebuildDataWorker before the hard limit is actually
reached and contents will need to be dropped.

21 months agoFix length comparison for aboutMe text in UserRebuildDataWorker
Tim Düsterhus [Mon, 20 Feb 2023 09:10:06 +0000 (10:10 +0100)]
Fix length comparison for aboutMe text in UserRebuildDataWorker

Contrary to the comment's claim, a `TEXT` column supports 65535 characters
(depending on the charset), not 65535 bytes.

21 months agoFix validation in AboutMeOptionType
Tim Düsterhus [Mon, 20 Feb 2023 09:04:19 +0000 (10:04 +0100)]
Fix validation in AboutMeOptionType

The validation method previously checked the original input, not the processed
input. This possibly allowed the user to hide words from the Censorship,
because the HTMLPurifier removes elements, resulting in a semantic change. For
example: `Bad<script></script>word` will be `Badword` after purification.

For the length validation this might result in outputs exceeding the hard 65535
character limit (which is also the maximum configurable length in the user
group option).

This is fixed by checking:

1. The text content against the user group option as done everywhere.
2. The text content against the censorship as done everywhere.
3. The HTML content against the hard limit.

21 months agoDrop obsolete update_com.woltlab.wcf_5.5.9_systemId.php
Tim Düsterhus [Fri, 17 Feb 2023 12:57:39 +0000 (13:57 +0100)]
Drop obsolete update_com.woltlab.wcf_5.5.9_systemId.php

21 months agoMerge pull request #5307 from WoltLab/unfurl-language
Tim Düsterhus [Fri, 17 Feb 2023 11:54:31 +0000 (12:54 +0100)]
Merge pull request #5307 from WoltLab/unfurl-language

Add `accept-language` header to Unfurling requests

21 months agoAdd `accept-language` header to Unfurling requests
Tim Düsterhus [Fri, 17 Feb 2023 11:24:38 +0000 (12:24 +0100)]
Add `accept-language` header to Unfurling requests

The default language is preferred, but any language is acceptable with a lower
priority.

see https://www.woltlab.com/community/thread/299002-imdb-english-embed-links-displaying-german-text/

21 months agoRelease 5.5.9 5.5.9
Alexander Ebert [Fri, 17 Feb 2023 11:03:00 +0000 (12:03 +0100)]
Release 5.5.9

21 months agoRelease 5.5.9 dev 2 5.5.9_dev_2
Alexander Ebert [Thu, 16 Feb 2023 11:32:03 +0000 (12:32 +0100)]
Release 5.5.9 dev 2

21 months agoUpdating minified JavaScript files
WoltLab [Thu, 16 Feb 2023 09:21:12 +0000 (09:21 +0000)]
Updating minified JavaScript files

21 months agoRelease 5.5.9 dev 1 5.5.9_dev_1
Alexander Ebert [Tue, 14 Feb 2023 14:51:53 +0000 (15:51 +0100)]
Release 5.5.9 dev 1

21 months agoUpdate npm dependencies
Tim Düsterhus [Fri, 10 Feb 2023 08:58:20 +0000 (09:58 +0100)]
Update npm dependencies

21 months agoImprove the vertical alignment in case no direction has enough space
Alexander Ebert [Mon, 6 Feb 2023 16:14:41 +0000 (17:14 +0100)]
Improve the vertical alignment in case no direction has enough space

See https://www.woltlab.com/community/thread/298831-l%C3%B6schen-in-der-mobilen-ansicht-nicht-sichtbar/

21 months agoPrevent the Instagram iframe from overlapping other elements
Alexander Ebert [Mon, 6 Feb 2023 15:22:55 +0000 (16:22 +0100)]
Prevent the Instagram iframe from overlapping other elements

See https://www.woltlab.com/community/thread/298758-medienanbieter-instagram-%C3%BCberlappt-content/

21 months agoFix the replacement of the encoded apostrophe
Alexander Ebert [Mon, 6 Feb 2023 13:31:32 +0000 (14:31 +0100)]
Fix the replacement of the encoded apostrophe

See https://www.woltlab.com/community/thread/298815-desktopbenachrichtigungen-stellen-apostroph-nicht-korrekt-dar/

21 months agoEnforce the minimum height of filtered checkbox lists dynamically
Alexander Ebert [Mon, 6 Feb 2023 13:25:16 +0000 (14:25 +0100)]
Enforce the minimum height of filtered checkbox lists dynamically

See https://www.woltlab.com/community/thread/298850-mulitselect-felder-werden-gr%C3%B6%C3%9Fer-angezeigt-als-notwendig-nach-update-auf-5-5/

21 months agoMerge pull request #5262 from WoltLab/avatar-extension-validation
Tim Düsterhus [Tue, 31 Jan 2023 11:02:29 +0000 (12:02 +0100)]
Merge pull request #5262 from WoltLab/avatar-extension-validation

Validate the avatar mime type against the extension list

21 months agoAdd safety abort in UserAvatarEditor::createAvatarVariant() for WebP originals
Tim Düsterhus [Tue, 31 Jan 2023 08:50:36 +0000 (09:50 +0100)]
Add safety abort in UserAvatarEditor::createAvatarVariant() for WebP originals

21 months agoValidate the avatar mime type against the extension list
Tim Düsterhus [Tue, 31 Jan 2023 08:47:16 +0000 (09:47 +0100)]
Validate the avatar mime type against the extension list

see https://www.woltlab.com/community/thread/298731-avatar-upload-pr%C3%BCft-lediglich-dateiendnung-aber-nicht-das-format/

22 months agoMerge pull request #5240 from WoltLab/style-import-template-modification-time
Tim Düsterhus [Tue, 24 Jan 2023 15:10:46 +0000 (16:10 +0100)]
Merge pull request #5240 from WoltLab/style-import-template-modification-time

Update template’s modification time when updated via style import

22 months agoUpdate template’s modification time when updated via style import
Tim Düsterhus [Tue, 24 Jan 2023 15:02:58 +0000 (16:02 +0100)]
Update template’s modification time when updated via style import

Fixes #5235

22 months agoMerge pull request #5231 from WoltLab/system-check-opcache
Tim Düsterhus [Mon, 23 Jan 2023 11:10:25 +0000 (12:10 +0100)]
Merge pull request #5231 from WoltLab/system-check-opcache

Check OPcache in SystemCheckPage

22 months agoAdd update_com.woltlab.wcf_5.5.9_systemId.php
Tim Düsterhus [Fri, 20 Jan 2023 13:26:22 +0000 (14:26 +0100)]
Add update_com.woltlab.wcf_5.5.9_systemId.php

22 months agoCheck OPcache in SystemCheckPage
Tim Düsterhus [Fri, 20 Jan 2023 13:22:28 +0000 (14:22 +0100)]
Check OPcache in SystemCheckPage

Resolves #5230

22 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Thu, 19 Jan 2023 13:26:57 +0000 (14:26 +0100)]
Merge branch '5.4' into 5.5

22 months agoRelease 5.5.8 5.5.8
Alexander Ebert [Thu, 19 Jan 2023 13:24:53 +0000 (14:24 +0100)]
Release 5.5.8

22 months agoRelease 5.4.25 5.4.25
Alexander Ebert [Thu, 19 Jan 2023 13:22:17 +0000 (14:22 +0100)]
Release 5.4.25

22 months agoMerge branch '5.3' into 5.4
Alexander Ebert [Thu, 19 Jan 2023 13:21:54 +0000 (14:21 +0100)]
Merge branch '5.3' into 5.4

22 months agoRelease 5.3.26 5.3.26
Alexander Ebert [Thu, 19 Jan 2023 13:19:31 +0000 (14:19 +0100)]
Release 5.3.26

22 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Thu, 19 Jan 2023 13:17:02 +0000 (14:17 +0100)]
Merge branch '5.4' into 5.5

22 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Thu, 19 Jan 2023 13:16:28 +0000 (14:16 +0100)]
Merge branch '5.3' into 5.4

22 months agoMerge branch 'xss-activation' into 5.3
Tim Düsterhus [Thu, 19 Jan 2023 13:16:10 +0000 (14:16 +0100)]
Merge branch 'xss-activation' into 5.3

22 months agoAutomatically detect HTTP codeblocks
Tim Düsterhus [Tue, 17 Jan 2023 13:07:33 +0000 (14:07 +0100)]
Automatically detect HTTP codeblocks

22 months agoRelease 5.5.8 dev 1 5.5.8_dev_1
Alexander Ebert [Mon, 16 Jan 2023 16:59:50 +0000 (17:59 +0100)]
Release 5.5.8 dev 1

22 months agoUpdating minified JavaScript files
WoltLab [Mon, 16 Jan 2023 16:20:19 +0000 (16:20 +0000)]
Updating minified JavaScript files

22 months agoUse `ResizeObserverEntry.contentRect` in legacy browsers
Alexander Ebert [Mon, 16 Jan 2023 16:05:50 +0000 (17:05 +0100)]
Use `ResizeObserverEntry.contentRect` in legacy browsers

Fixes #5187

22 months agoAdd `messageTableOfContents` and `quoteMetaCode` to the shared templates
Alexander Ebert [Mon, 16 Jan 2023 15:54:38 +0000 (16:54 +0100)]
Add `messageTableOfContents` and `quoteMetaCode` to the shared templates

See https://www.woltlab.com/community/thread/298400-artikelvorschau-bringt-eine-reihe-von-fehlermeldungen/
See https://www.woltlab.com/community/thread/298137-alle-anzeigen-aktualisieren-unable-to-find-template-quotemetacode/

22 months agoSuppress empty style descriptions
Alexander Ebert [Mon, 16 Jan 2023 15:36:33 +0000 (16:36 +0100)]
Suppress empty style descriptions

See https://www.woltlab.com/community/thread/298369-stil-beschreibung-fehlt-sprachvariable-wird-angezeigt/

22 months agoSuppress user activity events when articles have been disabled
Alexander Ebert [Mon, 16 Jan 2023 15:14:55 +0000 (16:14 +0100)]
Suppress user activity events when articles have been disabled

See https://www.woltlab.com/community/thread/298375-letzte-aktivit%C3%A4ten-nach-modul-deaktivierung/

22 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Mon, 16 Jan 2023 13:52:27 +0000 (14:52 +0100)]
Merge branch '5.4' into 5.5

22 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Mon, 16 Jan 2023 13:51:47 +0000 (14:51 +0100)]
Merge branch '5.3' into 5.4

22 months agoRemove questionable `@` in __singleMediaSelectionFormField.tpl
Tim Düsterhus [Mon, 16 Jan 2023 13:48:54 +0000 (14:48 +0100)]
Remove questionable `@` in __singleMediaSelectionFormField.tpl

This looks like it is exploitable, because the value is not guaranteed to be an integer.

22 months agoFix XSS vulnerability in registerActivation.tpl
Tim Düsterhus [Mon, 16 Jan 2023 13:40:29 +0000 (14:40 +0100)]
Fix XSS vulnerability in registerActivation.tpl

This was introduced in a477e3522933a7204b02013cd6b6d47d0db1d254 when the
activation logic was refactored to no longer use numeric-only activation codes.

Thanks to Chabik Hatim for responsibly reporting the vulnerability.

22 months agoMerge pull request #5225 from WoltLab/supportexpiry-53
Tim Düsterhus [Mon, 16 Jan 2023 13:49:57 +0000 (14:49 +0100)]
Merge pull request #5225 from WoltLab/supportexpiry-53

Notify users of the expiring support (5.3)

22 months agoNotify users of the expiring support (5.3)
Tim Düsterhus [Tue, 2 Nov 2021 11:11:50 +0000 (12:11 +0100)]
Notify users of the expiring support (5.3)

see #4574

22 months agoProperly take languageID into account in LanguageEditor::deleteFromXML()
Tim Düsterhus [Mon, 16 Jan 2023 09:50:32 +0000 (10:50 +0100)]
Properly take languageID into account in LanguageEditor::deleteFromXML()

see https://www.woltlab.com/community/thread/298522-sprachvariable-case-aktualisieren/

22 months agoDetect reused dialogIds in Form/Builder/Dialog.ts
Tim Düsterhus [Thu, 12 Jan 2023 13:11:33 +0000 (14:11 +0100)]
Detect reused dialogIds in Form/Builder/Dialog.ts

see https://www.woltlab.com/community/thread/298580-uncaught-error-form-has-not-been-requested-yet/

22 months agoFix incorrect use of `this` references in Dom/Util
Tim Düsterhus [Wed, 11 Jan 2023 14:55:01 +0000 (15:55 +0100)]
Fix incorrect use of `this` references in Dom/Util

This breaks if single functions are imported.

22 months agoAdd `rel="nofollow"` to missed login link
Tim Düsterhus [Wed, 11 Jan 2023 13:22:30 +0000 (14:22 +0100)]
Add `rel="nofollow"` to missed login link

This was noticed while resolving the merge conflicts when merging from 5.5 to
master.

see fa0b20e855dbf01ebf3e4ac54c12a0507dcb993f

22 months agoMerge pull request #5221 from WoltLab/login-no-follow
Tim Düsterhus [Wed, 11 Jan 2023 13:16:05 +0000 (14:16 +0100)]
Merge pull request #5221 from WoltLab/login-no-follow

Mark login links as `rel="nofollow"`

22 months agoRemove questionable `@` in login.tpl
Tim Düsterhus [Wed, 11 Jan 2023 12:37:35 +0000 (13:37 +0100)]
Remove questionable `@` in login.tpl

22 months agoMark login links as `rel="nofollow"`
Tim Düsterhus [Wed, 11 Jan 2023 12:35:03 +0000 (13:35 +0100)]
Mark login links as `rel="nofollow"`

Resolves #5218

23 months agoFix missing permission check
Marcel Werk [Thu, 15 Dec 2022 15:53:33 +0000 (16:53 +0100)]
Fix missing permission check

It was not considered whether the user has the permission to edit his profile.

23 months agoMerge pull request #5190 from WoltLab/php-ddl-foreign-key-drop
Tim Düsterhus [Thu, 15 Dec 2022 14:03:05 +0000 (15:03 +0100)]
Merge pull request #5190 from WoltLab/php-ddl-foreign-key-drop

Fix dropping of misnamed foreign keys in PHP DDL

23 months agoFix dropping of misnamed foreign keys in PHP DDL
Tim Düsterhus [Thu, 15 Dec 2022 13:22:10 +0000 (14:22 +0100)]
Fix dropping of misnamed foreign keys in PHP DDL

Foreign keys are matched up by their `getDiffData()` which includes the column
list, referenced column list and referenced table, but does not include the name.

This effectively ensures that only a single foreign key exists for each
possible combination of source and target columns.

Dropping foreign keys however relies on the foreign key’s name being sent to
the database and this is currently broken when the foreign key name differs
from the expected name:

The misnamed key will be matched up, but the DROP query will send the expected
name, instead of the actual name.

Fix this by inserting the `$matchingExistingForeignKey` into the list of keys
to drop, which makes sense, because the existing key is what should be dropped
in the first place.