Tim Düsterhus [Tue, 16 Mar 2021 13:57:07 +0000 (14:57 +0100)]
Merge pull request #4089 from WoltLab/session-creation
Add wcf1_user_session.creationTime
Tim Düsterhus [Tue, 16 Mar 2021 13:37:36 +0000 (14:37 +0100)]
Tim Düsterhus [Tue, 16 Mar 2021 13:35:38 +0000 (14:35 +0100)]
Add wcf1_user_session.creationTime
Tim Düsterhus [Tue, 16 Mar 2021 12:07:26 +0000 (13:07 +0100)]
Merge pull request #4086 from WoltLab/deprecated-is-connected-with
Deprecate UserProfile::isConnectedWith*()
Matthias Schmidt [Tue, 16 Mar 2021 11:26:06 +0000 (12:26 +0100)]
Only add DOM change listener once in `Ui/Empty`
See #4073
Tim Düsterhus [Tue, 16 Mar 2021 10:46:09 +0000 (11:46 +0100)]
Fix typo in UserProfile::isConnectedWith*() deprecation
Co-authored-by: Matthias Schmidt <gravatronics@live.com>
Tim Düsterhus [Tue, 16 Mar 2021 10:26:25 +0000 (11:26 +0100)]
Deprecate UserProfile::isConnectedWith*()
Tim Düsterhus [Mon, 15 Mar 2021 15:41:58 +0000 (16:41 +0100)]
Merge pull request #4085 from WoltLab/fast-create
Add TFastCreate trait
Tim Düsterhus [Mon, 15 Mar 2021 15:05:19 +0000 (16:05 +0100)]
Add TFastCreate trait
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Tim Düsterhus [Mon, 15 Mar 2021 15:36:19 +0000 (16:36 +0100)]
Merge pull request #4084 from WoltLab/user-importer-performance
Improve performance of UserImporter
Tim Düsterhus [Mon, 15 Mar 2021 15:31:51 +0000 (16:31 +0100)]
Remove useless check for non-emptiness of $groupIDs
Tim Düsterhus [Mon, 15 Mar 2021 14:31:32 +0000 (15:31 +0100)]
Improve performance of UserImporter
Tim Düsterhus [Mon, 15 Mar 2021 14:09:02 +0000 (15:09 +0100)]
Re-use the statement in ImportHandler::saveNewID()
Resolves #4083
Tim Düsterhus [Mon, 15 Mar 2021 14:05:35 +0000 (15:05 +0100)]
Add timestamps to ImportCLICommand
Tim Düsterhus [Mon, 15 Mar 2021 11:36:23 +0000 (12:36 +0100)]
Merge branch '5.3'
Tim Düsterhus [Mon, 15 Mar 2021 11:34:08 +0000 (12:34 +0100)]
Refuse to proxy non-standard ports in ImageProxy
Tim Düsterhus [Mon, 15 Mar 2021 11:22:12 +0000 (12:22 +0100)]
Refactor query generation in UserSearchForm::search()
The `$sql` can easily be moved down, as it is only used in a single place. This
allows us to directly embed the condition.
see
dec19b25cdf21b81d73c5897cd3c885d5ec62ef4
see #4078
Tim Düsterhus [Mon, 15 Mar 2021 11:21:06 +0000 (12:21 +0100)]
Merge branch '5.3'
Tim Düsterhus [Mon, 15 Mar 2021 11:16:06 +0000 (12:16 +0100)]
Add whitespace before condition in UserSearchForm
Currently a query like the following is generated:
SELECT user_table.userID
FROM wcf1_user user_table
LEFT JOIN wcf1_user_option_value option_value
ON (option_value.userID = user_table.userID)WHERE option_value.userOption4 = ?
This works due to the parentheses around the `ON` part of the `JOIN`, but it
certainly is not pretty and it will cause issues if the parentheses are removed
(as it happened for WoltLab Suite 5.4).
Insert a newline between the base query and the condition to fix the issue.
Resolves #4078
Co-Authored-By: mutec <mysterycode@mysterycode.de>
Matthias Schmidt [Mon, 15 Mar 2021 08:48:49 +0000 (09:48 +0100)]
Merge pull request #4073 from WoltLab/empty_handler
Add module for empty HTML elements as replace for `WCF.Table.EmptyTableHandler`
Matthias Schmidt [Mon, 15 Mar 2021 08:46:18 +0000 (09:46 +0100)]
Support database PIP syncs for non-Core packages
Matthias Schmidt [Mon, 15 Mar 2021 08:05:29 +0000 (09:05 +0100)]
Merge pull request #4077 from WoltLab/database_pip
Add DatabasePackageInstallationPlugin
Marcel Werk [Sun, 14 Mar 2021 17:31:26 +0000 (18:31 +0100)]
Fix missing content languages for guests
Matthias Schmidt [Sun, 14 Mar 2021 08:07:47 +0000 (09:07 +0100)]
Use new database PIP for update scripts
Matthias Schmidt [Sun, 14 Mar 2021 08:07:37 +0000 (09:07 +0100)]
Support database PIP in devtools sync function
Matthias Schmidt [Sun, 14 Mar 2021 08:07:15 +0000 (09:07 +0100)]
Add `DatabasePackageInstallationPlugin`
Matthias Schmidt [Sat, 13 Mar 2021 12:38:54 +0000 (13:38 +0100)]
Make use of `Ui/Empty` in more places in frontend
Matthias Schmidt [Sat, 13 Mar 2021 12:35:15 +0000 (13:35 +0100)]
Make use of `Ui/Empty` in more places in ACP
Matthias Schmidt [Fri, 12 Mar 2021 15:54:39 +0000 (16:54 +0100)]
Replace use of `WCF.Table.EmptyTableHandler` with `Ui/Empty`
Matthias Schmidt [Fri, 12 Mar 2021 15:54:07 +0000 (16:54 +0100)]
Deprecate `WCF.Table.EmptyTableHandler`
Matthias Schmidt [Fri, 12 Mar 2021 15:53:53 +0000 (16:53 +0100)]
Setup `Ui/Empty` on every request globally
Matthias Schmidt [Fri, 12 Mar 2021 15:53:27 +0000 (16:53 +0100)]
Add `Ui/Empty` module
Matthias Schmidt [Fri, 12 Mar 2021 14:02:09 +0000 (15:02 +0100)]
Recompile TypeScript to JavaScript
Matthias Schmidt [Fri, 12 Mar 2021 11:57:40 +0000 (12:57 +0100)]
Remove deprecation of `Environment.touch()`
The function is still actively used and there is no better way of doing it.
See #3876
Tim Düsterhus [Fri, 12 Mar 2021 11:54:33 +0000 (12:54 +0100)]
Merge pull request #4070 from WoltLab/formbuilder-typescript
Improve typing in Form/Builder/Dialog.ts
Tim Düsterhus [Fri, 12 Mar 2021 10:00:37 +0000 (11:00 +0100)]
Merge branch '5.3'
Tim Düsterhus [Fri, 12 Mar 2021 09:58:20 +0000 (10:58 +0100)]
Ensure that the 'wcf' application is untainted
This fixes up commit
fc2b721517646af2e4d901d95eeba802c1eb6a7d.
see #4057
Tim Düsterhus [Fri, 12 Mar 2021 09:36:06 +0000 (10:36 +0100)]
Do not set a spiderID for legacy sessions of registered users
This is the correct version of
0d262d1080533b952de104f45df7cf5a360d8892 which
was reverted in
7476740c8a03adc20f2d5f0380b47556f61edd8a.
During user change the guest legacy session is destroyed together with the
actual guest session and a new session with a matching legacy session is
created. At no point will a legacy session of a guest magically turn into a
legacy session of a user and thus an `UPDATE` is never required.
see #4067
Tim Düsterhus [Fri, 12 Mar 2021 09:06:26 +0000 (10:06 +0100)]
Revert "Clear the spiderID when logging in"
As reported in PR #4071 this commit attempts to update a non-existant column.
The change should have been applied to the legacy session in wcf1_session, not
the actual session in wcf1_user_session.
This reverts commit
0d262d1080533b952de104f45df7cf5a360d8892.
see #4067
Resolves #4071
Marcel Werk [Thu, 11 Mar 2021 17:01:23 +0000 (18:01 +0100)]
Merge pull request #4059 from WoltLab/media-imageDimensions
Do not expose wcf.media.imageDimensions.value to JavaScript
Tim Düsterhus [Thu, 11 Mar 2021 13:38:17 +0000 (14:38 +0100)]
Improve typing in Form/Builder/Dialog.ts
see
155f9dd41571c72b79815783efc0924ff5279ad8
Matthias Schmidt [Thu, 11 Mar 2021 12:54:01 +0000 (13:54 +0100)]
Fix parameter type of form builder dialogs' `successCallback` (#4069)
Close #4063
Tim Düsterhus [Thu, 11 Mar 2021 11:47:57 +0000 (12:47 +0100)]
Merge pull request #4067 from WoltLab/session-spider-fix
Fix spider handling in sessions
Tim Düsterhus [Thu, 11 Mar 2021 11:36:43 +0000 (12:36 +0100)]
Merge pull request #4068 from WoltLab/fixup-check-draft
Do not check for `fixup!` commit in draft PRs
Tim Düsterhus [Thu, 11 Mar 2021 11:29:56 +0000 (12:29 +0100)]
Do not check for `fixup!` commit in draft PRs
Tim Düsterhus [Thu, 11 Mar 2021 09:56:56 +0000 (10:56 +0100)]
Merge branch '5.3'
Tim Düsterhus [Thu, 11 Mar 2021 09:53:41 +0000 (10:53 +0100)]
Fix clear button behavior in Date/Picker.ts
Before the rewrite to TypeScript both buttons used the same variable name
(`button`). Apparently during the rewrite they have been mixed up. Use a clear
variable name for each to fix the issue.
see
9a11d3a3b9959aea13a700fa4b32ec35bdc064f0
Fixes #4061
Tim Düsterhus [Thu, 11 Mar 2021 09:51:18 +0000 (10:51 +0100)]
Do not use .bind() in Date/Picker.ts
Tim Düsterhus [Thu, 11 Mar 2021 08:45:26 +0000 (09:45 +0100)]
Clear the spiderID when logging in
Tim Düsterhus [Thu, 11 Mar 2021 08:41:21 +0000 (09:41 +0100)]
Make SessionHandler::createLegacySession() return the session
This does not implicitly modify class properties and thus makes the code
cleaner.
Tim Düsterhus [Thu, 11 Mar 2021 08:39:48 +0000 (09:39 +0100)]
Correctly re-use spider sessions when creating new sessions
Fixes #4066
Tim Düsterhus [Thu, 11 Mar 2021 08:30:51 +0000 (09:30 +0100)]
Explicitly return `null` on no match in SessionHandler::getSpiderID()
Tim Düsterhus [Thu, 11 Mar 2021 08:28:08 +0000 (09:28 +0100)]
Remove useless condition in SessionHandler::createLegacySession()
The default value is `null`, so we can set that explicitly.
joshuaruesweg [Wed, 10 Mar 2021 21:06:29 +0000 (22:06 +0100)]
Fix user awaiting approval link
Tim Düsterhus [Wed, 10 Mar 2021 15:40:39 +0000 (16:40 +0100)]
Deploy the INTERNAL_HOSTNAMES option before deploying files
Resolves #4065
Tim Düsterhus [Wed, 10 Mar 2021 14:55:11 +0000 (15:55 +0100)]
Merge pull request #4058 from WoltLab/tainted-app-warning
Show error messages if tainted apps are installed
WoltLab [Wed, 10 Mar 2021 14:37:51 +0000 (14:37 +0000)]
Updating minified JavaScript files
Matthias Schmidt [Wed, 10 Mar 2021 10:42:10 +0000 (11:42 +0100)]
Add missing backslashes before function calls
Matthias Schmidt [Wed, 10 Mar 2021 10:41:17 +0000 (11:41 +0100)]
Support filtering the list of user authentication failures (#4062)
Filtering by IP address is not supported due storing IPv4 addresses in IPv6 format but displaying them in as IPv4 so that (partial) IPv4 addresses cannot be (easily) searched for.
See #3395
Tim Düsterhus [Tue, 9 Mar 2021 13:23:22 +0000 (14:23 +0100)]
Show error messages if tainted apps are installed
Tim Düsterhus [Wed, 10 Mar 2021 08:31:04 +0000 (09:31 +0100)]
Remove useless emptyness checks in index.tpl
Matthias Schmidt [Tue, 9 Mar 2021 15:33:21 +0000 (16:33 +0100)]
Merge branch '5.3'
Matthias Schmidt [Tue, 9 Mar 2021 15:22:53 +0000 (16:22 +0100)]
Merge branch '5.2' into 5.3
Matthias Schmidt [Tue, 9 Mar 2021 15:21:04 +0000 (16:21 +0100)]
Fix reading ACL values in non-Ajax form builder forms (#4060)
The wrong data source was used in `AclFormField` (the whole `$_POST` array instead of the dedicated entry) and the data was always stored in `aclValues` instead of a dedicated entry per form field.
Matthias Schmidt [Tue, 9 Mar 2021 15:15:45 +0000 (16:15 +0100)]
Fix Ajax user form fields with pre-set values
`values[i].objectId` is only set for users added manually via the UI. For pre-existing usernames, only `values[i].value` exists.
Tim Düsterhus [Tue, 9 Mar 2021 14:23:11 +0000 (15:23 +0100)]
Do not expose wcf.media.imageDimensions.value to JavaScript
This language item uses PHP template syntax and thus is not compatible with JavaScript:
Parse error on line 1:
{#$media->width}×{#$media->h
--------^
Expecting '}', got 'T_ANY'
I also could not find any JavaScript users (which was expected, given that it
would not work).
Tim Düsterhus [Tue, 9 Mar 2021 13:43:52 +0000 (14:43 +0100)]
Handle non-string values in Language.ts without logging debug messages
Tim Düsterhus [Tue, 9 Mar 2021 13:08:27 +0000 (14:08 +0100)]
Merge branch '5.3'
Tim Düsterhus [Tue, 9 Mar 2021 12:47:53 +0000 (13:47 +0100)]
Merge pull request #4057 from WoltLab/app-install-taint
Taint apps until a directory is selected
Tim Düsterhus [Tue, 9 Mar 2021 09:50:33 +0000 (10:50 +0100)]
Skip tainted applications during evaluation check on IndexPage
Tim Düsterhus [Tue, 9 Mar 2021 09:41:33 +0000 (10:41 +0100)]
Taint installed apps until the directory is selected
The row in wcf1_application is created very early in the installation process,
even before the application directory is selected. This causes it to contain
bogus data. Now when pressing F5 during the folder section for whatever reason
the application technically is installed, but it's not usable due to the
missing XXXCore class. When the cache is being cleared this will brick the
whole community.
Taint apps until a proper application directory is selected. This reduces the
time window for human error, because it's likely that the `file` PIP runs very
soon after.
Tim Düsterhus [Mon, 8 Mar 2021 15:26:43 +0000 (16:26 +0100)]
Merge branch 'style-preload'
Tim Düsterhus [Mon, 8 Mar 2021 15:04:40 +0000 (16:04 +0100)]
Handle style-preload.json in Style(Add|Edit)Form and StyleGlobalValuesForm
This file is not yet created when testing the style.
Tim Düsterhus [Mon, 8 Mar 2021 15:15:14 +0000 (16:15 +0100)]
Delete preload data when deleting styles
see
d2779a57533b315ce08c3436d9753f16ee1fdbfe
Tim Düsterhus [Mon, 8 Mar 2021 15:11:19 +0000 (16:11 +0100)]
Tim Düsterhus [Mon, 8 Mar 2021 15:08:39 +0000 (16:08 +0100)]
Delete preload data in StyleHandler::resetStylesheets()
see
d2779a57533b315ce08c3436d9753f16ee1fdbfe
Tim Düsterhus [Mon, 8 Mar 2021 15:18:07 +0000 (16:18 +0100)]
Delete preload data in StyleHandler::resetStylesheet()
see
d2779a57533b315ce08c3436d9753f16ee1fdbfe
Tim Düsterhus [Mon, 8 Mar 2021 14:57:08 +0000 (15:57 +0100)]
Do not write an empty preload manifest
see
d2779a57533b315ce08c3436d9753f16ee1fdbfe
Tim Düsterhus [Mon, 8 Mar 2021 14:58:27 +0000 (15:58 +0100)]
Merge pull request #3988 from WoltLab/devtools-option-name-validator
Add option name validators to devtools form for the `option` PIP
Tim Düsterhus [Mon, 8 Mar 2021 14:58:06 +0000 (15:58 +0100)]
Improve phrasing for optionName pattern error message
Co-authored-by: Matthias Schmidt <gravatronics@live.com>
Marcel Werk [Mon, 8 Mar 2021 14:37:51 +0000 (15:37 +0100)]
Merge pull request #4054 from WoltLab/password-toggle-icon
Swap icons used in password toggle
Tim Düsterhus [Mon, 8 Mar 2021 11:54:01 +0000 (12:54 +0100)]
Swap icons used in password toggle
Icons in buttons in WoltLab Suite usually indicate what happens when the button
is clicked and do not represent the current state.
Tim Düsterhus [Mon, 8 Mar 2021 10:46:56 +0000 (11:46 +0100)]
Add special handling for AJAX requests failing reauth in ACP
Fixes #4053
Tim Düsterhus [Mon, 8 Mar 2021 10:13:38 +0000 (11:13 +0100)]
Update guzzle to the current guzzle/guzzle master
This moves guzzle away from our private fork onto the upstream repository,
albeit not onto a released version, due to the change in
8f09f3cac92beb4ec003c1b29dc37360e29b3b36 not yet being released.
Tim Düsterhus [Mon, 8 Mar 2021 10:08:13 +0000 (11:08 +0100)]
Merge pull request #4051 from WoltLab/internal-host
Add INTERNAL_HOSTNAMES option
Tim Düsterhus [Mon, 8 Mar 2021 10:02:22 +0000 (11:02 +0100)]
Check the XSRF-TOKEN cookie against the active request during 5.4 upgrade
It should not be possible to hit the issue in the real world, but we better
play safe here.
In my tests I could only reproduce the issue by:
1. Taking a snapshot while logged into the ACP.
2. Starting the upgrade until the new cookies have been set.
3. Aborting the upgrade.
4. Rolling back the snapshot.
5. Trying again.
In this case the XSRF-TOKEN cookie is correctly signed and the session cookie
matches the actual session ID. However the sessionVariables are outdated due to
the rollback. The process will continue with the old SECURITY_TOKEN, failing
after the new files from 5.4 are deployed.
This issue is fixed by also checking the cookie against the current request and
the active session to ensure all the values are correctly in place.
Resolves #4052
Tim Düsterhus [Fri, 5 Mar 2021 15:48:05 +0000 (16:48 +0100)]
Add INTERNAL_HOSTNAMES option
Resolves #4049
Tim Düsterhus [Fri, 5 Mar 2021 15:41:01 +0000 (16:41 +0100)]
Make HtmlOutputNodeImg::getHostMatcher() reusable as Url::getHostnameMatcher()
Tim Düsterhus [Fri, 5 Mar 2021 15:15:01 +0000 (16:15 +0100)]
Correctly handle apps without an option directory in `option` dev tools
Tim Düsterhus [Fri, 5 Mar 2021 12:56:46 +0000 (13:56 +0100)]
Add 'Image Proxy' comment to Image Proxy's user-agent
Tim Düsterhus [Fri, 5 Mar 2021 12:55:26 +0000 (13:55 +0100)]
Add ImageProxyAction::getHttpClient()
joshuaruesweg [Fri, 5 Mar 2021 10:12:18 +0000 (11:12 +0100)]
Add optional parameter for comments in an ua
Tim Düsterhus [Fri, 5 Mar 2021 12:41:00 +0000 (13:41 +0100)]
Fix handling of maximum response size in ImageProxyAction
The previous implementation might have resulted in a truncated / broken image
which is undesirable.
Tim Düsterhus [Fri, 5 Mar 2021 10:56:38 +0000 (11:56 +0100)]
Add removal of trailing spaces in install.sql to .git-blame-ignore-revs
joshuaruesweg [Fri, 5 Mar 2021 10:53:56 +0000 (11:53 +0100)]
Remove whitespaces on blank lines in install.sql
Tim Düsterhus [Thu, 4 Mar 2021 12:59:02 +0000 (13:59 +0100)]
Fix preloading of perfect-scrollbar in Bootstrap.ts
Apparently TypeScript does not emit the import of the imported variable is not
used. Use the version without bindings to make the side effect clear.
Tim Düsterhus [Thu, 4 Mar 2021 11:48:51 +0000 (12:48 +0100)]
Merge pull request #4048 from WoltLab/user-group-scrollableCheckboxList
Use .scrollableCheckboxList in UserGroupCondition
WoltLab [Thu, 4 Mar 2021 11:46:30 +0000 (11:46 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 4 Mar 2021 10:47:50 +0000 (11:47 +0100)]
Use .scrollableCheckboxList in UserGroupCondition
Resolves #3939
Tim Düsterhus [Thu, 4 Mar 2021 09:14:58 +0000 (10:14 +0100)]
Update composer dependencies