Tim Düsterhus [Thu, 10 Nov 2022 14:00:18 +0000 (15:00 +0100)]
Improve user experience when accessing the ACP with an unauthorized user
Specifically the logout link is available now.
Marcel Werk [Tue, 8 Nov 2022 14:25:30 +0000 (15:25 +0100)]
Fix missing consideration of the ad position when calculating the show order
Tim Düsterhus [Mon, 7 Nov 2022 10:00:16 +0000 (11:00 +0100)]
Fix typo in de.xml
Tim Düsterhus [Wed, 2 Nov 2022 08:51:43 +0000 (09:51 +0100)]
Merge pull request #5099 from WoltLab/articlelist-comments-column
Remove comments column from ACP's ArticleListPage
Tim Düsterhus [Wed, 2 Nov 2022 08:51:30 +0000 (09:51 +0100)]
Merge pull request #5100 from WoltLab/notification-email-unconfirmed
Discard notification emails if the recipient’s email address is unconfirmed
Tim Düsterhus [Mon, 31 Oct 2022 15:35:50 +0000 (16:35 +0100)]
Discard notification emails if the recipient’s email address is unconfirmed
This change discards notification emails if the recipient’s email address is
unconfirmed after the email was created and before the email was actually seat.
An example might be that the background queue is delayed, due to the mail
server’s spam protection kicking in, allowing the admin to unconfirm email
addresses of email addresses that are no longer valid to prevent more bounces
from being generated.
Tim Düsterhus [Mon, 31 Oct 2022 12:53:14 +0000 (13:53 +0100)]
Remove comments column from ACP's ArticleListPage
This column was effectively broken since the introduction of pluggable
discussion providers and is completely broken (always showing zero) since the
`comments` column was moved the the article to the article content in
75c21dfd1231389b2e3f527fc202dfec8f5c808b.
Tim Düsterhus [Mon, 31 Oct 2022 12:40:44 +0000 (13:40 +0100)]
Merge pull request #5098 from Krymonota/patch-23
Fix typos in German language items
Niklas [Mon, 31 Oct 2022 12:30:27 +0000 (13:30 +0100)]
Fix package update error message typos (`de.xml`)
Niklas [Mon, 31 Oct 2022 12:27:16 +0000 (13:27 +0100)]
Fix capitalization and add missing hyphen (`de.xml`)
Niklas [Mon, 31 Oct 2022 12:23:53 +0000 (13:23 +0100)]
Add missing commas preceding "um" (`de.xml`)
Sascha Greuel [Mon, 31 Oct 2022 11:04:20 +0000 (12:04 +0100)]
Update outdated links within phrases (#5096)
see #5095
see https://www.woltlab.com/community/thread/297811-neuer-twitter-link-registrierung/
Sascha Greuel [Mon, 31 Oct 2022 09:38:44 +0000 (10:38 +0100)]
Update Twitter Developer link (#5095)
See https://www.woltlab.com/community/thread/297811-neuer-twitter-link-registrierung/
Niklas [Mon, 31 Oct 2022 08:09:02 +0000 (09:09 +0100)]
Fix typo in PHPDoc in `ValueFormFieldDependency` (#5089)
Tim Düsterhus [Thu, 27 Oct 2022 15:29:42 +0000 (17:29 +0200)]
Fix CryptoUtil API misuse in SessionHandler
The previous version was not incorrect (we never sign a falsy string in
SessionHandler). However the return value should always be explicitly compared
to `null` to make verification of correctness easier.
Tim Düsterhus [Wed, 26 Oct 2022 15:06:11 +0000 (17:06 +0200)]
Update `guzzlehttp/psr7` composer dependency
Tim Düsterhus [Tue, 25 Oct 2022 14:20:40 +0000 (16:20 +0200)]
Update `guzzlehttp/psr7` composer dependency
Hanashi [Sat, 22 Oct 2022 15:29:25 +0000 (17:29 +0200)]
Change autoIncrement default type to false if autoIncrement is not set
Alexander Ebert [Sat, 22 Oct 2022 12:01:22 +0000 (14:01 +0200)]
Merge pull request #5065 from HanashiDev/fix/timedatabasetablecolumn
Fix double implements in TimeDatabaseTableColumn
Hanashi [Sat, 22 Oct 2022 07:38:47 +0000 (09:38 +0200)]
Fix double "implements" in TimeDatabaseTableColumn
Tim Düsterhus [Fri, 21 Oct 2022 08:52:42 +0000 (10:52 +0200)]
Add missing module comments to `.d.ts` files
Tim Düsterhus [Wed, 19 Oct 2022 15:01:48 +0000 (17:01 +0200)]
Merge pull request #5057 from WoltLab/smtp-email-fails-to-stringify
Improve the behavior of the SmtpEmailTransport if generating the DATA value fails
Tim Düsterhus [Wed, 19 Oct 2022 14:50:02 +0000 (16:50 +0200)]
Improve the behavior of the SmtpEmailTransport if generating the DATA value fails
Alexander Ebert [Tue, 18 Oct 2022 14:50:50 +0000 (16:50 +0200)]
Release 5.5.6
Alexander Ebert [Tue, 18 Oct 2022 14:47:06 +0000 (16:47 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 18 Oct 2022 14:44:19 +0000 (16:44 +0200)]
Release 5.4.24
Alexander Ebert [Tue, 18 Oct 2022 14:43:34 +0000 (16:43 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Tue, 18 Oct 2022 14:38:23 +0000 (16:38 +0200)]
Release 5.3.25
Tim Düsterhus [Tue, 18 Oct 2022 14:28:22 +0000 (16:28 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 18 Oct 2022 14:28:10 +0000 (16:28 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 18 Oct 2022 14:25:39 +0000 (16:25 +0200)]
Merge branch 'js-relocate-xss' into 5.3
Tim Düsterhus [Fri, 14 Oct 2022 10:25:05 +0000 (12:25 +0200)]
Add missing return value to cleanup() in AclFormField/WysiwygFormField
see #5032
Tim Düsterhus [Thu, 13 Oct 2022 15:19:17 +0000 (17:19 +0200)]
Fix XSS vulnerability within the JavaScript relocator
If the relocation placeholder appeared multiple times within the source code,
it would also be replaced multiple times. This might allow an attacker to blow
up the HTML structure by including the placeholder within UGC.
Fix this issue by only ever replacing the last placeholder, which should be the
“real” one from footer.tpl. In the future this should be protected further by
including a random nonce to prevent this attack entirely.
Alexander Ebert [Thu, 13 Oct 2022 14:42:04 +0000 (16:42 +0200)]
Release 5.5.6 dev 1
WoltLab [Thu, 13 Oct 2022 14:29:22 +0000 (14:29 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 11 Oct 2022 15:35:52 +0000 (17:35 +0200)]
Force the editor to be focused after inserting quotes
Alexander Ebert [Tue, 11 Oct 2022 11:50:07 +0000 (13:50 +0200)]
Fix a race condition when inserting into the editor from a dialog context
Alexander Ebert [Tue, 11 Oct 2022 11:04:11 +0000 (13:04 +0200)]
Fix the reference to the current class name
Alexander Ebert [Tue, 11 Oct 2022 10:52:23 +0000 (12:52 +0200)]
Incorrect detection of numerical lists using `[list=1]`
Alexander Ebert [Mon, 10 Oct 2022 17:58:03 +0000 (19:58 +0200)]
Skip unrelated stylesheets when compiling the frontend style
See https://www.woltlab.com/community/thread/296365-scss-dateien-unter-acp-style-werden-f%C3%BCr-das-frontend-kompiliert/
Alexander Ebert [Mon, 10 Oct 2022 17:50:20 +0000 (19:50 +0200)]
Preserve the category parameter after submitting the settings
See https://www.woltlab.com/community/thread/297264-zur%C3%BCcksetzen-der-verlinkung-in-den-einstellungen/
Alexander Ebert [Mon, 10 Oct 2022 17:39:22 +0000 (19:39 +0200)]
Skip attempts to install the same package twice
See https://www.woltlab.com/community/thread/297390-fehler-bei-installation-mit-storecode/
Alexander Ebert [Mon, 10 Oct 2022 16:42:30 +0000 (18:42 +0200)]
Skip incomplete articles that contain no content
See https://www.woltlab.com/community/thread/297481-trying-to-get-property-comments-of-non-object/
Alexander Ebert [Mon, 10 Oct 2022 14:31:16 +0000 (16:31 +0200)]
Fix the check for enabled wysiwyg form tabs
See https://www.woltlab.com/community/thread/297588-settingstab-wird-nur-angezeigt-wenn-module-smiley-aktiviert-ist/
Tim Düsterhus [Thu, 6 Oct 2022 14:50:32 +0000 (16:50 +0200)]
Merge pull request #5029 from WoltLab/template-pip-validation
Improve validation of the file list within the template PIP archives
Tim Düsterhus [Thu, 6 Oct 2022 13:30:05 +0000 (15:30 +0200)]
Check WCF::AVAILABLE_UPGRADE_VERSION in PackageEnableUpgradeOverrideForm
Tim Düsterhus [Thu, 6 Oct 2022 12:35:41 +0000 (14:35 +0200)]
Improve validation of the file list within the template PIP archives
It previously was possible to deploy all kinds of garbage that was impossible
to clean up later, because the uninstallation assumes that the templates have a
`.tpl` file extension.
Resolves #4698
Tim Düsterhus [Wed, 5 Oct 2022 15:10:55 +0000 (17:10 +0200)]
Merge pull request #5025 from WoltLab/user-storage-parameter-types
Add proper parameter types to UserStorageHandler
Tim Düsterhus [Wed, 5 Oct 2022 13:23:16 +0000 (15:23 +0200)]
Add proper parameter types to UserStorageHandler
Previously attempting to store an array in the user storage without manually
serializing it appeared to succeed, as the `->update()` call accepted it and
stored it in the `->log`. However the actually persisting would fail during
shutdown, as the array would be implicitly converted to a string, thus causing
a PHP Warning to be emitted.
Add parameter types to ensure the error is immediately detected when calling
`->update()`, as errors during shutdown are very hard to debug.
Return types are not added, as UserStorageHandler is not final and thus
technically child classes could exist. Adding types would break these child
classes.
see https://www.woltlab.com/community/thread/297525-array-to-string-conversion-fehlermeldung/
Tim Düsterhus [Tue, 4 Oct 2022 15:01:13 +0000 (17:01 +0200)]
Show the email address in the English version of the Email MFA method's description
Fixes #5018
Tim Düsterhus [Thu, 29 Sep 2022 15:13:35 +0000 (17:13 +0200)]
Properly handle enterprise mode permissions when showing systemIdMismatch in acp/index.tpl
see
b7a2fba6ba6498a1c3a618addf6084ddfc7aa5c9
Alexander Ebert [Thu, 22 Sep 2022 16:06:57 +0000 (18:06 +0200)]
Release 5.5.5
Alexander Ebert [Thu, 22 Sep 2022 16:01:05 +0000 (18:01 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Thu, 22 Sep 2022 15:12:13 +0000 (17:12 +0200)]
Release 5.4.23
Tim Düsterhus [Thu, 22 Sep 2022 11:09:54 +0000 (13:09 +0200)]
Remove redundant TTestableCategorizedUserNotificationEvent from ArticleComment*UserNotificationEvent
This is already provided by TTestableArticleCommentUserNotificationEvent.
see #4777
Tim Düsterhus [Wed, 21 Sep 2022 14:36:37 +0000 (16:36 +0200)]
Update for PHP CS Fixer 3.11.0
Alexander Ebert [Wed, 21 Sep 2022 12:15:03 +0000 (14:15 +0200)]
Release 5.5.5 dev 2
Tim Düsterhus [Tue, 20 Sep 2022 08:44:15 +0000 (10:44 +0200)]
Merge remote-tracking branch 'origin/5.5' into 5.5
Tim Düsterhus [Tue, 20 Sep 2022 08:35:33 +0000 (10:35 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 20 Sep 2022 08:34:58 +0000 (10:34 +0200)]
Merge pull request #5009 from WoltLab/attachment-csp
Add security headers to AttachmentPage
Tim Düsterhus [Tue, 20 Sep 2022 07:19:46 +0000 (09:19 +0200)]
Prevent MIME sniffing for attachments
Tim Düsterhus [Tue, 20 Sep 2022 07:18:56 +0000 (09:18 +0200)]
Configure a restrictive content-security-policy for attachments
Tim Düsterhus [Mon, 19 Sep 2022 21:18:32 +0000 (23:18 +0200)]
Pass int to FileUtil::checkMemoryLimit() in ImageAdapter::checkMemoryLimit()
see
74accff0500ef3d635605b21dd838e8ac673be04
Marcel Werk [Mon, 19 Sep 2022 15:03:47 +0000 (17:03 +0200)]
Fix wrong indentation in box menus in left sidebar
For active menu items the padding was overwritten causing the indentation to be lost.
Tim Düsterhus [Mon, 19 Sep 2022 09:38:13 +0000 (11:38 +0200)]
Merge pull request #5000 from WoltLab/purifier
Update htmlpurifier to 4.16.0
Tim Düsterhus [Mon, 19 Sep 2022 09:31:46 +0000 (11:31 +0200)]
Update htmlpurifier to 4.16.0
Tim Düsterhus [Fri, 16 Sep 2022 14:29:05 +0000 (16:29 +0200)]
Merge remote-tracking branch 'origin/5.5' into 5.5
Tim Düsterhus [Fri, 16 Sep 2022 14:15:20 +0000 (16:15 +0200)]
Guard against throwing unserialize handlers when unserializing template metadata
Marcel Werk [Fri, 16 Sep 2022 12:44:00 +0000 (14:44 +0200)]
Fix editing of active paid subscription that has a permanent length
Tim Düsterhus [Fri, 16 Sep 2022 10:53:11 +0000 (12:53 +0200)]
Add `type="button"` to jsButtonAttachmentInsertThumbnail
This was missed in
35c59174f69bbaca5bc72c3a49beb886594ada11.
Alexander Ebert [Thu, 15 Sep 2022 14:56:56 +0000 (16:56 +0200)]
Release 5.5.5 dev 1
WoltLab [Thu, 15 Sep 2022 14:45:49 +0000 (14:45 +0000)]
Updating minified JavaScript files
Alexander Ebert [Thu, 15 Sep 2022 12:42:09 +0000 (14:42 +0200)]
Unescape the apostrophe in notification messages
See https://www.woltlab.com/community/thread/296665-unicode-dezimal-bei-desktop-benachrichtigungen/
Alexander Ebert [Thu, 15 Sep 2022 12:24:48 +0000 (14:24 +0200)]
Append a cache buster to upload images
See https://www.woltlab.com/community/thread/296221-cache-in-template-uploadfieldcomponent/
Alexander Ebert [Thu, 15 Sep 2022 11:46:42 +0000 (13:46 +0200)]
Fix the scroll behavior on iOS when opening the comment editor
See https://www.woltlab.com/community/thread/297023-kommentare-unter-ios-antworten-springt-mobil-zum-seitenende/
Alexander Ebert [Thu, 15 Sep 2022 11:03:16 +0000 (13:03 +0200)]
Mark the attachment controls as plain buttons
See https://www.woltlab.com/community/thread/297057-absenden-des-formulars-via-eingabetaste-m%C3%B6chte-dateianhang-l%C3%B6schen/
Tim Düsterhus [Thu, 15 Sep 2022 11:01:25 +0000 (13:01 +0200)]
Merge branch '5.4' into 5.5
Marcel Werk [Thu, 15 Sep 2022 11:00:48 +0000 (13:00 +0200)]
DatabaseObjectList::seekTo() lead to an error if the list was empty
Tim Düsterhus [Thu, 15 Sep 2022 11:00:41 +0000 (13:00 +0200)]
Merge pull request #4995 from WoltLab/package-fix-installation
Fix handling of multi-step upgrades that need to happen in lock-step
Tim Düsterhus [Thu, 15 Sep 2022 10:44:38 +0000 (12:44 +0200)]
Add assertion to PackageInstallationNodeBuilder::buildPluginNodes()
Tim Düsterhus [Thu, 15 Sep 2022 10:34:11 +0000 (12:34 +0200)]
Fix handling of multi-step upgrades that need to happen in lock-step
Consider the following situation:
- Package com.example.foo is installed in version 1.0.0.
- Version 1.0.1 can be upgraded from 1.0.0.
- Version 1.0.2 can be upgraded from 1.0.1 and adds a dependency on
com.woltlab.bar which is not yet installed.
- Version 1.0.3 can be upgraded from 1.0.2.
Now the PackageinstallationScheduler will build the following plan when it's
desired to upgrade com.woltlab.foo from 1.0.0 to 1.0.2:
- Upgrade com.woltlab.foo to 1.0.1
- Install com.woltlab.bar to satisfy the dependencies for 1.0.2
- Upgrade com.woltlab.foo to 1.0.2
- Upgrade com.woltlab.foo to 1.0.3
Now when build the nodes for this plan, the upgrade instructions for 1.0.2 will
not be detected, as the "previous package" logic used for iterative upgrades
will set the previous package of com.woltlab.foo in 1.0.2 to com.woltlab.bar.
Thus when upgrading to 1.0.2 the node builder will believe that com.woltlab.foo
is installed in 1.0.0 when it actually is already upgraded to 1.0.1.
Fix this by leveraging the $pendingPackages list which is already kept up to
date for dependency resolution.
Tim Düsterhus [Thu, 15 Sep 2022 10:33:33 +0000 (12:33 +0200)]
Add safety check to PackageInstallationNodeBuilder to detect corrupted installation plans
Tim Düsterhus [Wed, 14 Sep 2022 14:15:38 +0000 (16:15 +0200)]
Merge pull request #4994 from WoltLab/insert-real-database-table-names-performance
Bypass all logic in ApplicationHandler::insertRealDatabaseTableNames() for `WCF_N == 1`
Tim Düsterhus [Wed, 14 Sep 2022 14:03:54 +0000 (16:03 +0200)]
Bypass all logic in ApplicationHandler::insertRealDatabaseTableNames() for `WCF_N == 1`
see
1cfa4eb41df8014d1c001f612c46d788e9434144
Alexander Ebert [Tue, 13 Sep 2022 15:15:13 +0000 (17:15 +0200)]
Add identifiers to the mobile menu items
See https://www.woltlab.com/community/thread/297081-eindeutige-bezeichner-f%C3%BCr-mobile-men%C3%BCpunkte-fehlen/
Alexander Ebert [Tue, 13 Sep 2022 15:10:51 +0000 (17:10 +0200)]
Add the missing language switch to the mobile guest menu
Fixes #4990
Tim Düsterhus [Tue, 13 Sep 2022 13:53:19 +0000 (15:53 +0200)]
Update `@types/google.maps` npm dependency
Tim Düsterhus [Tue, 13 Sep 2022 13:32:33 +0000 (15:32 +0200)]
Update npm dependencies
Marcel Werk [Tue, 13 Sep 2022 12:46:58 +0000 (14:46 +0200)]
Fix FeedArticle::getComments()
Closes #4983
Marcel Werk [Tue, 13 Sep 2022 12:26:28 +0000 (14:26 +0200)]
Remove Article::$comments from PHPDoc
Closes #4982
Marcel Werk [Mon, 12 Sep 2022 15:36:06 +0000 (17:36 +0200)]
Merge pull request #4989 from WoltLab/search-message-abstract-fix
Fix consideration of the search query when generating message excerpts in search results
Marcel Werk [Mon, 12 Sep 2022 15:22:24 +0000 (17:22 +0200)]
Fix consideration of the search query when generating message excerpts in search results
Since the rebuild of the search function the results are loaded via AJAX. This accidentally broke the generation of the message excerpt, since the highlight parameter is no longer present at this point.
Tim Düsterhus [Fri, 9 Sep 2022 09:27:50 +0000 (11:27 +0200)]
Report the timing in error messages in SmtpEmailTransport::read()
Tim Düsterhus [Fri, 9 Sep 2022 09:09:33 +0000 (11:09 +0200)]
Set `->lastWrite = '*connect*'` after connecting to the SMTP server
Tim Düsterhus [Fri, 9 Sep 2022 09:10:14 +0000 (11:10 +0200)]
Tim Düsterhus [Fri, 9 Sep 2022 09:42:04 +0000 (11:42 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 9 Sep 2022 09:34:07 +0000 (11:34 +0200)]
Fix possible SMTP desync if a timeout strikes
see
9ae8a0e5da751e2abfcb00a621056c3a15ed009f
Tim Düsterhus [Fri, 9 Sep 2022 08:16:02 +0000 (10:16 +0200)]
Explicitly handle `fgets()` returning `false` in SmtpEmailTransport
(cherry picked from commit
a6ed0b255968e9ef44c6e37f7eb71fa4ad5256ea)
Tim Düsterhus [Fri, 9 Sep 2022 08:54:24 +0000 (10:54 +0200)]
Fix handling of unsupported EHLO in SmtpEmailTransport
This was broken, because the SMTP exceptions are no longer `SystemException`s
since
280b49db3ccccb2c3db34d429cf760221d56116f.
Tim Düsterhus [Fri, 9 Sep 2022 08:16:02 +0000 (10:16 +0200)]
Explicitly handle `fgets()` returning `false` in SmtpEmailTransport
projects / GitHub / WoltLab / WCF.git / log