Alexander Ebert [Sun, 29 May 2022 15:07:50 +0000 (17:07 +0200)]
Remove the default styling of `<button>`
See #4834
Alexander Ebert [Sun, 29 May 2022 14:59:00 +0000 (16:59 +0200)]
Strip the default styling from `<button>`
See #4834
Tim Düsterhus [Thu, 9 Jun 2022 14:28:14 +0000 (16:28 +0200)]
Merge branch '5.5'
Alexander Ebert [Thu, 9 Jun 2022 13:50:03 +0000 (15:50 +0200)]
Incorrect alignment of drop-down menus on mobile
See https://www.woltlab.com/community/thread/295903-abonniert-dropdown-fehlerhafte-darstellung/
Tim Düsterhus [Thu, 9 Jun 2022 10:10:29 +0000 (12:10 +0200)]
Merge pull request #4859 from WoltLab/purifier-idn
Clean up IDN handling in HTMLPurifier
Tim Düsterhus [Thu, 9 Jun 2022 07:28:05 +0000 (09:28 +0200)]
Remove pear/net_idna2 composer dependency
This dependency was added for IDN support in HTMLPurifier. It is no longer
required since the previous commit. Furthermore this dependency is completely
unmaintained and already received a brittle manual patch for PHP 7.4
compatibility in
f1d17510cf7d5aa224ad10936ba4529990de127e.
Tim Düsterhus [Thu, 9 Jun 2022 07:26:12 +0000 (09:26 +0200)]
Stop specifying `Core.EnableIDNA` for HTMLPurifier
HTMLPurifier will automatically use `idn_to_ascii()` if available, no matter
the configuration option. Since
b2d27c999504f61f3e7fadee6eb0e0b5e389eed2 we
polyfill this function, making the option entirely obsolete.
Tim Düsterhus [Thu, 9 Jun 2022 07:22:16 +0000 (09:22 +0200)]
Update composer dependencies
Tim Düsterhus [Thu, 9 Jun 2022 07:21:17 +0000 (09:21 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 9 Jun 2022 07:17:31 +0000 (09:17 +0200)]
Update composer dependencies
Tim Düsterhus [Thu, 9 Jun 2022 07:14:54 +0000 (09:14 +0200)]
Merge pull request #4858 from WoltLab/idn-domain
Remove the true/punycode composer dependency
Tim Düsterhus [Wed, 8 Jun 2022 14:46:35 +0000 (16:46 +0200)]
Fix PHP syntax check workflow
Tim Düsterhus [Wed, 8 Jun 2022 14:43:12 +0000 (16:43 +0200)]
Remove the true/punycode composer dependency
Tim Düsterhus [Wed, 8 Jun 2022 14:21:41 +0000 (16:21 +0200)]
Replace true/punycode by `\idn_to_ascii()` in Mailbox
Flags taken from symfony/symfony's IdnAddressEncoder.
The `IDNA_NONTRANSITIONAL_TO_ASCII` is necessary to correctly encode the German
`ß` into the Punycode representation, instead of `ss`.
The other flags enable various recommended validations as described in
https://unicode.org/reports/tr46/.
see
73ce002da6f3dee4eda9cf418b58e5f614fdf79f
Tim Düsterhus [Wed, 8 Jun 2022 14:21:05 +0000 (16:21 +0200)]
Add symfony/polyfill-intl-idn composer dependency
see
73ce002da6f3dee4eda9cf418b58e5f614fdf79f
Tim Düsterhus [Wed, 8 Jun 2022 14:12:09 +0000 (16:12 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 8 Jun 2022 14:10:14 +0000 (16:10 +0200)]
Suppress PHP 8.1 deprecation for IDN domains
The true/punycode library appears to be no longer maintained and is not PHP 8.1
deprecation clean: true/php-punycode#35
Suppress the deprecation warning for now. The library should be replaced in a
future version.
Tim Düsterhus [Wed, 8 Jun 2022 14:07:07 +0000 (16:07 +0200)]
Merge pull request #4857 from WoltLab/rel-noreferrer
Stop adding `rel="noreferrer"` to external URLs
Tim Düsterhus [Wed, 8 Jun 2022 13:44:49 +0000 (15:44 +0200)]
Stop adding `rel="noreferrer"` to external URLs
This property was added together with `noopener` to protect users with older web
browsers that do not yet support `noopener`. The latter now is well-supported since
several years and in fact even is the default value in modern web browsers.
This allows us to drop the `noreferrer` from those links safely. Stripping the
`referer` header can be more reliably achieved with the `referrer-policy`
header that also gives the administrator more fine-grained control.
Tim Düsterhus [Wed, 8 Jun 2022 12:22:43 +0000 (14:22 +0200)]
Merge pull request #4855 from WoltLab/wcfsetup-packageID
Create the `com.woltlab.wcf` package early during WCFSetup
Tim Düsterhus [Wed, 8 Jun 2022 12:21:14 +0000 (14:21 +0200)]
Merge pull request #4856 from WoltLab/package-cleanup
Remove PackageUninstallationDispatcher::addQueueEntries()
Tim Düsterhus [Wed, 8 Jun 2022 10:17:01 +0000 (12:17 +0200)]
Remove PackageUninstallationDispatcher::addQueueEntries()
This method exists since the very first commit in this repository and is
unused. Its purpose is not clear, but there is no reason for anything calling
this method, if WCF itself doesn't.
Tim Düsterhus [Wed, 8 Jun 2022 09:41:51 +0000 (11:41 +0200)]
Create the `com.woltlab.wcf` package early during WCFSetup
This allows us to properly specify FOREIGN KEYs for `packageID` columns.
Tim Düsterhus [Wed, 8 Jun 2022 09:11:15 +0000 (11:11 +0200)]
Merge pull request #4854 from WoltLab/wcfsetup-options
Configure dynamic options in post_install.php
Tim Düsterhus [Wed, 8 Jun 2022 09:08:32 +0000 (11:08 +0200)]
Merge pull request #4853 from WoltLab/wcfsetup-asset-cleanup
Clean up asset handling in WCFSetup
Tim Düsterhus [Wed, 8 Jun 2022 09:07:14 +0000 (11:07 +0200)]
Configure dynamic options in post_install.php
This simplifies WCFSetup and more importantly PackageInstallationDispatcher. It
also removes the useless session variable for the Imagick default status.
Tim Düsterhus [Wed, 8 Jun 2022 08:42:33 +0000 (10:42 +0200)]
Use explicit null favicon in WCFSetup to prevent /favicon.ico requests
Technique taken from here: https://stackoverflow.com/a/
38917888/782822
Tim Düsterhus [Wed, 8 Jun 2022 08:39:28 +0000 (10:39 +0200)]
Remove Font Awesome from WCFSetup
WCFSetup does not use any icons, thus there is no need to load them.
Tim Düsterhus [Wed, 8 Jun 2022 07:31:52 +0000 (09:31 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 8 Jun 2022 07:31:42 +0000 (09:31 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 7 Jun 2022 15:02:19 +0000 (17:02 +0200)]
Release 5.4.19
Tim Düsterhus [Tue, 7 Jun 2022 14:46:28 +0000 (16:46 +0200)]
Add `#[\SensitiveParameter]` attribute to a large number of parameters
see #4802
Tim Düsterhus [Tue, 7 Jun 2022 14:15:38 +0000 (16:15 +0200)]
Merge pull request #4851 from WoltLab/request-cleanup
Clean up wcf\system\request\Request
Tim Düsterhus [Fri, 3 Jun 2022 10:38:01 +0000 (12:38 +0200)]
Do not modify state in RequestHandler::buildRequest()
Tim Düsterhus [Fri, 3 Jun 2022 10:32:03 +0000 (12:32 +0200)]
Improve typing in \wcf\system\request\Request
Tim Düsterhus [Fri, 3 Jun 2022 10:30:11 +0000 (12:30 +0200)]
Make \wcf\system\request\Request externally immutable
Tim Düsterhus [Fri, 3 Jun 2022 10:28:18 +0000 (12:28 +0200)]
Remove deprecated Request::isExecuted()
Tim Düsterhus [Tue, 7 Jun 2022 14:07:00 +0000 (16:07 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 7 Jun 2022 12:27:47 +0000 (14:27 +0200)]
Fix update instructions from 5.4
Alexander Ebert [Tue, 7 Jun 2022 11:17:32 +0000 (13:17 +0200)]
Release 5.5.0 RC 1
WoltLab [Tue, 7 Jun 2022 11:06:42 +0000 (11:06 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Tue, 7 Jun 2022 11:03:04 +0000 (13:03 +0200)]
Add symfony/polyfill-php82 composer dependency
see #4802
Tim Düsterhus [Tue, 7 Jun 2022 11:01:43 +0000 (13:01 +0200)]
Update composer dependencies
Tim Düsterhus [Tue, 7 Jun 2022 10:01:40 +0000 (12:01 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 7 Jun 2022 10:01:01 +0000 (12:01 +0200)]
Clear `AVAILABLE_UPGRADE_VERSION` for 5.5
see
15933d22a95b67d57ae794a88471098326911aba
Tim Düsterhus [Tue, 7 Jun 2022 10:00:14 +0000 (12:00 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Mon, 6 Jun 2022 12:17:51 +0000 (14:17 +0200)]
Inconsistent behavior of text formatting on iPadOS
See https://www.woltlab.com/community/thread/295811-schriftfarbe-schriftart-oder-schriftgr%C3%B6%C3%9Fe-%C3%A4ndern-auf-ipad/
Alexander Ebert [Sun, 5 Jun 2022 10:25:28 +0000 (12:25 +0200)]
Missing comma
Alexander Ebert [Fri, 3 Jun 2022 16:37:44 +0000 (18:37 +0200)]
Broken auth dialog for package update servers
See https://www.woltlab.com/community/thread/295831-fehler-beim-update-beta-3-4/
Alexander Ebert [Fri, 3 Jun 2022 15:01:14 +0000 (17:01 +0200)]
Aborting a previously successful worker failed
See https://www.woltlab.com/community/thread/295857-schlie%C3%9Fen-des-dialogs-beim-anzeigen-aktualisieren-unterbricht-das-aktualisieren/
Alexander Ebert [Fri, 3 Jun 2022 14:49:07 +0000 (16:49 +0200)]
Merge pull request #4852 from WoltLab/upgrade-to-55
Enable the upgrade to WoltLab Suite 5.5
Alexander Ebert [Fri, 3 Jun 2022 13:36:39 +0000 (15:36 +0200)]
Incorrect URL for the upgrade instructions
Alexander Ebert [Fri, 3 Jun 2022 13:10:21 +0000 (15:10 +0200)]
Enable the upgrade to WoltLab Suite 5.5
Based on
41f100782ce6abe92f144810b719c15e53bf4849
Tim Düsterhus [Fri, 3 Jun 2022 12:24:27 +0000 (14:24 +0200)]
Drop WebP check from PackageEnableUpgradeOverrideForm
Tim Düsterhus [Fri, 3 Jun 2022 12:23:54 +0000 (14:23 +0200)]
Merge branch '5.5'
Tim Düsterhus [Fri, 3 Jun 2022 12:22:36 +0000 (14:22 +0200)]
Sync update_com.woltlab.wcf_5.5_ensureInnoDbSearch.php with PackageEnableUpgradeOverrideForm
see
94607cf2b21854a52f2805ad4211b74d6d9cbe96
Tim Düsterhus [Fri, 3 Jun 2022 12:22:16 +0000 (14:22 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 3 Jun 2022 12:21:57 +0000 (14:21 +0200)]
Merge pull request #4849 from WoltLab/package-override-55
Update checks in PackageEnableUpgradeOverrideForm for 5.5
Tim Düsterhus [Fri, 3 Jun 2022 12:18:56 +0000 (14:18 +0200)]
Improve issue description in PackageEnableUpgradeOverrideForm
Tim Düsterhus [Fri, 3 Jun 2022 12:14:54 +0000 (14:14 +0200)]
Fix PackageEnableUpgradeOverrideForm
The form differs from the update scripts by also having a title for each issue.
Tim Düsterhus [Fri, 3 Jun 2022 10:09:35 +0000 (12:09 +0200)]
Merge branch '5.5'
Tim Düsterhus [Fri, 3 Jun 2022 10:08:33 +0000 (12:08 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 3 Jun 2022 09:51:46 +0000 (11:51 +0200)]
Drop files_pre_check.tar from 5.4 -> 5.5 upgrade
Tim Düsterhus [Fri, 3 Jun 2022 08:08:54 +0000 (10:08 +0200)]
Update checks in PackageEnableUpgradeOverrideForm for 5.5
- update_com.woltlab.wcf_5.5_ensureInnoDbSearch.php
Tim Düsterhus [Fri, 3 Jun 2022 08:13:41 +0000 (10:13 +0200)]
Drop duplicate empty line in RequestHandler
Tim Düsterhus [Fri, 3 Jun 2022 07:52:15 +0000 (09:52 +0200)]
Re-add search addon to CodeMirror
The browser search does not work well with CodeMirror, re-add the search addon
to make Ctrl+F work more or less as expected.
This got lost when CodeMirror was adjusted to make use of require.js in
480b6b11d0822015d4fe4515e7a72b495fe78a69.
Alexander Ebert [Thu, 2 Jun 2022 16:54:19 +0000 (18:54 +0200)]
Incorrect tracking of open page overlays
Calling this method (implicitly) while the dialog is still open causes the same dialog to be counted multiple times.
See https://www.woltlab.com/community/thread/295827-boxen-im-benutzerprofil/
Alexander Ebert [Thu, 2 Jun 2022 16:26:11 +0000 (18:26 +0200)]
Incorrect editor access from within a dialog
See https://www.woltlab.com/community/thread/295821-fehler-beim-einf%C3%BCgen-von-zitaten/
Tim Düsterhus [Thu, 2 Jun 2022 14:12:14 +0000 (16:12 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 2 Jun 2022 14:11:52 +0000 (16:11 +0200)]
Fix update instructions from 5.4
Alexander Ebert [Thu, 2 Jun 2022 14:11:32 +0000 (16:11 +0200)]
Preset was lacking the inversion of permissions
See https://www.woltlab.com/community/thread/295793-box-kopieren-option-wird-nicht-%C3%BCbernommen/
Tim Düsterhus [Thu, 2 Jun 2022 14:10:37 +0000 (16:10 +0200)]
Revert "Removed the upgrade instructions from 5.4.*"
This reverts commit
a3f3064f44253cc761748f38742aae6027e4c2dd.
Alexander Ebert [Thu, 2 Jun 2022 14:02:02 +0000 (16:02 +0200)]
Force a refresh of CodeMirror on tab navigation
See https://www.woltlab.com/community/thread/295824-codemirror-gerne-mal-nicht-initialisiert/
Alexander Ebert [Thu, 2 Jun 2022 13:02:37 +0000 (15:02 +0200)]
Bad position of the mobile overflow indicator
See https://www.woltlab.com/community/thread/295832-men%C3%BCschatten-mobil/
Alexander Ebert [Thu, 2 Jun 2022 12:37:41 +0000 (14:37 +0200)]
Improved phrasing on the behavior of polling
See https://www.woltlab.com/community/thread/295788-fehlerhafte-sprachvariable-wcf-acp-option-enable-polling-description/
Tim Düsterhus [Thu, 2 Jun 2022 11:33:03 +0000 (13:33 +0200)]
Merge pull request #4846 from WoltLab/i18n-landing-page
Fix handling of i18n landing pages
Tim Düsterhus [Thu, 2 Jun 2022 09:40:40 +0000 (11:40 +0200)]
Remove the soft redirect for landing page i18n CMS pages
This is no longer required since the previous commit which ensured that i18n
CMS landing pages will *always* perform the redirect.
This likely should be improved in a follow up commit to perform the redirect in
RequestHandler / ControllerMap::lookupDefaultController(), instead of relying
on the URL canonicalization feature, as this allows for a more fine-grained
control over the redirect, e.g. allowing to set a `vary: accept-language`
response header.
Tim Düsterhus [Wed, 1 Jun 2022 15:30:54 +0000 (17:30 +0200)]
Do not strip the controller in URLs for i18n landing pages
Previously using an i18n CMS page as the landing page caused very odd behavior
as described in commit
0c03edef97240baa6374ce59e986245fb8ffedec.
Landing pages naturally cannot contain a language specific custom controller as
they don't have a controller within the URL, thus requests to the landing page
URL need to be dispatched to one of the languages in
ControllerMap::lookupDefaultController().
It was decided to dispatch to the user's current language which certainly is
the best solution from the UX perspective.
However this dynamic dispatch is problematic, because for i18n landing pages
the variant with the default language was also proclaimed to be the default
controller in ControllerMap::isDefaultController(), thus stripping it from the
language specific custom controller.
Ultimately this overloaded accesses to the landing page to both mean “the
default language” and “whatever language the user uses” at the same time,
unpredictably returning either a HTTP 200 or a HTTP 307 when canonicalizing the
URL in CmsPage depending on the user's language, ultimately dropping the
landing page from the search index of common search engines when it is crawled
in a non-default language.
Fix this whole mess by not stripping the controller from the URL for i18n
pages, allowing every language, including the default language, to have a
stable URL that will always return a HTTP 200 no matter the user's language.
The landing page will then dynamically redirect to the user's language,
preserving the UX enhancement without any of the drawbacks.
Tim Düsterhus [Thu, 2 Jun 2022 09:24:58 +0000 (11:24 +0200)]
Remove dead branch in ControllerMap::lookupDefaultController()
It was impossible to take this branch since
d10487d5b8f54ce86fa8d8f36649febd338dbae8, because since this commit i18n CMS
pages (which this branch was about) were unable to have an empty custom URL.
Since
1bfaae39040d6b56ed837b5c66aa7931ffaca9b5 it is entirely impossible for
any empty custom URLs to exist, making this branch completely dead.
Further it only ever supported the WCF landing page, not any application's
landing pages.
The original intent of this branch will be restored in a follow up commit.
Tim Düsterhus [Thu, 2 Jun 2022 11:24:37 +0000 (13:24 +0200)]
Merge pull request #4847 from WoltLab/ci-controller-lookup
Remove reverse lookup for RoutingCacheBuilder::getCaseInsensitiveControllers()
Tim Düsterhus [Thu, 2 Jun 2022 10:42:36 +0000 (12:42 +0200)]
Remove reverse lookup for RoutingCacheBuilder::getCaseInsensitiveControllers()
This reverse lookup is not used, drop it to simplify the logic.
Tim Düsterhus [Thu, 2 Jun 2022 10:09:48 +0000 (12:09 +0200)]
Remove useless temporary in RoutingCacheBuilder::getCustomUrls()
Tim Düsterhus [Thu, 2 Jun 2022 10:08:36 +0000 (12:08 +0200)]
Simplify RoutingCacheBuilder::getCustomUrls()
By creating the arrays for all known abbreviations early we can avoid checking
the existence of them over and over again.
Tim Düsterhus [Thu, 2 Jun 2022 10:06:24 +0000 (12:06 +0200)]
Simplify `isset()` check in ControllerMap::lookup()
The first test was a prefix of the second, thus it is implicitly checked.
Tim Düsterhus [Thu, 2 Jun 2022 10:03:52 +0000 (12:03 +0200)]
Simplify `isset()` check in ControllerMap::resolve()
The first test was a prefix of the second, thus it is implicitly checked.
Also run the `wcf` check in all cases, while this might check the same entry
twice for `$application == 'wcf'`, this will not have a relevant performance
impact and make the code much more readable.
Tim Düsterhus [Thu, 2 Jun 2022 09:13:26 +0000 (11:13 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 2 Jun 2022 08:37:15 +0000 (10:37 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 2 Jun 2022 08:35:38 +0000 (10:35 +0200)]
Create the initial user with a non-NULL signature
see #4845
see
8cf90dac71a2e42c56dafba6e23f0dd5a1c5d64c
Tim Düsterhus [Thu, 2 Jun 2022 08:33:43 +0000 (10:33 +0200)]
Fix PHP 8.1 compatibility in UserRebuildDataWorker for NULL signatures
see #4845
Alexander Ebert [Thu, 2 Jun 2022 08:22:58 +0000 (10:22 +0200)]
Release 5.4.18
Tim Düsterhus [Tue, 31 May 2022 13:42:50 +0000 (15:42 +0200)]
Adjust PHP versions in environment check for 5.5
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
(cherry picked from commit
c2ae090f6bf0a0eefd5eaf9796095a4ddd18c23a)
Tim Düsterhus [Wed, 1 Jun 2022 15:30:04 +0000 (17:30 +0200)]
Merge pull request #4844 from WoltLab/custom-controller
Clean up handling of custom controllers
Tim Düsterhus [Wed, 1 Jun 2022 15:04:47 +0000 (17:04 +0200)]
Remove now-unused $landingPages parameter from RoutingCacheBuilder::getCustomUrls()
Tim Düsterhus [Wed, 1 Jun 2022 15:00:55 +0000 (17:00 +0200)]
Remove dead branch in ControllerMap::isDefaultController()
Since the previous changes it is impossible for an entry `''` to exist in the
custom URL mapping, causing this branch to never be taken.
This essentially reverts
e6fac1cae9428760436179efc10cc7989c2d64b9.
Tim Düsterhus [Wed, 1 Jun 2022 14:58:32 +0000 (16:58 +0200)]
Revert "Revert "Reject empty `controller` in ControllerMap::resolveCustomController()""
This check will now work correctly, since the custom URL for non-i18n pages is
no longer cleared since the previous commit.
This reverts commit
bd46b32207b5784c481277f4c2a8c81deff49f9c.
Tim Düsterhus [Wed, 1 Jun 2022 14:40:56 +0000 (16:40 +0200)]
Remove logic for the clearing of custom URLs for CMS pages from RoutingCacheBuilder
This is workaround is no longer required or useful since the previous commit,
since `ControllerMap::isDefaultController()` will correctly return `true` for
those CMS pages, leading to the route builder dropping the controller part in
the URL.
WoltLab [Wed, 1 Jun 2022 14:46:52 +0000 (14:46 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 1 Jun 2022 14:41:15 +0000 (16:41 +0200)]
Release 5.4.17
Alexander Ebert [Wed, 1 Jun 2022 14:40:30 +0000 (16:40 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 1 Jun 2022 14:37:56 +0000 (16:37 +0200)]
Release 5.3.23