Tim Düsterhus [Tue, 25 Jul 2023 14:32:10 +0000 (16:32 +0200)]
Add FileUtil::extensionAllowsPhpExecution()
see WoltLab/com.woltlab.gallery@
708e0a8707508c3e45b08ab6a8ae5083eabf00b7
Alexander Ebert [Tue, 25 Jul 2023 09:38:23 +0000 (11:38 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 25 Jul 2023 09:38:17 +0000 (11:38 +0200)]
Decrease the height of the news widget
Tim Düsterhus [Tue, 25 Jul 2023 09:22:46 +0000 (11:22 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 25 Jul 2023 09:20:28 +0000 (11:20 +0200)]
Fix comma detection in Ui/ItemList/Static
This got broken during the TypeScript migration in
c04fd6ce08b40262c660d38dbd491c37aed49a89.
see https://www.woltlab.com/community/thread/300812-itemlist-static-separierung-per-komma-funktioniert-nicht/
Tim Düsterhus [Fri, 14 Jul 2023 08:28:50 +0000 (10:28 +0200)]
Fix truncation of Unicode string query parameters in Benchmark
This needs to use `mb_substr()`, as we checked UTF-8 validity before to use
`UNHEX()` with binary strings. Previously UTF-8 sequences might've been cut
short and the resulting invalid sequence cannot be JSON encoded, as JSON
requires strings to be valid UTF-8.
see https://www.woltlab.com/community/thread/298853-schwer-reproduzierbar-fehlermeldungen-beim-importieren-von-sprachdateien/
Alexander Ebert [Mon, 10 Jul 2023 10:04:39 +0000 (12:04 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Mon, 10 Jul 2023 09:59:31 +0000 (11:59 +0200)]
Migrate the ACP news from Twitter to woltlab.com
Tim Düsterhus [Tue, 4 Jul 2023 08:07:05 +0000 (10:07 +0200)]
Update tslib
Tim Düsterhus [Tue, 4 Jul 2023 07:59:09 +0000 (09:59 +0200)]
Update npm dependencies
Marcel Werk [Fri, 23 Jun 2023 15:25:19 +0000 (17:25 +0200)]
Fix typo
Tim Düsterhus [Wed, 21 Jun 2023 12:58:35 +0000 (14:58 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 21 Jun 2023 09:34:16 +0000 (11:34 +0200)]
Release 5.4.29
Alexander Ebert [Tue, 20 Jun 2023 11:49:04 +0000 (13:49 +0200)]
Release 5.5.13
Alexander Ebert [Tue, 20 Jun 2023 11:39:24 +0000 (13:39 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 20 Jun 2023 11:38:01 +0000 (13:38 +0200)]
Release 5.4.28
Marcel Werk [Mon, 19 Jun 2023 13:57:54 +0000 (15:57 +0200)]
Fixed bug when blocking an avatar, signature or cover photo
The error occurred when the "Permanently Block" checkbox was not set and no "Unblocking Date" was set.
Alexander Ebert [Fri, 16 Jun 2023 13:10:27 +0000 (15:10 +0200)]
Release 5.5.13 dev 1
WoltLab [Fri, 16 Jun 2023 12:49:42 +0000 (12:49 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 15 Jun 2023 13:15:49 +0000 (15:15 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524
It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.
According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.
see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/
(cherry picked from commit
832de3617df81b357430f8d99527dc34efd277a7)
Tim Düsterhus [Thu, 15 Jun 2023 07:43:10 +0000 (09:43 +0200)]
Fix wcf.acp.group.option.user.signature.maxLength in en.xml
see
32f9c5d95163e06c351ae63c700a25aac37a3d95
see
854c03cce023034ae43f252b2ca560aeeda7ca56
see https://www.woltlab.com/community/thread/300146-language-wcf-acp-group-option-user-signature-maxlength/
Tim Düsterhus [Wed, 14 Jun 2023 14:27:16 +0000 (16:27 +0200)]
Fix typo in de.xml
see https://www.woltlab.com/community/thread/300142-tippfehler-im-blockieren-dialog/
Tim Düsterhus [Tue, 13 Jun 2023 07:28:25 +0000 (09:28 +0200)]
Remove duplicated spaces in phrases
see https://www.woltlab.com/community/thread/300126-language-wcf-moderation-activation-notification-commentresponse-mail-html/
Alexander Ebert [Mon, 12 Jun 2023 17:23:35 +0000 (19:23 +0200)]
Add the missing plural s
See https://www.woltlab.com/community/thread/300065-language-wcf-user-notification-com-woltlab-wcf-page/
Alexander Ebert [Mon, 12 Jun 2023 15:24:30 +0000 (17:24 +0200)]
Update the embed code for Instagram
Tim Düsterhus [Tue, 6 Jun 2023 08:15:56 +0000 (10:15 +0200)]
Unify password to “Kennwort” in de.xml
Tim Düsterhus [Tue, 6 Jun 2023 08:13:23 +0000 (10:13 +0200)]
Fix `<label>` targets in userAdd.tpl
Tim Düsterhus [Mon, 5 Jun 2023 08:15:11 +0000 (10:15 +0200)]
Fix HTML syntax in pageHeaderUser.tpl
see
6e5b36526f992eb1f04fb4ebc28f3ae38bed6aff
Fixes #5532
Tim Düsterhus [Mon, 5 Jun 2023 07:23:33 +0000 (09:23 +0200)]
Fix incorrect quotation mark in en.xml
see https://www.woltlab.com/community/thread/300024-language-wcf-acp-user-sendmail-from-description/
Marcel Werk [Mon, 29 May 2023 11:51:36 +0000 (13:51 +0200)]
Fix multiple consistency issues in language phrases
Tim Düsterhus [Mon, 22 May 2023 10:22:25 +0000 (12:22 +0200)]
Update tslib
Tim Düsterhus [Fri, 19 May 2023 13:32:44 +0000 (15:32 +0200)]
Allow `style-src 'unsafe-inline'` in AttachmentPage
Marcel Werk [Wed, 17 May 2023 16:26:08 +0000 (18:26 +0200)]
Fix multiple consistency issues in language phrases
Alexander Ebert [Tue, 16 May 2023 15:02:52 +0000 (17:02 +0200)]
Release 5.5.12
Luke [Tue, 16 May 2023 14:22:10 +0000 (16:22 +0200)]
Fix missing informal variant in de.xml
Resolves #5511
[Tim: Opted to choose a slightly different fix and reworded the commit message]
Alexander Ebert [Sun, 12 Mar 2023 22:56:03 +0000 (23:56 +0100)]
Add a button to discard a selected icon
Fixes #5207
Alexander Ebert [Fri, 12 May 2023 16:27:19 +0000 (18:27 +0200)]
Release 5.5.12 dev 2
WoltLab [Fri, 12 May 2023 16:19:53 +0000 (16:19 +0000)]
Updating minified JavaScript files
Alexander Ebert [Fri, 12 May 2023 15:01:31 +0000 (17:01 +0200)]
Release 5.5.12 dev 1
Tim Düsterhus [Fri, 12 May 2023 09:00:23 +0000 (11:00 +0200)]
Merge pull request #5504 from WoltLab/mailbox-name
Improve handling of Mailboxes with empty names
Tim Düsterhus [Fri, 12 May 2023 07:37:40 +0000 (09:37 +0200)]
Do not emit empty names in Mailbox::__toString()
Likely depending on the MUA this will either emit the email address in the best
case or show an empty field. In any case, this will likely look a little odd to
spam filters and thus should be simplified to just the email address.
Tim Düsterhus [Fri, 12 May 2023 07:35:58 +0000 (09:35 +0200)]
Trim the human readable name of a Mailbox
Whitespace around the name is going to be a little wonky and this is in
preparation of a future change that detects and suppresses empty names.
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524
It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.
According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.
see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/
Tim Düsterhus [Wed, 10 May 2023 11:54:05 +0000 (13:54 +0200)]
Update @types/google.maps
Tim Düsterhus [Wed, 10 May 2023 11:32:58 +0000 (13:32 +0200)]
Merge pull request #5501 from WoltLab/contentInteraction-print
Hide `.contentInteraction` in print CSS
Tim Düsterhus [Wed, 10 May 2023 10:21:22 +0000 (12:21 +0200)]
Hide `.contentInteraction` in print CSS
Marcel Werk [Tue, 9 May 2023 10:18:34 +0000 (12:18 +0200)]
Merge pull request #5496 from WoltLab/avatar-validation
Fix multiple validation issues during the avatar upload
Marcel Werk [Mon, 8 May 2023 15:18:26 +0000 (17:18 +0200)]
Fix validation of the image file type
Previously it was possible to upload any image (e.g. bmp) as avatars using a faked file extension.
Marcel Werk [Mon, 8 May 2023 15:15:40 +0000 (17:15 +0200)]
Proper handling of the case that no image was uploaded
Tim Düsterhus [Mon, 8 May 2023 10:09:37 +0000 (12:09 +0200)]
Fix titlecasing of “with” in page.xml
Tim Düsterhus [Mon, 8 May 2023 07:19:21 +0000 (09:19 +0200)]
Fix wcf.acp.rebuildData.com.woltlab.wcf.activityPoint*
see https://www.woltlab.com/community/thread/299762-language-wcf-acp-rebuilddata-com-woltlab-wcf-activitypointevent/
Tim Düsterhus [Mon, 8 May 2023 07:16:17 +0000 (09:16 +0200)]
Add space in “Buffer Pool” in wcf.acp.systemCheck.mysql.bufferPool phrase
see https://www.woltlab.com/community/thread/299781-language-wcf-acp-systemcheck-mysql-bufferpool/
Tim Düsterhus [Fri, 5 May 2023 14:54:42 +0000 (16:54 +0200)]
Fix typo in de.xml
Marcel Werk [Fri, 5 May 2023 14:44:40 +0000 (16:44 +0200)]
Merge pull request #5479 from WoltLab/line-break-separated-text
Fix issues when pasting in `LineBreakSeparatedText` input fields
Marcel Werk [Fri, 5 May 2023 13:11:03 +0000 (15:11 +0200)]
Update outdated terms in trademark notice
Marcel Werk [Fri, 5 May 2023 12:54:57 +0000 (14:54 +0200)]
Fix issues when pasting in `LineBreakSeparatedText` input fields
Pasting from the clipboard could result in duplicates and empty entries.
Tim Düsterhus [Fri, 5 May 2023 07:17:39 +0000 (09:17 +0200)]
Add missing space before ellipsis in wcf.acp.package.search.status.* in en.xml
see https://www.woltlab.com/community/thread/299749-language-wcf-acp-package-search-status-loading/
Tim Düsterhus [Fri, 5 May 2023 07:16:35 +0000 (09:16 +0200)]
Fix titlecasification in wcf.acp.user.security.multifactor
see https://www.woltlab.com/community/thread/299745-language-wcf-acp-user-security-multifactor/
Tim Düsterhus [Fri, 5 May 2023 07:14:43 +0000 (09:14 +0200)]
Fix typos in wcf.date.interval.* in en.xml
see https://www.woltlab.com/community/thread/299744-language-wcf-date-interval-months-plain/
Tim Düsterhus [Thu, 4 May 2023 07:17:06 +0000 (09:17 +0200)]
Fix wcf.user.notification.comment.like.message
see https://www.woltlab.com/community/thread/299735-language-wcf-user-notification-comment-like-message/
Tim Düsterhus [Tue, 2 May 2023 10:15:40 +0000 (12:15 +0200)]
Add missing “Address” for “Email Address” in wcf.user.email in en.xml
Fixes #5466
Tim Düsterhus [Fri, 28 Apr 2023 14:01:11 +0000 (16:01 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 28 Apr 2023 14:00:48 +0000 (16:00 +0200)]
Update to `actions/upload-artifact@v3` in wcfsetup.yml
This is required, because node.js 12 actions are deprecated.
Tim Düsterhus [Tue, 25 Apr 2023 09:33:59 +0000 (11:33 +0200)]
Improve phrasing for `user_authentication_failure_*` descriptions
Tim Düsterhus [Mon, 24 Apr 2023 13:07:17 +0000 (15:07 +0200)]
Fix creating menuItem PIP entries without parent using dev tools
Fixes #4754
Alexander Ebert [Wed, 19 Apr 2023 13:32:44 +0000 (15:32 +0200)]
Release 5.5.11
Alexander Ebert [Wed, 19 Apr 2023 12:57:09 +0000 (14:57 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 19 Apr 2023 12:56:08 +0000 (14:56 +0200)]
Release 5.4.27
Alexander Ebert [Wed, 19 Apr 2023 12:50:28 +0000 (14:50 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Apr 2023 12:48:51 +0000 (14:48 +0200)]
Release 5.3.28
WoltLab [Wed, 19 Apr 2023 11:59:20 +0000 (11:59 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:58:03 +0000 (13:58 +0200)]
Merge branch '5.4' into 5.5
WoltLab [Wed, 19 Apr 2023 11:57:15 +0000 (11:57 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:55:57 +0000 (13:55 +0200)]
Merge branch '5.3' into 5.4
WoltLab [Wed, 19 Apr 2023 11:55:07 +0000 (11:55 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:51:47 +0000 (13:51 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 19 Apr 2023 11:51:31 +0000 (13:51 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:45:04 +0000 (13:45 +0200)]
Merge branch 'article-clipboard' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:44:42 +0000 (13:44 +0200)]
Merge branch 'js-unescape-html' into 5.3
Tim Düsterhus [Tue, 18 Apr 2023 07:42:25 +0000 (09:42 +0200)]
Fix `StringUtil.unescapeHTML()`
The HTML was unescaped in an incorrect order, causing incorrect results for
inputs like:
StringUtil.unescapeHTML('&quot;')
Tim Düsterhus [Tue, 28 Mar 2023 12:42:51 +0000 (14:42 +0200)]
Do not allow setting an inaccessible category in ArticleAction::validateSetCategory()
Tim Düsterhus [Tue, 28 Mar 2023 12:41:54 +0000 (14:41 +0200)]
Validate if an article may be edited in `setCategory` clipboard action
Tim Düsterhus [Mon, 17 Apr 2023 17:22:50 +0000 (19:22 +0200)]
Update laminas/laminas-diactoros
see laminas/laminas-diactoros@
2bc0d0bc2d15a3182d7853f761b6b7d2754821fe
Tim Düsterhus [Mon, 17 Apr 2023 17:20:13 +0000 (19:20 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Mon, 17 Apr 2023 16:23:38 +0000 (18:23 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 17 Apr 2023 16:21:29 +0000 (18:21 +0200)]
Alexander Ebert [Fri, 14 Apr 2023 13:29:54 +0000 (15:29 +0200)]
Fix the update instructions
Alexander Ebert [Fri, 14 Apr 2023 12:05:55 +0000 (14:05 +0200)]
Release 5.5.11 dev 1
Alexander Ebert [Thu, 13 Apr 2023 13:24:30 +0000 (15:24 +0200)]
Merge pull request #5420 from darkwood-studios/5.5
added new articleLikeButtons template event to article template
daniel [Thu, 13 Apr 2023 07:46:30 +0000 (09:46 +0200)]
added new articleLikeButtons template event to article template
WoltLab [Thu, 13 Apr 2023 07:20:19 +0000 (07:20 +0000)]
Updating minified JavaScript files
Marcel Werk [Mon, 10 Apr 2023 14:52:48 +0000 (16:52 +0200)]
Fix reading boolean field values in form builder dialogs
For normal forms, the value of `BooleanFormField` is passed as a string. In
form builder dialogs, however, it is passed as an int.
Resolves #5412
Alexander Ebert [Sat, 8 Apr 2023 10:23:58 +0000 (12:23 +0200)]
Merge pull request #5374 from SoftCreatR/bugfix/userBBCodeTag-sync
Add `userBBCodeTag` to the shared templates
Tim Düsterhus [Thu, 6 Apr 2023 11:56:09 +0000 (13:56 +0200)]
Fix redirect after submitting ContactForm
The empty string is an invalid controller name. The landing page link is
requested by either passing `null` or leaving out all parameters.
This misuse will throw an Exception in WoltLab Suite 6.0.
Fixes #5407
Olaf Braun [Sun, 2 Apr 2023 15:44:47 +0000 (17:44 +0200)]
Update TS StringUtil's HTML escaper to be consistent with PHP's
Commit
f631a7de6506e52095299c15042c25a3979a8200 updated the HTML escaper on the
server to encode a single quote (`'`) as `'`, however it did not update
the frontend / TypeScript implementation.
This specifically breaks loading of existing data for i18n fields containing
the single quote, because the JavaScript expects the value to be first JS
encoded and then HTML encoded and manually performs HTML decoding. This is
questionable, but likely not fixable without introducing security issues,
because some users *might* rely on the fact that the JS escaping already
happened and it's impossible to detect whether the given values are already
escaped or not.
Resolves #5381
[Tim: Written the entire commit message]
Tim Düsterhus [Tue, 4 Apr 2023 13:27:00 +0000 (15:27 +0200)]
Add `is_string` as template modifier
Resolves #5388
Tim Düsterhus [Tue, 4 Apr 2023 09:59:58 +0000 (11:59 +0200)]
Merge pull request #5384 from WoltLab/trim-utf-8
Gracefully handle non-UTF-8 inputs in StringUtil::trim()
Tim Düsterhus [Mon, 3 Apr 2023 13:40:08 +0000 (15:40 +0200)]
Gracefully handle non-UTF-8 inputs in StringUtil::trim()
Tim Düsterhus [Fri, 31 Mar 2023 10:15:24 +0000 (12:15 +0200)]
Merge pull request #5380 from WoltLab/style-setvariables-no-write
Do not write an updated style file in StyleEditor::setVariables()