GitHub/WoltLab/WCF.git
16 months agoAdd FileUtil::extensionAllowsPhpExecution()
Tim Düsterhus [Tue, 25 Jul 2023 14:32:10 +0000 (16:32 +0200)]
Add FileUtil::extensionAllowsPhpExecution()

see WoltLab/com.woltlab.gallery@708e0a8707508c3e45b08ab6a8ae5083eabf00b7

16 months agoMerge branch '5.4' into 5.5
Alexander Ebert [Tue, 25 Jul 2023 09:38:23 +0000 (11:38 +0200)]
Merge branch '5.4' into 5.5

16 months agoDecrease the height of the news widget
Alexander Ebert [Tue, 25 Jul 2023 09:38:17 +0000 (11:38 +0200)]
Decrease the height of the news widget

16 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Tue, 25 Jul 2023 09:22:46 +0000 (11:22 +0200)]
Merge branch '5.4' into 5.5

16 months agoFix comma detection in Ui/ItemList/Static
Tim Düsterhus [Tue, 25 Jul 2023 09:20:28 +0000 (11:20 +0200)]
Fix comma detection in Ui/ItemList/Static

This got broken during the TypeScript migration in c04fd6ce08b40262c660d38dbd491c37aed49a89.

see https://www.woltlab.com/community/thread/300812-itemlist-static-separierung-per-komma-funktioniert-nicht/

16 months agoFix truncation of Unicode string query parameters in Benchmark
Tim Düsterhus [Fri, 14 Jul 2023 08:28:50 +0000 (10:28 +0200)]
Fix truncation of Unicode string query parameters in Benchmark

This needs to use `mb_substr()`, as we checked UTF-8 validity before to use
`UNHEX()` with binary strings. Previously UTF-8 sequences might've been cut
short and the resulting invalid sequence cannot be JSON encoded, as JSON
requires strings to be valid UTF-8.

see https://www.woltlab.com/community/thread/298853-schwer-reproduzierbar-fehlermeldungen-beim-importieren-von-sprachdateien/

16 months agoMerge branch '5.4' into 5.5
Alexander Ebert [Mon, 10 Jul 2023 10:04:39 +0000 (12:04 +0200)]
Merge branch '5.4' into 5.5

16 months agoMigrate the ACP news from Twitter to woltlab.com
Alexander Ebert [Mon, 10 Jul 2023 09:59:31 +0000 (11:59 +0200)]
Migrate the ACP news from Twitter to woltlab.com

16 months agoUpdate tslib
Tim Düsterhus [Tue, 4 Jul 2023 08:07:05 +0000 (10:07 +0200)]
Update tslib

16 months agoUpdate npm dependencies
Tim Düsterhus [Tue, 4 Jul 2023 07:59:09 +0000 (09:59 +0200)]
Update npm dependencies

17 months agoFix typo
Marcel Werk [Fri, 23 Jun 2023 15:25:19 +0000 (17:25 +0200)]
Fix typo

17 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Wed, 21 Jun 2023 12:58:35 +0000 (14:58 +0200)]
Merge branch '5.4' into 5.5

17 months agoRelease 5.4.29 5.4.29
Alexander Ebert [Wed, 21 Jun 2023 09:34:16 +0000 (11:34 +0200)]
Release 5.4.29

17 months agoRelease 5.5.13 5.5.13
Alexander Ebert [Tue, 20 Jun 2023 11:49:04 +0000 (13:49 +0200)]
Release 5.5.13

17 months agoMerge branch '5.4' into 5.5
Alexander Ebert [Tue, 20 Jun 2023 11:39:24 +0000 (13:39 +0200)]
Merge branch '5.4' into 5.5

17 months agoRelease 5.4.28 5.4.28
Alexander Ebert [Tue, 20 Jun 2023 11:38:01 +0000 (13:38 +0200)]
Release 5.4.28

17 months agoFixed bug when blocking an avatar, signature or cover photo
Marcel Werk [Mon, 19 Jun 2023 13:57:54 +0000 (15:57 +0200)]
Fixed bug when blocking an avatar, signature or cover photo

The error occurred when the "Permanently Block" checkbox was not set and no "Unblocking Date" was set.

17 months agoRelease 5.5.13 dev 1 5.5.13_dev_1
Alexander Ebert [Fri, 16 Jun 2023 13:10:27 +0000 (15:10 +0200)]
Release 5.5.13 dev 1

17 months agoUpdating minified JavaScript files
WoltLab [Fri, 16 Jun 2023 12:49:42 +0000 (12:49 +0000)]
Updating minified JavaScript files

17 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Thu, 15 Jun 2023 13:15:49 +0000 (15:15 +0200)]
Merge branch '5.4' into 5.5

17 months agoDrop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug...
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524

It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.

According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.

see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/

(cherry picked from commit 832de3617df81b357430f8d99527dc34efd277a7)

17 months agoFix wcf.acp.group.option.user.signature.maxLength in en.xml
Tim Düsterhus [Thu, 15 Jun 2023 07:43:10 +0000 (09:43 +0200)]
Fix wcf.acp.group.option.user.signature.maxLength in en.xml

see 32f9c5d95163e06c351ae63c700a25aac37a3d95
see 854c03cce023034ae43f252b2ca560aeeda7ca56
see https://www.woltlab.com/community/thread/300146-language-wcf-acp-group-option-user-signature-maxlength/

17 months agoFix typo in de.xml
Tim Düsterhus [Wed, 14 Jun 2023 14:27:16 +0000 (16:27 +0200)]
Fix typo in de.xml

see https://www.woltlab.com/community/thread/300142-tippfehler-im-blockieren-dialog/

17 months agoRemove duplicated spaces in phrases
Tim Düsterhus [Tue, 13 Jun 2023 07:28:25 +0000 (09:28 +0200)]
Remove duplicated spaces in phrases

see https://www.woltlab.com/community/thread/300126-language-wcf-moderation-activation-notification-commentresponse-mail-html/

17 months agoAdd the missing plural s
Alexander Ebert [Mon, 12 Jun 2023 17:23:35 +0000 (19:23 +0200)]
Add the missing plural s

See https://www.woltlab.com/community/thread/300065-language-wcf-user-notification-com-woltlab-wcf-page/

17 months agoUpdate the embed code for Instagram
Alexander Ebert [Mon, 12 Jun 2023 15:24:30 +0000 (17:24 +0200)]
Update the embed code for Instagram

17 months agoUnify password to “Kennwort” in de.xml
Tim Düsterhus [Tue, 6 Jun 2023 08:15:56 +0000 (10:15 +0200)]
Unify password to “Kennwort” in de.xml

17 months agoFix `<label>` targets in userAdd.tpl
Tim Düsterhus [Tue, 6 Jun 2023 08:13:23 +0000 (10:13 +0200)]
Fix `<label>` targets in userAdd.tpl

17 months agoFix HTML syntax in pageHeaderUser.tpl
Tim Düsterhus [Mon, 5 Jun 2023 08:15:11 +0000 (10:15 +0200)]
Fix HTML syntax in pageHeaderUser.tpl

see 6e5b36526f992eb1f04fb4ebc28f3ae38bed6aff
Fixes #5532

17 months agoFix incorrect quotation mark in en.xml
Tim Düsterhus [Mon, 5 Jun 2023 07:23:33 +0000 (09:23 +0200)]
Fix incorrect quotation mark in en.xml

see https://www.woltlab.com/community/thread/300024-language-wcf-acp-user-sendmail-from-description/

17 months agoFix multiple consistency issues in language phrases
Marcel Werk [Mon, 29 May 2023 11:51:36 +0000 (13:51 +0200)]
Fix multiple consistency issues in language phrases

18 months agoUpdate tslib
Tim Düsterhus [Mon, 22 May 2023 10:22:25 +0000 (12:22 +0200)]
Update tslib

18 months agoAllow `style-src 'unsafe-inline'` in AttachmentPage
Tim Düsterhus [Fri, 19 May 2023 13:32:44 +0000 (15:32 +0200)]
Allow `style-src 'unsafe-inline'` in AttachmentPage

18 months agoFix multiple consistency issues in language phrases
Marcel Werk [Wed, 17 May 2023 16:26:08 +0000 (18:26 +0200)]
Fix multiple consistency issues in language phrases

18 months agoRelease 5.5.12 5.5.12
Alexander Ebert [Tue, 16 May 2023 15:02:52 +0000 (17:02 +0200)]
Release 5.5.12

18 months agoFix missing informal variant in de.xml
Luke [Tue, 16 May 2023 14:22:10 +0000 (16:22 +0200)]
Fix missing informal variant in de.xml

Resolves #5511

[Tim: Opted to choose a slightly different fix and reworded the commit message]

18 months agoAdd a button to discard a selected icon
Alexander Ebert [Sun, 12 Mar 2023 22:56:03 +0000 (23:56 +0100)]
Add a button to discard a selected icon

Fixes #5207

18 months agoRelease 5.5.12 dev 2 5.5.12_dev_2
Alexander Ebert [Fri, 12 May 2023 16:27:19 +0000 (18:27 +0200)]
Release 5.5.12 dev 2

18 months agoUpdating minified JavaScript files
WoltLab [Fri, 12 May 2023 16:19:53 +0000 (16:19 +0000)]
Updating minified JavaScript files

18 months agoRelease 5.5.12 dev 1 5.5.12_dev_1
Alexander Ebert [Fri, 12 May 2023 15:01:31 +0000 (17:01 +0200)]
Release 5.5.12 dev 1

18 months agoMerge pull request #5504 from WoltLab/mailbox-name
Tim Düsterhus [Fri, 12 May 2023 09:00:23 +0000 (11:00 +0200)]
Merge pull request #5504 from WoltLab/mailbox-name

Improve handling of Mailboxes with empty names

18 months agoDo not emit empty names in Mailbox::__toString()
Tim Düsterhus [Fri, 12 May 2023 07:37:40 +0000 (09:37 +0200)]
Do not emit empty names in Mailbox::__toString()

Likely depending on the MUA this will either emit the email address in the best
case or show an empty field. In any case, this will likely look a little odd to
spam filters and thus should be simplified to just the email address.

18 months agoTrim the human readable name of a Mailbox
Tim Düsterhus [Fri, 12 May 2023 07:35:58 +0000 (09:35 +0200)]
Trim the human readable name of a Mailbox

Whitespace around the name is going to be a little wonky and this is in
preparation of a future change that detects and suppresses empty names.

18 months agoDrop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug...
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524

It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.

According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.

see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/

18 months agoUpdate @types/google.maps
Tim Düsterhus [Wed, 10 May 2023 11:54:05 +0000 (13:54 +0200)]
Update @types/google.maps

18 months agoMerge pull request #5501 from WoltLab/contentInteraction-print
Tim Düsterhus [Wed, 10 May 2023 11:32:58 +0000 (13:32 +0200)]
Merge pull request #5501 from WoltLab/contentInteraction-print

Hide `.contentInteraction` in print CSS

18 months agoHide `.contentInteraction` in print CSS
Tim Düsterhus [Wed, 10 May 2023 10:21:22 +0000 (12:21 +0200)]
Hide `.contentInteraction` in print CSS

18 months agoMerge pull request #5496 from WoltLab/avatar-validation
Marcel Werk [Tue, 9 May 2023 10:18:34 +0000 (12:18 +0200)]
Merge pull request #5496 from WoltLab/avatar-validation

Fix multiple validation issues during the avatar upload

18 months agoFix validation of the image file type
Marcel Werk [Mon, 8 May 2023 15:18:26 +0000 (17:18 +0200)]
Fix validation of the image file type

Previously it was possible to upload any image (e.g. bmp) as avatars using a faked file extension.

18 months agoProper handling of the case that no image was uploaded
Marcel Werk [Mon, 8 May 2023 15:15:40 +0000 (17:15 +0200)]
Proper handling of the case that no image was uploaded

18 months agoFix titlecasing of “with” in page.xml
Tim Düsterhus [Mon, 8 May 2023 10:09:37 +0000 (12:09 +0200)]
Fix titlecasing of “with” in page.xml

18 months agoFix wcf.acp.rebuildData.com.woltlab.wcf.activityPoint*
Tim Düsterhus [Mon, 8 May 2023 07:19:21 +0000 (09:19 +0200)]
Fix wcf.acp.rebuildData.com.woltlab.wcf.activityPoint*

see https://www.woltlab.com/community/thread/299762-language-wcf-acp-rebuilddata-com-woltlab-wcf-activitypointevent/

18 months agoAdd space in “Buffer Pool” in wcf.acp.systemCheck.mysql.bufferPool phrase
Tim Düsterhus [Mon, 8 May 2023 07:16:17 +0000 (09:16 +0200)]
Add space in “Buffer Pool” in wcf.acp.systemCheck.mysql.bufferPool phrase

see https://www.woltlab.com/community/thread/299781-language-wcf-acp-systemcheck-mysql-bufferpool/

18 months agoFix typo in de.xml
Tim Düsterhus [Fri, 5 May 2023 14:54:42 +0000 (16:54 +0200)]
Fix typo in de.xml

18 months agoMerge pull request #5479 from WoltLab/line-break-separated-text
Marcel Werk [Fri, 5 May 2023 14:44:40 +0000 (16:44 +0200)]
Merge pull request #5479 from WoltLab/line-break-separated-text

Fix issues when pasting in `LineBreakSeparatedText` input fields

18 months agoUpdate outdated terms in trademark notice
Marcel Werk [Fri, 5 May 2023 13:11:03 +0000 (15:11 +0200)]
Update outdated terms in trademark notice

18 months agoFix issues when pasting in `LineBreakSeparatedText` input fields
Marcel Werk [Fri, 5 May 2023 12:54:57 +0000 (14:54 +0200)]
Fix issues when pasting in `LineBreakSeparatedText` input fields

Pasting from the clipboard could result in duplicates and empty entries.

18 months agoAdd missing space before ellipsis in wcf.acp.package.search.status.* in en.xml
Tim Düsterhus [Fri, 5 May 2023 07:17:39 +0000 (09:17 +0200)]
Add missing space before ellipsis in wcf.acp.package.search.status.* in en.xml

see https://www.woltlab.com/community/thread/299749-language-wcf-acp-package-search-status-loading/

18 months agoFix titlecasification in wcf.acp.user.security.multifactor
Tim Düsterhus [Fri, 5 May 2023 07:16:35 +0000 (09:16 +0200)]
Fix titlecasification in wcf.acp.user.security.multifactor

see https://www.woltlab.com/community/thread/299745-language-wcf-acp-user-security-multifactor/

18 months agoFix typos in wcf.date.interval.* in en.xml
Tim Düsterhus [Fri, 5 May 2023 07:14:43 +0000 (09:14 +0200)]
Fix typos in wcf.date.interval.* in en.xml

see https://www.woltlab.com/community/thread/299744-language-wcf-date-interval-months-plain/

18 months agoFix wcf.user.notification.comment.like.message
Tim Düsterhus [Thu, 4 May 2023 07:17:06 +0000 (09:17 +0200)]
Fix wcf.user.notification.comment.like.message

see https://www.woltlab.com/community/thread/299735-language-wcf-user-notification-comment-like-message/

18 months agoAdd missing “Address” for “Email Address” in wcf.user.email in en.xml
Tim Düsterhus [Tue, 2 May 2023 10:15:40 +0000 (12:15 +0200)]
Add missing “Address” for “Email Address” in wcf.user.email in en.xml

Fixes #5466

18 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Fri, 28 Apr 2023 14:01:11 +0000 (16:01 +0200)]
Merge branch '5.4' into 5.5

18 months agoUpdate to `actions/upload-artifact@v3` in wcfsetup.yml
Tim Düsterhus [Fri, 28 Apr 2023 14:00:48 +0000 (16:00 +0200)]
Update to `actions/upload-artifact@v3` in wcfsetup.yml

This is required, because node.js 12 actions are deprecated.

19 months agoImprove phrasing for `user_authentication_failure_*` descriptions
Tim Düsterhus [Tue, 25 Apr 2023 09:33:59 +0000 (11:33 +0200)]
Improve phrasing for `user_authentication_failure_*` descriptions

19 months agoFix creating menuItem PIP entries without parent using dev tools
Tim Düsterhus [Mon, 24 Apr 2023 13:07:17 +0000 (15:07 +0200)]
Fix creating menuItem PIP entries without parent using dev tools

Fixes #4754

19 months agoRelease 5.5.11 5.5.11
Alexander Ebert [Wed, 19 Apr 2023 13:32:44 +0000 (15:32 +0200)]
Release 5.5.11

19 months agoMerge branch '5.4' into 5.5
Alexander Ebert [Wed, 19 Apr 2023 12:57:09 +0000 (14:57 +0200)]
Merge branch '5.4' into 5.5

19 months agoRelease 5.4.27 5.4.27
Alexander Ebert [Wed, 19 Apr 2023 12:56:08 +0000 (14:56 +0200)]
Release 5.4.27

19 months agoMerge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Apr 2023 12:50:28 +0000 (14:50 +0200)]
Merge branch '5.3' into 5.4

19 months agoRelease 5.3.28 5.3.28 5.3.final
Alexander Ebert [Wed, 19 Apr 2023 12:48:51 +0000 (14:48 +0200)]
Release 5.3.28

19 months agoUpdating minified JavaScript files
WoltLab [Wed, 19 Apr 2023 11:59:20 +0000 (11:59 +0000)]
Updating minified JavaScript files

19 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Wed, 19 Apr 2023 11:58:03 +0000 (13:58 +0200)]
Merge branch '5.4' into 5.5

19 months agoUpdating minified JavaScript files
WoltLab [Wed, 19 Apr 2023 11:57:15 +0000 (11:57 +0000)]
Updating minified JavaScript files

19 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:55:57 +0000 (13:55 +0200)]
Merge branch '5.3' into 5.4

19 months agoUpdating minified JavaScript files
WoltLab [Wed, 19 Apr 2023 11:55:07 +0000 (11:55 +0000)]
Updating minified JavaScript files

19 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Wed, 19 Apr 2023 11:51:47 +0000 (13:51 +0200)]
Merge branch '5.4' into 5.5

19 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:51:31 +0000 (13:51 +0200)]
Merge branch '5.3' into 5.4

19 months agoMerge branch 'article-clipboard' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:45:04 +0000 (13:45 +0200)]
Merge branch 'article-clipboard' into 5.3

19 months agoMerge branch 'js-unescape-html' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:44:42 +0000 (13:44 +0200)]
Merge branch 'js-unescape-html' into 5.3

19 months agoFix `StringUtil.unescapeHTML()`
Tim Düsterhus [Tue, 18 Apr 2023 07:42:25 +0000 (09:42 +0200)]
Fix `StringUtil.unescapeHTML()`

The HTML was unescaped in an incorrect order, causing incorrect results for
inputs like:

    StringUtil.unescapeHTML('&amp;quot;')

19 months agoDo not allow setting an inaccessible category in ArticleAction::validateSetCategory()
Tim Düsterhus [Tue, 28 Mar 2023 12:42:51 +0000 (14:42 +0200)]
Do not allow setting an inaccessible category in ArticleAction::validateSetCategory()

19 months agoValidate if an article may be edited in `setCategory` clipboard action
Tim Düsterhus [Tue, 28 Mar 2023 12:41:54 +0000 (14:41 +0200)]
Validate if an article may be edited in `setCategory` clipboard action

19 months agoUpdate laminas/laminas-diactoros
Tim Düsterhus [Mon, 17 Apr 2023 17:22:50 +0000 (19:22 +0200)]
Update laminas/laminas-diactoros

see laminas/laminas-diactoros@2bc0d0bc2d15a3182d7853f761b6b7d2754821fe

19 months agoMerge branch '5.4' into 5.5
Tim Düsterhus [Mon, 17 Apr 2023 17:20:13 +0000 (19:20 +0200)]
Merge branch '5.4' into 5.5

19 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Mon, 17 Apr 2023 16:23:38 +0000 (18:23 +0200)]
Merge branch '5.3' into 5.4

19 months agoUpdate guzzlehttp/psr7
Tim Düsterhus [Mon, 17 Apr 2023 16:21:29 +0000 (18:21 +0200)]
Update guzzlehttp/psr7

see guzzle/psr7@18fd8915823bd9ca4156e84849e18970057dc7e4

19 months agoFix the update instructions
Alexander Ebert [Fri, 14 Apr 2023 13:29:54 +0000 (15:29 +0200)]
Fix the update instructions

19 months agoRelease 5.5.11 dev 1 5.5.11_dev_1
Alexander Ebert [Fri, 14 Apr 2023 12:05:55 +0000 (14:05 +0200)]
Release 5.5.11 dev 1

19 months agoMerge pull request #5420 from darkwood-studios/5.5
Alexander Ebert [Thu, 13 Apr 2023 13:24:30 +0000 (15:24 +0200)]
Merge pull request #5420 from darkwood-studios/5.5

added new articleLikeButtons template event to article template

19 months agoadded new articleLikeButtons template event to article template
daniel [Thu, 13 Apr 2023 07:46:30 +0000 (09:46 +0200)]
added new articleLikeButtons template event to article template

19 months agoUpdating minified JavaScript files
WoltLab [Thu, 13 Apr 2023 07:20:19 +0000 (07:20 +0000)]
Updating minified JavaScript files

19 months agoFix reading boolean field values in form builder dialogs
Marcel Werk [Mon, 10 Apr 2023 14:52:48 +0000 (16:52 +0200)]
Fix reading boolean field values in form builder dialogs

For normal forms, the value of `BooleanFormField` is passed as a string. In
form builder dialogs, however, it is passed as an int.

Resolves #5412

19 months agoMerge pull request #5374 from SoftCreatR/bugfix/userBBCodeTag-sync
Alexander Ebert [Sat, 8 Apr 2023 10:23:58 +0000 (12:23 +0200)]
Merge pull request #5374 from SoftCreatR/bugfix/userBBCodeTag-sync

Add `userBBCodeTag` to the shared templates

19 months agoFix redirect after submitting ContactForm
Tim Düsterhus [Thu, 6 Apr 2023 11:56:09 +0000 (13:56 +0200)]
Fix redirect after submitting ContactForm

The empty string is an invalid controller name. The landing page link is
requested by either passing `null` or leaving out all parameters.

This misuse will throw an Exception in WoltLab Suite 6.0.

Fixes #5407

19 months agoUpdate TS StringUtil's HTML escaper to be consistent with PHP's
Olaf Braun [Sun, 2 Apr 2023 15:44:47 +0000 (17:44 +0200)]
Update TS StringUtil's HTML escaper to be consistent with PHP's

Commit f631a7de6506e52095299c15042c25a3979a8200 updated the HTML escaper on the
server to encode a single quote (`'`) as `&#039;`, however it did not update
the frontend / TypeScript implementation.

This specifically breaks loading of existing data for i18n fields containing
the single quote, because the JavaScript expects the value to be first JS
encoded and then HTML encoded and manually performs HTML decoding. This is
questionable, but likely not fixable without introducing security issues,
because some users *might* rely on the fact that the JS escaping already
happened and it's impossible to detect whether the given values are already
escaped or not.

Resolves #5381

[Tim: Written the entire commit message]

19 months agoAdd `is_string` as template modifier
Tim Düsterhus [Tue, 4 Apr 2023 13:27:00 +0000 (15:27 +0200)]
Add `is_string` as template modifier

Resolves #5388

19 months agoMerge pull request #5384 from WoltLab/trim-utf-8
Tim Düsterhus [Tue, 4 Apr 2023 09:59:58 +0000 (11:59 +0200)]
Merge pull request #5384 from WoltLab/trim-utf-8

Gracefully handle non-UTF-8 inputs in StringUtil::trim()

19 months agoGracefully handle non-UTF-8 inputs in StringUtil::trim()
Tim Düsterhus [Mon, 3 Apr 2023 13:40:08 +0000 (15:40 +0200)]
Gracefully handle non-UTF-8 inputs in StringUtil::trim()

19 months agoMerge pull request #5380 from WoltLab/style-setvariables-no-write
Tim Düsterhus [Fri, 31 Mar 2023 10:15:24 +0000 (12:15 +0200)]
Merge pull request #5380 from WoltLab/style-setvariables-no-write

Do not write an updated style file in StyleEditor::setVariables()