Tim Düsterhus [Wed, 1 Jun 2022 08:30:55 +0000 (10:30 +0200)]
Reject empty `controller` in ControllerMap::resolveCustomController()
Based on the current callers of this method it is impossible that an empty
string is passed in:
- In LookupRequestRoute the matched controller will always contain a non-slash
character, unless the URL itself only consists of slashes, which is rejected
early.
- In ControllerMap::lookupDefaultController() the method will only be called if
the `routePart` of the landing page matches `__WCF_CMS__` which is only the
case if the page does not have an controller assigned. In that case the invariant
that a custom URL must be configured holds and `->lookupCmsPage()` will not
return an empty controller value.
Tim Düsterhus [Wed, 1 Jun 2022 08:50:18 +0000 (10:50 +0200)]
Simplify `isset()` check in ControllerMap::resolveCustomController()
The first test was a prefix of the second, thus it is implicitly checked.
Tim Düsterhus [Wed, 1 Jun 2022 07:47:05 +0000 (09:47 +0200)]
Simplify `isset()` check in ControllerMap::isDefaultController()
The first parameter was a prefix of the second, thus it is implicitly checked.
Tim Düsterhus [Tue, 31 May 2022 14:43:55 +0000 (16:43 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 14:43:48 +0000 (16:43 +0200)]
Update to setup-node@v3
Tim Düsterhus [Tue, 31 May 2022 14:43:27 +0000 (16:43 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 31 May 2022 14:43:11 +0000 (16:43 +0200)]
Update to setup-node@v3
Tim Düsterhus [Tue, 31 May 2022 14:32:58 +0000 (16:32 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 14:31:29 +0000 (16:31 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 31 May 2022 14:30:03 +0000 (16:30 +0200)]
Check the WCF_VERSION only if the result might have changed
Tim Düsterhus [Tue, 31 May 2022 14:21:25 +0000 (16:21 +0200)]
Add workflow to check the WCF_VERSION
Alexander Ebert [Tue, 31 May 2022 14:05:55 +0000 (16:05 +0200)]
Missing update of the package version
Tim Düsterhus [Tue, 31 May 2022 13:50:13 +0000 (15:50 +0200)]
Tim Düsterhus [Tue, 31 May 2022 13:48:24 +0000 (15:48 +0200)]
Move system environment check into a middleware
Tim Düsterhus [Tue, 31 May 2022 13:44:54 +0000 (15:44 +0200)]
Adjust PHP versions in environment check for 5.6
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:44:00 +0000 (15:44 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 13:42:50 +0000 (15:42 +0200)]
Adjust PHP versions in environment check for 5.5
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:41:47 +0000 (15:41 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 31 May 2022 13:41:28 +0000 (15:41 +0200)]
Adjust PHP versions in environment check for 5.4
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:39:48 +0000 (15:39 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 31 May 2022 13:36:26 +0000 (15:36 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Tue, 31 May 2022 13:35:00 +0000 (15:35 +0200)]
Adjust PHP versions in environment check for 5.2
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:33:43 +0000 (15:33 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Tue, 31 May 2022 13:31:44 +0000 (15:31 +0200)]
Merge pull request #4840 from WoltLab/system-environment-check
Add basic check for the runtime environment
Tim Düsterhus [Tue, 31 May 2022 13:11:02 +0000 (15:11 +0200)]
Add basic check for the runtime environment
Running WoltLab Suite in an unsupported environment might work for the
majority of requests, some requests might fail very visibly. But there
also is a third type: A request that *appear* to execute properly, but
that subtly behaves incorrectly, due to a change in PHP's behavior.
The latter type is dangerous, as those requests might introduce errors
into the dataset that are very hard to impossible to correct after the
fact because the necessary information to fix up the data is no longer
available.
Prevent this situation from occuring by performing a basic test of the
runtime environment and halting processing early if this test fails to
ensure that it processed as little as possible.
Tim Düsterhus [Tue, 31 May 2022 12:57:44 +0000 (14:57 +0200)]
Enable HTML escaping of `->errorMessage` in packageUpdateServerList.tpl
This is not exploitable for a full-blown XSS attack, as any HTML tags are
stripped. Nonetheless the `"` character can cause issues, as the value is also
displayed in an HTML attribute and the error message contains uncontrolled
content.
Tim Düsterhus [Tue, 31 May 2022 11:27:11 +0000 (13:27 +0200)]
Merge pull request #4839 from WoltLab/sessionhandler-language-ids
Deprecate SessionHandler::getLanguageIDs()
Tim Düsterhus [Tue, 31 May 2022 10:47:21 +0000 (12:47 +0200)]
Remove useless calls to `->setAccessible()` for Reflection
These are no longer required as of PHP 8.1.
Tim Düsterhus [Tue, 31 May 2022 10:27:46 +0000 (12:27 +0200)]
Remove incorrect use of `@` from WCFSetup templates
Most of these values appear in attributes where `"` must be escaped. While the
`"` cannot appear in some of the values, WCFSetup is not performance critical,
so simply remove them everywhere to save the developer from needing to think
about this.
Tim Düsterhus [Tue, 31 May 2022 10:16:40 +0000 (12:16 +0200)]
Remove useless `isset()` check before calling `unset()` in LinkHandler::getLink()
Tim Düsterhus [Tue, 31 May 2022 10:00:16 +0000 (12:00 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 09:37:34 +0000 (11:37 +0200)]
Release 5.5.0 Beta 4
WoltLab [Tue, 31 May 2022 09:32:57 +0000 (09:32 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Tue, 31 May 2022 09:31:02 +0000 (11:31 +0200)]
WoltLab [Tue, 31 May 2022 09:27:55 +0000 (09:27 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 31 May 2022 09:13:32 +0000 (11:13 +0200)]
Merge pull request #4838 from WoltLab/custom-color-picker
Custom color picker implementation
Alexander Ebert [Tue, 31 May 2022 09:13:26 +0000 (11:13 +0200)]
Simplified the code a bit
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
Tim Düsterhus [Tue, 31 May 2022 08:39:30 +0000 (10:39 +0200)]
Deprecate SessionHandler::getLanguageIDs()
This method is currently unused and basically only wraps
User::getLanguageIDs().
As it is unused the WCFSetup workaround should no longer be required either.
Tim Düsterhus [Tue, 31 May 2022 07:45:30 +0000 (09:45 +0200)]
Merge pull request #4837 from WoltLab/styleID-session
Remove styleID from SessionHandler
Tim Düsterhus [Tue, 31 May 2022 07:13:59 +0000 (09:13 +0200)]
Alexander Ebert [Mon, 30 May 2022 17:14:40 +0000 (19:14 +0200)]
Incorrect calculation of the saturation
Alexander Ebert [Mon, 30 May 2022 16:43:14 +0000 (18:43 +0200)]
Clean-up of legacy files, FF workaround
Alexander Ebert [Mon, 30 May 2022 15:58:14 +0000 (17:58 +0200)]
Unified the phrases for the color picker
Tim Düsterhus [Mon, 30 May 2022 15:07:38 +0000 (17:07 +0200)]
Do not use RequestHandler::redirect() for controller-less ACP requests
Specifically do not pass the unknown `$routeData` which might not be correct
for the IndexPage of `wcf`.
see
ed55fc721676e3a5b7cf52995c2f2701a4902f1e
Alexander Ebert [Mon, 30 May 2022 14:54:12 +0000 (16:54 +0200)]
Overhauled color picker with RGBA and HSL
Alexander Ebert [Mon, 30 May 2022 14:39:11 +0000 (16:39 +0200)]
Support for RGB <-> HSL
Tim Düsterhus [Mon, 30 May 2022 13:49:37 +0000 (15:49 +0200)]
Remove styleID from SessionHandler
See
094ee7c31ce505b293fc228d6831ecb4a42130cc for the majority of performed
changes.
Resolves #4835
Tim Düsterhus [Mon, 30 May 2022 08:57:56 +0000 (10:57 +0200)]
Merge branch '5.5'
Tim Düsterhus [Mon, 30 May 2022 08:54:48 +0000 (10:54 +0200)]
Re-deprecate SessionHandler's styleID functionality
see
094ee7c31ce505b293fc228d6831ecb4a42130cc
Tim Düsterhus [Mon, 30 May 2022 08:47:36 +0000 (10:47 +0200)]
Revert "Prevent saving `styleID` in sessions for user"
The intention behind that change still is valid. However using the
`StyleAction::changeStyle()` method which internally uses
`UserAction::update()` internally is problematic, due to events firing. At the
point where `initStyle()` runs, the applications are not yet initialized and
thus the event listener classes of applications will not be found by the
autoloader.
With
bb2430b495a4bfe7e8f205b97749f49ce4f59229 the handling of the `styleID`
parameter is already removed, thus ultimately solving the same problem, but
without the issues.
This reverts commit
cc5207457ef1157b44ecad54db32ab7438a1158e.
Tim Düsterhus [Mon, 30 May 2022 08:39:00 +0000 (10:39 +0200)]
Merge branch '5.5'
Alexander Ebert [Sun, 29 May 2022 18:06:26 +0000 (20:06 +0200)]
Use separate inputs for the RGB color channels
Marcel Werk [Sun, 29 May 2022 15:41:09 +0000 (17:41 +0200)]
Search for author without search term was not possible
Alexander Ebert [Sat, 28 May 2022 13:05:48 +0000 (15:05 +0200)]
Removed an outdated webkit work-around
This was required in <= 5.4 to fix an issue caused by the `transform: translateX(-50%)` offset used in these versions. 5.5 uses a pixel-perfect positioning that no longer relies on this hack.
Alexander Ebert [Sat, 28 May 2022 12:48:22 +0000 (14:48 +0200)]
Missing removal of existing error messages
See https://www.woltlab.com/community/thread/295622-bitte-f%C3%BCllen-sie-dieses-eingabefeld-aus-doppelt-angezeigt/
Alexander Ebert [Sat, 28 May 2022 12:40:49 +0000 (14:40 +0200)]
Bad access the editor from within a dialog
See https://www.woltlab.com/community/thread/295640-%C3%BCber-medien-hinzugef%C3%BCgtes-bild-l%C3%A4sst-sich-nach-der-entfernung-nicht-direkt-erneu/
Alexander Ebert [Sat, 28 May 2022 12:25:55 +0000 (14:25 +0200)]
Merge pull request #4833 from WoltLab/mobile-right-sidebar
Show content of the right sidebar below the main content (mobile view)
Marcel Werk [Sat, 28 May 2022 11:03:23 +0000 (13:03 +0200)]
Show content of the right sidebar below the main content (mobile view)
Tim Düsterhus [Fri, 27 May 2022 14:37:03 +0000 (16:37 +0200)]
Remove obsolete upgrade workaround for AJAX* controllers
Tim Düsterhus [Fri, 27 May 2022 14:22:06 +0000 (16:22 +0200)]
Merge pull request #4832 from WoltLab/route-handler-get-default-controller
Remove RouteHandler::getDefaultController()
Tim Düsterhus [Fri, 27 May 2022 14:19:01 +0000 (16:19 +0200)]
Merge pull request #4831 from WoltLab/request-handler-in-rescue-mode
Deprecate RequestHandler::inRescueMode()
Tim Düsterhus [Fri, 27 May 2022 14:17:59 +0000 (16:17 +0200)]
Merge pull request #4830 from WoltLab/landingPage
Remove magic numbers from RoutingCacheBuilder's landingPages data
Tim Düsterhus [Fri, 27 May 2022 14:17:05 +0000 (16:17 +0200)]
Merge pull request #4829 from WoltLab/wcf-default-controller
Remove upgrade workarounds for default controller of `wcf`
Tim Düsterhus [Fri, 27 May 2022 13:25:28 +0000 (15:25 +0200)]
Merge pull request #4828 from WoltLab/acp-login-redirect
Remove enforced redirect of `login` and `index` controller in ACP to the `wcf` application
Tim Düsterhus [Fri, 27 May 2022 13:22:55 +0000 (15:22 +0200)]
Remove RouteHandler::getDefaultController()
This method was unused and returned questionable data as the administrator is
free to configure a differing landing page / default controller.
Tim Düsterhus [Fri, 27 May 2022 13:19:17 +0000 (15:19 +0200)]
Require a `controller` for non-`wcf` links in ACP
Tim Düsterhus [Fri, 27 May 2022 13:10:40 +0000 (15:10 +0200)]
Stop calling RequestHandler::inRescueMode()
Tim Düsterhus [Fri, 27 May 2022 13:09:54 +0000 (15:09 +0200)]
Deprecate RequestHandler::inRescueMode()
This method was unable to return anything except true.
Tim Düsterhus [Fri, 27 May 2022 12:54:12 +0000 (14:54 +0200)]
Remove magic numbers from RoutingCacheBuilder's landingPages data
Tim Düsterhus [Fri, 27 May 2022 12:50:47 +0000 (14:50 +0200)]
Remove odd `\array_slice()` call in RoutingCacheBuilder::handleLandingPageWithOverriddenApplication()
This is a simple assignment with extra steps. It definitely is no longer
required since
e9e0e45c728a24aa49c00b0d51679ede40ad43df and likely was not
required even before that.
Tim Düsterhus [Fri, 27 May 2022 12:21:03 +0000 (14:21 +0200)]
Use INNER JOIN in RoutingCacheBuilder::getCustomUrls()
The FOREIGN KEY guarantees that the row in wcf1_page exists.
Tim Düsterhus [Fri, 27 May 2022 12:19:50 +0000 (14:19 +0200)]
DRY up abbreviation retrieval in RoutingCacheBuilder::getCustomUrls()
Tim Düsterhus [Fri, 27 May 2022 12:14:39 +0000 (14:14 +0200)]
Fix code style in RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 12:09:38 +0000 (14:09 +0200)]
DRY up the conversion of class name to controller name in RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 12:03:22 +0000 (14:03 +0200)]
Return updated data in RoutingCacheBuilder::handleLandingPageWithOverriddenApplication()
see
662b3c73f9cffedca8c9c88397313f4aec243a77
Tim Düsterhus [Fri, 27 May 2022 12:02:06 +0000 (14:02 +0200)]
Replace `strpos()` by `str_starts_with()` in RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 11:58:08 +0000 (13:58 +0200)]
Shorten overly long line in RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 11:48:57 +0000 (13:48 +0200)]
Move `->isDefaultController()` check from `RequestHandler::handleDefaultController()` to `::buildRequest()`
This makes the data flow more clear, because `handleDefaultController()` will
only be called if we're actually dealing with the default controller.
Tim Düsterhus [Fri, 20 May 2022 14:03:28 +0000 (16:03 +0200)]
Remove dead branch in RequestHandler::handleDefaultController()
`$data` is guaranteed to be non-null since the previous commit.
Tim Düsterhus [Fri, 20 May 2022 13:59:57 +0000 (15:59 +0200)]
Remove dead branch in ControllerMap
The `wcf` application will have the landing page as its landing page.
Tim Düsterhus [Fri, 20 May 2022 13:51:17 +0000 (15:51 +0200)]
Remove obsolete workaround for the 2.1 to 3.0 upgrade from RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 11:38:33 +0000 (13:38 +0200)]
Remove enforced redirect of `login` and `index` controller in ACP to the `wcf` application
It is not clear why this was added in
d49006fac289699c925a6d5644f102b7ebfc972c,
but it does not appear to still be required. The login check in WCFACP
correctly redirects to the `wcf` app even if an application controller is
requested. The index controller redirect was cleaned up in the previous commit.
Tim Düsterhus [Fri, 27 May 2022 11:44:01 +0000 (13:44 +0200)]
Redirect controller-less ACP requests to IndexPage of `wcf`
Tim Düsterhus [Fri, 27 May 2022 10:51:48 +0000 (12:51 +0200)]
Merge pull request #4827 from WoltLab/api-url
Move the `WSC_API_URL` into com.woltlab.wcf
Tim Düsterhus [Fri, 27 May 2022 10:51:41 +0000 (12:51 +0200)]
Merge pull request #4826 from WoltLab/upgrade-workaround-cleanup
Remove obsolete upgrade workarounds
Tim Düsterhus [Fri, 27 May 2022 10:36:14 +0000 (12:36 +0200)]
Remove support for implicitly routing *Action requests to com.woltlab.wcf
This is no longer required since the removal of multi-domain support
see
5d1c96bc6e92b8b44170922b8abb26b898582f8c
Tim Düsterhus [Fri, 27 May 2022 10:07:13 +0000 (12:07 +0200)]
Tim Düsterhus [Fri, 27 May 2022 10:02:55 +0000 (12:02 +0200)]
Move the `WSC_API_URL` into com.woltlab.wcf
This workaround is no longer required with the removal of multi-domain setups.
see
5d1c96bc6e92b8b44170922b8abb26b898582f8c
Tim Düsterhus [Fri, 27 May 2022 09:28:04 +0000 (11:28 +0200)]
Remove workaround for the WCF app in RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 09:26:25 +0000 (11:26 +0200)]
Remove upgrade workaround from ApplicationHandler
Tim Düsterhus [Fri, 27 May 2022 09:22:35 +0000 (11:22 +0200)]
Use `->prepare()` instead of `->prepareStatement()` in RoutingCacheBuilder
Tim Düsterhus [Fri, 27 May 2022 09:06:07 +0000 (11:06 +0200)]
Merge pull request #4822 from WoltLab/requesthandler-cleanup
Clean up route processing in RequestHandler
Tim Düsterhus [Fri, 27 May 2022 08:43:43 +0000 (10:43 +0200)]
Merge branch '5.5'
Alexander Ebert [Thu, 26 May 2022 11:45:20 +0000 (13:45 +0200)]
Show a text cursor while the item list accepts items
Alexander Ebert [Thu, 26 May 2022 11:34:29 +0000 (13:34 +0200)]
Reordered the generic search filters
Tim Düsterhus [Wed, 25 May 2022 13:52:38 +0000 (15:52 +0200)]
Tighten up composer version constraints
Tim Düsterhus [Wed, 25 May 2022 13:49:19 +0000 (15:49 +0200)]
Update composer dependencies
Tim Düsterhus [Wed, 25 May 2022 13:48:15 +0000 (15:48 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 25 May 2022 13:48:07 +0000 (15:48 +0200)]
Tim Düsterhus [Wed, 25 May 2022 13:45:38 +0000 (15:45 +0200)]
Merge branch '5.4' into 5.5