Marcel Werk [Thu, 6 Aug 2020 20:37:05 +0000 (22:37 +0200)]
Removed EXTERNAL_LINK_REL_NOFOLLOW
Marcel Werk [Thu, 6 Aug 2020 20:36:49 +0000 (22:36 +0200)]
New method to generate attributes for <a> tags
Marcel Werk [Thu, 6 Aug 2020 20:35:54 +0000 (22:35 +0200)]
Use of StringUtil::getAnchorTag()
Marcel Werk [Thu, 6 Aug 2020 19:51:51 +0000 (21:51 +0200)]
use StringUtil::getAnchorTag()
Alexander Ebert [Thu, 6 Aug 2020 17:24:52 +0000 (19:24 +0200)]
Merge pull request #3486 from Krymonota/use-generic-default-cookie-prefix
Use generic value for default cookie prefix
Niklas (Krymonota) [Thu, 6 Aug 2020 15:23:31 +0000 (17:23 +0200)]
Use generic value for default cookie prefix
... so that it doesn't have to be adjusted for new versions.
Marcel Werk [Thu, 6 Aug 2020 14:26:20 +0000 (16:26 +0200)]
Merge branch '5.2'
Marcel Werk [Thu, 6 Aug 2020 14:25:45 +0000 (16:25 +0200)]
Added missing informal variant
Tim Düsterhus [Thu, 6 Aug 2020 12:59:46 +0000 (14:59 +0200)]
Merge pull request #3484 from WoltLab/wcfsetup-cookietest
Detect misconfigured hostnames during WCFSetup
Tim Düsterhus [Thu, 6 Aug 2020 12:38:02 +0000 (14:38 +0200)]
Detect misconfigured hostnames during WCFSetup
Misconfigured reverse reverse proxies might rewrite the `host` header to the
upstream's hostname, instead of preserving the `host` as it was sent by the
web browser. Such a misconfiguration will cause WoltLab Suite to generate
incorrect absolute URLs and more importantly this also causes it to specify
an incorrect `domain` within cookies. The latter leads to the browser ignoring
the cookie. At the end of WCFSetup this ultimately leads to the ACP session
cookie being ignored, which in turn leads to failing the transition from
WCFSetup into the package installation. Instead the user will be bounced to
the LoginForm which fails to load, because the necessary option.xml was not
yet installed.
An example HAProxy configuration that reproduces the issue is as follows:
listen test
mode http
bind *:80
http-request set-header host 172.19.0.5
server nginx 172.19.0.5:80
If the WCFSetup is accepted via any hostname that is not `172.19.0.5`, e.g.
by using `localhost` then cookies will fail to stick within the web browser.
This commit extends the system requirements step to:
- Compare the HTTP_HOST as seen by the web server against both:
1) The `Referer` header.
2) The `window.location.host` value in JavaScript.
If any of those mismatches, then the web server is not correctly configured.
- Read a cookie that was set earlier.
If this cookie is missing, then most likely the `domain` property was
incorrectly specified.
This commit most likely resolves #3024.
Tim Düsterhus [Wed, 5 Aug 2020 14:22:35 +0000 (16:22 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 14:21:45 +0000 (16:21 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 14:17:16 +0000 (16:17 +0200)]
Fix PHP 5.5 compatibility
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Matthias Schmidt [Wed, 5 Aug 2020 13:51:11 +0000 (15:51 +0200)]
Merge branch '5.2'
Matthias Schmidt [Wed, 5 Aug 2020 13:48:58 +0000 (15:48 +0200)]
Fix handling of hidden form field values via AJAX
See #3053
Alexander Ebert [Wed, 5 Aug 2020 10:57:55 +0000 (12:57 +0200)]
Merge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:57:22 +0000 (12:57 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 5 Aug 2020 10:56:18 +0000 (12:56 +0200)]
Merge pull request #3462 from SoftCreatR/patch-14
Add detection for Chromium based Edge browser
Alexander Ebert [Wed, 5 Aug 2020 10:54:21 +0000 (12:54 +0200)]
Merge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:51:35 +0000 (12:51 +0200)]
Merge pull request #3471 from WoltLab/disable-spider-visit-tracking
Disable visit tracking for search engines
Tim Düsterhus [Wed, 5 Aug 2020 10:07:01 +0000 (12:07 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 10:06:26 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 10:05:08 +0000 (12:05 +0200)]
Do not decrement wcf1_user.articles when deleting unpublished articles
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Tim Düsterhus [Wed, 5 Aug 2020 10:00:31 +0000 (12:00 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 09:59:38 +0000 (11:59 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 09:58:13 +0000 (11:58 +0200)]
Update wcf1_user.articles when deleting articles
Fixes #3480
Marcel Werk [Wed, 5 Aug 2020 09:23:54 +0000 (11:23 +0200)]
Merge pull request #3479 from WoltLab/jump-to-content
Rename "Mark as Read" button to "Jump To Content" in notification mails
Marcel Werk [Wed, 5 Aug 2020 09:16:51 +0000 (11:16 +0200)]
Improved german phrasing
Tim Düsterhus [Wed, 5 Aug 2020 09:10:09 +0000 (11:10 +0200)]
Rename "Mark as Read" button to "Jump To Content" in notification mails
Resolves #3257
Tim Düsterhus [Wed, 5 Aug 2020 07:33:33 +0000 (09:33 +0200)]
Merge pull request #3475 from WoltLab/image-scale-memory
Add checkMemoryLimit() method to ImageAdapter
Alexander Ebert [Tue, 4 Aug 2020 18:55:20 +0000 (20:55 +0200)]
Prevent the incorrect focus of the close button for confirmation dialogs
Tim Düsterhus [Tue, 4 Aug 2020 14:57:48 +0000 (16:57 +0200)]
Duplicate logo on import of pageLogo = pageLogoMobile
Fixes #3478
Tim Düsterhus [Tue, 4 Aug 2020 11:43:02 +0000 (13:43 +0200)]
Merge pull request #3456 from WoltLab/style-cleanup
Clean up asset handling of styles
Tim Düsterhus [Tue, 4 Aug 2020 08:29:28 +0000 (10:29 +0200)]
Make use of ImageAdapter::checkMemoryLimit()
Tim Düsterhus [Tue, 4 Aug 2020 08:26:34 +0000 (10:26 +0200)]
Add ImageAdapter::checkMemoryLimit()
Resolves #3229
Sascha Greuel [Sun, 26 Jul 2020 15:19:00 +0000 (17:19 +0200)]
Added detection for Chromium based Edge browser
joshuaruesweg [Mon, 3 Aug 2020 16:27:49 +0000 (18:27 +0200)]
Merge branch '5.2'
joshuaruesweg [Mon, 3 Aug 2020 16:23:12 +0000 (18:23 +0200)]
Add note, that the page.xml PIP instruction is needed with the next update
See #3474
joshuaruesweg [Mon, 3 Aug 2020 16:14:59 +0000 (18:14 +0200)]
Merge branch '3.1'
joshuaruesweg [Mon, 3 Aug 2020 16:12:07 +0000 (18:12 +0200)]
Fix updating `requireObjectID` for existing pages
Olaf Braun [Mon, 3 Aug 2020 11:34:00 +0000 (13:34 +0200)]
Add all environment to event listener (#3145)
Alexander Ebert [Mon, 3 Aug 2020 10:52:19 +0000 (12:52 +0200)]
Merge pull request #3472 from WoltLab/user-rank-live-preview
User rank live preview
Tim Düsterhus [Mon, 3 Aug 2020 10:35:57 +0000 (12:35 +0200)]
Add cache buster for pageLogo
Tim Düsterhus [Mon, 3 Aug 2020 10:33:58 +0000 (12:33 +0200)]
Remove old pageLogo(|Mobile) file when logo is deleted or updated
Tim Düsterhus [Mon, 3 Aug 2020 09:43:35 +0000 (11:43 +0200)]
Merge branch 'master' into style-cleanup
Alexander Ebert [Sat, 1 Aug 2020 17:36:02 +0000 (19:36 +0200)]
Missing semicolons
Alexander Ebert [Sat, 1 Aug 2020 17:33:53 +0000 (19:33 +0200)]
Support for custom block level tag names
Closes #3270
Alexander Ebert [Sat, 1 Aug 2020 17:28:55 +0000 (19:28 +0200)]
Prevent auto-focus on search suggestions
Closes #3263
Alexander Ebert [Sat, 1 Aug 2020 15:23:13 +0000 (17:23 +0200)]
Merge branch '5.2'
Alexander Ebert [Sat, 1 Aug 2020 15:22:54 +0000 (17:22 +0200)]
The `data-user-id` is already set by the ReactionHandler
Fixes #3463
Alexander Ebert [Sat, 1 Aug 2020 15:04:56 +0000 (17:04 +0200)]
Live preview for user ranks
Alexander Ebert [Sat, 1 Aug 2020 15:00:38 +0000 (17:00 +0200)]
Modernize the JavaScript for the live preview for labels
Inlining the JavaScript made it much easier plus prevents increasing the bundle size.
Marcel Werk [Fri, 31 Jul 2020 15:29:09 +0000 (17:29 +0200)]
Improved detection of duplicate key errors
Alexander Ebert [Fri, 31 Jul 2020 15:10:25 +0000 (17:10 +0200)]
Prevent writes to the session rather than reads
Alexander Ebert [Fri, 31 Jul 2020 11:40:37 +0000 (13:40 +0200)]
Merge branch '5.2'
Alexander Ebert [Fri, 31 Jul 2020 11:40:14 +0000 (13:40 +0200)]
Disable visit tracking for search engines
Tim Düsterhus [Fri, 31 Jul 2020 09:11:22 +0000 (11:11 +0200)]
Merge pull request #3470 from WoltLab/db-expose-driver-specific-code
Allow retrieving the driver specific error code from DatabaseQueryExe…
Tim Düsterhus [Fri, 31 Jul 2020 08:50:32 +0000 (10:50 +0200)]
Allow retrieving the driver specific error code from DatabaseQueryExecutionException
A single ANSI SQLSTATE can indicate several distinct error conditions. The
driver code appears to be unique for MySQL.
Marcel Werk [Thu, 30 Jul 2020 16:07:09 +0000 (18:07 +0200)]
Typo
Marcel Werk [Thu, 30 Jul 2020 16:06:52 +0000 (18:06 +0200)]
Typo
Marcel Werk [Thu, 30 Jul 2020 16:05:18 +0000 (18:05 +0200)]
Made use of the new method "createOrIgnore"
Marcel Werk [Thu, 30 Jul 2020 16:03:14 +0000 (18:03 +0200)]
New method that will ignore duplicate key errors while inserting rows into the database
Tim Düsterhus [Thu, 30 Jul 2020 09:26:47 +0000 (11:26 +0200)]
Revert "Whitelist `unserialize()` when running in enterprise mode"
`unserialize()` is unsafe, because it potentially allows for arbitrary
code execution.
This reverts commit
564ba8525e42c9d4677ee1ddac58c4c9c67fc113.
Tim Düsterhus [Wed, 29 Jul 2020 07:03:59 +0000 (09:03 +0200)]
Merge pull request #3467 from WoltLab/avoid-getFont
Avoid use of getFont.php
Alexander Ebert [Tue, 28 Jul 2020 16:35:22 +0000 (18:35 +0200)]
Place the code and inline-code button next to each other
Closes #3241
Tim Düsterhus [Tue, 28 Jul 2020 12:18:10 +0000 (14:18 +0200)]
Inject proper getFont() version depending on isMultiDomainSetup()
Tim Düsterhus [Tue, 28 Jul 2020 12:13:20 +0000 (14:13 +0200)]
Use getFont SCSS function
Tim Düsterhus [Tue, 28 Jul 2020 12:12:55 +0000 (14:12 +0200)]
Add getFont() SCSS helper function
Tim Düsterhus [Tue, 28 Jul 2020 10:47:47 +0000 (12:47 +0200)]
Use filename parameter of getFont.php for FontAwesome
Matthias Schmidt [Mon, 27 Jul 2020 16:45:49 +0000 (18:45 +0200)]
Merge branch '5.2'
Matthias Schmidt [Mon, 27 Jul 2020 16:44:45 +0000 (18:44 +0200)]
Clear language cache when clearing cronjob cache
Close #3465
Tim Düsterhus [Mon, 27 Jul 2020 09:33:23 +0000 (11:33 +0200)]
Fix Style::getCoverPhotoUrl()
Make sure to return an absolute URL.
Tim Düsterhus [Mon, 27 Jul 2020 09:15:30 +0000 (11:15 +0200)]
Merge branch 'master' into style-cleanup
Tim Düsterhus [Mon, 27 Jul 2020 07:22:48 +0000 (09:22 +0200)]
Merge pull request #3460 from WoltLab/ship-open-sans
Ship Open Sans by default
Marcel Werk [Fri, 24 Jul 2020 14:03:33 +0000 (16:03 +0200)]
Prevent images in comments in the sidebar box from becoming too large
Tim Düsterhus [Fri, 24 Jul 2020 11:52:37 +0000 (13:52 +0200)]
Remove Google Font Embed from ACP
Tim Düsterhus [Fri, 24 Jul 2020 11:40:39 +0000 (13:40 +0200)]
Bake Open Sans into default installation
Resolves #3458
Tim Düsterhus [Fri, 24 Jul 2020 12:13:48 +0000 (14:13 +0200)]
Unbreak WCFSetup
Tim Düsterhus [Fri, 24 Jul 2020 10:20:13 +0000 (12:20 +0200)]
Expand style upload field definitions to store image size constraints
Tim Düsterhus [Fri, 24 Jul 2020 10:13:14 +0000 (12:13 +0200)]
Fix preserveAspectRatio parameter name in ImageAdapters
Tim Düsterhus [Fri, 24 Jul 2020 09:22:25 +0000 (11:22 +0200)]
Add missing PHPDoc tags to StyleAddForm / Style
Tim Düsterhus [Fri, 24 Jul 2020 09:19:48 +0000 (11:19 +0200)]
DRY up handling of existing favicon in StyleEditForm
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Tim Düsterhus [Fri, 24 Jul 2020 09:18:15 +0000 (11:18 +0200)]
Fix code style in StyleAddForm
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Tim Düsterhus [Thu, 23 Jul 2020 12:13:37 +0000 (14:13 +0200)]
Fix copy and paste mistake deleting cover photos on Favicon update
Tim Düsterhus [Thu, 23 Jul 2020 12:09:59 +0000 (14:09 +0200)]
Merge branch 'master' into style-cleanup
Tim Düsterhus [Thu, 23 Jul 2020 11:59:54 +0000 (13:59 +0200)]
Merge pull request #3448 from WoltLab/local-google-font
Serve Google Fonts locally
Tim Düsterhus [Thu, 23 Jul 2020 11:59:01 +0000 (13:59 +0200)]
Fix possible response truncation in HTTPRequest on Windows
Tim Düsterhus [Thu, 23 Jul 2020 11:47:50 +0000 (13:47 +0200)]
Fix truncated FontManager downloads on Windows
Marcel Werk [Thu, 23 Jul 2020 10:31:26 +0000 (12:31 +0200)]
Merge branch '5.2'
Marcel Werk [Thu, 23 Jul 2020 10:30:53 +0000 (12:30 +0200)]
Invalid suffix value caused an error when rendering the form
Marcel Werk [Thu, 23 Jul 2020 09:42:27 +0000 (11:42 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Thu, 23 Jul 2020 09:42:25 +0000 (11:42 +0200)]
Typo
Tim Düsterhus [Thu, 23 Jul 2020 09:35:19 +0000 (11:35 +0200)]
Fix Style Import
Tim Düsterhus [Thu, 23 Jul 2020 09:27:41 +0000 (11:27 +0200)]
Fix export of style preview images
Tim Düsterhus [Thu, 23 Jul 2020 08:48:52 +0000 (10:48 +0200)]
DRY up upload list list definitions in StyleAddForm
Tim Düsterhus [Thu, 23 Jul 2020 08:46:36 +0000 (10:46 +0200)]
DRY up StyleAddForm::rebuildUploadFields()
Tim Düsterhus [Wed, 22 Jul 2020 14:14:19 +0000 (16:14 +0200)]
Remove obsolete `use` statements in Style DBOs
Tim Düsterhus [Wed, 22 Jul 2020 14:11:43 +0000 (16:11 +0200)]
Remove obsolete manual removal of style_variable_values
The FOREIGN KEY handles that.
Tim Düsterhus [Wed, 22 Jul 2020 14:10:44 +0000 (16:10 +0200)]
Remove obsolete call to removed method
Tim Düsterhus [Wed, 22 Jul 2020 14:10:01 +0000 (16:10 +0200)]
Always export all style images / assets