Tim Düsterhus [Tue, 28 Sep 2021 13:17:30 +0000 (15:17 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 28 Sep 2021 13:13:42 +0000 (15:13 +0200)]
Cast the Redis port to int
The `Redis::connect()` method expects the `$port` parameter to be an integer.
PHP will automatically cast numeric strings to an integer, but error out with
an TypeError if the string is not a well-formed number. This TypeError will not
be caught in an `catch(\Exception $e)` block, because TypeError does not
inherit Exception.
Perform an explicit cast to ensure the fallback to DiskCacheSource works.
Tim Düsterhus [Mon, 27 Sep 2021 08:32:14 +0000 (10:32 +0200)]
Merge pull request #4526 from WoltLab/session-cookie-lifetime
Decrease the session cookie lifetime leeway to 1 week
Tim Düsterhus [Mon, 27 Sep 2021 08:03:13 +0000 (10:03 +0200)]
Decrease the session cookie lifetime leeway to 1 week
With the increase of the user session lifetime to 2 months, simply multiplying
by two results in an excessive cookie lifetime.
Decrease this to a constant leeway of 1 week. If the cookie in the browser
expires, the session on the server should be long gone, even for wildly
incorrect local clocks.
Joshua Rüsweg [Mon, 27 Sep 2021 07:50:54 +0000 (09:50 +0200)]
Merge pull request #4525 from WoltLab/session-device-icon
Move Session::getDeviceIcon() into UserAgent::getDeviceIcon()
Tim Düsterhus [Fri, 24 Sep 2021 14:29:03 +0000 (16:29 +0200)]
Move Session::getDeviceIcon() into UserAgent::getDeviceIcon()
This method does not really belong into the Session class.
Tim Düsterhus [Fri, 24 Sep 2021 13:27:48 +0000 (15:27 +0200)]
Validate the XSRF-Token in DeleteSessionAction
This is not necessarily required, because the `sessionID` already contains high
entropy. However the JavaScript code already provides the XSRF-Token, so let's
validate it for completeness.
Tim Düsterhus [Fri, 24 Sep 2021 12:34:39 +0000 (14:34 +0200)]
Remove SECURITY_TOKEN* constants from constants.php
These were effectively deprecated in
3f6a261b1e6a3804370eb1e2a046ea6c666dbedd.
Tim Düsterhus [Fri, 24 Sep 2021 12:33:48 +0000 (14:33 +0200)]
Remove SID* constants from constants.php
These were removed in
8a35fd6de81f1138456fb777eb57d4b3907c0c66.
Alexander Ebert [Fri, 24 Sep 2021 09:13:32 +0000 (11:13 +0200)]
Release 5.4.8
Alexander Ebert [Fri, 24 Sep 2021 07:37:56 +0000 (09:37 +0200)]
Release 5.4.8 dev 2
Tim Düsterhus [Thu, 23 Sep 2021 11:33:54 +0000 (13:33 +0200)]
Merge pull request #4516 from WoltLab/xsrf-token-error
Improve phrasing for XSRF token error messages
Tim Düsterhus [Thu, 23 Sep 2021 10:47:15 +0000 (12:47 +0200)]
Improve phrasing in wcf.ajax.error.sessionExpired
see #4501
Tim Düsterhus [Thu, 23 Sep 2021 10:44:32 +0000 (12:44 +0200)]
Improve phrasing in wcf.global.form.error.securityToken
see #4501
Alexander Ebert [Wed, 22 Sep 2021 16:35:39 +0000 (18:35 +0200)]
Release 5.4.8 dev 1
WoltLab [Wed, 22 Sep 2021 16:11:07 +0000 (16:11 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 22 Sep 2021 12:55:44 +0000 (14:55 +0200)]
Fix typo in setup_en.xml
Marcel Werk [Wed, 22 Sep 2021 08:57:09 +0000 (10:57 +0200)]
Incorrect type comparison when the legacy mysql extension is been used
Tim Düsterhus [Tue, 21 Sep 2021 14:58:07 +0000 (16:58 +0200)]
Merge branch '5.3' into 5.4
Marcel Werk [Tue, 21 Sep 2021 14:53:14 +0000 (16:53 +0200)]
Merge pull request #4497 from max-m/patch-categoryMultiSelectOptionType
Make `categoryMultiSelectOptionType.tpl` behave like `categoryOptionList.tpl`
Tim Düsterhus [Tue, 21 Sep 2021 14:31:17 +0000 (16:31 +0200)]
Take the array key into account when checking whether an unnamed KEY matches in DatabaseTableChangeProcessor
The reproducer effectively matches
d7f721d6f920d66f75102723b504d89e57a8c9ff, except that the KEY
is unnamed.
Previously the update would silently fail to do anything. Now the update fails
loudly, because it attempts to create another index with an existing name. This
is no different behavior compared to an INDEX collision of two unnamed indices
`(a, b)`, `(a, c)`. The developer will be clearly alerted of this issue and can
take appropriate measures to avoid it, e.g. by using explicit names.
see #4434
Alexander Ebert [Tue, 21 Sep 2021 13:23:24 +0000 (15:23 +0200)]
Skip desktop notifications on Android
Notifications are not supported outside of the context of service workers.
See https://community.woltlab.com/thread/292374-chrome-android-failed-to-construct-notification-illegal-constructor/
Tim Düsterhus [Tue, 21 Sep 2021 08:59:22 +0000 (10:59 +0200)]
Do not error during validation of TOTP codes if an invalid device is selected
Tim Düsterhus [Tue, 21 Sep 2021 08:54:46 +0000 (10:54 +0200)]
Do not pass `null` to `|encodeJS`
This breaks in PHP 8.1.
Tim Düsterhus [Mon, 20 Sep 2021 16:51:04 +0000 (18:51 +0200)]
Fix TypeScript code style
Tim Düsterhus [Mon, 20 Sep 2021 16:50:03 +0000 (18:50 +0200)]
Fix SCSS code style
Tim Düsterhus [Mon, 20 Sep 2021 16:47:42 +0000 (18:47 +0200)]
Use well-specified node.js for Prettier jobs in GitHub Actions
Tim Düsterhus [Mon, 20 Sep 2021 16:44:54 +0000 (18:44 +0200)]
Update GitHub Actions to node.js 16
Alexander Ebert [Mon, 20 Sep 2021 16:25:10 +0000 (18:25 +0200)]
Skip bogus selection changes
Alexander Ebert [Mon, 20 Sep 2021 16:20:28 +0000 (18:20 +0200)]
Skip the check for the caret position if the selection is invalid
Alexander Ebert [Mon, 20 Sep 2021 15:48:46 +0000 (17:48 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Mon, 20 Sep 2021 15:48:31 +0000 (17:48 +0200)]
Incorrect gradient value in Safari
https://community.woltlab.com/thread/292475-mainmenushowprevious-mainmenushownext-safari-farbunterschied-fehler/
Tim Düsterhus [Mon, 20 Sep 2021 15:15:31 +0000 (17:15 +0200)]
Update npm dependencies
Tim Düsterhus [Mon, 20 Sep 2021 14:52:58 +0000 (16:52 +0200)]
Fix SCSS code style
Apparently the replacement of 100% by 1 caused the line to be sufficiently
short to rewrap.
Tim Düsterhus [Mon, 20 Sep 2021 14:47:14 +0000 (16:47 +0200)]
Fix use of transparentize() in *.scss
The function expects a unitless number between 0 and 1 as the second parameter.
The updated SCSS compiler in 5.5+ complains about this misuse.
Tim Düsterhus [Mon, 20 Sep 2021 14:23:41 +0000 (16:23 +0200)]
Fix return type for SeekableIterator::* implementations
The `mixed` type is not available with our current minimum PHP version, thus
using ReturnTypeWillChange for these.
Tim Düsterhus [Mon, 20 Sep 2021 14:01:02 +0000 (16:01 +0200)]
Move scssphp to the WoltLab fork
This is for PHP 8.1 compatibility.
Alexander Ebert [Mon, 20 Sep 2021 13:58:59 +0000 (15:58 +0200)]
Merge branch '5.4' of https://github.com/WoltLab/WCF into 5.4
Alexander Ebert [Mon, 20 Sep 2021 13:58:51 +0000 (15:58 +0200)]
Enable `X-Frame-Options` for the WCFSetup
This has the side effect of suppressing `SameSite=none` for the cookies, which fails on insecure connections because this attribute value is valid for secure cookies only.
Resolves #4499
Follow up for
2a9d48c4badc4de2e0f2d2fc73c3af2bee39cce8
Tim Düsterhus [Mon, 20 Sep 2021 13:48:03 +0000 (15:48 +0200)]
Fix return type of `count()` for the remaining classes implementing \Countable
see
3f6b343d10b044ab08d41fec525f69ffe0a95e49
Tim Düsterhus [Mon, 20 Sep 2021 13:44:14 +0000 (15:44 +0200)]
Fix PHP 8.1 compatibility in DatabaseObjectList
> Return type of wcf\data\DatabaseObjectList::count() should either be
> compatible with Countable::count(): int, or the #[ReturnTypeWillChange]
> attribute should be used to temporarily suppress the notice […]
Alexander Ebert [Mon, 20 Sep 2021 13:31:54 +0000 (15:31 +0200)]
Enable `X-Frame-Options` for the WCFSetup
This has the side effect of suppressing `SameSite=none` for the cookies, which fails on insecure connections because this attribute value is valid for secure cookies only.
Resolves #4499
Alexander Ebert [Mon, 20 Sep 2021 12:17:50 +0000 (14:17 +0200)]
Skip the default cover photo when rebuilding users
Fixes #4500
Tim Düsterhus [Mon, 20 Sep 2021 11:37:54 +0000 (13:37 +0200)]
Set the XSRF-Token cookie to SameSite=lax
As it turns out, `strict` is too strict for some use cases of the average user,
as it might suppress the cookie when the user researches something while
writing a post and ultimately comes back to the community via an external link.
This request will not have the XSRF-Token cookie attached due to violating the
`strict` policy, resulting in WoltLab Suite sending a fresh cookie in response.
This will then invalidate the token stored in the form where the user is in the
process of writing their post, ultimately resulting in an error message.
The `SameSite` value is meant as a defense in depth measure to protect the user
even if they current token leaked in some way. Reducing the strictness does not
reduce the security in a measurable way.
Marcel Werk [Fri, 17 Sep 2021 12:15:30 +0000 (14:15 +0200)]
Typo
Maximilian Mader [Tue, 14 Sep 2021 16:19:15 +0000 (18:19 +0200)]
Make `categoryMultiSelectOptionType.tpl` behave like `categoryOptionList.tpl`
Currently the `categoryMultiSelectOptionType.tpl` outputs nodes of depth 0 and depth 1,
but article categories for example can be nested deeper than that.
The `categoryOptionList.tpl` as used by the category add forms handles arbitrary nesting levels already,
so I’ve ported the template logic over to the multi select option template.
The maximum nesting depth in the `AbstractCategoryMultiSelectOptionType.class.php` has been changed
to the default value (-1) to allow for infinite nesting depths.
Alexander Ebert [Sat, 11 Sep 2021 15:07:28 +0000 (17:07 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Sat, 11 Sep 2021 15:05:59 +0000 (17:05 +0200)]
Merge pull request #4496 from mutec/tagfieldfdp1
fix id of `CustomFormDataProcessor` in `TagFormField`
mutec [Fri, 10 Sep 2021 14:49:57 +0000 (16:49 +0200)]
fix id of `CustomFormDataProcessor` in `TagFormField`
the id was `acl` which seems to be a copy paste-mistake
Alexander Ebert [Thu, 9 Sep 2021 11:47:17 +0000 (13:47 +0200)]
Incorrect code style
Alexander Ebert [Thu, 9 Sep 2021 11:42:47 +0000 (13:42 +0200)]
Adjusted the `tab_width` for *.css/*.scss
Alexander Ebert [Thu, 9 Sep 2021 11:35:31 +0000 (13:35 +0200)]
Explicitly reduce the indent size of *.css/*.scss
Alexander Ebert [Thu, 9 Sep 2021 09:58:15 +0000 (11:58 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Thu, 9 Sep 2021 09:58:00 +0000 (11:58 +0200)]
Merge branch '5.2' into 5.3
Alexander Ebert [Thu, 9 Sep 2021 09:56:06 +0000 (11:56 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Thu, 9 Sep 2021 09:50:40 +0000 (11:50 +0200)]
Merge pull request #4495 from Fabii547/patch-79
Fix writing `runStandalone` attribute to package.xml
Alexander Ebert [Thu, 9 Sep 2021 09:47:02 +0000 (11:47 +0200)]
Merge pull request #4493 from WoltLab/5.3-aclformfieldcleanup
Reset ACL field values within form cleanup
Fabii547 [Thu, 9 Sep 2021 08:28:36 +0000 (10:28 +0200)]
Fix writing `runStandalone` attribute to package.xml
Alexander Ebert [Wed, 8 Sep 2021 13:38:46 +0000 (15:38 +0200)]
Release 5.4.7
Alexander Ebert [Wed, 8 Sep 2021 12:13:30 +0000 (14:13 +0200)]
Release 5.3.14
Alexander Ebert [Wed, 8 Sep 2021 12:05:13 +0000 (14:05 +0200)]
Incorrect use of spaces for indentation in <5.4
Alexander Ebert [Sun, 8 Aug 2021 09:29:26 +0000 (11:29 +0200)]
Sandbox `foreachVars` in templates
Nesting the same template inside a `foreach` loop that is also accessed inside the nested call will overwrite the values from the outer template due to identical identifiers being used.
The sandbox did not protected `$this->foreachVars` despite being stateful.
See #4431
Fixes #4444
joshuaruesweg [Wed, 8 Sep 2021 11:53:42 +0000 (13:53 +0200)]
Reset ACL field values within form cleanup
joshuaruesweg [Wed, 8 Sep 2021 11:51:29 +0000 (13:51 +0200)]
Remove empty lines
Alexander Ebert [Tue, 7 Sep 2021 21:01:22 +0000 (23:01 +0200)]
Release 5.4.7 RC 2
Alexander Ebert [Tue, 7 Sep 2021 21:00:29 +0000 (23:00 +0200)]
Replaced a hard-wired color value, Safari fix
Alexander Ebert [Tue, 7 Sep 2021 11:33:58 +0000 (13:33 +0200)]
Release 5.4.7 RC 1
Alexander Ebert [Tue, 7 Sep 2021 11:32:43 +0000 (13:32 +0200)]
Merge branch '5.4' of https://github.com/WoltLab/WCF into 5.4
WoltLab [Tue, 7 Sep 2021 11:30:44 +0000 (11:30 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 7 Sep 2021 11:28:49 +0000 (13:28 +0200)]
Removed the upgrade instructions for 5.3.*
This greatly reduces the size of the update packages. Upgrade from 5.3 will still work, but will upgrade to 5.4.6 only and then apply the remaining updates.
Alexander Ebert [Tue, 7 Sep 2021 11:21:01 +0000 (13:21 +0200)]
Check against the current menu item during editing only
Joshua Rüsweg [Sat, 4 Sep 2021 10:24:10 +0000 (12:24 +0200)]
Merge pull request #4491 from Fighter456/devtools-language-fix
Fix miswording in language variable of devtools
Dennis Kraffczyk [Sat, 4 Sep 2021 10:11:50 +0000 (12:11 +0200)]
Fix miswording in language variable of devtools
The german language variable `wcf.acp.pip.page.name.description` uses the word `Boxname` but is used in the `PagePackageInstallationPlugin`.
Marcel Werk [Thu, 2 Sep 2021 13:55:21 +0000 (15:55 +0200)]
Merge branch '5.3' into 5.4
Marcel Werk [Thu, 2 Sep 2021 13:54:36 +0000 (15:54 +0200)]
New link format for Facebook videos
Alexander Ebert [Tue, 31 Aug 2021 20:31:14 +0000 (22:31 +0200)]
`exif` was not listed as a required extension
Alexander Ebert [Tue, 31 Aug 2021 20:29:15 +0000 (22:29 +0200)]
Typo (missing comma)
Alexander Ebert [Tue, 31 Aug 2021 20:04:47 +0000 (22:04 +0200)]
Merge pull request #4487 from WoltLab/npm
Upgrade npm dependencies
Alexander Ebert [Tue, 31 Aug 2021 14:52:04 +0000 (16:52 +0200)]
Release 5.4.6
Alexander Ebert [Tue, 31 Aug 2021 14:33:48 +0000 (16:33 +0200)]
Release 5.4.5
Alexander Ebert [Tue, 31 Aug 2021 14:20:29 +0000 (16:20 +0200)]
Release 5.4.5
Alexander Ebert [Tue, 31 Aug 2021 13:57:40 +0000 (15:57 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Tue, 31 Aug 2021 12:49:21 +0000 (14:49 +0200)]
Release 5.3.13
WoltLab [Tue, 31 Aug 2021 12:35:22 +0000 (12:35 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 31 Aug 2021 12:32:44 +0000 (14:32 +0200)]
Merge branch '5.2' into 5.3
Alexander Ebert [Tue, 31 Aug 2021 11:40:31 +0000 (13:40 +0200)]
Release 5.2.15
Alexander Ebert [Tue, 31 Aug 2021 11:31:31 +0000 (13:31 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Tue, 31 Aug 2021 10:32:33 +0000 (12:32 +0200)]
Release 3.1.23
Tim Düsterhus [Mon, 30 Aug 2021 10:33:04 +0000 (12:33 +0200)]
Satisfy eslint
Tim Düsterhus [Mon, 30 Aug 2021 10:08:35 +0000 (12:08 +0200)]
Run prettier
Tim Düsterhus [Mon, 30 Aug 2021 09:50:56 +0000 (11:50 +0200)]
Upgrade TypeScript
Tim Düsterhus [Mon, 30 Aug 2021 09:48:16 +0000 (11:48 +0200)]
Update all npm dependendencies except TypeScript itself
Alexander Ebert [Fri, 27 Aug 2021 10:43:18 +0000 (12:43 +0200)]
Release 5.4.5 RC 1
WoltLab [Fri, 27 Aug 2021 09:38:25 +0000 (09:38 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Fri, 27 Aug 2021 09:26:53 +0000 (11:26 +0200)]
Add placeholder to the 'path' input in DevtoolsProjectAddForm
Tim Düsterhus [Fri, 27 Aug 2021 09:23:49 +0000 (11:23 +0200)]
Add description to the path input in DevtoolsProjectAddForm
Resolves #4479
Tim Düsterhus [Fri, 27 Aug 2021 09:03:25 +0000 (11:03 +0200)]
Revert "Remove erroneous DatabasePackageInstallationPlugin::getDefaultFilename()"
This had the unintended side-effect of no longer listing the database PIP
within the “Sync” view of dev tools. This will need to be revisited (#4480).
This reverts commit
d5b180155d5805bda7e3132df2f4fde6627a49db.
Alexander Ebert [Thu, 26 Aug 2021 14:31:32 +0000 (16:31 +0200)]
Merge pull request #4478 from ilouHD/patch-2
Update de.xml
ilou [Thu, 26 Aug 2021 14:26:25 +0000 (16:26 +0200)]
Update de.xml
fixed some typos when creating a new project using the devtools-gui in the german language.
Regarding the item `wcf.acp.devtools.project.isApplication.description` I'm unsure, why template-folders are mentioned explicitly. As I know they're the same as in plugins/projects, which are no applications.
Alexander Ebert [Thu, 26 Aug 2021 14:06:18 +0000 (16:06 +0200)]
Incorrect alignment of positioned elements when they are hidden
The calculation did not consider the `display` attribute, causing the elements dimensions to be considered as `0x0` for the purpose of the calculation.
See https://community.woltlab.com/thread/291896-beitragsoptionen-verschoben/
projects / GitHub / WoltLab / WCF.git / log