Tim Düsterhus [Tue, 24 Aug 2021 14:52:44 +0000 (16:52 +0200)]
Merge branch '5.4'
Tim Düsterhus [Tue, 24 Aug 2021 14:44:05 +0000 (16:44 +0200)]
Exclude banned users from list of users awaiting approval
WoltLab [Tue, 24 Aug 2021 12:28:06 +0000 (12:28 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Mon, 23 Aug 2021 15:06:19 +0000 (17:06 +0200)]
Merge branch '5.4'
Tim Düsterhus [Mon, 23 Aug 2021 14:30:28 +0000 (16:30 +0200)]
Merge pull request #4473 from WoltLab/samesite
Set SameSite=none when embedding into frames is allowed
Tim Düsterhus [Mon, 23 Aug 2021 14:15:52 +0000 (16:15 +0200)]
Set SameSite=none when embedding into frames is allowed
Resolves #4428
Tim Düsterhus [Fri, 20 Aug 2021 13:52:53 +0000 (15:52 +0200)]
Merge branch '5.4'
Tim Düsterhus [Fri, 20 Aug 2021 13:52:15 +0000 (15:52 +0200)]
Merge pull request #4470 from WoltLab/oauth2-state-clear
Ensure that the OAuth 2 state parameter is cleared in all cases
Tim Düsterhus [Fri, 20 Aug 2021 13:16:46 +0000 (15:16 +0200)]
Ensure that the OAuth 2 state parameter is cleared in all cases
Alexander Ebert [Fri, 20 Aug 2021 13:09:50 +0000 (15:09 +0200)]
Missing phrases for validation errors in the app management
Tim Düsterhus [Fri, 20 Aug 2021 09:50:14 +0000 (11:50 +0200)]
Merge pull request #4467 from WoltLab/coverPhoto-worker
Fix handling of cover photos in UserRebuildDataWorker
Peter Lohse [Fri, 20 Aug 2021 09:19:23 +0000 (11:19 +0200)]
Add AbstractFormFieldDecorator (#4469)
Tim Düsterhus [Fri, 20 Aug 2021 08:49:40 +0000 (10:49 +0200)]
Merge branch '5.4'
Tim Düsterhus [Fri, 20 Aug 2021 07:35:35 +0000 (09:35 +0200)]
Remove records of unreadable cover photos in UserRebuildDataWorker
This is a clean fix of
c3ebf8b995927b826072cfcc72d08a9ebd93f878.
Tim Düsterhus [Fri, 20 Aug 2021 07:31:14 +0000 (09:31 +0200)]
Check `coverPhotoHasWebP` in UserRebuildDataWorker
This is already checked in `->createWebpVariant()`, but with the `->update()`
added in the previous commit this saves some work.
Tim Düsterhus [Fri, 20 Aug 2021 07:30:32 +0000 (09:30 +0200)]
Update `coverPhotoHasWebP` in UserRebuilDataWorker
Tim Düsterhus [Fri, 20 Aug 2021 07:20:51 +0000 (09:20 +0200)]
Use ->getLocation() in UserCoverPhoto::createWebpVariant()
This partially reapplies
c3ebf8b995927b826072cfcc72d08a9ebd93f878 which was
reverted in
300312306b2858b6b9f474a30814fe16c3e1854c.
Tim Düsterhus [Fri, 20 Aug 2021 07:19:28 +0000 (09:19 +0200)]
Revert "Skip cover photos that cannot be read"
This should rather be cleanly fixed within the UserRebuildDataWorker, while
also updating the database on failure.
This reverts commit
c3ebf8b995927b826072cfcc72d08a9ebd93f878.
Tim Düsterhus [Thu, 19 Aug 2021 15:04:39 +0000 (17:04 +0200)]
Merge branch '5.4'
Tim Düsterhus [Thu, 19 Aug 2021 14:43:57 +0000 (16:43 +0200)]
Fix check whether a non-owned index is being dropped in DatabaseTableChangeProcessor
The reproducer and fix is effectively identical to the one in
d7f721d6f920d66f75102723b504d89e57a8c9ff.
Package A: Installs KEY someIndex (`UNIQUE`)
Package B: Installs UNIQUE KEY someIndex2 (`UNIQUE`)
Package B: Drops UNIQUE KEY someIndex2 (`UNIQUE`)
It was erroneously detected that Package B would drop the index owned by
Package A. The actual dropping logic was already correct, just the safety check
was incorrect.
Joshua Rüsweg [Thu, 19 Aug 2021 12:49:48 +0000 (14:49 +0200)]
Merge pull request #4465 from WoltLab/5.5-twitter-response-psr7
Use PSR-7 responses in `TwitterAuthAction`
joshuaruesweg [Thu, 19 Aug 2021 12:42:46 +0000 (14:42 +0200)]
Remove superfluous import
joshuaruesweg [Thu, 19 Aug 2021 12:37:38 +0000 (14:37 +0200)]
Use PSR-7 responses in `TwitterAuthAction`
Joshua Rüsweg [Thu, 19 Aug 2021 11:20:53 +0000 (13:20 +0200)]
Merge pull request #4349 from WoltLab/user-edit-dropdown
Add User Edit dropdown on UserEditPage
Alexander Ebert [Wed, 18 Aug 2021 16:37:11 +0000 (18:37 +0200)]
Skip cover photos that cannot be read
Tim Düsterhus [Wed, 18 Aug 2021 14:58:49 +0000 (16:58 +0200)]
Checkout the repository before setting up node
see
464224a153f2d140551726128e0a5ad10d022ed0
Tim Düsterhus [Wed, 18 Aug 2021 14:57:25 +0000 (16:57 +0200)]
Enable npm caching in GitHub Actions
Tim Düsterhus [Wed, 18 Aug 2021 09:35:20 +0000 (11:35 +0200)]
Merge pull request #4464 from WoltLab/session-id-unpack
Fix unpacking of the sessionId
Tim Düsterhus [Wed, 18 Aug 2021 07:43:22 +0000 (09:43 +0200)]
Add safety check for unpacked session cookie data
Tim Düsterhus [Wed, 18 Aug 2021 07:44:07 +0000 (09:44 +0200)]
Fix unpacking of the sessionId
As documented by PHP's reference documentation:
> The "a" code now retains trailing NULL bytes.
> The "A" code now strips all trailing ASCII whitespace (spaces, tabs,
> newlines, carriage returns, and NULL bytes).
Previously, with the 'A' code, sessionIds ending in ASCII whitespace would be
incorrectly unpacked, missing their trailing bytes. This ultimately resulted in
the session not being found and the user being logged out.
Five of the 256 possible characters exhibited this bug, making this fail in
roughly 2% of the cases.
However this likely was not noticable by the typical user. Once they have a
non-affected sessionId, this Id is not going to change. What the user might've
noticed is a login not working, despite showing a success message, because they
sessionId change after a successful login handed out an affected sessionId. But
then the user would likely try again, succeeding this time and writing off the
incident as a fluke.
Test script to reproduce the issue:
<?php
for ($i = 0; $i <= 255; $i++) {
$string = "foo".chr($i);
$packed = \pack(
'CA4',
1,
$string
);
$unpacked1 = \unpack('Cversion/A4string', $packed);
$unpacked2 = \unpack('Cversion/a4string', $packed);
if ($unpacked1['string'] !== $string) {
echo "$i: unpacked1\n";
}
if ($unpacked2['string'] !== $string) {
echo "$i: unpacked2\n";
}
}
Tim Düsterhus [Wed, 18 Aug 2021 07:04:18 +0000 (09:04 +0200)]
Fix informal phrase in de.xml
joshuaruesweg [Tue, 17 Aug 2021 19:41:30 +0000 (21:41 +0200)]
Add new template event `pagesTabMenuContent` on `boxAdd.tpl`
joshuaruesweg [Tue, 17 Aug 2021 19:40:51 +0000 (21:40 +0200)]
Remove whitespaces on empty lines in `boxAdd.tpl`
Tim Düsterhus [Tue, 17 Aug 2021 07:55:04 +0000 (09:55 +0200)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Tue, 17 Aug 2021 07:54:17 +0000 (09:54 +0200)]
Merge branch '5.4'
Marcel Werk [Mon, 16 Aug 2021 13:08:54 +0000 (15:08 +0200)]
Mark as read doesn't removed the badge from submenu entries
Marcel Werk [Mon, 16 Aug 2021 12:56:30 +0000 (14:56 +0200)]
Missing informal variant
Marcel Werk [Mon, 16 Aug 2021 12:52:59 +0000 (14:52 +0200)]
Typo
Tim Düsterhus [Mon, 16 Aug 2021 10:53:46 +0000 (12:53 +0200)]
Whitelist `abs` in enterprise mode
Tim Düsterhus [Mon, 16 Aug 2021 09:02:42 +0000 (11:02 +0200)]
Merge pull request #4463 from WoltLab/smiley-unicode-title
Fix Unicode in smiley titles
Tim Düsterhus [Mon, 16 Aug 2021 07:09:10 +0000 (09:09 +0200)]
Fix Unicode in smiley titles
see
5d0bf3ec233f62c6a5a68629e32b7eaa8c9d1dd3
see #4156
Tim Düsterhus [Mon, 16 Aug 2021 07:05:03 +0000 (09:05 +0200)]
Merge pull request #4462 from WoltLab/email-log-message-id
Add Message-ID filter to email log
Tim Düsterhus [Sun, 15 Aug 2021 12:33:39 +0000 (14:33 +0200)]
Fix localization of PAGE_TITLE in __multifactorTotpSecretField.tpl
Tim Düsterhus [Fri, 13 Aug 2021 13:52:11 +0000 (15:52 +0200)]
Add Message-ID filter to email log
Tim Düsterhus [Fri, 13 Aug 2021 10:31:32 +0000 (12:31 +0200)]
Add `required` attributes to acptemplates/login
joshuaruesweg [Mon, 9 Aug 2021 12:47:35 +0000 (14:47 +0200)]
Apply suggestions from code review
Marcel Werk [Fri, 13 Aug 2021 09:35:44 +0000 (11:35 +0200)]
Show article labels in recent activities
Tim Düsterhus [Fri, 13 Aug 2021 09:00:24 +0000 (11:00 +0200)]
Merge branch '5.4'
Tim Düsterhus [Fri, 13 Aug 2021 08:57:41 +0000 (10:57 +0200)]
Merge pull request #4461 from WoltLab/php7.3
Move PHP 7.3 from recommended to sufficient in SystemCheckPage
Tim Düsterhus [Fri, 13 Aug 2021 08:50:00 +0000 (10:50 +0200)]
Move PHP 7.3 from recommended to sufficient in SystemCheckPage
Tim Düsterhus [Fri, 13 Aug 2021 08:45:58 +0000 (10:45 +0200)]
Fix PHP 8.1 compatibility in DatabaseObject::getDatabaseTableIndexName()
Tim Düsterhus [Fri, 13 Aug 2021 08:11:45 +0000 (10:11 +0200)]
Tim Düsterhus [Fri, 13 Aug 2021 07:59:35 +0000 (09:59 +0200)]
Use PSR-7 responses in PollAction
Tim Düsterhus [Fri, 13 Aug 2021 07:51:14 +0000 (09:51 +0200)]
Mark RequestHandler::checkOfflineMode() and ::checkAppEvaluation() as private
Tim Düsterhus [Fri, 13 Aug 2021 07:25:35 +0000 (09:25 +0200)]
Merge pull request #4460 from WoltLab/laminas-progressbar
Replace Zend/ProgressBar by laminas-progressbar
Tim Düsterhus [Fri, 13 Aug 2021 07:20:30 +0000 (09:20 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Fri, 13 Aug 2021 07:19:27 +0000 (09:19 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Fri, 13 Aug 2021 07:18:36 +0000 (09:18 +0200)]
Merge pull request #4459 from SoftCreatR/bugfix/custom-errors
Unify error handling in several templates
Sascha Greuel [Thu, 12 Aug 2021 16:08:27 +0000 (18:08 +0200)]
Unified error handling in several templates
Tim Düsterhus [Thu, 12 Aug 2021 12:21:31 +0000 (14:21 +0200)]
Update Zend\ProgressBar imports to Laminas\ProgressBar
Tim Düsterhus [Thu, 12 Aug 2021 12:05:04 +0000 (14:05 +0200)]
Replace Zend/ProgressBar by laminas-progressbar
This is a drop-in replacement for our use-case due to laminas-zendframework-bridge.
Tim Düsterhus [Thu, 12 Aug 2021 15:22:34 +0000 (17:22 +0200)]
Slightly improve phrasing in de.xml
Tim Düsterhus [Thu, 12 Aug 2021 14:32:55 +0000 (16:32 +0200)]
Merge branch '5.4'
Tim Düsterhus [Thu, 12 Aug 2021 14:19:04 +0000 (16:19 +0200)]
Merge pull request #4437 from WoltLab/meta-psr-7
Meta: PSR-7
Tim Düsterhus [Thu, 12 Aug 2021 14:14:29 +0000 (16:14 +0200)]
Merge pull request #4447 from WoltLab/psr-7-full
Use PSR-7 responses in additional actions
Tim Düsterhus [Thu, 12 Aug 2021 11:45:54 +0000 (13:45 +0200)]
Consistently use `getControllerLink` in Facebook|Github|GoogleAuthAction
Tim Düsterhus [Thu, 12 Aug 2021 08:09:17 +0000 (10:09 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 12 Aug 2021 08:07:08 +0000 (10:07 +0200)]
Add missing call to ->loadVariables() before downloading Google Font during style import
Joshua Rüsweg [Thu, 12 Aug 2021 07:23:30 +0000 (09:23 +0200)]
Rename `Ui/Object/Action/Toogle` to `Toggle` (#4450)
Tim Düsterhus [Wed, 11 Aug 2021 14:44:44 +0000 (16:44 +0200)]
Merge pull request #4457 from WoltLab/proxy-sourcemap-laminas
Simplify proxy_sourcemap.php using the Laminas libraries
Tim Düsterhus [Tue, 10 Aug 2021 14:23:03 +0000 (16:23 +0200)]
Deprecate AbstractAjaxAction
Tim Düsterhus [Tue, 10 Aug 2021 14:12:31 +0000 (16:12 +0200)]
Use PSR-7 responses in NotificationConfirmAction
Tim Düsterhus [Tue, 10 Aug 2021 13:40:45 +0000 (15:40 +0200)]
Use PSR-7 responses in AbstractDialogAction
Tim Düsterhus [Tue, 10 Aug 2021 13:25:29 +0000 (15:25 +0200)]
Use PSR-7 responses in MessageQuoteAction
Tim Düsterhus [Tue, 10 Aug 2021 12:49:29 +0000 (14:49 +0200)]
Use PSR-7 responses in AJAXUploadAction
The IE 9 fallback technically should no longer be required, but the (legacy)
JavaScript still references the `isFallback` parameter.
Tim Düsterhus [Tue, 10 Aug 2021 12:44:21 +0000 (14:44 +0200)]
Use PSR-7 responses in NotificationDisableAction
Tim Düsterhus [Fri, 6 Aug 2021 13:59:01 +0000 (15:59 +0200)]
Use PSR-7 responses in GithubAuthAction
Tim Düsterhus [Fri, 6 Aug 2021 13:58:09 +0000 (15:58 +0200)]
Use PSR-7 responses in FacebookAuthAction
Tim Düsterhus [Fri, 6 Aug 2021 13:56:48 +0000 (15:56 +0200)]
Use PSR-7 responses in GoogleAuthAction
Tim Düsterhus [Fri, 6 Aug 2021 13:55:13 +0000 (15:55 +0200)]
Support returning PSR-7 responses in AbstractOauth2Action
Tim Düsterhus [Fri, 6 Aug 2021 13:51:37 +0000 (15:51 +0200)]
Use PSR-7 responses in CoreRewriteTestAction
Tim Düsterhus [Fri, 6 Aug 2021 13:49:17 +0000 (15:49 +0200)]
Use PSR-7 responses in BackgroundQueuePerformAction
Tim Düsterhus [Fri, 6 Aug 2021 13:43:16 +0000 (15:43 +0200)]
Use PSR-7 responses in UserQuickSearchAction
Tim Düsterhus [Fri, 6 Aug 2021 13:37:58 +0000 (15:37 +0200)]
Use PSR-7 responses in UserExportGdprAction
Tim Düsterhus [Fri, 6 Aug 2021 13:36:30 +0000 (15:36 +0200)]
Add HeaderUtil::withNoCacheHeaders()
Tim Düsterhus [Fri, 6 Aug 2021 13:29:44 +0000 (15:29 +0200)]
Use PSR-7 responses in FullLogoutAction
Tim Düsterhus [Fri, 6 Aug 2021 13:28:51 +0000 (15:28 +0200)]
Use PSR-7 responses in CacheClearAction
Tim Düsterhus [Wed, 11 Aug 2021 14:25:45 +0000 (16:25 +0200)]
Simplify proxy_sourcemap.php using the Laminas libraries
Tim Düsterhus [Wed, 11 Aug 2021 13:31:13 +0000 (15:31 +0200)]
Merge pull request #4456 from WoltLab/style-edit-description
Prevent StyleEditForm from creating phrases with empty name
Tim Düsterhus [Wed, 11 Aug 2021 12:22:10 +0000 (14:22 +0200)]
Delete the empty phrase when updating to 5.4.5
Tim Düsterhus [Wed, 11 Aug 2021 12:19:53 +0000 (14:19 +0200)]
Validate the languageVariable in I18nHandler::save()
Tim Düsterhus [Wed, 11 Aug 2021 12:17:49 +0000 (14:17 +0200)]
Add LanguageEditor::validateItemName()
Tim Düsterhus [Wed, 11 Aug 2021 12:12:42 +0000 (14:12 +0200)]
Store deterministic language variable for style description in StyleEditForm
If the `styleDescription` was empty (as it might be for the default style) this
attempted to store the description in the language item with empty name.
Tim Düsterhus [Wed, 11 Aug 2021 11:40:48 +0000 (13:40 +0200)]
Merge pull request #4454 from WoltLab/psr-7-cache-control-private
Add `cache-control: private` to PSR-7 responses
Tim Düsterhus [Wed, 11 Aug 2021 11:32:06 +0000 (13:32 +0200)]
Clean up the `cache-control` processing in RequestHandler::sendPsr7Response()
Marcel Werk [Wed, 11 Aug 2021 11:26:02 +0000 (13:26 +0200)]
Missing information who reported a content, if report was made by a guest
Tim Düsterhus [Tue, 10 Aug 2021 15:21:31 +0000 (17:21 +0200)]
Add `cache-control: private` to PSR-7 responses
see #4273
Tim Düsterhus [Wed, 11 Aug 2021 09:56:40 +0000 (11:56 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 11 Aug 2021 09:56:10 +0000 (11:56 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 11 Aug 2021 09:37:23 +0000 (11:37 +0200)]
Merge pull request #4453 from WoltLab/iformbutton-is-available
Check whether an IFormButton is available before rendering
projects / GitHub / WoltLab / WCF.git / log