Cyperghost [Tue, 25 Jun 2024 10:19:09 +0000 (12:19 +0200)]
Upgrade composer packages
`web-token/jwt-library` to `3.3.50`
`spomky-labs/pki-framework` to `1.2.1`
Olaf Braun [Mon, 24 Jun 2024 13:13:35 +0000 (15:13 +0200)]
New indent `composer.json`
Olaf Braun [Mon, 24 Jun 2024 12:57:36 +0000 (14:57 +0200)]
Merge branch 'refs/heads/master' into service-worker-notifications
# Conflicts:
# wcfsetup/install/files/lib/system/api/composer.json
# wcfsetup/install/files/lib/system/api/composer.lock
# wcfsetup/install/files/lib/system/api/composer/installed.php
Alexander Ebert [Mon, 24 Jun 2024 10:45:01 +0000 (12:45 +0200)]
Merge pull request #5949 from WoltLab/require-https
Make HTTPS a hard requirement
Alexander Ebert [Mon, 24 Jun 2024 10:21:54 +0000 (12:21 +0200)]
Updated the composer dependencies
Alexander Ebert [Mon, 24 Jun 2024 10:19:30 +0000 (12:19 +0200)]
Merge branch '6.0'
Alexander Ebert [Mon, 24 Jun 2024 10:18:19 +0000 (12:18 +0200)]
Fix the search of errors by exception id
The non-recursive variant of the `DirectoryUtil` returns a plain list of filenames rather than the pathname.
See #5932
Cyperghost [Mon, 24 Jun 2024 08:30:47 +0000 (10:30 +0200)]
Update `minishlink/web-push` to `v9.0.0-rc2`
Cyperghost [Mon, 24 Jun 2024 08:25:10 +0000 (10:25 +0200)]
Merge branch 'refs/heads/master' into service-worker-notifications
# Conflicts:
# wcfsetup/install/files/acp/database/update_com.woltlab.wcf_6.1.php
Alexander Ebert [Sun, 23 Jun 2024 11:35:09 +0000 (13:35 +0200)]
Enable the Sandbox for Templates Inside of BBCodes
See #5910
Alexander Ebert [Sat, 22 Jun 2024 18:03:51 +0000 (20:03 +0200)]
Rename endpoint classes to match the naming schema
Alexander Ebert [Sat, 22 Jun 2024 17:32:11 +0000 (19:32 +0200)]
Add a preflight script for the upgrade from 6.0
Alexander Ebert [Sat, 22 Jun 2024 17:23:51 +0000 (19:23 +0200)]
Redirect insecure requests to the frontend
Alexander Ebert [Sat, 22 Jun 2024 13:50:56 +0000 (15:50 +0200)]
Add the TLS check to the test script
Alexander Ebert [Sat, 22 Jun 2024 13:40:41 +0000 (15:40 +0200)]
Apply the code formatter to the test script
Alexander Ebert [Sat, 22 Jun 2024 13:39:09 +0000 (15:39 +0200)]
Promote HTTPS from being a recommendation to an requirement
Alexander Ebert [Sat, 22 Jun 2024 13:28:58 +0000 (15:28 +0200)]
Add a check for the secure context on the index page
Alexander Ebert [Sat, 22 Jun 2024 12:43:04 +0000 (14:43 +0200)]
Verify the HTTPS support within the system check
Alexander Ebert [Sat, 22 Jun 2024 12:08:12 +0000 (14:08 +0200)]
Remove files for the upgrade 5.5 → 6.0
Alexander Ebert [Sat, 22 Jun 2024 12:07:51 +0000 (14:07 +0200)]
Add a workaround for the migration of the spider data
Fixes #5941
Alexander Ebert [Sat, 22 Jun 2024 12:02:34 +0000 (14:02 +0200)]
Remove files for the upgrade 5.5 → 6.0
Marcel Werk [Fri, 21 Jun 2024 14:42:06 +0000 (16:42 +0200)]
Unify phrases
Alexander Ebert [Fri, 21 Jun 2024 12:46:27 +0000 (14:46 +0200)]
Add a chunk-based progress tracking
There will be no progress bar if there is only a single chunk to be uploaded.
Marcel Werk [Thu, 20 Jun 2024 13:58:05 +0000 (15:58 +0200)]
Improve visuals of selects when used in the sidebar
Closes #5924
Alexander Ebert [Thu, 20 Jun 2024 10:50:25 +0000 (12:50 +0200)]
`\ini_parse_quantity()` is provided by the Symfony polyfill
This reintroduces the changes made in
76b16ba4e89a7ff46cc2e1f79a158afc1c5e4c40 which was reverted in
5d52de11b680078012eba04ae983058e6086b7d7 due to a bug in an earlier version of Symphony’s polyfill.
Alexander Ebert [Thu, 20 Jun 2024 10:48:35 +0000 (12:48 +0200)]
Update the Composer dependencies
Alexander Ebert [Wed, 19 Jun 2024 12:51:28 +0000 (14:51 +0200)]
Merge branch '6.0'
Alexander Ebert [Wed, 19 Jun 2024 10:38:49 +0000 (12:38 +0200)]
Release 6.0.16
Alexander Ebert [Wed, 19 Jun 2024 10:37:24 +0000 (12:37 +0200)]
Merge branch '5.5' into 6.0
Alexander Ebert [Wed, 19 Jun 2024 10:31:51 +0000 (12:31 +0200)]
Release 5.5.22
Alexander Ebert [Wed, 19 Jun 2024 10:30:58 +0000 (12:30 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 19 Jun 2024 10:23:32 +0000 (12:23 +0200)]
Release 5.4.34
Alexander Ebert [Wed, 19 Jun 2024 10:23:03 +0000 (12:23 +0200)]
Fix the missing error message
Cyperghost [Mon, 17 Jun 2024 10:27:59 +0000 (12:27 +0200)]
Check for disallowed BB codes in the content
Olaf Braun [Tue, 18 Jun 2024 17:01:07 +0000 (19:01 +0200)]
Merge pull request #5946 from WoltLab/bugfix/article-bb-code-permission
Check for disallowed BB codes in the content
Alexander Ebert [Tue, 18 Jun 2024 15:38:15 +0000 (17:38 +0200)]
Release 6.0.15
Alexander Ebert [Tue, 18 Jun 2024 09:20:32 +0000 (11:20 +0200)]
Remove SVG from the list of safe file extensions
Serving SVG from untrusted sources directly can be a security issue. SVG can contain JavaScript code that is executed when the file is opened in a standalone tab.
Marcel Werk [Mon, 17 Jun 2024 12:52:19 +0000 (14:52 +0200)]
Merge pull request #5944 from WoltLab/comment-backend-overhaul
Comment backend overhaul
Olaf Braun [Mon, 17 Jun 2024 12:51:04 +0000 (14:51 +0200)]
Merge pull request #5945 from WoltLab/bugfix/signature-attachment
Extra check that the user also has the right to upload attachment when editing a user
Marcel Werk [Mon, 17 Jun 2024 12:50:33 +0000 (14:50 +0200)]
Add link to migration guide
Olaf Braun [Mon, 17 Jun 2024 12:25:34 +0000 (14:25 +0200)]
Merge pull request #5947 from WoltLab/delete-files-after-attachment-deleted
Also delete the associated file when an attachment is deleted
Cyperghost [Mon, 17 Jun 2024 11:29:42 +0000 (13:29 +0200)]
Also delete the associated file when an attachment is deleted
Cyperghost [Mon, 17 Jun 2024 10:27:59 +0000 (12:27 +0200)]
Check for disallowed BB codes in the content
Cyperghost [Mon, 17 Jun 2024 10:08:36 +0000 (12:08 +0200)]
Also check that the current user has the right to upload file attachments
Alexander Ebert [Sun, 16 Jun 2024 11:31:00 +0000 (13:31 +0200)]
Simplify the generation of HTML node identifiers
We do not to generate completely random identifiers, the original intention was to prevent collisions with existing tag names.
Using a per-request random prefix together with a counter is sufficient to generate unique tag names without paying the CSPRNG tax for ever node.
Marcel Werk [Sun, 16 Jun 2024 11:30:09 +0000 (13:30 +0200)]
Remove obsolete code
Marcel Werk [Sun, 16 Jun 2024 11:29:57 +0000 (13:29 +0200)]
Fix indentation
Alexander Ebert [Sat, 15 Jun 2024 10:25:02 +0000 (12:25 +0200)]
Increase the grace period for temporary attachments for logged-in users
Alexander Ebert [Sat, 15 Jun 2024 10:13:47 +0000 (12:13 +0200)]
Remove the additional secret for files
It serves no real purpose. Guessing the SHA-256 hash is impossible due to entropy and if you *know* the hash then you pretty much know the file contents too.
There is no imaginable scenario where leaking the hash would not also leak the secret.
Alexander Ebert [Sat, 15 Jun 2024 09:42:10 +0000 (11:42 +0200)]
Merge branch '6.0'
Marcel Werk [Fri, 14 Jun 2024 16:38:10 +0000 (18:38 +0200)]
Apply suggestions from code review
Alexander Ebert [Fri, 14 Jun 2024 16:31:02 +0000 (18:31 +0200)]
Release 6.0.15 dev 1
WoltLab [Fri, 14 Jun 2024 16:18:07 +0000 (16:18 +0000)]
Updating minified JavaScript files
Alexander Ebert [Fri, 14 Jun 2024 11:26:59 +0000 (13:26 +0200)]
Add a proper error message for incompatible Plugin-Store packages
Fixes #5800
See https://www.woltlab.com/community/thread/306394-error-message-when-trying-to-install-a-package-by-storecode/
Marcel Werk [Fri, 14 Jun 2024 11:02:06 +0000 (13:02 +0200)]
Fix phpdoc
Marcel Werk [Fri, 14 Jun 2024 11:01:46 +0000 (13:01 +0200)]
Remove obsolete guest dialog code
Marcel Werk [Fri, 14 Jun 2024 11:01:30 +0000 (13:01 +0200)]
Made use of the new backend methods
Marcel Werk [Fri, 14 Jun 2024 11:00:51 +0000 (13:00 +0200)]
Add typescript methods for requesting the new backend
Marcel Werk [Fri, 14 Jun 2024 10:56:19 +0000 (12:56 +0200)]
Add helper method to get a comment manager by id
Marcel Werk [Fri, 14 Jun 2024 10:54:30 +0000 (12:54 +0200)]
Remove/deprecate obsolete code
Marcel Werk [Fri, 14 Jun 2024 10:54:06 +0000 (12:54 +0200)]
Add RPC controller
Marcel Werk [Fri, 14 Jun 2024 10:53:14 +0000 (12:53 +0200)]
Add commands
Marcel Werk [Fri, 14 Jun 2024 10:50:28 +0000 (12:50 +0200)]
Add PSR-14 events
Alexander Ebert [Fri, 14 Jun 2024 10:21:24 +0000 (12:21 +0200)]
Filter out restricted permissions in enterprise mode
Cyperghost [Fri, 14 Jun 2024 07:30:29 +0000 (09:30 +0200)]
Add a check that no attachment files have been deleted
Alexander Ebert [Thu, 13 Jun 2024 12:25:25 +0000 (14:25 +0200)]
Make the URL filter a bit more lenient
See https://www.woltlab.com/community/thread/305951-link-umwandlung-funktioniert-nicht-wenn-protokoll-im-text-steht/
Alexander Ebert [Thu, 13 Jun 2024 12:02:31 +0000 (14:02 +0200)]
Fix the overflow handling of the code box header
See https://www.woltlab.com/community/thread/306288-erroneous-placement-of-icons-in-code-box-title-on-mobile/
Alexander Ebert [Thu, 13 Jun 2024 11:09:26 +0000 (13:09 +0200)]
Properly handle possible NULL values for option values
See https://www.woltlab.com/community/thread/306690-explode-passing-null-to-parameter-2-string-of-type-string-is-deprecated/
Alexander Ebert [Thu, 13 Jun 2024 11:02:19 +0000 (13:02 +0200)]
Prevent scrolling when defocusing a reaction overlay
See https://www.woltlab.com/community/thread/306559-scrolling-the-page-up-while-holding-the-reaction-button/
Cyperghost [Thu, 13 Jun 2024 10:03:43 +0000 (12:03 +0200)]
No longer add the description with the limits for uploading via the description. This information is already available in the template
Cyperghost [Thu, 13 Jun 2024 09:26:59 +0000 (11:26 +0200)]
It Was only necessary for testing
Alexander Ebert [Wed, 12 Jun 2024 12:40:14 +0000 (14:40 +0200)]
Merge branch '6.0'
Alexander Ebert [Wed, 12 Jun 2024 12:39:48 +0000 (14:39 +0200)]
Do not focus the editor when resetting it
See https://www.woltlab.com/community/thread/306677-js-fehler-beim-antworten-auf-kommentare/
Cyperghost [Wed, 12 Jun 2024 10:12:21 +0000 (12:12 +0200)]
Fixes the problem if `maxHeight` and or `maxWidth` have the value `-1`. In this case, the images were scaled anyway.
Marcel Werk [Tue, 11 Jun 2024 13:10:02 +0000 (15:10 +0200)]
Fix wrong object type when deleting comment responses
Olaf Braun [Mon, 10 Jun 2024 10:08:13 +0000 (12:08 +0200)]
Merge pull request #5943 from WoltLab/bugfix/wysiwyg-form-field-attachment
Bugfix with WysiwygAttachmentFormField and FileProcessor
Olaf Braun [Mon, 10 Jun 2024 10:07:52 +0000 (12:07 +0200)]
Merge pull request #5942 from WoltLab/upload-pipeline-update-database
Add missing database columns for `wcf1_attachment`
Alexander Ebert [Mon, 10 Jun 2024 10:03:21 +0000 (12:03 +0200)]
Simplify the usage of the helper function
Cyperghost [Mon, 10 Jun 2024 09:38:32 +0000 (11:38 +0200)]
Fixes the problem that when using the WysiwygFormField with attachments, the `objectID` can be `null` if it is not an EditForm.
Cyperghost [Mon, 10 Jun 2024 08:51:30 +0000 (10:51 +0200)]
Add missing database columns for `wcf1_attachment`, that are installed by the database pip
Alexander Ebert [Sun, 9 Jun 2024 19:53:59 +0000 (21:53 +0200)]
Use a helper function instead of a property
Using a property was a dumb idea because it breaks the promise of having the entire request data be made available through the parameters passed to `__invoke()`.
Alexander Ebert [Sun, 9 Jun 2024 19:28:59 +0000 (21:28 +0200)]
Fix the deletion of attachments through the file API
Alexander Ebert [Sun, 9 Jun 2024 19:25:20 +0000 (21:25 +0200)]
Add a helper attribute for object hydration
Alexander Ebert [Sun, 9 Jun 2024 19:24:58 +0000 (21:24 +0200)]
Remove superfluous columns
Those columns were incorrectly copied and should not exist on `wcf1_file_temporary`.
Alexander Ebert [Sun, 9 Jun 2024 19:24:29 +0000 (21:24 +0200)]
Improve the handling of server errors
Alexander Ebert [Sun, 9 Jun 2024 10:56:24 +0000 (12:56 +0200)]
Migrate the important workers to the linear rebuild worker
Alexander Ebert [Sun, 9 Jun 2024 10:31:12 +0000 (12:31 +0200)]
Enforce a consistent processing by id
Alexander Ebert [Sat, 8 Jun 2024 11:46:04 +0000 (13:46 +0200)]
Merge pull request #5939 from WoltLab/rebuild-html-performance
Runtime and rebuild performance improvements
Marcel Werk [Sat, 8 Jun 2024 11:45:24 +0000 (13:45 +0200)]
Merge pull request #5940 from WoltLab/guest-token
Guest tokens
Marcel Werk [Sat, 8 Jun 2024 11:34:57 +0000 (13:34 +0200)]
Guest tokens
Alexander Ebert [Sat, 8 Jun 2024 11:34:52 +0000 (13:34 +0200)]
Merge branch '6.0'
Alexander Ebert [Sat, 8 Jun 2024 11:33:54 +0000 (13:33 +0200)]
Merge branch '5.5' into 6.0
Alexander Ebert [Sat, 8 Jun 2024 11:33:15 +0000 (13:33 +0200)]
Merge pull request #5932 from SoftCreatR/bugfix/log-recursive
Disable log directory recursion
Marcel Werk [Sat, 8 Jun 2024 11:15:20 +0000 (13:15 +0200)]
Change template name to shared version
Marcel Werk [Sat, 8 Jun 2024 11:13:31 +0000 (13:13 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Sat, 8 Jun 2024 11:13:09 +0000 (13:13 +0200)]
Remove obsolete jquery code for the captcha registration
Marcel Werk [Sat, 8 Jun 2024 11:02:20 +0000 (13:02 +0200)]
Convert `captchaQuestion` to a shared template
Alexander Ebert [Wed, 17 Apr 2024 17:02:20 +0000 (19:02 +0200)]
Inline the call to `DatabaseObject::__get()`
See
eaf3ce8100824d6c805b6d588b67d02bb58a18b7
Alexander Ebert [Wed, 17 Apr 2024 17:01:10 +0000 (19:01 +0200)]
Improve the runtime performance of `|date`
See
75f848c4f07ef00dfa0b191665f40d8a81fa2d0c
Alexander Ebert [Tue, 16 Apr 2024 15:48:34 +0000 (17:48 +0200)]
Inline the call to `DatabaseObject::__get()`
`User::__get()` is called very often on each request, easily stacking up thousands of calls.
On a well populated board list this can easily account for up to 1% of runtime. Inlining the check against `$data` cuts down the time spent inside by up to 2/3.