GitHub/WoltLab/WCF.git
4 years agouse StringUtil::getAnchorTag()
Marcel Werk [Thu, 6 Aug 2020 19:51:51 +0000 (21:51 +0200)]
use StringUtil::getAnchorTag()

4 years agoMerge pull request #3486 from Krymonota/use-generic-default-cookie-prefix
Alexander Ebert [Thu, 6 Aug 2020 17:24:52 +0000 (19:24 +0200)]
Merge pull request #3486 from Krymonota/use-generic-default-cookie-prefix

Use generic value for default cookie prefix

4 years agoUse generic value for default cookie prefix
Niklas (Krymonota) [Thu, 6 Aug 2020 15:23:31 +0000 (17:23 +0200)]
Use generic value for default cookie prefix

... so that it doesn't have to be adjusted for new versions.

4 years agoMerge branch '5.2'
Marcel Werk [Thu, 6 Aug 2020 14:26:20 +0000 (16:26 +0200)]
Merge branch '5.2'

4 years agoAdded missing informal variant
Marcel Werk [Thu, 6 Aug 2020 14:25:45 +0000 (16:25 +0200)]
Added missing informal variant

4 years agoMerge pull request #3484 from WoltLab/wcfsetup-cookietest
Tim Düsterhus [Thu, 6 Aug 2020 12:59:46 +0000 (14:59 +0200)]
Merge pull request #3484 from WoltLab/wcfsetup-cookietest

Detect misconfigured hostnames during WCFSetup

4 years agoDetect misconfigured hostnames during WCFSetup
Tim Düsterhus [Thu, 6 Aug 2020 12:38:02 +0000 (14:38 +0200)]
Detect misconfigured hostnames during WCFSetup

Misconfigured reverse reverse proxies might rewrite the `host` header to the
upstream's hostname, instead of preserving the `host` as it was sent by the
web browser. Such a misconfiguration will cause WoltLab Suite to generate
incorrect absolute URLs and more importantly this also causes it to specify
an incorrect `domain` within cookies. The latter leads to the browser ignoring
the cookie. At the end of WCFSetup this ultimately leads to the ACP session
cookie being ignored, which in turn leads to failing the transition from
WCFSetup into the package installation. Instead the user will be bounced to
the LoginForm which fails to load, because the necessary option.xml was not
yet installed.

An example HAProxy configuration that reproduces the issue is as follows:

    listen test
     mode http
     bind *:80
     http-request set-header host 172.19.0.5
     server nginx 172.19.0.5:80

If the WCFSetup is accepted via any hostname that is not `172.19.0.5`, e.g.
by using `localhost` then cookies will fail to stick within the web browser.

This commit extends the system requirements step to:

- Compare the HTTP_HOST as seen by the web server against both:
   1) The `Referer` header.
   2) The `window.location.host` value in JavaScript.
  If any of those mismatches, then the web server is not correctly configured.
- Read a cookie that was set earlier.
  If this cookie is missing, then most likely the `domain` property was
  incorrectly specified.

This commit most likely resolves #3024.

4 years agoMerge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 14:22:35 +0000 (16:22 +0200)]
Merge branch '5.2' into master

4 years agoMerge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 14:21:45 +0000 (16:21 +0200)]
Merge branch '3.1' into 5.2

4 years agoFix PHP 5.5 compatibility
Tim Düsterhus [Wed, 5 Aug 2020 14:17:16 +0000 (16:17 +0200)]
Fix PHP 5.5 compatibility

see b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480

4 years agoMerge branch '5.2'
Matthias Schmidt [Wed, 5 Aug 2020 13:51:11 +0000 (15:51 +0200)]
Merge branch '5.2'

4 years agoFix handling of hidden form field values via AJAX
Matthias Schmidt [Wed, 5 Aug 2020 13:48:58 +0000 (15:48 +0200)]
Fix handling of hidden form field values via AJAX

See #3053

4 years agoMerge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:57:55 +0000 (12:57 +0200)]
Merge branch '5.2'

4 years agoMerge branch '3.1' into 5.2
Alexander Ebert [Wed, 5 Aug 2020 10:57:22 +0000 (12:57 +0200)]
Merge branch '3.1' into 5.2

4 years agoMerge pull request #3462 from SoftCreatR/patch-14
Alexander Ebert [Wed, 5 Aug 2020 10:56:18 +0000 (12:56 +0200)]
Merge pull request #3462 from SoftCreatR/patch-14

Add detection for Chromium based Edge browser

4 years agoMerge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:54:21 +0000 (12:54 +0200)]
Merge branch '5.2'

4 years agoMerge pull request #3471 from WoltLab/disable-spider-visit-tracking
Alexander Ebert [Wed, 5 Aug 2020 10:51:35 +0000 (12:51 +0200)]
Merge pull request #3471 from WoltLab/disable-spider-visit-tracking

Disable visit tracking for search engines

4 years agoMerge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 10:07:01 +0000 (12:07 +0200)]
Merge branch '5.2' into master

4 years agoMerge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 10:06:26 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2

4 years agoDo not decrement wcf1_user.articles when deleting unpublished articles
Tim Düsterhus [Wed, 5 Aug 2020 10:05:08 +0000 (12:05 +0200)]
Do not decrement wcf1_user.articles when deleting unpublished articles

see b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480

4 years agoMerge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 10:00:31 +0000 (12:00 +0200)]
Merge branch '5.2' into master

4 years agoMerge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 09:59:38 +0000 (11:59 +0200)]
Merge branch '3.1' into 5.2

4 years agoUpdate wcf1_user.articles when deleting articles
Tim Düsterhus [Wed, 5 Aug 2020 09:58:13 +0000 (11:58 +0200)]
Update wcf1_user.articles when deleting articles

Fixes #3480

4 years agoMerge pull request #3479 from WoltLab/jump-to-content
Marcel Werk [Wed, 5 Aug 2020 09:23:54 +0000 (11:23 +0200)]
Merge pull request #3479 from WoltLab/jump-to-content

Rename "Mark as Read" button to "Jump To Content" in notification mails

4 years agoImproved german phrasing
Marcel Werk [Wed, 5 Aug 2020 09:16:51 +0000 (11:16 +0200)]
Improved german phrasing

4 years agoRename "Mark as Read" button to "Jump To Content" in notification mails
Tim Düsterhus [Wed, 5 Aug 2020 09:10:09 +0000 (11:10 +0200)]
Rename "Mark as Read" button to "Jump To Content" in notification mails

Resolves #3257

4 years agoMerge pull request #3475 from WoltLab/image-scale-memory
Tim Düsterhus [Wed, 5 Aug 2020 07:33:33 +0000 (09:33 +0200)]
Merge pull request #3475 from WoltLab/image-scale-memory

Add checkMemoryLimit() method to ImageAdapter

4 years agoPrevent the incorrect focus of the close button for confirmation dialogs
Alexander Ebert [Tue, 4 Aug 2020 18:55:20 +0000 (20:55 +0200)]
Prevent the incorrect focus of the close button for confirmation dialogs

4 years agoDuplicate logo on import of pageLogo = pageLogoMobile
Tim Düsterhus [Tue, 4 Aug 2020 14:57:48 +0000 (16:57 +0200)]
Duplicate logo on import of pageLogo = pageLogoMobile

Fixes #3478

4 years agoMerge pull request #3456 from WoltLab/style-cleanup
Tim Düsterhus [Tue, 4 Aug 2020 11:43:02 +0000 (13:43 +0200)]
Merge pull request #3456 from WoltLab/style-cleanup

Clean up asset handling of styles

4 years agoMake use of ImageAdapter::checkMemoryLimit()
Tim Düsterhus [Tue, 4 Aug 2020 08:29:28 +0000 (10:29 +0200)]
Make use of ImageAdapter::checkMemoryLimit()

4 years agoAdd ImageAdapter::checkMemoryLimit()
Tim Düsterhus [Tue, 4 Aug 2020 08:26:34 +0000 (10:26 +0200)]
Add ImageAdapter::checkMemoryLimit()

Resolves #3229

4 years agoAdded detection for Chromium based Edge browser
Sascha Greuel [Sun, 26 Jul 2020 15:19:00 +0000 (17:19 +0200)]
Added detection for Chromium based Edge browser

4 years agoMerge branch '5.2'
joshuaruesweg [Mon, 3 Aug 2020 16:27:49 +0000 (18:27 +0200)]
Merge branch '5.2'

4 years agoAdd note, that the page.xml PIP instruction is needed with the next update
joshuaruesweg [Mon, 3 Aug 2020 16:23:12 +0000 (18:23 +0200)]
Add note, that the page.xml PIP instruction is needed with the next update
See #3474

4 years agoMerge branch '3.1'
joshuaruesweg [Mon, 3 Aug 2020 16:14:59 +0000 (18:14 +0200)]
Merge branch '3.1'

4 years agoFix updating `requireObjectID` for existing pages
joshuaruesweg [Mon, 3 Aug 2020 16:12:07 +0000 (18:12 +0200)]
Fix updating `requireObjectID` for existing pages

4 years agoAdd all environment to event listener (#3145)
Olaf Braun [Mon, 3 Aug 2020 11:34:00 +0000 (13:34 +0200)]
Add all environment to event listener (#3145)

4 years agoMerge pull request #3472 from WoltLab/user-rank-live-preview
Alexander Ebert [Mon, 3 Aug 2020 10:52:19 +0000 (12:52 +0200)]
Merge pull request #3472 from WoltLab/user-rank-live-preview

User rank live preview

4 years agoAdd cache buster for pageLogo
Tim Düsterhus [Mon, 3 Aug 2020 10:35:57 +0000 (12:35 +0200)]
Add cache buster for pageLogo

4 years agoRemove old pageLogo(|Mobile) file when logo is deleted or updated
Tim Düsterhus [Mon, 3 Aug 2020 10:33:58 +0000 (12:33 +0200)]
Remove old pageLogo(|Mobile) file when logo is deleted or updated

4 years agoMerge branch 'master' into style-cleanup
Tim Düsterhus [Mon, 3 Aug 2020 09:43:35 +0000 (11:43 +0200)]
Merge branch 'master' into style-cleanup

4 years agoMissing semicolons
Alexander Ebert [Sat, 1 Aug 2020 17:36:02 +0000 (19:36 +0200)]
Missing semicolons

4 years agoSupport for custom block level tag names
Alexander Ebert [Sat, 1 Aug 2020 17:33:53 +0000 (19:33 +0200)]
Support for custom block level tag names

Closes #3270

4 years agoPrevent auto-focus on search suggestions
Alexander Ebert [Sat, 1 Aug 2020 17:28:55 +0000 (19:28 +0200)]
Prevent auto-focus on search suggestions

Closes #3263

4 years agoMerge branch '5.2'
Alexander Ebert [Sat, 1 Aug 2020 15:23:13 +0000 (17:23 +0200)]
Merge branch '5.2'

4 years agoThe `data-user-id` is already set by the ReactionHandler
Alexander Ebert [Sat, 1 Aug 2020 15:22:54 +0000 (17:22 +0200)]
The `data-user-id` is already set by the ReactionHandler

Fixes #3463

4 years agoLive preview for user ranks
Alexander Ebert [Sat, 1 Aug 2020 15:04:56 +0000 (17:04 +0200)]
Live preview for user ranks

4 years agoModernize the JavaScript for the live preview for labels
Alexander Ebert [Sat, 1 Aug 2020 15:00:38 +0000 (17:00 +0200)]
Modernize the JavaScript for the live preview for labels

Inlining the JavaScript made it much easier plus prevents increasing the bundle size.

4 years agoImproved detection of duplicate key errors
Marcel Werk [Fri, 31 Jul 2020 15:29:09 +0000 (17:29 +0200)]
Improved detection of duplicate key errors

4 years agoPrevent writes to the session rather than reads
Alexander Ebert [Fri, 31 Jul 2020 15:10:25 +0000 (17:10 +0200)]
Prevent writes to the session rather than reads

4 years agoMerge branch '5.2'
Alexander Ebert [Fri, 31 Jul 2020 11:40:37 +0000 (13:40 +0200)]
Merge branch '5.2'

4 years agoDisable visit tracking for search engines
Alexander Ebert [Fri, 31 Jul 2020 11:40:14 +0000 (13:40 +0200)]
Disable visit tracking for search engines

4 years agoMerge pull request #3470 from WoltLab/db-expose-driver-specific-code
Tim Düsterhus [Fri, 31 Jul 2020 09:11:22 +0000 (11:11 +0200)]
Merge pull request #3470 from WoltLab/db-expose-driver-specific-code

Allow retrieving the driver specific error code from DatabaseQueryExe…

4 years agoAllow retrieving the driver specific error code from DatabaseQueryExecutionException
Tim Düsterhus [Fri, 31 Jul 2020 08:50:32 +0000 (10:50 +0200)]
Allow retrieving the driver specific error code from DatabaseQueryExecutionException

A single ANSI SQLSTATE can indicate several distinct error conditions. The
driver code appears to be unique for MySQL.

4 years agoTypo
Marcel Werk [Thu, 30 Jul 2020 16:07:09 +0000 (18:07 +0200)]
Typo

4 years agoTypo
Marcel Werk [Thu, 30 Jul 2020 16:06:52 +0000 (18:06 +0200)]
Typo

4 years agoMade use of the new method "createOrIgnore"
Marcel Werk [Thu, 30 Jul 2020 16:05:18 +0000 (18:05 +0200)]
Made use of the new method "createOrIgnore"

4 years agoNew method that will ignore duplicate key errors while inserting rows into the database
Marcel Werk [Thu, 30 Jul 2020 16:03:14 +0000 (18:03 +0200)]
New method that will ignore duplicate key errors while inserting rows into the database

4 years agoRevert "Whitelist `unserialize()` when running in enterprise mode"
Tim Düsterhus [Thu, 30 Jul 2020 09:26:47 +0000 (11:26 +0200)]
Revert "Whitelist `unserialize()` when running in enterprise mode"

`unserialize()` is unsafe, because it potentially allows for arbitrary
code execution.

This reverts commit 564ba8525e42c9d4677ee1ddac58c4c9c67fc113.

4 years agoMerge pull request #3467 from WoltLab/avoid-getFont
Tim Düsterhus [Wed, 29 Jul 2020 07:03:59 +0000 (09:03 +0200)]
Merge pull request #3467 from WoltLab/avoid-getFont

Avoid use of getFont.php

4 years agoPlace the code and inline-code button next to each other
Alexander Ebert [Tue, 28 Jul 2020 16:35:22 +0000 (18:35 +0200)]
Place the code and inline-code button next to each other

Closes #3241

4 years agoInject proper getFont() version depending on isMultiDomainSetup()
Tim Düsterhus [Tue, 28 Jul 2020 12:18:10 +0000 (14:18 +0200)]
Inject proper getFont() version depending on isMultiDomainSetup()

4 years agoUse getFont SCSS function
Tim Düsterhus [Tue, 28 Jul 2020 12:13:20 +0000 (14:13 +0200)]
Use getFont SCSS function

4 years agoAdd getFont() SCSS helper function
Tim Düsterhus [Tue, 28 Jul 2020 12:12:55 +0000 (14:12 +0200)]
Add getFont() SCSS helper function

4 years agoUse filename parameter of getFont.php for FontAwesome
Tim Düsterhus [Tue, 28 Jul 2020 10:47:47 +0000 (12:47 +0200)]
Use filename parameter of getFont.php for FontAwesome

4 years agoMerge branch '5.2'
Matthias Schmidt [Mon, 27 Jul 2020 16:45:49 +0000 (18:45 +0200)]
Merge branch '5.2'

4 years agoClear language cache when clearing cronjob cache
Matthias Schmidt [Mon, 27 Jul 2020 16:44:45 +0000 (18:44 +0200)]
Clear language cache when clearing cronjob cache

Close #3465

4 years agoFix Style::getCoverPhotoUrl()
Tim Düsterhus [Mon, 27 Jul 2020 09:33:23 +0000 (11:33 +0200)]
Fix Style::getCoverPhotoUrl()

Make sure to return an absolute URL.

4 years agoMerge branch 'master' into style-cleanup
Tim Düsterhus [Mon, 27 Jul 2020 09:15:30 +0000 (11:15 +0200)]
Merge branch 'master' into style-cleanup

4 years agoMerge pull request #3460 from WoltLab/ship-open-sans
Tim Düsterhus [Mon, 27 Jul 2020 07:22:48 +0000 (09:22 +0200)]
Merge pull request #3460 from WoltLab/ship-open-sans

Ship Open Sans by default

4 years agoPrevent images in comments in the sidebar box from becoming too large
Marcel Werk [Fri, 24 Jul 2020 14:03:33 +0000 (16:03 +0200)]
Prevent images in comments in the sidebar box from becoming too large

4 years agoRemove Google Font Embed from ACP
Tim Düsterhus [Fri, 24 Jul 2020 11:52:37 +0000 (13:52 +0200)]
Remove Google Font Embed from ACP

4 years agoBake Open Sans into default installation
Tim Düsterhus [Fri, 24 Jul 2020 11:40:39 +0000 (13:40 +0200)]
Bake Open Sans into default installation

Resolves #3458

4 years agoUnbreak WCFSetup
Tim Düsterhus [Fri, 24 Jul 2020 12:13:48 +0000 (14:13 +0200)]
Unbreak WCFSetup

4 years agoExpand style upload field definitions to store image size constraints
Tim Düsterhus [Fri, 24 Jul 2020 10:20:13 +0000 (12:20 +0200)]
Expand style upload field definitions to store image size constraints

4 years agoFix preserveAspectRatio parameter name in ImageAdapters
Tim Düsterhus [Fri, 24 Jul 2020 10:13:14 +0000 (12:13 +0200)]
Fix preserveAspectRatio parameter name in ImageAdapters

4 years agoAdd missing PHPDoc tags to StyleAddForm / Style
Tim Düsterhus [Fri, 24 Jul 2020 09:22:25 +0000 (11:22 +0200)]
Add missing PHPDoc tags to StyleAddForm / Style

4 years agoDRY up handling of existing favicon in StyleEditForm
Tim Düsterhus [Fri, 24 Jul 2020 09:19:48 +0000 (11:19 +0200)]
DRY up handling of existing favicon in StyleEditForm

Co-authored-by: Alexander Ebert <ebert@woltlab.com>
4 years agoFix code style in StyleAddForm
Tim Düsterhus [Fri, 24 Jul 2020 09:18:15 +0000 (11:18 +0200)]
Fix code style in StyleAddForm

Co-authored-by: Alexander Ebert <ebert@woltlab.com>
4 years agoFix copy and paste mistake deleting cover photos on Favicon update
Tim Düsterhus [Thu, 23 Jul 2020 12:13:37 +0000 (14:13 +0200)]
Fix copy and paste mistake deleting cover photos on Favicon update

4 years agoMerge branch 'master' into style-cleanup
Tim Düsterhus [Thu, 23 Jul 2020 12:09:59 +0000 (14:09 +0200)]
Merge branch 'master' into style-cleanup

4 years agoMerge pull request #3448 from WoltLab/local-google-font
Tim Düsterhus [Thu, 23 Jul 2020 11:59:54 +0000 (13:59 +0200)]
Merge pull request #3448 from WoltLab/local-google-font

Serve Google Fonts locally

4 years agoFix possible response truncation in HTTPRequest on Windows
Tim Düsterhus [Thu, 23 Jul 2020 11:59:01 +0000 (13:59 +0200)]
Fix possible response truncation in HTTPRequest on Windows

4 years agoFix truncated FontManager downloads on Windows
Tim Düsterhus [Thu, 23 Jul 2020 11:47:50 +0000 (13:47 +0200)]
Fix truncated FontManager downloads on Windows

4 years agoMerge branch '5.2'
Marcel Werk [Thu, 23 Jul 2020 10:31:26 +0000 (12:31 +0200)]
Merge branch '5.2'

4 years agoInvalid suffix value caused an error when rendering the form
Marcel Werk [Thu, 23 Jul 2020 10:30:53 +0000 (12:30 +0200)]
Invalid suffix value caused an error when rendering the form

4 years agoMerge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Thu, 23 Jul 2020 09:42:27 +0000 (11:42 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF

4 years agoTypo
Marcel Werk [Thu, 23 Jul 2020 09:42:25 +0000 (11:42 +0200)]
Typo

4 years agoFix Style Import
Tim Düsterhus [Thu, 23 Jul 2020 09:35:19 +0000 (11:35 +0200)]
Fix Style Import

4 years agoFix export of style preview images
Tim Düsterhus [Thu, 23 Jul 2020 09:27:41 +0000 (11:27 +0200)]
Fix export of style preview images

4 years agoDRY up upload list list definitions in StyleAddForm
Tim Düsterhus [Thu, 23 Jul 2020 08:48:52 +0000 (10:48 +0200)]
DRY up upload list list definitions in StyleAddForm

4 years agoDRY up StyleAddForm::rebuildUploadFields()
Tim Düsterhus [Thu, 23 Jul 2020 08:46:36 +0000 (10:46 +0200)]
DRY up StyleAddForm::rebuildUploadFields()

4 years agoRemove obsolete `use` statements in Style DBOs
Tim Düsterhus [Wed, 22 Jul 2020 14:14:19 +0000 (16:14 +0200)]
Remove obsolete `use` statements in Style DBOs

4 years agoRemove obsolete manual removal of style_variable_values
Tim Düsterhus [Wed, 22 Jul 2020 14:11:43 +0000 (16:11 +0200)]
Remove obsolete manual removal of style_variable_values

The FOREIGN KEY handles that.

4 years agoRemove obsolete call to removed method
Tim Düsterhus [Wed, 22 Jul 2020 14:10:44 +0000 (16:10 +0200)]
Remove obsolete call to removed method

4 years agoAlways export all style images / assets
Tim Düsterhus [Wed, 22 Jul 2020 14:10:01 +0000 (16:10 +0200)]
Always export all style images / assets

4 years agoAdjust StyleAction::copy()
Tim Düsterhus [Wed, 22 Jul 2020 13:53:20 +0000 (15:53 +0200)]
Adjust StyleAction::copy()

4 years agoUse modern UploadHandler to update style favicon
Tim Düsterhus [Wed, 22 Jul 2020 13:03:58 +0000 (15:03 +0200)]
Use modern UploadHandler to update style favicon

4 years agoMerge pull request #3455 from WoltLab/refresh-package-database-performance
Alexander Ebert [Tue, 21 Jul 2020 15:58:15 +0000 (17:58 +0200)]
Merge pull request #3455 from WoltLab/refresh-package-database-performance

Performance improvements of the search for packages