Tim Düsterhus [Fri, 14 Apr 2023 12:00:32 +0000 (14:00 +0200)]
Merge pull request #5418 from WoltLab/middleware-error-handling
Stop using Exceptions to return error responses outside of a controller
Tim Düsterhus [Fri, 14 Apr 2023 11:59:41 +0000 (13:59 +0200)]
Merge pull request #5424 from WoltLab/wcf-node-identifier-generation
Improve performance of `<wcfNode-*>` identifier generation
Tim Düsterhus [Thu, 13 Apr 2023 15:11:02 +0000 (17:11 +0200)]
Remove the final IllegalLinkException from RequestHandler::handle()
Tim Düsterhus [Thu, 13 Apr 2023 15:09:41 +0000 (17:09 +0200)]
Create the PSR request before checking if any route matches in RequestHandler::handle()
Tim Düsterhus [Thu, 13 Apr 2023 15:07:31 +0000 (17:07 +0200)]
Leverage the NotFoundHandler in RequestHandler::buildRequest()
Tim Düsterhus [Thu, 13 Apr 2023 14:51:46 +0000 (16:51 +0200)]
Prefer JSON error responses over HTML
Tim Düsterhus [Thu, 13 Apr 2023 14:45:49 +0000 (16:45 +0200)]
Send the exception in JSON response in error controllers
Tim Düsterhus [Thu, 13 Apr 2023 14:44:16 +0000 (16:44 +0200)]
Accept `exception` in JSON error responses
This is a replacement for the separate file, line, stacktrace and previous
fields and matches the HTML version of these error responses.
Tim Düsterhus [Thu, 13 Apr 2023 14:22:36 +0000 (16:22 +0200)]
Stop wrapping selected exceptions into an AJAXException
These exceptions are converted into clean responses using the HandleExceptions
middleware.
Tim Düsterhus [Thu, 13 Apr 2023 14:18:42 +0000 (16:18 +0200)]
Do not require the `previous` array in JSON error responses
Tim Düsterhus [Thu, 13 Apr 2023 14:03:08 +0000 (16:03 +0200)]
Revert "Add FixAcceptHeader middleware"
This does not appear to be generally useful. The JavaScript was modified to
send appropriate headers now.
This reverts commit
fcdb3da3976359f8077c2f3a5ef2af5ebdd2d89c.
Tim Düsterhus [Thu, 13 Apr 2023 14:01:52 +0000 (16:01 +0200)]
Set explicit `Accept` header in Ajax/Request.ts
Tim Düsterhus [Thu, 13 Apr 2023 14:00:21 +0000 (16:00 +0200)]
Set explicit `accept` header in DboAction.ts
Tim Düsterhus [Thu, 13 Apr 2023 12:29:08 +0000 (14:29 +0200)]
Add a dummy exception in ErrorDetail::fromMessage()
Tim Düsterhus [Thu, 13 Apr 2023 11:53:53 +0000 (13:53 +0200)]
Detect exceptions that erroneously escape the middleware stack
Tim Düsterhus [Thu, 13 Apr 2023 10:46:04 +0000 (12:46 +0200)]
Add FixAcceptHeader middleware
Tim Düsterhus [Thu, 13 Apr 2023 12:18:05 +0000 (14:18 +0200)]
Add XsrfValidationFailedHandler
Tim Düsterhus [Fri, 14 Apr 2023 11:53:49 +0000 (13:53 +0200)]
Merge pull request #5423 from WoltLab/wcf-node-autoloader
Stop needlessly invoking the autoloader to `<wcfNode-*>` tags
Tim Düsterhus [Fri, 14 Apr 2023 11:53:33 +0000 (13:53 +0200)]
Merge pull request #5422 from WoltLab/script-pip-directory
Unify package directory calculation of database and script PIP with file pip
Alexander Ebert [Fri, 14 Apr 2023 11:45:11 +0000 (13:45 +0200)]
Remove the legacy jQuery based comment implementation
Marcel Werk [Fri, 14 Apr 2023 11:38:41 +0000 (13:38 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Fri, 14 Apr 2023 11:38:39 +0000 (13:38 +0200)]
Add disabled appearance for icon inside disabled elements
Tim Düsterhus [Fri, 14 Apr 2023 10:50:19 +0000 (12:50 +0200)]
Remove legacy `-o` suffix from icon name in UploadFile::getIconName()
Fixes #5406
Tim Düsterhus [Fri, 14 Apr 2023 09:29:42 +0000 (11:29 +0200)]
Improve performance of `<wcfNode-*>` identifier generation
StringUtil::getRandomID() leverages the CSPRNG and constant time encoder to
generate IDs which is the secure, but slow, default choice.
For generation of the identifiers of `<wcfNode-*>` it is not required that the
values are absolutely unguessable, instead uniqueness and reasonable
unpredictability is sufficient, especially as the values are regenerated for
every request.
For content with a large number of BBCodes the overhead of a secure ID
generation can add up:
For a post with 300 BBCodes that is rendered 50 times the old ID generator
resulted in ~3300ms total rendering time, whereas the new ID generator with PHP
8.2 (thus leveraging xoshiro256**) is down to ~2500ms, a 25% reduction. However
even with PHP 8.1 the new generator will be faster, because it does not use the
constant time encoder. It will become even faster if PHP 8.2 is required and
the extra `$engine` closure can be removed.
Tim Düsterhus [Fri, 14 Apr 2023 08:31:46 +0000 (10:31 +0200)]
Stop needlessly invoking the autoloader to `<wcfNode-*>` tags
These node names are randomly generated and will never match an existing class.
In fact the tag name transformation did not even result in valid classnames in
the majority of cases, because the randomly generated ID might start with a
number, thus including a hyphen in the classname.
Stop needlessly invoking the autoloader, and thus accessing the disk, for these
tags.
Tim Düsterhus [Fri, 14 Apr 2023 08:03:14 +0000 (10:03 +0200)]
Unify package directory calculation of database and script PIP with file pip
Fixes #5392
Alexander Ebert [Thu, 13 Apr 2023 13:24:44 +0000 (15:24 +0200)]
Merge branch '5.5'
Alexander Ebert [Thu, 13 Apr 2023 13:24:30 +0000 (15:24 +0200)]
Merge pull request #5420 from darkwood-studios/5.5
added new articleLikeButtons template event to article template
Tim Düsterhus [Thu, 13 Apr 2023 09:29:09 +0000 (11:29 +0200)]
Replace the use of Exceptions in middlewares
This is problematic, because Exceptions will skip the response direction of the
middleware stack. Instead appropriate responses are either generated directly
or forwarded to an appropriate request handler.
Tim Düsterhus [Wed, 12 Apr 2023 13:25:13 +0000 (15:25 +0200)]
Add HandleExceptions middleware with request handlers to generate error responses
This allows controllers to still leverage Exception, but prevents the
Exceptions from skipping the response direction of the middleware stack.
Tim Düsterhus [Thu, 13 Apr 2023 10:25:49 +0000 (12:25 +0200)]
Fix JavaScript relocation in HTML responses in middlewares
Tim Düsterhus [Thu, 13 Apr 2023 07:49:45 +0000 (09:49 +0200)]
Add HeaderUtil::parseOutputStream()
Tim Düsterhus [Thu, 13 Apr 2023 08:58:27 +0000 (10:58 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 13 Apr 2023 08:57:20 +0000 (10:57 +0200)]
Re-randomize cronjobs when upgrading to 6.0
see #5202
see #4678
daniel [Thu, 13 Apr 2023 07:46:30 +0000 (09:46 +0200)]
added new articleLikeButtons template event to article template
WoltLab [Thu, 13 Apr 2023 07:20:19 +0000 (07:20 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 12 Apr 2023 15:18:35 +0000 (17:18 +0200)]
Merge pull request #5410 from WoltLab/ckeditor5-translations
Add the localization files for CKEditor 5
Alexander Ebert [Wed, 12 Apr 2023 13:22:35 +0000 (15:22 +0200)]
Improve the readability of the code for CKEditor localizations
Alexander Ebert [Fri, 7 Apr 2023 20:23:13 +0000 (22:23 +0200)]
Explicitly force the editor language
CKEditor implicitly detects an available translation, but only if it is defined first. Explicitly setting the language avoids any race conditions that could take place.
Alexander Ebert [Fri, 7 Apr 2023 16:02:50 +0000 (18:02 +0200)]
Rebuild the CKEditor 5 bundle to match the exported localization
Alexander Ebert [Fri, 7 Apr 2023 16:00:15 +0000 (18:00 +0200)]
Load the matching localization file on demand
Alexander Ebert [Fri, 7 Apr 2023 15:58:01 +0000 (17:58 +0200)]
Export the localizations for CKEditor except for 'en'
Tim Düsterhus [Wed, 12 Apr 2023 13:34:57 +0000 (15:34 +0200)]
Merge pull request #5415 from WoltLab/amd-unset
Do not interact with `require()` while `define.amd` is unset
Tim Düsterhus [Wed, 12 Apr 2023 13:30:58 +0000 (15:30 +0200)]
Merge pull request #5416 from WoltLab/plural-template
Improve error reporting for `value=null` in `{plural}` template function
Tim Düsterhus [Wed, 12 Apr 2023 12:24:24 +0000 (14:24 +0200)]
Merge pull request #5417 from WoltLab/ckeditor-37
Migrate to proper CKEditor 37 types
Tim Düsterhus [Wed, 12 Apr 2023 11:01:07 +0000 (13:01 +0200)]
Migrate to proper CKEditor 37 types
Tim Düsterhus [Wed, 12 Apr 2023 09:17:04 +0000 (11:17 +0200)]
Improve error reporting for `value=null` in `{plural}` template function
Accidental `null`s are a common issue when dealing with database objects,
explicitly detect a `null` to not misleadingly report that the `value`
attribute is missing.
see https://www.woltlab.com/community/thread/299515-fatal-error-nach-update-missing-attribute-value/
Tim Düsterhus [Wed, 12 Apr 2023 08:20:56 +0000 (10:20 +0200)]
Do not interact with `require()` while `define.amd` is unset
During development I noticed that regularly `focus-trap` failed to load
properly, likely due to being pulled in by some module while `define.amd` was
unset and thus failing to register itself as a module due to the UMD header.
Fix this by moving the `define.amd` unsetting and resetting into dedicated
`<script>` tags that wrap jQuery + WCF.js and nothing else.
Tim Düsterhus [Tue, 11 Apr 2023 13:56:51 +0000 (15:56 +0200)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Tue, 11 Apr 2023 13:56:01 +0000 (15:56 +0200)]
Transmit checkbox data as string in `Checked` form field
This makes the “on-the-wire” representation consistent with regular forms.
see #5412
Tim Düsterhus [Tue, 11 Apr 2023 13:54:09 +0000 (15:54 +0200)]
Merge branch '5.5'
Marcel Werk [Mon, 10 Apr 2023 14:52:48 +0000 (16:52 +0200)]
Fix reading boolean field values in form builder dialogs
For normal forms, the value of `BooleanFormField` is passed as a string. In
form builder dialogs, however, it is passed as an int.
Resolves #5412
Sascha Greuel [Tue, 11 Apr 2023 08:55:54 +0000 (10:55 +0200)]
Fixed JSON encoding in IconPreFilterTemplatePlugin (#5413)
see
50589568f191c4a3b2c015b60974378b22ccd24c
Tim Düsterhus [Tue, 11 Apr 2023 07:39:49 +0000 (09:39 +0200)]
Merge branch '5.5'
Tim Düsterhus [Mon, 10 Apr 2023 22:36:37 +0000 (00:36 +0200)]
Update composer dependencies
Marcel Werk [Mon, 10 Apr 2023 12:40:29 +0000 (14:40 +0200)]
Merge pull request #5308 from WoltLab/article-mark-as-read
Migrate 'article mark as read' to new ajax api
Alexander Ebert [Sat, 8 Apr 2023 10:23:58 +0000 (12:23 +0200)]
Merge pull request #5374 from SoftCreatR/bugfix/userBBCodeTag-sync
Add `userBBCodeTag` to the shared templates
Alexander Ebert [Sat, 8 Apr 2023 10:19:53 +0000 (12:19 +0200)]
Fix the mismatching icon sizes of the new desktop user panel
Fixes #5408
Tim Düsterhus [Thu, 6 Apr 2023 19:24:43 +0000 (21:24 +0200)]
Update composer dependencies
Alexander Ebert [Thu, 6 Apr 2023 16:32:54 +0000 (18:32 +0200)]
Disable the image upload when attachments are disabled
Fixes WoltLab/editor#27
Alexander Ebert [Thu, 6 Apr 2023 16:07:46 +0000 (18:07 +0200)]
Improve the visuals of the placeholder to add a comment
Closes #5395
Alexander Ebert [Thu, 6 Apr 2023 15:52:18 +0000 (17:52 +0200)]
Fix the visuals of the users online list
Fixes #5397
Alexander Ebert [Thu, 6 Apr 2023 15:24:52 +0000 (17:24 +0200)]
Preserve the `Image` plugin
This provides the general handling of image type content, such as smilies or media.
Alexander Ebert [Thu, 6 Apr 2023 14:26:02 +0000 (16:26 +0200)]
Fix the removal of the loading indicator when editing messages
Alexander Ebert [Thu, 6 Apr 2023 14:18:03 +0000 (16:18 +0200)]
Fix the position of the error message for replies
Fixes #5401
Alexander Ebert [Thu, 6 Apr 2023 14:09:59 +0000 (16:09 +0200)]
Strip the `border-radius` from the page search input
Fixes #5394
Alexander Ebert [Thu, 6 Apr 2023 14:00:24 +0000 (16:00 +0200)]
Fix the visuals of next/previous article without images
Fixes #5403
Alexander Ebert [Thu, 6 Apr 2023 13:49:13 +0000 (15:49 +0200)]
Fix the stacking of notification messages
Fixes #5396
Alexander Ebert [Thu, 6 Apr 2023 12:09:30 +0000 (14:09 +0200)]
Enforce the default box-sizing of buttons
The `inherit` value does not work well with `all: unset`, causing it to inherit the default value from the UA style sheet which is `content-box` instead of `border-box`.
Fixes #5402
Marcel Werk [Thu, 6 Apr 2023 12:08:58 +0000 (14:08 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Thu, 6 Apr 2023 12:08:51 +0000 (14:08 +0200)]
Simplify implementation of the report function
Marcel Werk [Thu, 6 Apr 2023 12:08:24 +0000 (14:08 +0200)]
Remove obsolete language variable
Alexander Ebert [Thu, 6 Apr 2023 12:01:05 +0000 (14:01 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Alexander Ebert [Thu, 6 Apr 2023 12:00:59 +0000 (14:00 +0200)]
Improve the collection of message meta data
Fixes #5393
Tim Düsterhus [Thu, 6 Apr 2023 11:59:39 +0000 (13:59 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 6 Apr 2023 11:56:09 +0000 (13:56 +0200)]
Fix redirect after submitting ContactForm
The empty string is an invalid controller name. The landing page link is
requested by either passing `null` or leaving out all parameters.
This misuse will throw an Exception in WoltLab Suite 6.0.
Fixes #5407
Tim Düsterhus [Thu, 6 Apr 2023 11:47:15 +0000 (13:47 +0200)]
Revert "Inline DynamicRequestRoute::getControllerName()"
The inlining of the method resulted in an unintentional and silent breaking
change for classes that register custom routes that, due to the missing
`final`, derive from DynamicRequestRoute and overwrite the method with a custom
implementation.
This reverts commit
f9a440759dcf65edd108046b53babde404853ee8.
Tim Düsterhus [Thu, 6 Apr 2023 10:41:42 +0000 (12:41 +0200)]
Add `individualScssDarkMode` to update_com.woltlab.wcf_6.0_styleVariables.php
see
c292cfc3763a07281deb3b0767a5d84a6021b9a9
see
65bfb75589155b9ac1cbe8308cd7a79b07d699b7
Tim Düsterhus [Thu, 6 Apr 2023 09:15:02 +0000 (11:15 +0200)]
Fix update_com.woltlab.wcf_6.0_styleVariables.php
Tim Düsterhus [Thu, 6 Apr 2023 09:10:53 +0000 (11:10 +0200)]
Update preliminary update instructions from 5.5
Tim Düsterhus [Thu, 6 Apr 2023 07:34:53 +0000 (09:34 +0200)]
Merge pull request #5404 from WoltLab/tmp-dir-separator
Unify the directory separators for the temporary directory
Alexander Ebert [Wed, 5 Apr 2023 19:38:11 +0000 (21:38 +0200)]
Merge pull request #5405 from WoltLab/mention-conversion
Align the implementation of mentions in CKEditor
Alexander Ebert [Wed, 5 Apr 2023 17:23:17 +0000 (19:23 +0200)]
Skip the mention plugins when disabled
Alexander Ebert [Wed, 5 Apr 2023 17:20:44 +0000 (19:20 +0200)]
Synchronize the implementation of mentions in CKEditor
Tim Düsterhus [Wed, 5 Apr 2023 14:30:38 +0000 (16:30 +0200)]
Compare the paths with unified directory separator in PackageInstallationDispatcher::getArchive()
This is necessary for Windows which uses backslashes, whereas the entire
software hardcodes the slash as a directory separator (which is also accepted
by Windows).
Fixes #5370
Tim Düsterhus [Wed, 5 Apr 2023 14:30:11 +0000 (16:30 +0200)]
Unify the directory separator for `TMP_DIR`
see #5370
Tim Düsterhus [Wed, 5 Apr 2023 14:23:35 +0000 (16:23 +0200)]
Fix compiling styles with individual SCSS for dark mode
The variable was not properly cleared after using including the contents within
the SCSS and then was attempted to be parsed as an SCSS value to provide it as
a SCSS variable.
Introduced in
ba7168323f6632361b694d7eb2c09439902fe447.
Fixes #5398
Tim Düsterhus [Wed, 5 Apr 2023 08:10:13 +0000 (10:10 +0200)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Wed, 5 Apr 2023 08:08:22 +0000 (10:08 +0200)]
Update composer dependencies
Alexander Ebert [Tue, 4 Apr 2023 18:29:23 +0000 (20:29 +0200)]
Fix the styling of mentions
See #5382
Alexander Ebert [Tue, 4 Apr 2023 16:23:11 +0000 (18:23 +0200)]
Preserve empty paragraphs created in CKEditor 5
Fixes WoltLab/editor#15
Tim Düsterhus [Tue, 4 Apr 2023 14:44:48 +0000 (16:44 +0200)]
Fix incorrect migration to DateTimeImmutable
This was broken in
48aad6ed4800f20d3e12fcf7e9a351d8791cd90d.
Fixes #5391
Tim Düsterhus [Tue, 4 Apr 2023 13:47:55 +0000 (15:47 +0200)]
Merge branch '5.5'
Marcel Werk [Tue, 4 Apr 2023 13:44:15 +0000 (15:44 +0200)]
Merge pull request #5389 from WoltLab/user-profile-about-events
Add template events in `userProfileAbout`
Olaf Braun [Sun, 2 Apr 2023 15:44:47 +0000 (17:44 +0200)]
Update TS StringUtil's HTML escaper to be consistent with PHP's
Commit
f631a7de6506e52095299c15042c25a3979a8200 updated the HTML escaper on the
server to encode a single quote (`'`) as `'`, however it did not update
the frontend / TypeScript implementation.
This specifically breaks loading of existing data for i18n fields containing
the single quote, because the JavaScript expects the value to be first JS
encoded and then HTML encoded and manually performs HTML decoding. This is
questionable, but likely not fixable without introducing security issues,
because some users *might* rely on the fact that the JS escaping already
happened and it's impossible to detect whether the given values are already
escaped or not.
Resolves #5381
[Tim: Written the entire commit message]
Tim Düsterhus [Tue, 4 Apr 2023 13:28:22 +0000 (15:28 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 4 Apr 2023 13:27:00 +0000 (15:27 +0200)]
Add `is_string` as template modifier
Resolves #5388
Marcel Werk [Tue, 4 Apr 2023 11:35:28 +0000 (13:35 +0200)]
Add template events in `userProfileAbout`
These events allow content to be displayed in the 'about' tab that is not based on user options.
Tim Düsterhus [Tue, 4 Apr 2023 10:08:51 +0000 (12:08 +0200)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Tue, 4 Apr 2023 10:00:33 +0000 (12:00 +0200)]
Merge branch '5.5'