Alexander Ebert [Mon, 14 Feb 2022 16:14:00 +0000 (17:14 +0100)]
Work-around for the inconsistent selection handling in iOS 15
See https://www.woltlab.com/community/thread/294136-ios-text-markieren-link-einf%C3%BCgen-geht-nicht/
Alexander Ebert [Mon, 14 Feb 2022 14:50:30 +0000 (15:50 +0100)]
Clamp the date value if it exceeds the `maxDate`
See https://www.woltlab.com/community/thread/294169-min-max-datepicker-falscher-monat/
Tim Düsterhus [Mon, 14 Feb 2022 13:39:57 +0000 (14:39 +0100)]
Fix PHP 8.0/8.1 compatibility of phpline.phar
Alexander Ebert [Sun, 13 Feb 2022 15:57:31 +0000 (16:57 +0100)]
Implicitly expand messages from blocked users when following a permalink
See https://www.woltlab.com/community/thread/294218-verlinkung-zu-beitr%C3%A4gen-von-blockierten-nutzern/
Marcel Werk [Sun, 13 Feb 2022 15:39:12 +0000 (16:39 +0100)]
Individual settings for boxes were unintentionally overwritten during update
Alexander Ebert [Thu, 10 Feb 2022 17:00:41 +0000 (18:00 +0100)]
Release 5.4.14 dev 1
WoltLab [Thu, 10 Feb 2022 16:58:27 +0000 (16:58 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Tue, 8 Feb 2022 15:45:26 +0000 (16:45 +0100)]
Merge pull request #4664 from WoltLab/formbuilder-checkbox-ajax
Add `CheckedVoid` form builder data handler for CheckboxFormField
Tim Düsterhus [Tue, 8 Feb 2022 14:54:22 +0000 (15:54 +0100)]
Add `CheckedVoid` form builder data handler for CheckboxFormField
The `Checked` data handler is not usable for the CheckboxFormField, because its
behavior differs from the non-AJAX behavior by always sending a value whereas
checkboxes that are not checked will not send anything within a regular form.
It was considered to simply reuse the `readValue()` implementation in
BooleanFormField, because it appears to do the right thing at a glance. However
this would effectively revert
7d36c55726af2b5b9d9ab1706a05ccf5e52e84b8 which is
a fix to allow unchecking checkboxes that are checked by default.
Also matching the behavior of AJAX and non-AJAX forms 100% is considered a good
thing, so a new JavaScript module to handle this, is the best solution.
Tim Düsterhus [Tue, 8 Feb 2022 09:12:31 +0000 (10:12 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 8 Feb 2022 09:07:00 +0000 (10:07 +0100)]
Ignore `length` when diffing YearDatabaseTableColumn
Similarly to INT columns MySQL 8 ignores the length of YEAR columns:
https://dev.mysql.com/doc/refman/8.0/en/year.html
> As of MySQL 8.0.19, the YEAR(4) data type with an explicit display width is
> deprecated and you should expect support for it to be removed in a future
> version of MySQL. Instead, use YEAR without a display width, which has the
> same meaning.
Tim Düsterhus [Mon, 7 Feb 2022 13:00:48 +0000 (14:00 +0100)]
Fix template syntax error in wcf.user.notification.articleComment.response(Owner)?.mail.html
see
cc5632977059ae88aa5cfe1c27407f0e00fa68c1
Tim Düsterhus [Mon, 7 Feb 2022 08:16:08 +0000 (09:16 +0100)]
Whitelist `array_key_exists` in enterprise mode
Marcel Werk [Sat, 5 Feb 2022 12:59:32 +0000 (13:59 +0100)]
Permission 'canOnlyAccessOwnMedia' did not work as expected
It was still possible to find files from other users through the search function.
Marcel Werk [Sat, 5 Feb 2022 12:56:59 +0000 (13:56 +0100)]
File size was displayed twice when uploading media
Marcel Werk [Thu, 3 Feb 2022 13:44:19 +0000 (14:44 +0100)]
Email column in notification settings was too small
Alexander Ebert [Wed, 2 Feb 2022 18:29:42 +0000 (19:29 +0100)]
`saveInstant()` yields an incorrect selection after formatting
Consider the example `Hello World` where the word `World` is selected. Marking the selection as bold did not mark the button as active.
This was caused by the way the selection is created, causing it to be `Hello |<strong>World|</strong>` when using `saveInstant()` (the pipe denotes the selection boundary).
Tim Düsterhus [Wed, 2 Feb 2022 11:05:19 +0000 (12:05 +0100)]
Merge pull request #4656 from WoltLab/dialog-alert
Fix rendering of alert boxes at the top of a dialog
Tim Düsterhus [Wed, 2 Feb 2022 11:01:43 +0000 (12:01 +0100)]
Remove obsolete inline CSS in removeUserContentDialog.tpl
see
0d0aecf7b629619de450304945989074522dbca2
Tim Düsterhus [Wed, 2 Feb 2022 10:50:13 +0000 (11:50 +0100)]
Fix rendering of alert boxes at the top of a dialog
Alexander Ebert [Mon, 31 Jan 2022 16:33:14 +0000 (17:33 +0100)]
Release 5.4.13
Alexander Ebert [Mon, 31 Jan 2022 16:32:20 +0000 (17:32 +0100)]
Merge branch '5.3' into 5.4
Alexander Ebert [Mon, 31 Jan 2022 16:30:49 +0000 (17:30 +0100)]
Release 5.3.19
Alexander Ebert [Mon, 31 Jan 2022 16:30:10 +0000 (17:30 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Mon, 31 Jan 2022 16:28:38 +0000 (17:28 +0100)]
Release 5.2.19
Alexander Ebert [Mon, 31 Jan 2022 16:27:54 +0000 (17:27 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Mon, 31 Jan 2022 16:24:44 +0000 (17:24 +0100)]
Release 3.1.27
Tim Düsterhus [Mon, 31 Jan 2022 16:21:49 +0000 (17:21 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 31 Jan 2022 16:18:38 +0000 (17:18 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Mon, 31 Jan 2022 16:18:14 +0000 (17:18 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Mon, 31 Jan 2022 16:17:54 +0000 (17:17 +0100)]
Merge branch 'unknown-bbcode-xss' into 3.1
Tim Düsterhus [Mon, 31 Jan 2022 13:18:17 +0000 (14:18 +0100)]
Fix XSS vulnerability in HtmlBBCodeParser::buildBBCodeTag()
Thanks to @methosiea for responsibly reporting this issue.
Resolves #4653
Tim Düsterhus [Mon, 31 Jan 2022 13:40:44 +0000 (14:40 +0100)]
Fix PHP 8.1.2 compatibility in DatabaseException
> Cannot access protected property PDOException::$code
Tim Düsterhus [Thu, 27 Jan 2022 13:09:56 +0000 (14:09 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 27 Jan 2022 13:01:33 +0000 (14:01 +0100)]
Fix regular expression for the `atext` production in EmailGrammar
Due to the missing escaping of the hyphen with a backslash the allowed
characters were not just:
- The plus sign (`+`, 0x2B),
- the dash (`-`, 0x2D), and
- the slash (`/`, 0x2F).
But all ASCII characters between 0x2B and 0x2F, namely:
- The plus sign (`+`, 0x2B),
- the comma (`,`, 0x2C),
- the dash (`-`, 0x2D),
- the dot (`.`, 0x2E), and
- the slash (`/`, 0x2F).
i.e. the comma and dot in addition to the actually allowed characters.
This error caused an incorrect encoding of headers in `::encodeHeader()`.
Specifically the real name of a mailbox was affected by this issue. As a result
a real name that included a dot, but otherwise matched the `atom` grammar was
improperly encoded, possibly causing email parsing failures for MUAs.
joshuaruesweg [Tue, 25 Jan 2022 09:33:41 +0000 (10:33 +0100)]
Fix poll management within the form builder
Fixes #4648
Joshua Rüsweg [Mon, 24 Jan 2022 15:02:06 +0000 (16:02 +0100)]
Merge pull request #4647 from WoltLab/5.4-devtools-requirewcfvalidator
Validates whether the WCF was created as a requirement when saving a …
joshuaruesweg [Mon, 24 Jan 2022 12:45:42 +0000 (13:45 +0100)]
Validates whether the WCF was created as a requirement when saving a project
Tim Düsterhus [Mon, 24 Jan 2022 14:10:11 +0000 (15:10 +0100)]
Fix typo in de.xml
Tim Düsterhus [Fri, 21 Jan 2022 13:03:14 +0000 (14:03 +0100)]
Merge branch '5.3' into 5.4
Alexander Ebert [Fri, 21 Jan 2022 13:00:08 +0000 (14:00 +0100)]
Release 5.4.12
Alexander Ebert [Fri, 21 Jan 2022 12:58:37 +0000 (13:58 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Fri, 21 Jan 2022 12:53:33 +0000 (13:53 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Fri, 21 Jan 2022 12:50:28 +0000 (13:50 +0100)]
Remove codestyle workflow for non-PSR-12 branches
The recent backport of the `|json` template modifier from 5.5 to 3.1+ in
58bc4b693415079127dd11d8210d2564a443010d fails the code style, because the
branches 5.3 and earlier expect tabs instead of spaces for indentation.
It's not really work fixing the code style for the file, just to revert it once
again when merging upwards.
Remove the check for these older branches. They are only touched for bug fixes
and the style will need to be adapted when merging into 5.4.
Alexander Ebert [Fri, 21 Jan 2022 12:48:46 +0000 (13:48 +0100)]
Release 5.3.18
Alexander Ebert [Fri, 21 Jan 2022 12:47:22 +0000 (13:47 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Fri, 21 Jan 2022 12:30:34 +0000 (13:30 +0100)]
Release 5.2.18
Tim Düsterhus [Thu, 20 Jan 2022 10:50:19 +0000 (11:50 +0100)]
Stop using `|encodeJSON`
(cherry picked from commit
ab1e34de9ca94dc44b20d0b4d58eca2bad80d9d3)
Alexander Ebert [Fri, 21 Jan 2022 12:27:41 +0000 (13:27 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Fri, 21 Jan 2022 12:06:52 +0000 (13:06 +0100)]
Release 3.1.26
Tim Düsterhus [Thu, 20 Jan 2022 10:50:47 +0000 (11:50 +0100)]
Add missing JSON encoding of the PAGE_TITLE in `ampArticle.tpl`
This does not need to be fixed in any current branch, because the broken-ness
of `|encodeJSON` will result in broken metadata one way or another.
(cherry picked from commit
bba7f1706e30761e55954a5a4be569e5bb55a6c4)
Tim Düsterhus [Thu, 20 Jan 2022 10:50:19 +0000 (11:50 +0100)]
Stop using `|encodeJSON`
(cherry picked from commit
ab1e34de9ca94dc44b20d0b4d58eca2bad80d9d3)
Tim Düsterhus [Thu, 20 Jan 2022 10:48:16 +0000 (11:48 +0100)]
Add `|json` template modifier
(cherry picked from commit
e178fa84dc06861c5aba3d14e03161c5396fe9a7)
Tim Düsterhus [Fri, 21 Jan 2022 08:28:01 +0000 (09:28 +0100)]
Move `@types/*` npm dependencies into the non-dev section
This is required for them to be detected in downstream consumers.
Alexander Ebert [Thu, 20 Jan 2022 18:06:46 +0000 (19:06 +0100)]
Release 5.4.12 dev 1
Tim Düsterhus [Thu, 20 Jan 2022 10:50:47 +0000 (11:50 +0100)]
Add missing JSON encoding of the PAGE_TITLE in `ampArticle.tpl`
This does not need to be fixed in any current branch, because the broken-ness
of `|encodeJSON` will result in broken metadata one way or another.
(cherry picked from commit
bba7f1706e30761e55954a5a4be569e5bb55a6c4)
Tim Düsterhus [Thu, 20 Jan 2022 10:50:19 +0000 (11:50 +0100)]
Stop using `|encodeJSON`
(cherry picked from commit
ab1e34de9ca94dc44b20d0b4d58eca2bad80d9d3)
Tim Düsterhus [Thu, 20 Jan 2022 10:48:16 +0000 (11:48 +0100)]
Add `|json` template modifier
(cherry picked from commit
e178fa84dc06861c5aba3d14e03161c5396fe9a7)
Alexander Ebert [Wed, 19 Jan 2022 13:26:02 +0000 (14:26 +0100)]
Release 5.4.11
Alexander Ebert [Wed, 19 Jan 2022 13:18:27 +0000 (14:18 +0100)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Jan 2022 13:10:10 +0000 (14:10 +0100)]
Release 5.3.17
Alexander Ebert [Wed, 19 Jan 2022 13:00:57 +0000 (14:00 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Wed, 19 Jan 2022 12:55:01 +0000 (13:55 +0100)]
Release 5.2.17
Alexander Ebert [Wed, 19 Jan 2022 12:50:25 +0000 (13:50 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 19 Jan 2022 12:46:00 +0000 (13:46 +0100)]
Release 3.1.25
Tim Düsterhus [Wed, 19 Jan 2022 12:38:26 +0000 (13:38 +0100)]
Consistently escape backslashes in StringUtil
This is not a functional change, this is just for consistency within the PHP
code, so that each backslash is properly escaped as `\\`.
Tim Düsterhus [Wed, 19 Jan 2022 12:31:58 +0000 (13:31 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Jan 2022 12:29:21 +0000 (13:29 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 19 Jan 2022 12:29:10 +0000 (13:29 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 19 Jan 2022 12:27:40 +0000 (13:27 +0100)]
Merge branch 'encode-js-quot' into 3.1
Tim Düsterhus [Wed, 19 Jan 2022 08:50:39 +0000 (09:50 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Jan 2022 08:48:30 +0000 (09:48 +0100)]
Merge pull request #4642 from WoltLab/php-ddl-app-install
Fix the replacing of WCF_N in PHP DDL during app installation
Tim Düsterhus [Tue, 18 Jan 2022 11:36:04 +0000 (12:36 +0100)]
Fix the replacing of WCF_N in PHP DDL during app installation
During app installation the newly installed app might not yet be stored within
the application cache, thus failing to replace the `1` within the table
structure definition.
Fix this by setting the `skipCache` parameter to `true`. This will increase the
number of database queries, because applications will be checked once for each
defined table and for each defined FOREIGN KEY, but I don't see a simple fix
for this issue that avoids this increase in query count. Specifically we cannot
simply reset the application cache after inserting the application into
wcf1_application.
Marcel Werk [Mon, 17 Jan 2022 17:44:51 +0000 (18:44 +0100)]
When replacing media, the thumbnails were not reset
ref https://www.woltlab.com/community/thread/293960-fehlerhafte-thumbnails-nach-medien-ersetzung/
Tim Düsterhus [Mon, 17 Jan 2022 08:42:47 +0000 (09:42 +0100)]
Merge pull request #4638 from Krymonota/patch-20
Add `var_dump` to allowed enterprise functions
Niklas [Sun, 16 Jan 2022 16:23:16 +0000 (17:23 +0100)]
Add `var_dump` to allowed enterprise functions
Marcel Werk [Sun, 16 Jan 2022 14:03:11 +0000 (15:03 +0100)]
Error class wasn't shown in box conditions
Alexander Ebert [Thu, 13 Jan 2022 13:10:20 +0000 (14:10 +0100)]
Release 5.4.11 dev 1
WoltLab [Thu, 13 Jan 2022 12:33:37 +0000 (12:33 +0000)]
Updating minified JavaScript files
Marcel Werk [Tue, 11 Jan 2022 13:11:37 +0000 (14:11 +0100)]
Revert "Strip MariaDB replication version hack in MySQLDatabase::getVersion()"
This reverts commit
bfa8d95d6f016efdedb943c1fe977d89de13406c.
Alexander Ebert [Mon, 10 Jan 2022 13:59:52 +0000 (14:59 +0100)]
Replace legacy HTML tags during paste
See https://www.woltlab.com/community/thread/293870-artikel-beim-ersten-abspeichern-b-statt-strong/
Marcel Werk [Mon, 10 Jan 2022 10:08:36 +0000 (11:08 +0100)]
Merge pull request #4629 from WoltLab/mariadb-version-hack
Strip MariaDB replication version hack in MySQLDatabase::getVersion()
Tim Düsterhus [Mon, 10 Jan 2022 10:04:39 +0000 (11:04 +0100)]
Update npm dependencies
Tim Düsterhus [Mon, 10 Jan 2022 09:47:49 +0000 (10:47 +0100)]
Strip MariaDB replication version hack in MySQLDatabase::getVersion()
Resolves #4626
Alexander Ebert [Sat, 8 Jan 2022 16:41:58 +0000 (17:41 +0100)]
Disallowing access to a CMS page now shows an error 403 instead of 404
Alexander Ebert [Sat, 8 Jan 2022 16:39:30 +0000 (17:39 +0100)]
Treat invalid timestamps as a missing date
Alexander Ebert [Sat, 8 Jan 2022 13:57:41 +0000 (14:57 +0100)]
Merge pull request #4627 from SoftCreatR/patch-3
Add size detection for WebP smileys
Sascha Greuel [Sat, 8 Jan 2022 08:27:38 +0000 (09:27 +0100)]
Added size detection for WebP smileys
Alexander Ebert [Fri, 7 Jan 2022 16:35:25 +0000 (17:35 +0100)]
Missing reset of the WebP flag for cover photos
Uploading a GIF after uploading a cover photo with a WebP variant caused the GIF to not show up.
See https://www.woltlab.com/community/thread/293665-gif-bilder-als-titelbild/
Alexander Ebert [Fri, 7 Jan 2022 16:12:36 +0000 (17:12 +0100)]
Incorrect handling of Shift+Enter inside code blocks
See https://www.woltlab.com/community/thread/293723-eingabetaste-erzeugt-weiteren-quellcode-bbcode/
Tim Düsterhus [Fri, 7 Jan 2022 13:52:02 +0000 (14:52 +0100)]
Merge pull request #4623 from WoltLab/php8.1-i18n-option
Fix PHP 8.1 compatibility when saving I18n options
Tim Düsterhus [Fri, 7 Jan 2022 08:54:19 +0000 (09:54 +0100)]
Default missing values to `''` in OptionHandler::validateOption()
This is required for PHP 8.1 compatibility of i18n options, as these are
handled separately using I18nHandler.
see
b46c272b28ba84892534b31c641a6dd412bb0a1e
see
860e98cff580e299cbbd8cdb7eb50d0113b938cc
Tim Düsterhus [Fri, 7 Jan 2022 08:50:28 +0000 (09:50 +0100)]
Revert "Fix PHP 8.1 compatibility when saving I18n options"
During the discussion within the PR is was decided to opt for a different, less
invasive, fix, because the impact of this change is not really clear.
This reverts commit
b46c272b28ba84892534b31c641a6dd412bb0a1e.
Alexander Ebert [Thu, 6 Jan 2022 19:20:12 +0000 (20:20 +0100)]
Nested tab menus were not preselected on load
See https://www.woltlab.com/community/thread/293819-subtab-direkt-aufrufen-geht-nicht/
Marcel Werk [Thu, 6 Jan 2022 17:11:09 +0000 (18:11 +0100)]
Merge branch '5.4' of https://github.com/WoltLab/WCF into 5.4
Marcel Werk [Thu, 6 Jan 2022 17:11:01 +0000 (18:11 +0100)]
signature_max_image_height caused incorrect size of avatars in quotes within signatures
Closes #4625
Alexander Ebert [Thu, 6 Jan 2022 17:08:45 +0000 (18:08 +0100)]
Filtering the user list by a user group discarded the optional columns
Fix for
9bc86ecf0bd32ed2615023bcf9ae398aafbb23fa
See https://www.woltlab.com/community/thread/293719-detailinfos-innerhalb-benutzergruppen-fehlen-im-acp-seit-update-woltlab-suite-5/
Tim Düsterhus [Thu, 6 Jan 2022 09:50:13 +0000 (10:50 +0100)]
Fix PHP 8.1 compatibility when saving I18n options
As I18n options are special-cased, they will not be provided in `rawValues`,
thus passing `null` to `->getData()`, which the option types are not prepared
to handle. Before PHP 8.1 this was implicitly treated as an empty string, with
the types introduced to native functions, e.g. `explode()` or `preg_replace()`
this will result in an error.
Tim Düsterhus [Tue, 4 Jan 2022 15:10:03 +0000 (16:10 +0100)]
Run prettier on `acp/style/**/*.scss`
Tim Düsterhus [Tue, 4 Jan 2022 10:50:50 +0000 (11:50 +0100)]
Encode the double quote (`"`) in StringUtil::encodeJS()
`encodeJSON()` is currently broken, because while it HTML-encodes the double
quote, it does not actually add the backslash in front of it. Depending on
whether the HTML entity is interpreted by the browser in that specific location
or not, this either results in an incorrect string (with a literal `"`
instead of `"`) or in a syntax error (because the `"` ends the string
prematurely).
The latter might even allow for the injection of JavaScript, if `encodeJSON` is
used in a `<script>` tag that is not just LD-JSON metadata.
Fix this issue by escaping the double quote in `encodeJS` which is used
internally by `encodeJSON`. This should not cause issues, as an escaped double
quote is valid syntax within a JavaScript string.