GitHub/WoltLab/WCF.git
2 years agoWork-around for the inconsistent selection handling in iOS 15
Alexander Ebert [Mon, 14 Feb 2022 16:14:00 +0000 (17:14 +0100)]
Work-around for the inconsistent selection handling in iOS 15

See https://www.woltlab.com/community/thread/294136-ios-text-markieren-link-einf%C3%BCgen-geht-nicht/

2 years agoClamp the date value if it exceeds the `maxDate`
Alexander Ebert [Mon, 14 Feb 2022 14:50:30 +0000 (15:50 +0100)]
Clamp the date value if it exceeds the `maxDate`

See https://www.woltlab.com/community/thread/294169-min-max-datepicker-falscher-monat/

2 years agoFix PHP 8.0/8.1 compatibility of phpline.phar
Tim Düsterhus [Mon, 14 Feb 2022 13:39:57 +0000 (14:39 +0100)]
Fix PHP 8.0/8.1 compatibility of phpline.phar

2 years agoImplicitly expand messages from blocked users when following a permalink
Alexander Ebert [Sun, 13 Feb 2022 15:57:31 +0000 (16:57 +0100)]
Implicitly expand messages from blocked users when following a permalink

See https://www.woltlab.com/community/thread/294218-verlinkung-zu-beitr%C3%A4gen-von-blockierten-nutzern/

2 years agoIndividual settings for boxes were unintentionally overwritten during update
Marcel Werk [Sun, 13 Feb 2022 15:39:12 +0000 (16:39 +0100)]
Individual settings for boxes were unintentionally overwritten during update

2 years agoRelease 5.4.14 dev 1 5.4.14_dev_1
Alexander Ebert [Thu, 10 Feb 2022 17:00:41 +0000 (18:00 +0100)]
Release 5.4.14 dev 1

2 years agoUpdating minified JavaScript files
WoltLab [Thu, 10 Feb 2022 16:58:27 +0000 (16:58 +0000)]
Updating minified JavaScript files

2 years agoMerge pull request #4664 from WoltLab/formbuilder-checkbox-ajax
Tim Düsterhus [Tue, 8 Feb 2022 15:45:26 +0000 (16:45 +0100)]
Merge pull request #4664 from WoltLab/formbuilder-checkbox-ajax

Add `CheckedVoid` form builder data handler for CheckboxFormField

2 years agoAdd `CheckedVoid` form builder data handler for CheckboxFormField
Tim Düsterhus [Tue, 8 Feb 2022 14:54:22 +0000 (15:54 +0100)]
Add `CheckedVoid` form builder data handler for CheckboxFormField

The `Checked` data handler is not usable for the CheckboxFormField, because its
behavior differs from the non-AJAX behavior by always sending a value whereas
checkboxes that are not checked will not send anything within a regular form.

It was considered to simply reuse the `readValue()` implementation in
BooleanFormField, because it appears to do the right thing at a glance. However
this would effectively revert 7d36c55726af2b5b9d9ab1706a05ccf5e52e84b8 which is
a fix to allow unchecking checkboxes that are checked by default.

Also matching the behavior of AJAX and non-AJAX forms 100% is considered a good
thing, so a new JavaScript module to handle this, is the best solution.

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 8 Feb 2022 09:12:31 +0000 (10:12 +0100)]
Merge branch '5.3' into 5.4

2 years agoIgnore `length` when diffing YearDatabaseTableColumn
Tim Düsterhus [Tue, 8 Feb 2022 09:07:00 +0000 (10:07 +0100)]
Ignore `length` when diffing YearDatabaseTableColumn

Similarly to INT columns MySQL 8 ignores the length of YEAR columns:

https://dev.mysql.com/doc/refman/8.0/en/year.html

> As of MySQL 8.0.19, the YEAR(4) data type with an explicit display width is
> deprecated and you should expect support for it to be removed in a future
> version of MySQL. Instead, use YEAR without a display width, which has the
> same meaning.

2 years agoFix template syntax error in wcf.user.notification.articleComment.response(Owner...
Tim Düsterhus [Mon, 7 Feb 2022 13:00:48 +0000 (14:00 +0100)]
Fix template syntax error in wcf.user.notification.articleComment.response(Owner)?.mail.html

see cc5632977059ae88aa5cfe1c27407f0e00fa68c1

2 years agoWhitelist `array_key_exists` in enterprise mode
Tim Düsterhus [Mon, 7 Feb 2022 08:16:08 +0000 (09:16 +0100)]
Whitelist `array_key_exists` in enterprise mode

2 years agoPermission 'canOnlyAccessOwnMedia' did not work as expected
Marcel Werk [Sat, 5 Feb 2022 12:59:32 +0000 (13:59 +0100)]
Permission 'canOnlyAccessOwnMedia' did not work as expected

It was still possible to find files from other users through the search function.

2 years agoFile size was displayed twice when uploading media
Marcel Werk [Sat, 5 Feb 2022 12:56:59 +0000 (13:56 +0100)]
File size was displayed twice when uploading media

2 years agoEmail column in notification settings was too small
Marcel Werk [Thu, 3 Feb 2022 13:44:19 +0000 (14:44 +0100)]
Email column in notification settings was too small

2 years ago`saveInstant()` yields an incorrect selection after formatting
Alexander Ebert [Wed, 2 Feb 2022 18:29:42 +0000 (19:29 +0100)]
`saveInstant()` yields an incorrect selection after formatting

Consider the example `Hello World` where the word `World` is selected. Marking the selection as bold did not mark the button as active.

This was caused by the way the selection is created, causing it to be `Hello |<strong>World|</strong>` when using `saveInstant()` (the pipe denotes the selection boundary).

2 years agoMerge pull request #4656 from WoltLab/dialog-alert
Tim Düsterhus [Wed, 2 Feb 2022 11:05:19 +0000 (12:05 +0100)]
Merge pull request #4656 from WoltLab/dialog-alert

Fix rendering of alert boxes at the top of a dialog

2 years agoRemove obsolete inline CSS in removeUserContentDialog.tpl
Tim Düsterhus [Wed, 2 Feb 2022 11:01:43 +0000 (12:01 +0100)]
Remove obsolete inline CSS in removeUserContentDialog.tpl

see 0d0aecf7b629619de450304945989074522dbca2

2 years agoFix rendering of alert boxes at the top of a dialog
Tim Düsterhus [Wed, 2 Feb 2022 10:50:13 +0000 (11:50 +0100)]
Fix rendering of alert boxes at the top of a dialog

2 years agoRelease 5.4.13 5.4.13
Alexander Ebert [Mon, 31 Jan 2022 16:33:14 +0000 (17:33 +0100)]
Release 5.4.13

2 years agoMerge branch '5.3' into 5.4
Alexander Ebert [Mon, 31 Jan 2022 16:32:20 +0000 (17:32 +0100)]
Merge branch '5.3' into 5.4

2 years agoRelease 5.3.19 5.3.19
Alexander Ebert [Mon, 31 Jan 2022 16:30:49 +0000 (17:30 +0100)]
Release 5.3.19

2 years agoMerge branch '5.2' into 5.3
Alexander Ebert [Mon, 31 Jan 2022 16:30:10 +0000 (17:30 +0100)]
Merge branch '5.2' into 5.3

2 years agoRelease 5.2.19 5.2.19
Alexander Ebert [Mon, 31 Jan 2022 16:28:38 +0000 (17:28 +0100)]
Release 5.2.19

2 years agoMerge branch '3.1' into 5.2
Alexander Ebert [Mon, 31 Jan 2022 16:27:54 +0000 (17:27 +0100)]
Merge branch '3.1' into 5.2

2 years agoRelease 3.1.27 3.1.27
Alexander Ebert [Mon, 31 Jan 2022 16:24:44 +0000 (17:24 +0100)]
Release 3.1.27

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Mon, 31 Jan 2022 16:21:49 +0000 (17:21 +0100)]
Merge branch '5.3' into 5.4

2 years agoMerge branch '5.2' into 5.3
Tim Düsterhus [Mon, 31 Jan 2022 16:18:38 +0000 (17:18 +0100)]
Merge branch '5.2' into 5.3

2 years agoMerge branch '3.1' into 5.2
Tim Düsterhus [Mon, 31 Jan 2022 16:18:14 +0000 (17:18 +0100)]
Merge branch '3.1' into 5.2

2 years agoMerge branch 'unknown-bbcode-xss' into 3.1
Tim Düsterhus [Mon, 31 Jan 2022 16:17:54 +0000 (17:17 +0100)]
Merge branch 'unknown-bbcode-xss' into 3.1

2 years agoFix XSS vulnerability in HtmlBBCodeParser::buildBBCodeTag()
Tim Düsterhus [Mon, 31 Jan 2022 13:18:17 +0000 (14:18 +0100)]
Fix XSS vulnerability in HtmlBBCodeParser::buildBBCodeTag()

Thanks to @methosiea for responsibly reporting this issue.

Resolves #4653

2 years agoFix PHP 8.1.2 compatibility in DatabaseException
Tim Düsterhus [Mon, 31 Jan 2022 13:40:44 +0000 (14:40 +0100)]
Fix PHP 8.1.2 compatibility in DatabaseException

> Cannot access protected property PDOException::$code

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Thu, 27 Jan 2022 13:09:56 +0000 (14:09 +0100)]
Merge branch '5.3' into 5.4

2 years agoFix regular expression for the `atext` production in EmailGrammar
Tim Düsterhus [Thu, 27 Jan 2022 13:01:33 +0000 (14:01 +0100)]
Fix regular expression for the `atext` production in EmailGrammar

Due to the missing escaping of the hyphen with a backslash the allowed
characters were not just:

- The plus sign (`+`, 0x2B),
- the dash      (`-`, 0x2D), and
- the slash     (`/`, 0x2F).

But all ASCII characters between 0x2B and 0x2F, namely:

- The plus sign (`+`, 0x2B),
- the comma     (`,`, 0x2C),
- the dash      (`-`, 0x2D),
- the dot       (`.`, 0x2E), and
- the slash     (`/`, 0x2F).

i.e. the comma and dot in addition to the actually allowed characters.

This error caused an incorrect encoding of headers in `::encodeHeader()`.
Specifically the real name of a mailbox was affected by this issue. As a result
a real name that included a dot, but otherwise matched the `atom` grammar was
improperly encoded, possibly causing email parsing failures for MUAs.

2 years agoFix poll management within the form builder
joshuaruesweg [Tue, 25 Jan 2022 09:33:41 +0000 (10:33 +0100)]
Fix poll management within the form builder

Fixes #4648

2 years agoMerge pull request #4647 from WoltLab/5.4-devtools-requirewcfvalidator
Joshua Rüsweg [Mon, 24 Jan 2022 15:02:06 +0000 (16:02 +0100)]
Merge pull request #4647 from WoltLab/5.4-devtools-requirewcfvalidator

Validates whether the WCF was created as a requirement when saving a …

2 years agoValidates whether the WCF was created as a requirement when saving a project
joshuaruesweg [Mon, 24 Jan 2022 12:45:42 +0000 (13:45 +0100)]
Validates whether the WCF was created as a requirement when saving a project

2 years agoFix typo in de.xml
Tim Düsterhus [Mon, 24 Jan 2022 14:10:11 +0000 (15:10 +0100)]
Fix typo in de.xml

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Fri, 21 Jan 2022 13:03:14 +0000 (14:03 +0100)]
Merge branch '5.3' into 5.4

2 years agoRelease 5.4.12 5.4.12
Alexander Ebert [Fri, 21 Jan 2022 13:00:08 +0000 (14:00 +0100)]
Release 5.4.12

2 years agoMerge branch '5.3' into 5.4
Alexander Ebert [Fri, 21 Jan 2022 12:58:37 +0000 (13:58 +0100)]
Merge branch '5.3' into 5.4

2 years agoMerge branch '5.2' into 5.3
Tim Düsterhus [Fri, 21 Jan 2022 12:53:33 +0000 (13:53 +0100)]
Merge branch '5.2' into 5.3

2 years agoRemove codestyle workflow for non-PSR-12 branches
Tim Düsterhus [Fri, 21 Jan 2022 12:50:28 +0000 (13:50 +0100)]
Remove codestyle workflow for non-PSR-12 branches

The recent backport of the `|json` template modifier from 5.5 to 3.1+ in
58bc4b693415079127dd11d8210d2564a443010d fails the code style, because the
branches 5.3 and earlier expect tabs instead of spaces for indentation.

It's not really work fixing the code style for the file, just to revert it once
again when merging upwards.

Remove the check for these older branches. They are only touched for bug fixes
and the style will need to be adapted when merging into 5.4.

2 years agoRelease 5.3.18 5.3.18
Alexander Ebert [Fri, 21 Jan 2022 12:48:46 +0000 (13:48 +0100)]
Release 5.3.18

2 years agoMerge branch '5.2' into 5.3
Alexander Ebert [Fri, 21 Jan 2022 12:47:22 +0000 (13:47 +0100)]
Merge branch '5.2' into 5.3

2 years agoRelease 5.2.18 5.2.18
Alexander Ebert [Fri, 21 Jan 2022 12:30:34 +0000 (13:30 +0100)]
Release 5.2.18

2 years agoStop using `|encodeJSON`
Tim Düsterhus [Thu, 20 Jan 2022 10:50:19 +0000 (11:50 +0100)]
Stop using `|encodeJSON`

(cherry picked from commit ab1e34de9ca94dc44b20d0b4d58eca2bad80d9d3)

2 years agoMerge branch '3.1' into 5.2
Alexander Ebert [Fri, 21 Jan 2022 12:27:41 +0000 (13:27 +0100)]
Merge branch '3.1' into 5.2

2 years agoRelease 3.1.26 3.1.26
Alexander Ebert [Fri, 21 Jan 2022 12:06:52 +0000 (13:06 +0100)]
Release 3.1.26

2 years agoAdd missing JSON encoding of the PAGE_TITLE in `ampArticle.tpl`
Tim Düsterhus [Thu, 20 Jan 2022 10:50:47 +0000 (11:50 +0100)]
Add missing JSON encoding of the PAGE_TITLE in `ampArticle.tpl`

This does not need to be fixed in any current branch, because the broken-ness
of `|encodeJSON` will result in broken metadata one way or another.

(cherry picked from commit bba7f1706e30761e55954a5a4be569e5bb55a6c4)

2 years agoStop using `|encodeJSON`
Tim Düsterhus [Thu, 20 Jan 2022 10:50:19 +0000 (11:50 +0100)]
Stop using `|encodeJSON`

(cherry picked from commit ab1e34de9ca94dc44b20d0b4d58eca2bad80d9d3)

2 years agoAdd `|json` template modifier
Tim Düsterhus [Thu, 20 Jan 2022 10:48:16 +0000 (11:48 +0100)]
Add `|json` template modifier

(cherry picked from commit e178fa84dc06861c5aba3d14e03161c5396fe9a7)

2 years agoMove `@types/*` npm dependencies into the non-dev section
Tim Düsterhus [Fri, 21 Jan 2022 08:28:01 +0000 (09:28 +0100)]
Move `@types/*` npm dependencies into the non-dev section

This is required for them to be detected in downstream consumers.

2 years agoRelease 5.4.12 dev 1 5.4.12_dev_1
Alexander Ebert [Thu, 20 Jan 2022 18:06:46 +0000 (19:06 +0100)]
Release 5.4.12 dev 1

2 years agoAdd missing JSON encoding of the PAGE_TITLE in `ampArticle.tpl`
Tim Düsterhus [Thu, 20 Jan 2022 10:50:47 +0000 (11:50 +0100)]
Add missing JSON encoding of the PAGE_TITLE in `ampArticle.tpl`

This does not need to be fixed in any current branch, because the broken-ness
of `|encodeJSON` will result in broken metadata one way or another.

(cherry picked from commit bba7f1706e30761e55954a5a4be569e5bb55a6c4)

2 years agoStop using `|encodeJSON`
Tim Düsterhus [Thu, 20 Jan 2022 10:50:19 +0000 (11:50 +0100)]
Stop using `|encodeJSON`

(cherry picked from commit ab1e34de9ca94dc44b20d0b4d58eca2bad80d9d3)

2 years agoAdd `|json` template modifier
Tim Düsterhus [Thu, 20 Jan 2022 10:48:16 +0000 (11:48 +0100)]
Add `|json` template modifier

(cherry picked from commit e178fa84dc06861c5aba3d14e03161c5396fe9a7)

2 years agoRelease 5.4.11 5.4.11
Alexander Ebert [Wed, 19 Jan 2022 13:26:02 +0000 (14:26 +0100)]
Release 5.4.11

2 years agoMerge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Jan 2022 13:18:27 +0000 (14:18 +0100)]
Merge branch '5.3' into 5.4

2 years agoRelease 5.3.17 5.3.17
Alexander Ebert [Wed, 19 Jan 2022 13:10:10 +0000 (14:10 +0100)]
Release 5.3.17

2 years agoMerge branch '5.2' into 5.3
Alexander Ebert [Wed, 19 Jan 2022 13:00:57 +0000 (14:00 +0100)]
Merge branch '5.2' into 5.3

2 years agoRelease 5.2.17 5.2.17
Alexander Ebert [Wed, 19 Jan 2022 12:55:01 +0000 (13:55 +0100)]
Release 5.2.17

2 years agoMerge branch '3.1' into 5.2
Alexander Ebert [Wed, 19 Jan 2022 12:50:25 +0000 (13:50 +0100)]
Merge branch '3.1' into 5.2

2 years agoRelease 3.1.25 3.1.25
Alexander Ebert [Wed, 19 Jan 2022 12:46:00 +0000 (13:46 +0100)]
Release 3.1.25

2 years agoConsistently escape backslashes in StringUtil
Tim Düsterhus [Wed, 19 Jan 2022 12:38:26 +0000 (13:38 +0100)]
Consistently escape backslashes in StringUtil

This is not a functional change, this is just for consistency within the PHP
code, so that each backslash is properly escaped as `\\`.

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Jan 2022 12:31:58 +0000 (13:31 +0100)]
Merge branch '5.3' into 5.4

2 years agoMerge branch '5.2' into 5.3
Tim Düsterhus [Wed, 19 Jan 2022 12:29:21 +0000 (13:29 +0100)]
Merge branch '5.2' into 5.3

2 years agoMerge branch '3.1' into 5.2
Tim Düsterhus [Wed, 19 Jan 2022 12:29:10 +0000 (13:29 +0100)]
Merge branch '3.1' into 5.2

2 years agoMerge branch 'encode-js-quot' into 3.1
Tim Düsterhus [Wed, 19 Jan 2022 12:27:40 +0000 (13:27 +0100)]
Merge branch 'encode-js-quot' into 3.1

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Jan 2022 08:50:39 +0000 (09:50 +0100)]
Merge branch '5.3' into 5.4

2 years agoMerge pull request #4642 from WoltLab/php-ddl-app-install
Tim Düsterhus [Wed, 19 Jan 2022 08:48:30 +0000 (09:48 +0100)]
Merge pull request #4642 from WoltLab/php-ddl-app-install

Fix the replacing of WCF_N in PHP DDL during app installation

2 years agoFix the replacing of WCF_N in PHP DDL during app installation
Tim Düsterhus [Tue, 18 Jan 2022 11:36:04 +0000 (12:36 +0100)]
Fix the replacing of WCF_N in PHP DDL during app installation

During app installation the newly installed app might not yet be stored within
the application cache, thus failing to replace the `1` within the table
structure definition.

Fix this by setting the `skipCache` parameter to `true`. This will increase the
number of database queries, because applications will be checked once for each
defined table and for each defined FOREIGN KEY, but I don't see a simple fix
for this issue that avoids this increase in query count. Specifically we cannot
simply reset the application cache after inserting the application into
wcf1_application.

2 years agoWhen replacing media, the thumbnails were not reset
Marcel Werk [Mon, 17 Jan 2022 17:44:51 +0000 (18:44 +0100)]
When replacing media, the thumbnails were not reset

ref https://www.woltlab.com/community/thread/293960-fehlerhafte-thumbnails-nach-medien-ersetzung/

2 years agoMerge pull request #4638 from Krymonota/patch-20
Tim Düsterhus [Mon, 17 Jan 2022 08:42:47 +0000 (09:42 +0100)]
Merge pull request #4638 from Krymonota/patch-20

Add `var_dump` to allowed enterprise functions

2 years agoAdd `var_dump` to allowed enterprise functions
Niklas [Sun, 16 Jan 2022 16:23:16 +0000 (17:23 +0100)]
Add `var_dump` to allowed enterprise functions

2 years agoError class wasn't shown in box conditions
Marcel Werk [Sun, 16 Jan 2022 14:03:11 +0000 (15:03 +0100)]
Error class wasn't shown in box conditions

2 years agoRelease 5.4.11 dev 1 5.4.11_dev_1
Alexander Ebert [Thu, 13 Jan 2022 13:10:20 +0000 (14:10 +0100)]
Release 5.4.11 dev 1

2 years agoUpdating minified JavaScript files
WoltLab [Thu, 13 Jan 2022 12:33:37 +0000 (12:33 +0000)]
Updating minified JavaScript files

2 years agoRevert "Strip MariaDB replication version hack in MySQLDatabase::getVersion()"
Marcel Werk [Tue, 11 Jan 2022 13:11:37 +0000 (14:11 +0100)]
Revert "Strip MariaDB replication version hack in MySQLDatabase::getVersion()"

This reverts commit bfa8d95d6f016efdedb943c1fe977d89de13406c.

2 years agoReplace legacy HTML tags during paste
Alexander Ebert [Mon, 10 Jan 2022 13:59:52 +0000 (14:59 +0100)]
Replace legacy HTML tags during paste

See https://www.woltlab.com/community/thread/293870-artikel-beim-ersten-abspeichern-b-statt-strong/

2 years agoMerge pull request #4629 from WoltLab/mariadb-version-hack
Marcel Werk [Mon, 10 Jan 2022 10:08:36 +0000 (11:08 +0100)]
Merge pull request #4629 from WoltLab/mariadb-version-hack

Strip MariaDB replication version hack in MySQLDatabase::getVersion()

2 years agoUpdate npm dependencies
Tim Düsterhus [Mon, 10 Jan 2022 10:04:39 +0000 (11:04 +0100)]
Update npm dependencies

2 years agoStrip MariaDB replication version hack in MySQLDatabase::getVersion()
Tim Düsterhus [Mon, 10 Jan 2022 09:47:49 +0000 (10:47 +0100)]
Strip MariaDB replication version hack in MySQLDatabase::getVersion()

Resolves #4626

2 years agoDisallowing access to a CMS page now shows an error 403 instead of 404
Alexander Ebert [Sat, 8 Jan 2022 16:41:58 +0000 (17:41 +0100)]
Disallowing access to a CMS page now shows an error 403 instead of 404

2 years agoTreat invalid timestamps as a missing date
Alexander Ebert [Sat, 8 Jan 2022 16:39:30 +0000 (17:39 +0100)]
Treat invalid timestamps as a missing date

2 years agoMerge pull request #4627 from SoftCreatR/patch-3
Alexander Ebert [Sat, 8 Jan 2022 13:57:41 +0000 (14:57 +0100)]
Merge pull request #4627 from SoftCreatR/patch-3

Add size detection for WebP smileys

2 years agoAdded size detection for WebP smileys
Sascha Greuel [Sat, 8 Jan 2022 08:27:38 +0000 (09:27 +0100)]
Added size detection for WebP smileys

2 years agoMissing reset of the WebP flag for cover photos
Alexander Ebert [Fri, 7 Jan 2022 16:35:25 +0000 (17:35 +0100)]
Missing reset of the WebP flag for cover photos

Uploading a GIF after uploading a cover photo with a WebP variant caused the GIF to not show up.

See https://www.woltlab.com/community/thread/293665-gif-bilder-als-titelbild/

2 years agoIncorrect handling of Shift+Enter inside code blocks
Alexander Ebert [Fri, 7 Jan 2022 16:12:36 +0000 (17:12 +0100)]
Incorrect handling of Shift+Enter inside code blocks

See https://www.woltlab.com/community/thread/293723-eingabetaste-erzeugt-weiteren-quellcode-bbcode/

2 years agoMerge pull request #4623 from WoltLab/php8.1-i18n-option
Tim Düsterhus [Fri, 7 Jan 2022 13:52:02 +0000 (14:52 +0100)]
Merge pull request #4623 from WoltLab/php8.1-i18n-option

Fix PHP 8.1 compatibility when saving I18n options

2 years agoDefault missing values to `''` in OptionHandler::validateOption()
Tim Düsterhus [Fri, 7 Jan 2022 08:54:19 +0000 (09:54 +0100)]
Default missing values to `''` in OptionHandler::validateOption()

This is required for PHP 8.1 compatibility of i18n options, as these are
handled separately using I18nHandler.

see b46c272b28ba84892534b31c641a6dd412bb0a1e
see 860e98cff580e299cbbd8cdb7eb50d0113b938cc

2 years agoRevert "Fix PHP 8.1 compatibility when saving I18n options"
Tim Düsterhus [Fri, 7 Jan 2022 08:50:28 +0000 (09:50 +0100)]
Revert "Fix PHP 8.1 compatibility when saving I18n options"

During the discussion within the PR is was decided to opt for a different, less
invasive, fix, because the impact of this change is not really clear.

This reverts commit b46c272b28ba84892534b31c641a6dd412bb0a1e.

2 years agoNested tab menus were not preselected on load
Alexander Ebert [Thu, 6 Jan 2022 19:20:12 +0000 (20:20 +0100)]
Nested tab menus were not preselected on load

See https://www.woltlab.com/community/thread/293819-subtab-direkt-aufrufen-geht-nicht/

2 years agoMerge branch '5.4' of https://github.com/WoltLab/WCF into 5.4
Marcel Werk [Thu, 6 Jan 2022 17:11:09 +0000 (18:11 +0100)]
Merge branch '5.4' of https://github.com/WoltLab/WCF into 5.4

2 years agosignature_max_image_height caused incorrect size of avatars in quotes within signatures
Marcel Werk [Thu, 6 Jan 2022 17:11:01 +0000 (18:11 +0100)]
signature_max_image_height caused incorrect size of avatars in quotes within signatures

Closes #4625

2 years agoFiltering the user list by a user group discarded the optional columns
Alexander Ebert [Thu, 6 Jan 2022 17:08:45 +0000 (18:08 +0100)]
Filtering the user list by a user group discarded the optional columns

Fix for 9bc86ecf0bd32ed2615023bcf9ae398aafbb23fa

See https://www.woltlab.com/community/thread/293719-detailinfos-innerhalb-benutzergruppen-fehlen-im-acp-seit-update-woltlab-suite-5/

2 years agoFix PHP 8.1 compatibility when saving I18n options
Tim Düsterhus [Thu, 6 Jan 2022 09:50:13 +0000 (10:50 +0100)]
Fix PHP 8.1 compatibility when saving I18n options

As I18n options are special-cased, they will not be provided in `rawValues`,
thus passing `null` to `->getData()`, which the option types are not prepared
to handle. Before PHP 8.1 this was implicitly treated as an empty string, with
the types introduced to native functions, e.g. `explode()` or `preg_replace()`
this will result in an error.

2 years agoRun prettier on `acp/style/**/*.scss`
Tim Düsterhus [Tue, 4 Jan 2022 15:10:03 +0000 (16:10 +0100)]
Run prettier on `acp/style/**/*.scss`

2 years agoEncode the double quote (`"`) in StringUtil::encodeJS()
Tim Düsterhus [Tue, 4 Jan 2022 10:50:50 +0000 (11:50 +0100)]
Encode the double quote (`"`) in StringUtil::encodeJS()

`encodeJSON()` is currently broken, because while it HTML-encodes the double
quote, it does not actually add the backslash in front of it. Depending on
whether the HTML entity is interpreted by the browser in that specific location
or not, this either results in an incorrect string (with a literal `&quot;`
instead of `"`) or in a syntax error (because the `"` ends the string
prematurely).

The latter might even allow for the injection of JavaScript, if `encodeJSON` is
used in a `<script>` tag that is not just LD-JSON metadata.

Fix this issue by escaping the double quote in `encodeJS` which is used
internally by `encodeJSON`. This should not cause issues, as an escaped double
quote is valid syntax within a JavaScript string.