Matthias Schmidt [Fri, 23 Oct 2020 12:54:32 +0000 (14:54 +0200)]
Add flood control methods to count contents in certain period of time
Matthias Schmidt [Fri, 23 Oct 2020 12:53:28 +0000 (14:53 +0200)]
Add flood control methods to register new content
Matthias Schmidt [Fri, 23 Oct 2020 12:51:10 +0000 (14:51 +0200)]
Add flood control database table
Matthias Schmidt [Fri, 23 Oct 2020 12:49:09 +0000 (14:49 +0200)]
Add flood control content object type
Tim Düsterhus [Fri, 23 Oct 2020 13:08:44 +0000 (15:08 +0200)]
Merge pull request #3573 from WoltLab/session-meta
Refactor Session Handling: Integration branch
Tim Düsterhus [Fri, 23 Oct 2020 12:48:58 +0000 (14:48 +0200)]
Merge branch '5.3'
Tim Düsterhus [Fri, 23 Oct 2020 12:48:41 +0000 (14:48 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Fri, 23 Oct 2020 12:47:06 +0000 (14:47 +0200)]
Merge pull request #3612 from WoltLab/csrf-token-template-backport
Backport CsrfTokenFunctionTemplatePlugin
Tim Düsterhus [Fri, 23 Oct 2020 12:46:18 +0000 (14:46 +0200)]
Merge pull request #3626 from WoltLab/php7.0-compatibility
Remove PHP 7.0 compatibility code for Reflection
Tim Düsterhus [Fri, 23 Oct 2020 12:33:50 +0000 (14:33 +0200)]
Re-add removed template variables relating to legacy auto login in LoginForm
Tim Düsterhus [Fri, 23 Oct 2020 12:33:09 +0000 (14:33 +0200)]
Fix formatting in session refactoring (round 2)
Tim Düsterhus [Fri, 23 Oct 2020 12:20:48 +0000 (14:20 +0200)]
Fix formatting in session refactoring
Co-authored-by: Matthias Schmidt <gravatronics@live.com>
Tim Düsterhus [Fri, 23 Oct 2020 11:47:58 +0000 (13:47 +0200)]
Merge pull request #3630 from WoltLab/database-table-util
Remove DatabaseTableUtil
Tim Düsterhus [Fri, 23 Oct 2020 11:35:47 +0000 (13:35 +0200)]
Merge pull request #3624 from WoltLab/deprecate_fileutil_downloadfilefromhttp
Use Guzzle instead of FileUtil::downloadFileFromHttp
joshuaruesweg [Wed, 21 Oct 2020 17:22:21 +0000 (19:22 +0200)]
Use Guzzle to download spider list
joshuaruesweg [Wed, 21 Oct 2020 17:10:42 +0000 (19:10 +0200)]
Use Guzzle to download package archives
joshuaruesweg [Wed, 21 Oct 2020 15:34:16 +0000 (17:34 +0200)]
Use Guzzle to test the Gravatar URL
Tim Düsterhus [Fri, 23 Oct 2020 10:50:42 +0000 (12:50 +0200)]
Merge branch '5.3'
Tim Düsterhus [Fri, 23 Oct 2020 10:50:23 +0000 (12:50 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Fri, 23 Oct 2020 10:49:54 +0000 (12:49 +0200)]
Whitelist `get_class` in enterprise mode
Tim Düsterhus [Fri, 23 Oct 2020 10:41:26 +0000 (12:41 +0200)]
Merge pull request #3631 from WoltLab/header-cleanup
Clean up response headers
Tim Düsterhus [Fri, 23 Oct 2020 07:43:14 +0000 (09:43 +0200)]
Remove `Expires` response header
No RFC compliant user-agent will ever take this header into account:
> If a response includes a Cache-Control field with the max-age
> directive (Section 5.2.2.8), a recipient MUST ignore the Expires
> field.
Tim Düsterhus [Fri, 23 Oct 2020 07:38:57 +0000 (09:38 +0200)]
Remove `Pragma: no-cache` response header
`Pragma: no-cache` is HTTP/1.0 specific. Anything accessing WoltLab Suite
should be able to at least speak HTTP/1.1. HTTP/1.0 does not even define the
`Host` header for hosting multiple sites on a single IP address!
Tim Düsterhus [Fri, 23 Oct 2020 07:37:06 +0000 (09:37 +0200)]
Remove `X-UA-Compatible` response header
Without support for Internet Explorer we no longer need this header.
Tim Düsterhus [Fri, 23 Oct 2020 07:35:19 +0000 (09:35 +0200)]
Remove DatabaseTableUtil
The only method in there was required for a 5.2.x bugfix update. It should be
possible to safely remove this for 5.4.
Joshua Rüsweg [Thu, 22 Oct 2020 14:49:46 +0000 (16:49 +0200)]
Merge pull request #3625 from WoltLab/guzzle-sink
Remove the explicit passing of a Guzzle sink
Tim Düsterhus [Thu, 22 Oct 2020 11:52:33 +0000 (13:52 +0200)]
Prevent potential `null` argument to bin2hex in SessionHandler
Tim Düsterhus [Thu, 22 Oct 2020 09:59:41 +0000 (11:59 +0200)]
Merge branch 'master' into session-meta
For the cleaned package.xml
Tim Düsterhus [Thu, 22 Oct 2020 09:52:42 +0000 (11:52 +0200)]
Remove update files for 5.2 -> 5.3
Tim Düsterhus [Thu, 22 Oct 2020 08:22:56 +0000 (10:22 +0200)]
Consistently use fully qualified function names
Tim Düsterhus [Thu, 22 Oct 2020 08:02:16 +0000 (10:02 +0200)]
Remove PHP 7.0 compatibility code for Reflection
see #3617
see
26ead9f58b1554956e8fb46133e20a5f3fdf5d25
Tim Düsterhus [Thu, 22 Oct 2020 07:59:57 +0000 (09:59 +0200)]
Remove the explicit passing of a Guzzle sink
Alexander Ebert [Wed, 21 Oct 2020 16:20:39 +0000 (18:20 +0200)]
Merge branch '5.3'
Alexander Ebert [Wed, 21 Oct 2020 16:20:23 +0000 (18:20 +0200)]
Merge branch '5.2' into 5.3
Alexander Ebert [Wed, 21 Oct 2020 16:20:06 +0000 (18:20 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Fri, 16 Oct 2020 11:57:29 +0000 (13:57 +0200)]
Ignore top-level node_modules/
WoltLab [Wed, 21 Oct 2020 15:07:48 +0000 (15:07 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 21 Oct 2020 13:58:51 +0000 (15:58 +0200)]
Merge branch 'master' into session-meta
For the updated CodeSniffer.
Tim Düsterhus [Wed, 21 Oct 2020 13:43:44 +0000 (15:43 +0200)]
Limit branches for templates workflow
Tim Düsterhus [Wed, 21 Oct 2020 13:43:21 +0000 (15:43 +0200)]
Merge branch '5.3' into master
Tim Düsterhus [Wed, 21 Oct 2020 13:42:15 +0000 (15:42 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 21 Oct 2020 13:39:04 +0000 (15:39 +0200)]
Limit workflows to release branches
Features branches will be tested using a PR.
Tim Düsterhus [Wed, 21 Oct 2020 13:37:16 +0000 (15:37 +0200)]
Merge pull request #3622 from WoltLab/workflow-style
Add codestyle workflow
Tim Düsterhus [Wed, 21 Oct 2020 13:03:35 +0000 (15:03 +0200)]
Add codestyle workflow
Tim Düsterhus [Wed, 21 Oct 2020 13:18:26 +0000 (15:18 +0200)]
Add .phpcs.xml
Tim Düsterhus [Wed, 21 Oct 2020 13:13:28 +0000 (15:13 +0200)]
Merge pull request #3617 from WoltLab/formbuilder-php8
Fix PHP 8 support in form builder
Tim Düsterhus [Wed, 21 Oct 2020 13:00:21 +0000 (15:00 +0200)]
Use stock OpeningFunctionBraceKernighanRitchie sniff
Tim Düsterhus [Wed, 21 Oct 2020 12:50:06 +0000 (14:50 +0200)]
Update CodeSniffer ruleset
Tim Düsterhus [Wed, 21 Oct 2020 12:47:07 +0000 (14:47 +0200)]
Merge branch '5.3' into master
Tim Düsterhus [Wed, 21 Oct 2020 12:46:52 +0000 (14:46 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 21 Oct 2020 12:46:13 +0000 (14:46 +0200)]
Tighten up the code style a bit
Tim Düsterhus [Wed, 21 Oct 2020 11:49:30 +0000 (13:49 +0200)]
Remove `final` from `UserEditor::getPasswordHash()`
In PHP 8:
> Private methods cannot be final as they are never overridden by other classes
Tim Düsterhus [Wed, 21 Oct 2020 11:09:13 +0000 (13:09 +0200)]
Merge pull request #3621 from WoltLab/workflow-templates
Add templates workflow
Tim Düsterhus [Wed, 21 Oct 2020 10:57:38 +0000 (12:57 +0200)]
Merge branch 'master' into session-meta
For adjusted CI configuration.
Tim Düsterhus [Wed, 21 Oct 2020 10:38:43 +0000 (12:38 +0200)]
Add templates workflow
Tim Düsterhus [Wed, 21 Oct 2020 10:39:29 +0000 (12:39 +0200)]
Merge pull request #3619 from WoltLab/54-minimum-requirements
Update minimum requirements
Alexander Ebert [Mon, 27 Jan 2020 15:32:16 +0000 (16:32 +0100)]
Deprecated string offset in Net_IDNA2 (PHP 7.4)
(cherry picked from commit
f1d17510cf7d5aa224ad10936ba4529990de127e)
Tim Düsterhus [Tue, 20 Oct 2020 15:08:21 +0000 (17:08 +0200)]
Update to Guzzle 7.2
Tim Düsterhus [Tue, 20 Oct 2020 15:06:34 +0000 (17:06 +0200)]
Update composer dependencies with updated platform
Tim Düsterhus [Tue, 20 Oct 2020 14:56:55 +0000 (16:56 +0200)]
Increase minimum MySQL 8 version to 8.0.19
Limited by: Nothing really. Ubuntu Focal ships with 8.0.21 which was released
in July 2020. While there should be no good reason to not apply these bugfix
upgrades we'll give a bit of leeway and select 8.0.19 which is from January
2020 and thus one year younger than the previous 8.0.14 which is from January
2019.
Tim Düsterhus [Tue, 20 Oct 2020 14:52:52 +0000 (16:52 +0200)]
Increase minimum MySQL 5 version to 5.7.31
Limited by: Ubuntu Bionic which has 5.7.31-0ubuntu0.18.04.1.
Tim Düsterhus [Tue, 20 Oct 2020 14:50:44 +0000 (16:50 +0200)]
Increase minimum MariaDB version to 10.1.44
Limited by: Ubuntu Bionic which has 1:10.1.44-0ubuntu0.18.04.1.
Tim Düsterhus [Tue, 20 Oct 2020 14:46:31 +0000 (16:46 +0200)]
Increase minimum PHP version to 7.2.24
Limited by: Ubuntu Bionic which has 7.2.24-0ubuntu0.18.04.7.
Tim Düsterhus [Wed, 21 Oct 2020 10:08:22 +0000 (12:08 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 21 Oct 2020 10:07:35 +0000 (12:07 +0200)]
Merge pull request #3620 from WoltLab/php-syntax-action
Add php-syntax workflow
Tim Düsterhus [Wed, 21 Oct 2020 08:40:18 +0000 (10:40 +0200)]
Pin the setup-php action to v2 instead of 2.7.0
Tim Düsterhus [Wed, 21 Oct 2020 08:35:20 +0000 (10:35 +0200)]
Ignore errors in HTMLPurifier*.autoload-legacy.php
Tim Düsterhus [Wed, 21 Oct 2020 08:33:38 +0000 (10:33 +0200)]
Fix PHP 8 syntax in DirectoryUtil
Tim Düsterhus [Wed, 21 Oct 2020 08:31:58 +0000 (10:31 +0200)]
Remove PHP syntax check from Travis CI
Tim Düsterhus [Wed, 21 Oct 2020 08:09:44 +0000 (10:09 +0200)]
Suppress "No Syntax errors detected" output
Tim Düsterhus [Wed, 21 Oct 2020 07:46:50 +0000 (09:46 +0200)]
Add php-syntax problem matcher
Tim Düsterhus [Wed, 21 Oct 2020 07:38:08 +0000 (09:38 +0200)]
Add php-syntax Workflow
Alexander Ebert [Tue, 20 Oct 2020 15:11:40 +0000 (17:11 +0200)]
Disabled the sticky code box header inside dialogs
Alexander Ebert [Tue, 20 Oct 2020 14:45:21 +0000 (16:45 +0200)]
Slightly reduced the horizontal padding of `<kbd>` on smaller screens
Tim Düsterhus [Tue, 20 Oct 2020 12:08:43 +0000 (14:08 +0200)]
Merge pull request #3614 from WoltLab/invalidateMailForm-error
Do not ignore errors in invalidateMailForm update script
Tim Düsterhus [Tue, 20 Oct 2020 10:02:22 +0000 (12:02 +0200)]
Fix PHP 8 support in form builder
> Message: Method ReflectionParameter::getClass() is deprecated
Fixes #3489
Tim Düsterhus [Tue, 20 Oct 2020 08:56:33 +0000 (10:56 +0200)]
Handle ns.adobe.com/xmp/extension/ in ExifUtil
Resolves #3616
Tim Düsterhus [Mon, 19 Oct 2020 12:58:39 +0000 (14:58 +0200)]
Backport CsrfTokenFunctionTemplatePlugin
see
3f6a261b1e6a3804370eb1e2a046ea6c666dbedd
see #3606
Tim Düsterhus [Tue, 20 Oct 2020 07:17:02 +0000 (09:17 +0200)]
Improve readability in CsrfTokenFunctionTemplatePlugin
see #3612
Co-authored-by: Matthias Schmidt <gravatronics@live.com>
Alexander Ebert [Mon, 19 Oct 2020 13:59:12 +0000 (15:59 +0200)]
Merge branch '5.2'
Alexander Ebert [Mon, 19 Oct 2020 13:58:54 +0000 (15:58 +0200)]
Revert "Fix deprecation warnings in form builder in PHP 8"
This reverts commit
624e3dd0b234c4bab3e537173421045c7c82590c.
Tim Düsterhus [Mon, 19 Oct 2020 13:32:05 +0000 (15:32 +0200)]
Fix endless loop in removeExifData when the APP1 signature does not match
Tim Düsterhus [Mon, 19 Oct 2020 13:09:06 +0000 (15:09 +0200)]
Do not ignore errors in invalidateMailForm update script
Fixes #3613
Tim Düsterhus [Mon, 19 Oct 2020 11:37:12 +0000 (13:37 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Mon, 19 Oct 2020 11:36:07 +0000 (13:36 +0200)]
Ignore symlink creation failures in DebugFolderEmailTransport
Tim Düsterhus [Mon, 19 Oct 2020 10:34:15 +0000 (12:34 +0200)]
Merge pull request #3593 from WoltLab/session-refactor
Implement the new session handling
Alexander Ebert [Sat, 17 Oct 2020 22:47:03 +0000 (00:47 +0200)]
Release 5.3.0 RC 2
Matthias Schmidt [Sat, 17 Oct 2020 14:37:15 +0000 (16:37 +0200)]
Merge branch '5.2'
Matthias Schmidt [Sat, 17 Oct 2020 14:36:53 +0000 (16:36 +0200)]
Fix updating action of foreign key
Close #3610
root [Sat, 17 Oct 2020 12:35:39 +0000 (12:35 +0000)]
Updating minified JavaScript files
Alexander Ebert [Sat, 17 Oct 2020 12:04:48 +0000 (14:04 +0200)]
Use the overhauled notification settings in the admin panel
Tim Düsterhus [Thu, 15 Oct 2020 12:25:23 +0000 (14:25 +0200)]
Fix use of the CSRF token in WCFSetup
Tim Düsterhus [Wed, 14 Oct 2020 15:12:57 +0000 (17:12 +0200)]
Reduce the size of the session cookie
Send the raw bytes representing the session ID instead of the hexadecimal
encoding.
Tim Düsterhus [Wed, 14 Oct 2020 15:07:43 +0000 (17:07 +0200)]
Make the signed XSRF-TOKEN value raw bytes
The signed value is already encoded as part of creating the signed string.
There is no need to convert it to a hexadecimal representation first,
unnecessarily bloating the value.
While doing so reduce the number of bytes to 16, generating a 128 bit value
which is plenty for this use case.
Tim Düsterhus [Wed, 14 Oct 2020 15:00:59 +0000 (17:00 +0200)]
Move the security token storage into a signed cookie
Tim Düsterhus [Wed, 14 Oct 2020 14:03:48 +0000 (16:03 +0200)]
Use new {csrfToken} tag in templates
Tim Düsterhus [Wed, 14 Oct 2020 13:55:46 +0000 (15:55 +0200)]
Add CsrfTokenCompilerTemplatePlugin
Tim Düsterhus [Thu, 15 Oct 2020 09:27:43 +0000 (11:27 +0200)]
Implement the (parent)?Page* values in SessionHandler::__get()
And switch the whole method to a large switch statement.
Tim Düsterhus [Wed, 14 Oct 2020 13:47:33 +0000 (15:47 +0200)]
Move spiderID out of the environment array
There is no better replacement as of now.
Tim Düsterhus [Wed, 14 Oct 2020 12:23:49 +0000 (14:23 +0200)]
Stop accessing the ->lastActivityTime property of the session
Use TIME_NOW instead.