Tim Düsterhus [Mon, 25 Apr 2022 10:49:48 +0000 (12:49 +0200)]
Set explicit `referrerpolicy` for YouTube embeds
YouTube requires the `Referer` header to be set for (some) embeds to work. By
using the attribute any `referrer-policy` header set on the top level document
is overridden (e.g. `same-origin`).
Co-authored-by: Sascha Greuel <github@1-2.dev>
Tim Düsterhus [Fri, 22 Apr 2022 13:26:13 +0000 (15:26 +0200)]
Remove reference to CONTRIBUTING.md from README.md
see
5d7b7d602e0f6efb077bffda4b3ecceed8534810
Alexander Ebert [Thu, 21 Apr 2022 13:12:48 +0000 (15:12 +0200)]
Detect italic/underline text pasted from Google Docs
Marcel Werk [Wed, 20 Apr 2022 09:17:27 +0000 (11:17 +0200)]
Fetching a remote avatar didn't work if user doesn't have to permission to upload avatars
joshuaruesweg [Tue, 19 Apr 2022 08:18:31 +0000 (10:18 +0200)]
Fix fetching userID for multilanguage articles
joshuaruesweg [Mon, 18 Apr 2022 08:36:19 +0000 (10:36 +0200)]
Use spaces instead of tabs
joshuaruesweg [Mon, 18 Apr 2022 08:31:40 +0000 (10:31 +0200)]
Prevent firing notifications for awarding own trophies
Alexander Ebert [Thu, 14 Apr 2022 14:57:41 +0000 (16:57 +0200)]
Release 5.4.16
Alexander Ebert [Thu, 14 Apr 2022 14:47:23 +0000 (16:47 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Thu, 14 Apr 2022 14:45:23 +0000 (16:45 +0200)]
Release 5.3.22
Alexander Ebert [Thu, 14 Apr 2022 14:25:02 +0000 (16:25 +0200)]
Removed the outdated `CONTRIBUTING.md`
The file is heavily outdated and badly presented on GitHub. With WoltLab Suite 5.4 we switched to PSR-12 and Prettier anyway, so there is no need to explain any special rules.
Closes #4600
Marcel Werk [Thu, 14 Apr 2022 12:26:23 +0000 (14:26 +0200)]
Attached images with mismatched proportions got mangled
Alexander Ebert [Thu, 14 Apr 2022 09:47:35 +0000 (11:47 +0200)]
Empty code boxes partially collapsed the layout
See https://www.woltlab.com/community/thread/295182-leere-code-box-ist-kaputt/
Tim Düsterhus [Wed, 13 Apr 2022 07:17:30 +0000 (09:17 +0200)]
Fix typo in en.xml
Alexander Ebert [Tue, 12 Apr 2022 13:20:42 +0000 (15:20 +0200)]
Release 5.4.16 dev 1
WoltLab [Tue, 12 Apr 2022 12:39:44 +0000 (12:39 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 12 Apr 2022 12:32:56 +0000 (14:32 +0200)]
Removing an attachment did not purge copies
See https://www.woltlab.com/community/thread/295032-dateianh%C3%A4nge-aktualsieren-sich-nicht-beim-l%C3%B6schen/
WoltLab [Tue, 12 Apr 2022 09:53:44 +0000 (09:53 +0000)]
Updating minified JavaScript files
Alexander Ebert [Mon, 11 Apr 2022 15:05:49 +0000 (17:05 +0200)]
Overlaying images discarded the transparency
See https://www.woltlab.com/community/thread/295124-imagickimageadapter-overlayen-zweier-bilder-mit-alpha-channel-entfernt-transpare/
Alexander Ebert [Mon, 11 Apr 2022 14:00:58 +0000 (16:00 +0200)]
Merge pull request #4700 from WoltLab/54-disallow-default-value-for-blob-text
Disallow default values for BLOB and TEXT columns
Tim Düsterhus [Mon, 11 Apr 2022 11:51:00 +0000 (13:51 +0200)]
Allow `null` in `TUnsupportedDefaultValue`
When fetching the column definition from the database MySQL will return `null`
as the default value for BLOB and TEXT column even if the column itself is
`NOT NULL`.
Alexander Ebert [Mon, 11 Apr 2022 10:45:24 +0000 (12:45 +0200)]
Incorrect code formatting
Alexander Ebert [Mon, 11 Apr 2022 10:41:36 +0000 (12:41 +0200)]
Missing cache reset after manually adding phrases
See https://www.woltlab.com/community/thread/295020-text-hinzuf%C3%BCgen-cache-wird-nicht-geleert/
Tim Düsterhus [Fri, 8 Apr 2022 10:03:23 +0000 (12:03 +0200)]
Remove accidentally added space in MysqlSearchEngine
Tim Düsterhus [Fri, 8 Apr 2022 10:00:53 +0000 (12:00 +0200)]
Do not add the `+` prefix to search terms matching an InnoDB stop word
This is issue is effectively identical to the one fixed in commit
247d9cc51af9cd78395e2e7600bacbc2ffdf918b.
Tim Düsterhus [Wed, 6 Apr 2022 11:02:02 +0000 (13:02 +0200)]
Ignore prefixes that are not separated with a space in MysqlSearchEngine::splitIntoTerms()
Marcel Werk [Tue, 5 Apr 2022 09:20:31 +0000 (11:20 +0200)]
Banning a user without entering an unbanning date leads to error message
Alexander Ebert [Mon, 4 Apr 2022 17:08:41 +0000 (19:08 +0200)]
Detect Firefox in Favico.js based on CSS
See https://www.woltlab.com/community/thread/294994-verwendung-von-installtrigger-in-favico-js-vermeiden/
Alexander Ebert [Mon, 4 Apr 2022 17:01:12 +0000 (19:01 +0200)]
Verify that the active dialog is closable
See https://www.woltlab.com/community/thread/294867-verschachtelte-dialoge-verwerfen-optionen-des-1-dialogs/
Sir-Will [Sun, 3 Apr 2022 01:19:51 +0000 (03:19 +0200)]
Update google console link
Closes #4716
Marcel Werk [Thu, 31 Mar 2022 12:05:56 +0000 (14:05 +0200)]
Article system allowed access to titles of hidden articles
The problem was caused by a redirect to the Canonical URL before the permissions were checked.
Marcel Werk [Tue, 29 Mar 2022 12:36:13 +0000 (14:36 +0200)]
Floating of attachments in simplified HTML did not work properly
Marcel Werk [Tue, 29 Mar 2022 12:01:36 +0000 (14:01 +0200)]
Incorrect handling of GIF cover photos when rebuilding users
Tim Düsterhus [Wed, 23 Mar 2022 08:10:40 +0000 (09:10 +0100)]
Whitelist `basename` in enterprise mode
Tim Düsterhus [Mon, 21 Mar 2022 10:08:46 +0000 (11:08 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 21 Mar 2022 10:03:59 +0000 (11:03 +0100)]
Merge pull request #4706 from WoltLab/guzzle-psr7-backport
Update guzzlehttp/psr7 to a custom fork
Tim Düsterhus [Sun, 20 Mar 2022 14:22:29 +0000 (15:22 +0100)]
Update guzzlehttp/psr7 to a custom fork
see WoltLab/guzzle-psr7@
ff7be9fcf7da87f971990b1a61d8a7f2b5aeac9b
see WoltLab/guzzle-psr7@
986596de01529f6e837a5cadfef9ec714ace7914
Tim Düsterhus [Fri, 18 Mar 2022 13:59:50 +0000 (14:59 +0100)]
Prevent possible brick when the upgrade to 5.5 fails between unpacking of files and unpacking of acptemplates
Alexander Ebert [Thu, 17 Mar 2022 16:41:10 +0000 (17:41 +0100)]
Release 5.4.15
Alexander Ebert [Thu, 17 Mar 2022 16:36:32 +0000 (17:36 +0100)]
Release 5.3.21
Alexander Ebert [Thu, 17 Mar 2022 16:34:59 +0000 (17:34 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Thu, 17 Mar 2022 16:33:49 +0000 (17:33 +0100)]
Release 5.2.20
Alexander Ebert [Thu, 17 Mar 2022 16:32:53 +0000 (17:32 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Thu, 17 Mar 2022 16:31:13 +0000 (17:31 +0100)]
Release 3.1.28
Alexander Ebert [Thu, 17 Mar 2022 14:43:27 +0000 (15:43 +0100)]
Release 3.1.28
Tim Düsterhus [Thu, 17 Mar 2022 13:31:44 +0000 (14:31 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:28:38 +0000 (14:28 +0100)]
Merge branch '5.2' into 5.3
WoltLab [Thu, 17 Mar 2022 13:27:24 +0000 (13:27 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:25:53 +0000 (14:25 +0100)]
Merge branch '3.1' into 5.2
WoltLab [Thu, 17 Mar 2022 13:23:56 +0000 (13:23 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:22:22 +0000 (14:22 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:21:34 +0000 (14:21 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Thu, 17 Mar 2022 13:20:55 +0000 (14:20 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
(cherry picked from commit
81b770284267db5dc8c8df86e303a20c3ccb8dce)
Tim Düsterhus [Thu, 17 Mar 2022 13:12:25 +0000 (14:12 +0100)]
Merge branch 'cronjobLogList-xss' into 3.1
Tim Düsterhus [Thu, 17 Mar 2022 08:10:12 +0000 (09:10 +0100)]
Fix XSS in the cronjob's error message in cronjobLogList
This can happen if untrusted information, such as the HTTP response body for a
failed Guzzle request, is embedded into the error message.
Thanks to @SoftCreatR for responsibly reporting the issue.
Alexander Ebert [Wed, 16 Mar 2022 19:01:43 +0000 (20:01 +0100)]
Release 5.4.15 dev 3
WoltLab [Wed, 16 Mar 2022 17:31:50 +0000 (17:31 +0000)]
Updating minified JavaScript files
WoltLab [Wed, 16 Mar 2022 17:17:31 +0000 (17:17 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 16 Mar 2022 16:56:10 +0000 (17:56 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
Marcel Werk [Wed, 16 Mar 2022 10:20:11 +0000 (11:20 +0100)]
An array as query string resulted in an error
joshuaruesweg [Wed, 16 Mar 2022 08:28:37 +0000 (09:28 +0100)]
Remove `Template.grammar.jison`
joshuaruesweg [Wed, 16 Mar 2022 08:24:48 +0000 (09:24 +0100)]
Delete old JS dir, before recompile TS
This ensures, that there are no superfluous files commited in the JS dir.
Tim Düsterhus [Wed, 16 Mar 2022 08:02:41 +0000 (09:02 +0100)]
Merge pull request #4702 from WoltLab/5.4-unfurl-charset
Catch `ValueError` while convert encoding
joshuaruesweg [Tue, 15 Mar 2022 18:00:53 +0000 (19:00 +0100)]
Catch `ValueError` while convert encoding
Since PHP 8.0 the function `mb_convert_encoding` throws an `ValueError` if the given charset is unknown. Prior to this, a PHP notice is thrown.
Fixes #4697
Alexander Ebert [Tue, 15 Mar 2022 17:12:54 +0000 (18:12 +0100)]
Release 5.4.15 dev 2
Tim Düsterhus [Tue, 15 Mar 2022 15:31:19 +0000 (16:31 +0100)]
Merge pull request #4701 from WoltLab/mysql-search-plus-min-token
Do not add the `+` prefix to search terms shorter than InnoDB's ft_min_token_size
Tim Düsterhus [Tue, 15 Mar 2022 14:40:39 +0000 (15:40 +0100)]
Do not add the `+` prefix to search terms shorter than InnoDB's ft_min_token_size
see https://www.woltlab.com/community/thread/294842-suchindex-richtig-vorbereiten/
Tim Düsterhus [Tue, 15 Mar 2022 14:39:53 +0000 (15:39 +0100)]
Add MysqlSearchEngine::getMinTokenSize() as a replacement for getFulltextMinimumWordLength()
This new method is private, because it is considered an implementation detail.
Marcel Werk [Mon, 14 Mar 2022 09:30:12 +0000 (10:30 +0100)]
Merge branch '5.3' into 5.4
Marcel Werk [Mon, 14 Mar 2022 09:27:14 +0000 (10:27 +0100)]
Only revert points when revoking a reaction
Tim Düsterhus [Fri, 11 Mar 2022 09:08:41 +0000 (10:08 +0100)]
Use explicit `return null` in DatabaseObjectList::search()
Tim Düsterhus [Thu, 10 Mar 2022 16:30:13 +0000 (17:30 +0100)]
Merge pull request #4699 from WoltLab/ds-store
Rerun the .DS_Store deletion script
Alexander Ebert [Thu, 10 Mar 2022 16:17:59 +0000 (17:17 +0100)]
Disallow default values for BLOB and TEXT columns
Alexander Ebert [Thu, 10 Mar 2022 16:08:07 +0000 (17:08 +0100)]
Gracefully handle integers exceeding 32bit
See https://www.woltlab.com/community/thread/294731-profilfeld-wert-integer/
Tim Düsterhus [Thu, 10 Mar 2022 14:47:57 +0000 (15:47 +0100)]
Rerun the .DS_Store deletion script
Apparently some installations still contain .DS_Store files assigned to
official packages. These might come from 5.3 installations that were
immediately upgraded to 5.4.4 or higher, without going through 5.4.3.
see
2bd8c2dba79878269981aac94c1ad51e94b2308e
Alexander Ebert [Thu, 10 Mar 2022 11:48:11 +0000 (12:48 +0100)]
Release 5.4.15 dev 1
WoltLab [Thu, 10 Mar 2022 10:45:53 +0000 (10:45 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 9 Mar 2022 18:28:07 +0000 (19:28 +0100)]
Set `toFloat()` to `protected` for compatibility
Alexander Ebert [Wed, 9 Mar 2022 18:06:45 +0000 (19:06 +0100)]
Missing conversion of localized search values
Fixes https://www.woltlab.com/community/thread/294505-eingabefeld-profilfeld-dezimalzeichen-problem/
Alexander Ebert [Wed, 9 Mar 2022 18:05:41 +0000 (19:05 +0100)]
Moved the conversion of localized values to floats
Alexander Ebert [Wed, 9 Mar 2022 16:50:23 +0000 (17:50 +0100)]
Show the erroneous tab on submit
Fixes https://www.woltlab.com/community/thread/294204-meldung-bei-nicht-erfolgreichem-box-speichern-wegen-quellcode-modus/
Alexander Ebert [Wed, 9 Mar 2022 16:19:40 +0000 (17:19 +0100)]
Workaround for the selection of the quote tooltip
Fixes https://www.woltlab.com/community/thread/294684-sprung-zum-seitenanfang-beim-markieren-auf-mobilen-ger%C3%A4ten/
Alexander Ebert [Wed, 9 Mar 2022 15:14:14 +0000 (16:14 +0100)]
Improved the UX for page object id suggestions
See https://www.woltlab.com/community/thread/294550-men%C3%BCpunkt-mit-artikelbezug-artikel-id-heraussuchen-klick-%C3%B6ffnet-artikel/
Tim Düsterhus [Wed, 9 Mar 2022 14:23:47 +0000 (15:23 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 14:16:41 +0000 (15:16 +0100)]
Upgrade to `actions/checkout@v3`
Tim Düsterhus [Wed, 9 Mar 2022 14:14:53 +0000 (15:14 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 9 Mar 2022 14:14:35 +0000 (15:14 +0100)]
Upgrade to `actions/checkout@v3`
Tim Düsterhus [Wed, 9 Mar 2022 13:44:09 +0000 (14:44 +0100)]
Update npm dependencies
Tim Düsterhus [Wed, 9 Mar 2022 13:08:53 +0000 (14:08 +0100)]
Add missing space in indentation in LikeAction
Tim Düsterhus [Wed, 9 Mar 2022 12:55:24 +0000 (13:55 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 12:49:18 +0000 (13:49 +0100)]
Validate the `pageNo` in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 12:48:52 +0000 (13:48 +0100)]
Validate that the userID matches a user in UserFollowingAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:48:19 +0000 (13:48 +0100)]
Validate the `pageNo` in UserFollowingAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:47:42 +0000 (13:47 +0100)]
Validate that the userID matches a user in UserFollowAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:47:01 +0000 (13:47 +0100)]
Validate the `pageNo` in UserFollowAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:46:29 +0000 (13:46 +0100)]
Validate the `pageNo` in MediaAction::validateGetSearchResultList()
Tim Düsterhus [Wed, 9 Mar 2022 12:45:45 +0000 (13:45 +0100)]
Validate the `pageNo` in LikeAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:45:05 +0000 (13:45 +0100)]
Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()
projects / GitHub / WoltLab / WCF.git / log