Matthias Schmidt [Tue, 13 Apr 2021 14:01:45 +0000 (16:01 +0200)]
Check if foreign key references unknown database table
Alexander Ebert [Tue, 13 Apr 2021 12:13:03 +0000 (14:13 +0200)]
Merge branch '5.3' of https://github.com/WoltLab/WCF into 5.3
Alexander Ebert [Tue, 13 Apr 2021 12:12:54 +0000 (14:12 +0200)]
Avoid one disk write with every request
Matthias Schmidt [Tue, 13 Apr 2021 12:03:37 +0000 (14:03 +0200)]
Merge branch '5.2' into 5.3
Matthias Schmidt [Tue, 13 Apr 2021 12:02:59 +0000 (14:02 +0200)]
Fix `reloadPageOnSuccess` from different clipboard actions for same object type
If there are multiple clipboard action classes for the same object type, for example in case a plugin adds further clipboard actions, only the `reloadPageOnSuccess` data of the first clipboard action instance is used instead of collecting the data from all relevant clipboard action instances.
See #2584
Alexander Ebert [Tue, 13 Apr 2021 11:27:32 +0000 (13:27 +0200)]
Merge pull request #4116 from WoltLab/html-processing-performance
Improve the performance of the HTMLOutputProcessor
Alexander Ebert [Mon, 12 Apr 2021 20:14:20 +0000 (22:14 +0200)]
Use `XPath::query()` for its superior performance
Alexander Ebert [Mon, 12 Apr 2021 20:01:30 +0000 (22:01 +0200)]
Use `XPath::query()` for its superior performance
Alexander Ebert [Mon, 12 Apr 2021 19:42:29 +0000 (21:42 +0200)]
`XPath::query()` is much more efficient than `getElementByTagName()`
The test document with ~8k elements took ~0.6s using `getElementsByTagName(*)`, but only 0.03s using `query("//*")`
Alexander Ebert [Mon, 12 Apr 2021 17:30:02 +0000 (19:30 +0200)]
Inline calls in `removeNode()` to improve the simplified-html/plain performance
Alexander Ebert [Mon, 12 Apr 2021 17:21:21 +0000 (19:21 +0200)]
Avoid updates to DOMNodeList for childNodes
Alexander Ebert [Mon, 12 Apr 2021 17:20:54 +0000 (19:20 +0200)]
Avoid live updates to DOMNodeList
The DOMNodeList is a live collection that is updated whenever an item is removed. This can have a significant performance impact when removing a large set of nodes.
Marcel Werk [Mon, 12 Apr 2021 15:03:22 +0000 (17:03 +0200)]
Merge branch '5.2' into 5.3
Marcel Werk [Mon, 12 Apr 2021 15:00:29 +0000 (17:00 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Mon, 12 Apr 2021 14:59:49 +0000 (16:59 +0200)]
Updated Google's address in the privacy policy
Alexander Ebert [Mon, 12 Apr 2021 12:59:27 +0000 (14:59 +0200)]
Release 5.3.6
WoltLab [Mon, 12 Apr 2021 12:17:23 +0000 (12:17 +0000)]
Updating minified JavaScript files
Alexander Ebert [Mon, 12 Apr 2021 11:38:18 +0000 (13:38 +0200)]
Merge pull request #4113 from WoltLab/event-all
Add the update of wcf1_event_listener to update_com.woltlab.wcf_5.3.php
Tim Düsterhus [Mon, 12 Apr 2021 10:09:58 +0000 (12:09 +0200)]
Add the update of wcf1_event_listener to update_com.woltlab.wcf_5.3.php
… and restore update_com.woltlab.wcf_5.3.3_db.php for the users that upgraded
from 5.2.x to 5.3.3+.
Alexander Ebert [Mon, 12 Apr 2021 10:07:15 +0000 (12:07 +0200)]
Merge branch '5.2' into 5.3
Alexander Ebert [Mon, 12 Apr 2021 10:05:22 +0000 (12:05 +0200)]
Merge pull request #4112 from WoltLab/user-option-title
Use UserOption::getTitle() where possible
Tim Düsterhus [Mon, 12 Apr 2021 09:57:46 +0000 (11:57 +0200)]
Use UserOption::getTitle() in userOptionList.tpl
This one was missed in the previous commit.
Tim Düsterhus [Mon, 12 Apr 2021 09:53:43 +0000 (11:53 +0200)]
Use UserOption::getTitle() where possible
Not all places could be adjusted for compatibility reasons, as the `Option`
super class does not have the `getTitle()` method and as the prefix is given
explicitly.
Helper methods for the description should also be added.
see #4107
Alexander Ebert [Mon, 12 Apr 2021 09:37:06 +0000 (11:37 +0200)]
Merge branch '5.2' into 5.3
Alexander Ebert [Mon, 12 Apr 2021 09:36:52 +0000 (11:36 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Mon, 12 Apr 2021 09:36:26 +0000 (11:36 +0200)]
Reset the assignment cache on group deletion
Fixes #4045
Alexander Ebert [Mon, 12 Apr 2021 09:13:26 +0000 (11:13 +0200)]
Typo + ES5-incompatible syntax
Alexander Ebert [Sun, 11 Apr 2021 16:24:54 +0000 (18:24 +0200)]
Logical separation of attachments in messages and signatures
Fixes #3835
Alexander Ebert [Sat, 10 Apr 2021 14:02:36 +0000 (16:02 +0200)]
Hide the quote tooltip while dragging the touch selection
Alexander Ebert [Sat, 10 Apr 2021 13:35:47 +0000 (15:35 +0200)]
Improved the behavior of page action buttons on mobile
Alexander Ebert [Sat, 10 Apr 2021 12:35:53 +0000 (14:35 +0200)]
Work-around for the scroll position when inserting quotes on iOS
Alexander Ebert [Fri, 9 Apr 2021 16:48:41 +0000 (18:48 +0200)]
Detection of pasted blob uris in iOS
Alexander Ebert [Fri, 9 Apr 2021 15:34:56 +0000 (17:34 +0200)]
Block the form submit if one or more editors are still in source code mode
Alexander Ebert [Fri, 9 Apr 2021 14:38:22 +0000 (16:38 +0200)]
Detection of repeated mentions with the first mention at index 0
Alexander Ebert [Fri, 9 Apr 2021 14:29:44 +0000 (16:29 +0200)]
Work-around for the HTML entity in notifications for reactions
Alexander Ebert [Fri, 9 Apr 2021 10:14:42 +0000 (12:14 +0200)]
Avoid the use of gradients involving the `transparent` keyboard
Alexander Ebert [Fri, 9 Apr 2021 10:07:10 +0000 (12:07 +0200)]
Use a separate shadow link for embedded content
Avoid conflicts with complex HTML inside the excerpt similar to how articles work.
Alexander Ebert [Fri, 9 Apr 2021 09:14:36 +0000 (11:14 +0200)]
Implement `_dialogSubmit()` for confirmation dialogs
See #3234
Tim Düsterhus [Wed, 7 Apr 2021 10:47:55 +0000 (12:47 +0200)]
Merge pull request #4100 from SoftCreatR/patch-2
Add support for youtube shorts
Marcel Werk [Wed, 7 Apr 2021 09:54:07 +0000 (11:54 +0200)]
Merge branch '5.2' into 5.3
Marcel Werk [Wed, 7 Apr 2021 09:53:54 +0000 (11:53 +0200)]
Lack of filtering of content from ignored users
Tim Düsterhus [Wed, 7 Apr 2021 07:18:44 +0000 (09:18 +0200)]
Merge pull request #4105 from WoltLab/notification-markAllAsRead
Attempt to prevent deadlocks involving marking all notifications as read
Tim Düsterhus [Tue, 6 Apr 2021 14:24:49 +0000 (16:24 +0200)]
Attempt to prevent deadlocks involving marking all notifications as read
The previous implementation, UPDATEing all rows with a specific userID, needed
to create pretty coarse locks on the `userID` INDEX. Specifically it also
created gap locks, preventing concurrent *creation* of INDEX records that would
have been matched.
My current understanding of MySQL's locking behavior is that the `confirmTime`
being part of the INDEX is what caused the issue:
The `userID` INDEX includes the columns userID, eventID, objectID and
confirmTime. Now consider the following:
Thread 1: Marks all notifications for userID = A as read.
Thread 2: Marks objects X, Y and Z for userID A as read.
Thread 1 will lock all existing notifications for userID = A as well as all
insertions into the `userID` INDEX with that specific userID. This includes
marking notifications as read, because this will delete the old index record
and insert a new index record with an updated confirmTime.
Thread 2 will lock the specific notifications for userID = A as well as all
insertions into the `userID` INDEX with that specific userID and objectIDs.
This includes marking notifications as read, because this will delete the old
index record and insert a new index record with an updated confirmTime.
Now consider the following timeline:
T1: Locks the gaps for userID = A.
T2: Locks the gaps for userID = A, objects X, Y, Z.
These locks are allowed to coexist:
> Gap locks in InnoDB are “purely inhibitive”, which means that their only
> purpose is to prevent other transactions from inserting to the gap.
(https://dev.mysql.com/doc/refman/8.0/en/innodb-locking.html)
T1: Wants to UPDATE the confirmTime for userID = A, object X.
-> This is prevented by the gap lock held by T2, thus T1 waits.
T2: Wants to UPDATE the confirmTime for userID = A, object X.
-> This is prevented by the gap lock held by T1, thus T2 waits.
Now we have a deadlock.
As the current query needs to UPDATE a large number of rows it is fairly slow,
holding the locks for a long time and also needing to update the rows
one-by-one. This gives other threads enough opportunity to run in-between,
wreaking havoc.
Fix this issue by first selecting the exact notifications we need to mark as
read using a simple SELECT. This SELECT should not be able to deadlock with
concurrent write statements.
Afterwards we update the notifications based off a condition matching specific
rows within the PRIMARY KEY. As these must match existing rows only, no gap
locks will be needed, thus reducing the chance to block concurrent threads.
Additionally we only need to update a very small number of rows (should be less
than 50 in the vast majority of cases), reducing the time spent in the query,
further closing the window for concurrent requests and possibly making the
process faster due to less rows being updated (and thus needing to be written
to disk).
Tim Düsterhus [Tue, 6 Apr 2021 10:20:40 +0000 (12:20 +0200)]
Merge pull request #4098 from netzhuffle/patch-4
Fix param type for handleException
Marcel Werk [Wed, 31 Mar 2021 09:16:59 +0000 (11:16 +0200)]
Preview images and cover photos were exported twice
Marcel Werk [Tue, 30 Mar 2021 17:54:29 +0000 (19:54 +0200)]
Remove/replace nbsp when copying code to the clipboard
Marcel Werk [Tue, 30 Mar 2021 16:39:32 +0000 (18:39 +0200)]
Cover photo deletion was not saved properly
Marcel Werk [Tue, 30 Mar 2021 13:24:21 +0000 (15:24 +0200)]
Always fetch package information using the default language
Marcel Werk [Tue, 30 Mar 2021 13:08:03 +0000 (15:08 +0200)]
Fixed missing language variables for error messages
Marcel Werk [Tue, 30 Mar 2021 13:04:08 +0000 (15:04 +0200)]
Removed obsolete language variables
Marcel Werk [Mon, 29 Mar 2021 16:24:45 +0000 (18:24 +0200)]
Merge branch '5.2' into 5.3
Marcel Werk [Mon, 29 Mar 2021 16:24:08 +0000 (18:24 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Mon, 29 Mar 2021 16:23:50 +0000 (18:23 +0200)]
Update the user rank after users change their profile
Marcel Werk [Mon, 29 Mar 2021 13:52:14 +0000 (15:52 +0200)]
Removed obsolete Chrome workaround for dialogs with scrollbars
Marcel Werk [Sun, 28 Mar 2021 12:29:18 +0000 (14:29 +0200)]
Removed obsolete whitespaces
Marcel Werk [Sun, 28 Mar 2021 12:13:50 +0000 (14:13 +0200)]
Delete trophy images when deleting tropies
Marcel Werk [Sun, 28 Mar 2021 12:13:14 +0000 (14:13 +0200)]
Fixed wrong parameter type
Marcel Werk [Sun, 28 Mar 2021 11:17:59 +0000 (13:17 +0200)]
Missing margin for trophies with images
Marcel Werk [Sun, 28 Mar 2021 11:02:52 +0000 (13:02 +0200)]
Hide comment counter when comments are disabled
Marcel Werk [Sun, 28 Mar 2021 10:48:19 +0000 (12:48 +0200)]
Made sure ids in toc are unique
Marcel Werk [Sun, 28 Mar 2021 09:51:29 +0000 (11:51 +0200)]
Merge branch '5.2' into 5.3
Sascha Greuel [Sun, 28 Mar 2021 09:43:58 +0000 (11:43 +0200)]
Added support for youtube shorts
Marcel Werk [Sun, 28 Mar 2021 09:38:13 +0000 (11:38 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Sun, 28 Mar 2021 09:37:09 +0000 (11:37 +0200)]
Strip rtl override char
Alexander Ebert [Fri, 26 Mar 2021 11:36:18 +0000 (12:36 +0100)]
Permit the use of `array_diff` in templates
If only developers would stop moving business logic into templates…
Jannis Grimm [Tue, 23 Mar 2021 19:32:39 +0000 (20:32 +0100)]
Fix param type for handleException
WCF::handleException incorrectly stated it would receive only \Exception, while it is registered to receive any \Throwable.
joshuaruesweg [Sat, 20 Mar 2021 15:38:02 +0000 (16:38 +0100)]
Throw `UserInputException` insteadof `InvalidArgumentException` for invalid captchas
Currently, bots are deliberately manipulating the field to provoke an exception. This is prevented with this fix.
Tim Düsterhus [Wed, 17 Mar 2021 15:17:10 +0000 (16:17 +0100)]
Merge pull request #4092 from WoltLab/woltlab-source-isactive
Use WoltLabSource.isActive() to check whether the source view is enabled
Tim Düsterhus [Wed, 17 Mar 2021 14:58:36 +0000 (15:58 +0100)]
Use WoltLabSource.isActive() to check whether the source view is enabled
Apparently the previous version, checking the height of the textarea, is broken
in the Kiwi Browser for Android even though it pretends to be a standard Chrome
88 without indicating anywhere within the User-Agent that it is not.
Luckily the fix is easy enough and technically the more correct solution even
for non-broken browsers.
I verified the correct functionality using Kiwi on Android and Firefox on
Linux.
Tim Düsterhus [Mon, 15 Mar 2021 11:34:08 +0000 (12:34 +0100)]
Refuse to proxy non-standard ports in ImageProxy
Tim Düsterhus [Mon, 15 Mar 2021 11:16:06 +0000 (12:16 +0100)]
Add whitespace before condition in UserSearchForm
Currently a query like the following is generated:
SELECT user_table.userID
FROM wcf1_user user_table
LEFT JOIN wcf1_user_option_value option_value
ON (option_value.userID = user_table.userID)WHERE option_value.userOption4 = ?
This works due to the parentheses around the `ON` part of the `JOIN`, but it
certainly is not pretty and it will cause issues if the parentheses are removed
(as it happened for WoltLab Suite 5.4).
Insert a newline between the base query and the condition to fix the issue.
Resolves #4078
Co-Authored-By: mutec <mysterycode@mysterycode.de>
Tim Düsterhus [Fri, 12 Mar 2021 09:58:20 +0000 (10:58 +0100)]
Ensure that the 'wcf' application is untainted
This fixes up commit
fc2b721517646af2e4d901d95eeba802c1eb6a7d.
see #4057
joshuaruesweg [Wed, 10 Mar 2021 21:06:29 +0000 (22:06 +0100)]
Fix user awaiting approval link
Matthias Schmidt [Tue, 9 Mar 2021 15:22:53 +0000 (16:22 +0100)]
Merge branch '5.2' into 5.3
Matthias Schmidt [Tue, 9 Mar 2021 15:21:04 +0000 (16:21 +0100)]
Fix reading ACL values in non-Ajax form builder forms (#4060)
The wrong data source was used in `AclFormField` (the whole `$_POST` array instead of the dedicated entry) and the data was always stored in `aclValues` instead of a dedicated entry per form field.
Matthias Schmidt [Tue, 9 Mar 2021 15:15:45 +0000 (16:15 +0100)]
Fix Ajax user form fields with pre-set values
`values[i].objectId` is only set for users added manually via the UI. For pre-existing usernames, only `values[i].value` exists.
Tim Düsterhus [Tue, 9 Mar 2021 12:47:53 +0000 (13:47 +0100)]
Merge pull request #4057 from WoltLab/app-install-taint
Taint apps until a directory is selected
Tim Düsterhus [Tue, 9 Mar 2021 09:50:33 +0000 (10:50 +0100)]
Skip tainted applications during evaluation check on IndexPage
Tim Düsterhus [Tue, 9 Mar 2021 09:41:33 +0000 (10:41 +0100)]
Taint installed apps until the directory is selected
The row in wcf1_application is created very early in the installation process,
even before the application directory is selected. This causes it to contain
bogus data. Now when pressing F5 during the folder section for whatever reason
the application technically is installed, but it's not usable due to the
missing XXXCore class. When the cache is being cleared this will brick the
whole community.
Taint apps until a proper application directory is selected. This reduces the
time window for human error, because it's likely that the `file` PIP runs very
soon after.
Alexander Ebert [Wed, 3 Mar 2021 10:43:55 +0000 (11:43 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Wed, 3 Mar 2021 10:27:35 +0000 (11:27 +0100)]
Release 5.2.13
Alexander Ebert [Wed, 3 Mar 2021 09:42:41 +0000 (10:42 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 3 Mar 2021 09:18:54 +0000 (10:18 +0100)]
Release 3.1.21
Alexander Ebert [Wed, 3 Mar 2021 09:14:28 +0000 (10:14 +0100)]
Merge branch '3.0' into 3.1
Tim Düsterhus [Tue, 2 Mar 2021 08:38:51 +0000 (09:38 +0100)]
Add missing permission check to ModerationQueueAction::validateAssignUser()
This only affected registered users. Guests never could trigger this action,
because it is not listed in `$allowGuestAccess`.
WoltLab [Tue, 2 Mar 2021 17:47:17 +0000 (17:47 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 2 Mar 2021 16:35:56 +0000 (17:35 +0100)]
Release 5.3.5
Tim Düsterhus [Mon, 1 Mar 2021 16:08:18 +0000 (17:08 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Mon, 1 Mar 2021 16:08:05 +0000 (17:08 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Mon, 1 Mar 2021 16:07:24 +0000 (17:07 +0100)]
Merge branch '3.0' into 3.1
Tim Düsterhus [Mon, 1 Mar 2021 16:01:25 +0000 (17:01 +0100)]
Release 3.0.27
Tim Düsterhus [Mon, 1 Mar 2021 15:59:43 +0000 (16:59 +0100)]
Tim Düsterhus [Mon, 1 Mar 2021 15:55:23 +0000 (16:55 +0100)]
Add upgrade instructions for 2.1.24 pl 3
Marcel Werk [Mon, 1 Mar 2021 15:29:38 +0000 (16:29 +0100)]
Merge pull request #4044 from WoltLab/commentResponse-avatar
Fix avatar size in commentResponseList.tpl
Tim Düsterhus [Mon, 1 Mar 2021 14:49:00 +0000 (15:49 +0100)]
Fix avatar size in commentResponseList.tpl
see
72c85f64e77a014ebb4a0358424578ce62f5f893
Resolves #4042
Tim Düsterhus [Fri, 26 Feb 2021 11:01:57 +0000 (12:01 +0100)]
Disable attachment scaling for GIFs
Resolves #4030
Alexander Ebert [Wed, 24 Feb 2021 15:56:30 +0000 (16:56 +0100)]
Reset the internal state of the embedded object manager to its previous state (#4021)
* Reset the internal state of the embedded object manager to its previous state
See #4018
* Isolate the active message for each call
* Typo
* Redundant call to a semi internal API
* Explicit global scope for `array_pop`
Tim Düsterhus [Tue, 23 Feb 2021 14:12:19 +0000 (15:12 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Tue, 23 Feb 2021 14:11:55 +0000 (15:11 +0100)]
Properly handle empty logfiles in ExceptionLogUtil::splitLog()
Tim Düsterhus [Tue, 23 Feb 2021 14:10:22 +0000 (15:10 +0100)]
Properly handle corrupted or huge log files in exception mailer