Alexander Ebert [Mon, 10 Aug 2020 12:42:17 +0000 (14:42 +0200)]
Merge pull request #3449 from WoltLab/password-security
Better password security estimation
Alexander Ebert [Mon, 10 Aug 2020 12:35:10 +0000 (14:35 +0200)]
Adjusted the bar sizes for the visual password strength
Old: 20/40/60/80/100
New: 5/20/50/85/100
Alexander Ebert [Mon, 10 Aug 2020 11:41:25 +0000 (13:41 +0200)]
Merge pull request #3496 from WoltLab/comment-object-author-cleanup
Add AbstractCommentManager::getObjectID() to DRY up isContentAuthor
Tim Düsterhus [Mon, 10 Aug 2020 10:01:43 +0000 (12:01 +0200)]
Prevent guests from being a comment’s content author
Tim Düsterhus [Mon, 10 Aug 2020 09:32:01 +0000 (11:32 +0200)]
Add AbstractCommentManager::getObjectID() to DRY up isContentAuthor
Tim Düsterhus [Mon, 10 Aug 2020 07:48:49 +0000 (09:48 +0200)]
Merge branch 'master' into password-security
Marcel Werk [Sun, 9 Aug 2020 12:02:34 +0000 (14:02 +0200)]
Skip the menu indicator on mobile if only sub level items have counters
Closes #3164
Alexander Ebert [Fri, 7 Aug 2020 23:21:12 +0000 (01:21 +0200)]
Typo
Marcel Werk [Fri, 7 Aug 2020 20:53:30 +0000 (22:53 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Fri, 7 Aug 2020 20:53:27 +0000 (22:53 +0200)]
Allow targeting of checkboxes in enableoptions
Closes #3277
Alexander Ebert [Fri, 7 Aug 2020 17:43:33 +0000 (19:43 +0200)]
Merge pull request #3493 from WoltLab/comment-object-author
Add contentAuthor badge to comments
Alexander Ebert [Fri, 7 Aug 2020 17:35:11 +0000 (19:35 +0200)]
Merge pull request #3482 from WoltLab/style-image-upload
Add upload for custom style assets
Alexander Ebert [Fri, 7 Aug 2020 16:35:12 +0000 (18:35 +0200)]
Improved the UI/UX for the password strength estimations
Joshua Rüsweg [Fri, 7 Aug 2020 14:04:58 +0000 (16:04 +0200)]
Use a more defined description
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
joshuaruesweg [Fri, 7 Aug 2020 13:45:11 +0000 (15:45 +0200)]
Merge branch '5.2'
joshuaruesweg [Fri, 7 Aug 2020 13:43:27 +0000 (15:43 +0200)]
Remove superfluous `array_unique` call
No double value can occur in the array. When deleting, we already check if the object still exists in our file array and delete it only if it really still exists.
Tim Düsterhus [Fri, 7 Aug 2020 11:55:49 +0000 (13:55 +0200)]
Implement isContentAuthor for article comments
Tim Düsterhus [Fri, 7 Aug 2020 11:55:20 +0000 (13:55 +0200)]
Implement isContentAuthor for user profile comments
Tim Düsterhus [Fri, 7 Aug 2020 11:54:54 +0000 (13:54 +0200)]
Add contentAuthor badge to comments
Resolves #3386
Tim Düsterhus [Fri, 7 Aug 2020 11:54:35 +0000 (13:54 +0200)]
Add ICommentManager::isContentAuthor()
Marcel Werk [Fri, 7 Aug 2020 10:43:47 +0000 (12:43 +0200)]
Merge pull request #3488 from WoltLab/external-link-handling
External link handling
Marcel Werk [Fri, 7 Aug 2020 10:11:10 +0000 (12:11 +0200)]
Applied suggestions
Tim Düsterhus [Fri, 7 Aug 2020 09:56:58 +0000 (11:56 +0200)]
Fix return value of sort callback in TemplateListPage
Found using PHP 8's new warning:
> Message: uasort(): Returning bool from comparison function is deprecated,
> return an integer less than, equal to, or greater than zero
Tim Düsterhus [Fri, 7 Aug 2020 09:42:09 +0000 (11:42 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Fri, 7 Aug 2020 09:31:45 +0000 (11:31 +0200)]
Fix PHP 8 compatibility for WCFSetup's error handler
see
0267fa9af7e18aa6449726f748e672cdac192d12
Marcel Werk [Fri, 7 Aug 2020 08:28:47 +0000 (10:28 +0200)]
Applied suggestions
Marcel Werk [Fri, 7 Aug 2020 08:18:00 +0000 (10:18 +0200)]
Merge pull request #3487 from WoltLab/improved-package-search-results
Improve results when searching for packages
Alexander Ebert [Thu, 6 Aug 2020 22:14:51 +0000 (00:14 +0200)]
Merge pull request #3477 from WoltLab/style-cleanup-update
Add update script for style cleanup
Marcel Werk [Thu, 6 Aug 2020 21:24:22 +0000 (23:24 +0200)]
Added rel attribute for external links in menus
Marcel Werk [Thu, 6 Aug 2020 21:19:27 +0000 (23:19 +0200)]
Add rel="ugc" for links within user generated content
Marcel Werk [Thu, 6 Aug 2020 20:45:09 +0000 (22:45 +0200)]
isInternalURL() treats everything as internal that resides on the same subdomain
Marcel Werk [Thu, 6 Aug 2020 20:37:05 +0000 (22:37 +0200)]
Removed EXTERNAL_LINK_REL_NOFOLLOW
Marcel Werk [Thu, 6 Aug 2020 20:36:49 +0000 (22:36 +0200)]
New method to generate attributes for <a> tags
Marcel Werk [Thu, 6 Aug 2020 20:35:54 +0000 (22:35 +0200)]
Use of StringUtil::getAnchorTag()
Marcel Werk [Thu, 6 Aug 2020 19:51:51 +0000 (21:51 +0200)]
use StringUtil::getAnchorTag()
Alexander Ebert [Thu, 6 Aug 2020 17:24:52 +0000 (19:24 +0200)]
Merge pull request #3486 from Krymonota/use-generic-default-cookie-prefix
Use generic value for default cookie prefix
Marcel Werk [Thu, 6 Aug 2020 15:47:47 +0000 (17:47 +0200)]
Fixed image path issue
Marcel Werk [Thu, 6 Aug 2020 15:42:47 +0000 (17:42 +0200)]
Improve results when searching for packages
Closes #3407
Niklas (Krymonota) [Thu, 6 Aug 2020 15:23:31 +0000 (17:23 +0200)]
Use generic value for default cookie prefix
... so that it doesn't have to be adjusted for new versions.
Marcel Werk [Thu, 6 Aug 2020 14:26:20 +0000 (16:26 +0200)]
Merge branch '5.2'
Marcel Werk [Thu, 6 Aug 2020 14:25:45 +0000 (16:25 +0200)]
Added missing informal variant
Tim Düsterhus [Thu, 6 Aug 2020 12:59:46 +0000 (14:59 +0200)]
Merge pull request #3484 from WoltLab/wcfsetup-cookietest
Detect misconfigured hostnames during WCFSetup
Tim Düsterhus [Thu, 6 Aug 2020 12:38:02 +0000 (14:38 +0200)]
Detect misconfigured hostnames during WCFSetup
Misconfigured reverse reverse proxies might rewrite the `host` header to the
upstream's hostname, instead of preserving the `host` as it was sent by the
web browser. Such a misconfiguration will cause WoltLab Suite to generate
incorrect absolute URLs and more importantly this also causes it to specify
an incorrect `domain` within cookies. The latter leads to the browser ignoring
the cookie. At the end of WCFSetup this ultimately leads to the ACP session
cookie being ignored, which in turn leads to failing the transition from
WCFSetup into the package installation. Instead the user will be bounced to
the LoginForm which fails to load, because the necessary option.xml was not
yet installed.
An example HAProxy configuration that reproduces the issue is as follows:
listen test
mode http
bind *:80
http-request set-header host 172.19.0.5
server nginx 172.19.0.5:80
If the WCFSetup is accepted via any hostname that is not `172.19.0.5`, e.g.
by using `localhost` then cookies will fail to stick within the web browser.
This commit extends the system requirements step to:
- Compare the HTTP_HOST as seen by the web server against both:
1) The `Referer` header.
2) The `window.location.host` value in JavaScript.
If any of those mismatches, then the web server is not correctly configured.
- Read a cookie that was set earlier.
If this cookie is missing, then most likely the `domain` property was
incorrectly specified.
This commit most likely resolves #3024.
Alexander Ebert [Wed, 5 Aug 2020 22:41:55 +0000 (00:41 +0200)]
Merge branch 'master' into password-security
Tim Düsterhus [Wed, 5 Aug 2020 14:22:35 +0000 (16:22 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 14:21:45 +0000 (16:21 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 14:17:16 +0000 (16:17 +0200)]
Fix PHP 5.5 compatibility
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Matthias Schmidt [Wed, 5 Aug 2020 13:51:11 +0000 (15:51 +0200)]
Merge branch '5.2'
Matthias Schmidt [Wed, 5 Aug 2020 13:48:58 +0000 (15:48 +0200)]
Fix handling of hidden form field values via AJAX
See #3053
Tim Düsterhus [Wed, 5 Aug 2020 13:34:58 +0000 (15:34 +0200)]
Add upload for custom style assets
Resolves #3364
Tim Düsterhus [Wed, 5 Aug 2020 11:54:50 +0000 (13:54 +0200)]
Fix UploadField::supportMultipleFiles() for unlimited maxFiles
Tim Düsterhus [Wed, 5 Aug 2020 11:37:45 +0000 (13:37 +0200)]
Do not hardcode the style's asset path in the update script
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Alexander Ebert [Wed, 5 Aug 2020 10:57:55 +0000 (12:57 +0200)]
Merge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:57:22 +0000 (12:57 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 5 Aug 2020 10:56:18 +0000 (12:56 +0200)]
Merge pull request #3462 from SoftCreatR/patch-14
Add detection for Chromium based Edge browser
Alexander Ebert [Wed, 5 Aug 2020 10:54:21 +0000 (12:54 +0200)]
Merge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:51:35 +0000 (12:51 +0200)]
Merge pull request #3471 from WoltLab/disable-spider-visit-tracking
Disable visit tracking for search engines
Tim Düsterhus [Wed, 5 Aug 2020 10:07:01 +0000 (12:07 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 10:06:26 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 10:05:08 +0000 (12:05 +0200)]
Do not decrement wcf1_user.articles when deleting unpublished articles
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Tim Düsterhus [Wed, 5 Aug 2020 10:00:31 +0000 (12:00 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 09:59:38 +0000 (11:59 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 09:58:13 +0000 (11:58 +0200)]
Update wcf1_user.articles when deleting articles
Fixes #3480
Marcel Werk [Wed, 5 Aug 2020 09:23:54 +0000 (11:23 +0200)]
Merge pull request #3479 from WoltLab/jump-to-content
Rename "Mark as Read" button to "Jump To Content" in notification mails
Marcel Werk [Wed, 5 Aug 2020 09:16:51 +0000 (11:16 +0200)]
Improved german phrasing
Tim Düsterhus [Wed, 5 Aug 2020 09:10:09 +0000 (11:10 +0200)]
Rename "Mark as Read" button to "Jump To Content" in notification mails
Resolves #3257
Tim Düsterhus [Wed, 5 Aug 2020 07:33:33 +0000 (09:33 +0200)]
Merge pull request #3475 from WoltLab/image-scale-memory
Add checkMemoryLimit() method to ImageAdapter
Alexander Ebert [Tue, 4 Aug 2020 18:55:20 +0000 (20:55 +0200)]
Prevent the incorrect focus of the close button for confirmation dialogs
Tim Düsterhus [Tue, 4 Aug 2020 14:57:48 +0000 (16:57 +0200)]
Duplicate logo on import of pageLogo = pageLogoMobile
Fixes #3478
Tim Düsterhus [Tue, 4 Aug 2020 13:07:31 +0000 (15:07 +0200)]
Add update script for style cleanup
Resolves #3468
Tim Düsterhus [Tue, 4 Aug 2020 11:43:02 +0000 (13:43 +0200)]
Merge pull request #3456 from WoltLab/style-cleanup
Clean up asset handling of styles
Tim Düsterhus [Tue, 4 Aug 2020 08:29:28 +0000 (10:29 +0200)]
Make use of ImageAdapter::checkMemoryLimit()
Tim Düsterhus [Tue, 4 Aug 2020 08:26:34 +0000 (10:26 +0200)]
Add ImageAdapter::checkMemoryLimit()
Resolves #3229
Sascha Greuel [Sun, 26 Jul 2020 15:19:00 +0000 (17:19 +0200)]
Added detection for Chromium based Edge browser
joshuaruesweg [Mon, 3 Aug 2020 16:27:49 +0000 (18:27 +0200)]
Merge branch '5.2'
joshuaruesweg [Mon, 3 Aug 2020 16:23:12 +0000 (18:23 +0200)]
Add note, that the page.xml PIP instruction is needed with the next update
See #3474
joshuaruesweg [Mon, 3 Aug 2020 16:14:59 +0000 (18:14 +0200)]
Merge branch '3.1'
joshuaruesweg [Mon, 3 Aug 2020 16:12:07 +0000 (18:12 +0200)]
Fix updating `requireObjectID` for existing pages
Olaf Braun [Mon, 3 Aug 2020 11:34:00 +0000 (13:34 +0200)]
Add all environment to event listener (#3145)
Alexander Ebert [Mon, 3 Aug 2020 10:52:19 +0000 (12:52 +0200)]
Merge pull request #3472 from WoltLab/user-rank-live-preview
User rank live preview
Tim Düsterhus [Mon, 3 Aug 2020 10:35:57 +0000 (12:35 +0200)]
Add cache buster for pageLogo
Tim Düsterhus [Mon, 3 Aug 2020 10:33:58 +0000 (12:33 +0200)]
Remove old pageLogo(|Mobile) file when logo is deleted or updated
Tim Düsterhus [Mon, 3 Aug 2020 09:43:35 +0000 (11:43 +0200)]
Merge branch 'master' into style-cleanup
Alexander Ebert [Sat, 1 Aug 2020 17:36:02 +0000 (19:36 +0200)]
Missing semicolons
Alexander Ebert [Sat, 1 Aug 2020 17:33:53 +0000 (19:33 +0200)]
Support for custom block level tag names
Closes #3270
Alexander Ebert [Sat, 1 Aug 2020 17:28:55 +0000 (19:28 +0200)]
Prevent auto-focus on search suggestions
Closes #3263
Alexander Ebert [Sat, 1 Aug 2020 15:23:13 +0000 (17:23 +0200)]
Merge branch '5.2'
Alexander Ebert [Sat, 1 Aug 2020 15:22:54 +0000 (17:22 +0200)]
The `data-user-id` is already set by the ReactionHandler
Fixes #3463
Alexander Ebert [Sat, 1 Aug 2020 15:04:56 +0000 (17:04 +0200)]
Live preview for user ranks
Alexander Ebert [Sat, 1 Aug 2020 15:00:38 +0000 (17:00 +0200)]
Modernize the JavaScript for the live preview for labels
Inlining the JavaScript made it much easier plus prevents increasing the bundle size.
Marcel Werk [Fri, 31 Jul 2020 15:29:09 +0000 (17:29 +0200)]
Improved detection of duplicate key errors
Alexander Ebert [Fri, 31 Jul 2020 15:10:25 +0000 (17:10 +0200)]
Prevent writes to the session rather than reads
Alexander Ebert [Fri, 31 Jul 2020 11:40:37 +0000 (13:40 +0200)]
Merge branch '5.2'
Alexander Ebert [Fri, 31 Jul 2020 11:40:14 +0000 (13:40 +0200)]
Disable visit tracking for search engines
Tim Düsterhus [Fri, 31 Jul 2020 10:14:13 +0000 (12:14 +0200)]
Localize zxcvbn feedback
Tim Düsterhus [Fri, 31 Jul 2020 09:10:29 +0000 (11:10 +0200)]
Tim Düsterhus [Fri, 31 Jul 2020 09:11:22 +0000 (11:11 +0200)]
Merge pull request #3470 from WoltLab/db-expose-driver-specific-code
Allow retrieving the driver specific error code from DatabaseQueryExe…
Tim Düsterhus [Fri, 31 Jul 2020 08:50:32 +0000 (10:50 +0200)]
Allow retrieving the driver specific error code from DatabaseQueryExecutionException
A single ANSI SQLSTATE can indicate several distinct error conditions. The
driver code appears to be unique for MySQL.
Marcel Werk [Thu, 30 Jul 2020 16:07:09 +0000 (18:07 +0200)]
Typo
Marcel Werk [Thu, 30 Jul 2020 16:06:52 +0000 (18:06 +0200)]
Typo
projects / GitHub / WoltLab / WCF.git / log