GitHub/WoltLab/WCF.git
2 years agoMerge branch '5.5'
Tim Düsterhus [Tue, 5 Jul 2022 11:42:52 +0000 (13:42 +0200)]
Merge branch '5.5'

2 years agoMerge branch '5.4' into 5.5
Tim Düsterhus [Tue, 5 Jul 2022 11:28:08 +0000 (13:28 +0200)]
Merge branch '5.4' into 5.5

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 5 Jul 2022 11:27:48 +0000 (13:27 +0200)]
Merge branch '5.3' into 5.4

2 years agoMerge pull request #4896 from WoltLab/abstract-category-edit-check-type
Tim Düsterhus [Tue, 5 Jul 2022 11:25:39 +0000 (13:25 +0200)]
Merge pull request #4896 from WoltLab/abstract-category-edit-check-type

Verify that the category's objectType matches the form's objectType in AbstractCategoryEditForm

2 years agoMerge pull request #4895 from WoltLab/abstract-ajax-action
Tim Düsterhus [Tue, 5 Jul 2022 11:25:22 +0000 (13:25 +0200)]
Merge pull request #4895 from WoltLab/abstract-ajax-action

Make AbstractAjaxAction actually abstract

2 years agoMerge pull request #4894 from WoltLab/abstract-category-edit
Tim Düsterhus [Tue, 5 Jul 2022 11:25:14 +0000 (13:25 +0200)]
Merge pull request #4894 from WoltLab/abstract-category-edit

Make AbstractCategoryEditForm actually abstract

2 years agoMerge pull request #4893 from WoltLab/tabmenu-select-invalid-container
Tim Düsterhus [Tue, 5 Jul 2022 11:25:01 +0000 (13:25 +0200)]
Merge pull request #4893 from WoltLab/tabmenu-select-invalid-container

Select the first erroneous tab in a form if multiple are erroneous

2 years agoMake AbstractAjaxAction actually abstract
Tim Düsterhus [Tue, 5 Jul 2022 09:05:42 +0000 (11:05 +0200)]
Make AbstractAjaxAction actually abstract

Without a controller that inherits from it, the AbstractAjaxAction will do
absolutely nothing useful:

- It fires events that cannot usefully be handled in a generic way.
- It sends an empty HTML response (i.e. a white page).

2 years agoImprove type of exception for invalid object types in AbstractCategoryAddForm
Tim Düsterhus [Tue, 5 Jul 2022 09:02:19 +0000 (11:02 +0200)]
Improve type of exception for invalid object types in AbstractCategoryAddForm

This technically is a BC break, but this exception must not be caught anyway as
it indicates a clear programming error.

2 years agoMake AbstractCategoryEditForm actually abstract
Tim Düsterhus [Mon, 27 Jun 2022 14:03:31 +0000 (16:03 +0200)]
Make AbstractCategoryEditForm actually abstract

This form is not functional, unless an objectType is defined in a child class.

2 years agoHandle invalid `<textarea>` elements when submitting a form within a TabMenu
Tim Düsterhus [Tue, 5 Jul 2022 08:37:50 +0000 (10:37 +0200)]
Handle invalid `<textarea>` elements when submitting a form within a TabMenu

2 years agoSelect the first erroneous tab in a form if multiple are erroneous
Tim Düsterhus [Tue, 5 Jul 2022 07:51:24 +0000 (09:51 +0200)]
Select the first erroneous tab in a form if multiple are erroneous

This was incorrectly migrated to TypeScript. Before TypeScript this used a
regular `for` loop counting indices, allowing the `return;` to correctly leave
the loop.

see https://www.woltlab.com/community/thread/296198-formbuilder-tabmenuformcontainer-required-js-fehler/

2 years agoAdd `DOM.Iterable` to tsconfig.json's `lib` list
Tim Düsterhus [Tue, 5 Jul 2022 07:48:39 +0000 (09:48 +0200)]
Add `DOM.Iterable` to tsconfig.json's `lib` list

This makes `NodeList`, `FormData` et al iterable. This is part of ES 2015 and
thus can be used.

2 years agoMerge pull request #4892 from WoltLab/remove-fetch-template-plugin
Tim Düsterhus [Mon, 4 Jul 2022 15:33:24 +0000 (17:33 +0200)]
Merge pull request #4892 from WoltLab/remove-fetch-template-plugin

Remove the FetchCompilerTemplatePlugin

2 years agoRemove the FetchCompilerTemplatePlugin
Tim Düsterhus [Mon, 4 Jul 2022 15:23:22 +0000 (17:23 +0200)]
Remove the FetchCompilerTemplatePlugin

See 2a5ce139d53d3ec7232013d4492d6e322b262cfb (which deprecated `{fetch}`) and
bfddcab778b25ece1136eaff4b688812495b96d5 which always enabled the allow list of
template modifiers, preventing `file_get_contents` even outside of enterprise
mode.

2 years agoUpdate fileDelete.xml
Tim Düsterhus [Mon, 4 Jul 2022 15:21:57 +0000 (17:21 +0200)]
Update fileDelete.xml

2 years agoMerge branch '5.5'
Tim Düsterhus [Mon, 4 Jul 2022 15:06:57 +0000 (17:06 +0200)]
Merge branch '5.5'

2 years agoMerge remote-tracking branch 'origin/5.5' into 5.5
Tim Düsterhus [Mon, 4 Jul 2022 15:06:02 +0000 (17:06 +0200)]
Merge remote-tracking branch 'origin/5.5' into 5.5

2 years agoMerge branch '5.4' into 5.5
Tim Düsterhus [Mon, 4 Jul 2022 15:05:48 +0000 (17:05 +0200)]
Merge branch '5.4' into 5.5

2 years agoMerge pull request #4891 from WoltLab/fetch-template-plugin
Tim Düsterhus [Mon, 4 Jul 2022 15:05:13 +0000 (17:05 +0200)]
Merge pull request #4891 from WoltLab/fetch-template-plugin

Deprecate the `{fetch}` template plugin

2 years agoDeprecate the `{fetch}` template plugin
Tim Düsterhus [Mon, 4 Jul 2022 14:27:39 +0000 (16:27 +0200)]
Deprecate the `{fetch}` template plugin

2 years agoAdd support for hover color in the user menu
Alexander Ebert [Mon, 4 Jul 2022 14:45:04 +0000 (16:45 +0200)]
Add support for hover color in the user menu

See https://www.woltlab.com/community/thread/296209-wcfusermenulinkactive-fehlt/

2 years agoMerge branch '5.4' into 5.5
Tim Düsterhus [Mon, 4 Jul 2022 14:11:58 +0000 (16:11 +0200)]
Merge branch '5.4' into 5.5

2 years agoMerge pull request #4890 from WoltLab/upgrade-override-always-disable
Tim Düsterhus [Mon, 4 Jul 2022 14:10:48 +0000 (16:10 +0200)]
Merge pull request #4890 from WoltLab/upgrade-override-always-disable

Always allow disabling the upgrade override if enabled

2 years agoVerify that the category's objectType matches the form's objectType in AbstractCatego...
Tim Düsterhus [Mon, 4 Jul 2022 14:08:34 +0000 (16:08 +0200)]
Verify that the category's objectType matches the form's objectType in AbstractCategoryEditForm

2 years agoKeep the unread indicator of user menu tabs in sync
Alexander Ebert [Mon, 4 Jul 2022 13:18:13 +0000 (15:18 +0200)]
Keep the unread indicator of user menu tabs in sync

See https://www.woltlab.com/community/thread/295243-pro-und-kontra-neues-kontrollzentrum/?postID=1897875#post1897875

2 years agoAlways show the unread indicator of user menu tabs
Alexander Ebert [Mon, 4 Jul 2022 13:17:43 +0000 (15:17 +0200)]
Always show the unread indicator of user menu tabs

2 years agoAlways allow disabling the upgrade override if enabled
Tim Düsterhus [Mon, 4 Jul 2022 12:39:49 +0000 (14:39 +0200)]
Always allow disabling the upgrade override if enabled

Previously the following might happen:

- A community is running 5.3.
- They enable the upgrade override and upgrade to 5.4.
- They are offered the upgrade to 5.5, but don't want to do that, yet.
- They access the PackageEnableUpgradeOverrideForm to disable the upgrade.
- It complains that the search index was not yet migrated to InnoDB, preventing
  the disabling of the upgrade.

2 years agoApply the special box styling to the title
Alexander Ebert [Mon, 4 Jul 2022 11:50:56 +0000 (13:50 +0200)]
Apply the special box styling to the title

See https://www.woltlab.com/community/thread/296149-styling-infoboxen/

2 years agoPreselect the hex input of the color picker
Alexander Ebert [Mon, 4 Jul 2022 11:45:01 +0000 (13:45 +0200)]
Preselect the hex input of the color picker

See https://www.woltlab.com/community/thread/296153-farbw%C3%A4hler-ohne-fokus/

2 years agoRebuild compiled JavaScript
Tim Düsterhus [Mon, 4 Jul 2022 11:22:41 +0000 (13:22 +0200)]
Rebuild compiled JavaScript

see 4bdd501368e5836f54872689ec710734e8fbab0d

2 years agoFix the inconsistent return value of notifications
Alexander Ebert [Mon, 4 Jul 2022 11:19:01 +0000 (13:19 +0200)]
Fix the inconsistent return value of notifications

The API returned a different data structure when there are no notifications to show compared to when there are items. This causes the JS-API to break, because it always expects the later data structure.

This is a regression of ec1a4a80d3a8f89105d6012ec857a7115f41c97e

See https://www.woltlab.com/community/thread/296174-benachrichtigungen-werden-nicht-mehr-angezeigt/

2 years agoFix the unconditional access to an optional element
Alexander Ebert [Mon, 4 Jul 2022 11:04:37 +0000 (13:04 +0200)]
Fix the unconditional access to an optional element

See https://www.woltlab.com/community/thread/296182-js-fehler-beim-scrollen-in-mobiler-ansicht/

2 years agoMerge branch '5.5'
Tim Düsterhus [Mon, 4 Jul 2022 10:33:31 +0000 (12:33 +0200)]
Merge branch '5.5'

2 years agoAdd a unique CSS class to the article page section
Alexander Ebert [Mon, 4 Jul 2022 10:07:51 +0000 (12:07 +0200)]
Add a unique CSS class to the article page section

See #4887

2 years agoMerge pull request #4889 from WoltLab/5.5-fix-delete-button-unknown-images
Alexander Ebert [Mon, 4 Jul 2022 10:05:52 +0000 (12:05 +0200)]
Merge pull request #4889 from WoltLab/5.5-fix-delete-button-unknown-images

Fix delete button appears on failed uploads

2 years agoMerge tag '5.5.0_RC_3' into 5.5
Alexander Ebert [Mon, 4 Jul 2022 08:13:34 +0000 (10:13 +0200)]
Merge tag '5.5.0_RC_3' into 5.5

2 years agoFix shrinking of content navigation buttons in desktop version
Marcel Werk [Sun, 3 Jul 2022 13:26:28 +0000 (15:26 +0200)]
Fix shrinking of content navigation buttons in desktop version

https://github.com/WoltLab/WCF/commit/a3e4ab16d9a566149de88e2d4b649accc768f012 caused the text on the buttons to be severely shortened when the content title became too long.

2 years agoFix delete button appears on failed uploads
joshuaruesweg [Sat, 2 Jul 2022 12:04:43 +0000 (14:04 +0200)]
Fix delete button appears on failed uploads

2 years agoRelease 5.5.0 RC 3
Alexander Ebert [Fri, 1 Jul 2022 15:40:31 +0000 (17:40 +0200)]
Release 5.5.0 RC 3

2 years agoInternal release 5.5.0 RC 3 5.5.0_RC_3
Alexander Ebert [Fri, 1 Jul 2022 15:40:31 +0000 (17:40 +0200)]
Internal release 5.5.0 RC 3

2 years agoUpdating minified JavaScript files
WoltLab [Fri, 1 Jul 2022 15:31:58 +0000 (15:31 +0000)]
Updating minified JavaScript files

2 years agoMerge pull request #4886 from WoltLab/user-menu-incorrect-counter-update
Alexander Ebert [Fri, 1 Jul 2022 14:02:44 +0000 (16:02 +0200)]
Merge pull request #4886 from WoltLab/user-menu-incorrect-counter-update

Update the Unread Counter Using the Server-side Counter

2 years agoMerge branch '5.5'
Tim Düsterhus [Fri, 1 Jul 2022 11:54:59 +0000 (13:54 +0200)]
Merge branch '5.5'

2 years agoUpdate focus-trap and tabbable
Tim Düsterhus [Fri, 1 Jul 2022 11:52:26 +0000 (13:52 +0200)]
Update focus-trap and tabbable

2 years agoMerge branch '5.5'
Tim Düsterhus [Fri, 1 Jul 2022 11:51:17 +0000 (13:51 +0200)]
Merge branch '5.5'

2 years agoMerge branch '5.4' into 5.5
Tim Düsterhus [Fri, 1 Jul 2022 11:49:20 +0000 (13:49 +0200)]
Merge branch '5.4' into 5.5

2 years agoUpdate typescript
Tim Düsterhus [Fri, 1 Jul 2022 11:44:06 +0000 (13:44 +0200)]
Update typescript

see 41b5a7f4fcc27a2fd4434d2feedb10e942930d51. We specifically upgrade
typescript also in 5.4 to ease merges, because the output of const enum
changed.

2 years agoUpdate gsactions/commit-message-checker
Tim Düsterhus [Fri, 1 Jul 2022 09:44:29 +0000 (11:44 +0200)]
Update gsactions/commit-message-checker

2 years agoUpdate npm dependencies
Tim Düsterhus [Fri, 1 Jul 2022 09:33:18 +0000 (11:33 +0200)]
Update npm dependencies

2 years agoUpdate the unread badge using the server-side data
Alexander Ebert [Thu, 30 Jun 2022 17:00:04 +0000 (19:00 +0200)]
Update the unread badge using the server-side data

2 years agoUpdate the unread badge using the server-side data
Alexander Ebert [Thu, 30 Jun 2022 16:47:58 +0000 (18:47 +0200)]
Update the unread badge using the server-side data

The previous implementation relied on the number of unread items currently visible in the user menu. This caused an incorrect number shown for >10 unread items.

Notice: This is a last-minute API change to report the correct number from the server-side.

Fixes #4877

2 years agoPreserve the content when removing selection markers
Alexander Ebert [Thu, 30 Jun 2022 15:28:18 +0000 (17:28 +0200)]
Preserve the content when removing selection markers

In some rare cases the typed-in content could be placed within the selection markers, causing those to be removed whenever markers are being stripped.

This is a follow up for dd829b643d403f403fae8748a8f00e2e448af490 which already mitigates some of these issues by more carefully handling selections.

2 years agoMerge pull request #4883 from WoltLab/main-menu-data-binding
Alexander Ebert [Thu, 30 Jun 2022 14:30:19 +0000 (16:30 +0200)]
Merge pull request #4883 from WoltLab/main-menu-data-binding

Partial Data Binding for the Main Menu

2 years agoUse the `null` value to indicate a missing identifier
Alexander Ebert [Thu, 30 Jun 2022 13:55:24 +0000 (15:55 +0200)]
Use the `null` value to indicate a missing identifier

2 years agoMerge pull request #4884 from WoltLab/diactoros-requestFilter
Tim Düsterhus [Thu, 30 Jun 2022 10:50:37 +0000 (12:50 +0200)]
Merge pull request #4884 from WoltLab/diactoros-requestFilter

Explicitly trust `x-forwarded-proto` for Diactoros' ServerRequest

2 years agoSpecify `null` for the superglobals in ServerRequestFactory::fromGlobals()
Tim Düsterhus [Thu, 30 Jun 2022 09:44:51 +0000 (11:44 +0200)]
Specify `null` for the superglobals in ServerRequestFactory::fromGlobals()

Diactoros does not use `$_COOKIE` internally, but parses the `Cookie` header
instead, because PHP mangles cookie names when parsing into `$_COOKIE`.

2 years agoDo not use named parameters for ServerRequestFactory::fromGlobals()
Tim Düsterhus [Thu, 30 Jun 2022 09:41:00 +0000 (11:41 +0200)]
Do not use named parameters for ServerRequestFactory::fromGlobals()

Laminas does not guarantee backwards compatibility for parameter names.

2 years agoExplicitly trust `x-forwarded-proto` for Diactoros' ServerRequest
Tim Düsterhus [Thu, 30 Jun 2022 08:49:42 +0000 (10:49 +0200)]
Explicitly trust `x-forwarded-proto` for Diactoros' ServerRequest

This is required to future-proof the Diactoros configuration to be consistent
with RouteHandler::secureConnection().

see https://github.com/laminas/laminas-diactoros/blob/c272a93fc716456599d26bf7cc3281ccb708dabf/docs/book/v2/forward-migration.md

2 years agoSync the unread counters of the main menu and the mobile menu
Alexander Ebert [Wed, 29 Jun 2022 16:23:13 +0000 (18:23 +0200)]
Sync the unread counters of the main menu and the mobile menu

2 years agoExpose the identifier of a menu item
Alexander Ebert [Wed, 29 Jun 2022 15:32:48 +0000 (17:32 +0200)]
Expose the identifier of a menu item

2 years agoMerge branch '5.5'
Tim Düsterhus [Wed, 29 Jun 2022 15:05:05 +0000 (17:05 +0200)]
Merge branch '5.5'

2 years agoTighten up composer constraints
Tim Düsterhus [Wed, 29 Jun 2022 15:04:29 +0000 (17:04 +0200)]
Tighten up composer constraints

2 years agoClose the mobile navigation drop-down on page scroll
Alexander Ebert [Wed, 29 Jun 2022 14:44:30 +0000 (16:44 +0200)]
Close the mobile navigation drop-down on page scroll

All drop-down menus are expected to close whenever the page is being scrolled. This is implemented for regular drop-down menus, but this one bypasses the general API.

See https://www.woltlab.com/community/thread/296092-fenster-zitieren-inhalt-melden-%C3%BCberlagert-men%C3%BC-mobil/

2 years agoUpdate composer dependencies
Tim Düsterhus [Wed, 29 Jun 2022 14:17:09 +0000 (16:17 +0200)]
Update composer dependencies

This fixes a Diactoros regression in e707bb4c8f19bd627f06738e64e5c823f88dc4f7.

2 years agoDelay the auto focus of the submit button
Alexander Ebert [Wed, 29 Jun 2022 13:47:47 +0000 (15:47 +0200)]
Delay the auto focus of the submit button

Safari delays the execution of the `blur` event on the document which causes the focus shift to happen too early.

Delaying it by two event cycles are enough to provide a consistent experience and to avoid conflicts with the focus trap.

See https://www.woltlab.com/community/thread/296069-best%C3%A4tigung-bei-installation-von-paket-%C3%BCber-entwickler-werkzeuge-nicht-direkt-pe/

2 years agoPreserve the minimum height of the user header without ranks
Alexander Ebert [Wed, 29 Jun 2022 13:29:06 +0000 (15:29 +0200)]
Preserve the minimum height of the user header without ranks

The `.userMenuItemSingleLine` class is shared with other elements that are not as tall as the user header.

The `min-height: 0` will cause the user header to collapse too much when the user rank module is disabled.

See https://www.woltlab.com/community/thread/296134-darstellungsfehler-im-kontrollzentrum-ohne-rangmodul/

2 years agoFix missing check if conditions are available when adding a box
Marcel Werk [Wed, 29 Jun 2022 13:26:29 +0000 (15:26 +0200)]
Fix missing check if conditions are available when adding a box

2 years agoMerge branch '5.5' of https://github.com/WoltLab/WCF into 5.5
Marcel Werk [Wed, 29 Jun 2022 13:16:29 +0000 (15:16 +0200)]
Merge branch '5.5' of https://github.com/WoltLab/WCF into 5.5

2 years agoMerge branch '5.5'
Tim Düsterhus [Wed, 29 Jun 2022 12:49:14 +0000 (14:49 +0200)]
Merge branch '5.5'

2 years agoEnsure that avatars are world-readable in UserProfileAction::setAvatar()
Tim Düsterhus [Wed, 29 Jun 2022 12:45:37 +0000 (14:45 +0200)]
Ensure that avatars are world-readable in UserProfileAction::setAvatar()

Fixes #4769

2 years agoUpdate composer dependencies
Tim Düsterhus [Wed, 29 Jun 2022 10:18:08 +0000 (12:18 +0200)]
Update composer dependencies

2 years agoMerge branch '5.5'
Tim Düsterhus [Wed, 29 Jun 2022 10:16:02 +0000 (12:16 +0200)]
Merge branch '5.5'

2 years agoMerge branch '5.5' of https://github.com/WoltLab/WCF into 5.5
Marcel Werk [Tue, 28 Jun 2022 14:01:24 +0000 (16:01 +0200)]
Merge branch '5.5' of https://github.com/WoltLab/WCF into 5.5

2 years agoFix missing twitter icon
Marcel Werk [Tue, 28 Jun 2022 14:01:22 +0000 (16:01 +0200)]
Fix missing twitter icon

2 years agoMerge pull request #4882 from WoltLab/secure-package-download
Alexander Ebert [Tue, 28 Jun 2022 12:45:30 +0000 (14:45 +0200)]
Merge pull request #4882 from WoltLab/secure-package-download

Improve the Security of the Plugin-Store StoreCode

2 years agoClearly mark the StoreCode as sensitive
Alexander Ebert [Tue, 28 Jun 2022 12:10:20 +0000 (14:10 +0200)]
Clearly mark the StoreCode as sensitive

The Plugin-Store StoreCode can contain credentials that are considered to be sensitive and should not be shared with third parties.

This change adds a unique prefix that serves as a warning to prevent users from unintentionally sharing these credentials with others.

In addition, this unique prefix makes it possible to block this string from appearing in messages using the censorship feature.

2 years agoGuarantee integrity of packages downloaded via a Plugin-Store StoreCode
Alexander Ebert [Tue, 28 Jun 2022 11:06:20 +0000 (13:06 +0200)]
Guarantee integrity of packages downloaded via a Plugin-Store StoreCode

The package system was unaware of the context of an installation request and permitted the download from unintended package servers.

This can cause the download to be initiated from a different server than the user expected, potentially causing the download of a modified version.

This commit fixes this issue by restricting the package sources to official servers only when the download via the Plugin-Store‘s StoreCode is requested.

2 years agoExplicitly define the text color in the mobile menu
Alexander Ebert [Tue, 28 Jun 2022 12:17:31 +0000 (14:17 +0200)]
Explicitly define the text color in the mobile menu

The elements previously implicitly inherited the text color from the surrounding HTML context rather than the element itself. This caused the colors from the content area to bleed into the mobile menu.

See https://www.woltlab.com/community/thread/295243-pro-und-kontra-neues-kontrollzentrum/?postID=1897430#post1897430 ff

2 years agoMerge pull request #4881 from WoltLab/controller-transform
Tim Düsterhus [Mon, 27 Jun 2022 17:04:11 +0000 (19:04 +0200)]
Merge pull request #4881 from WoltLab/controller-transform

Use ControllerMap::transformController() in RoutingCacheBuilder::getCaseInsensitiveControllers()

2 years agoForce restore saved selections after inserting links into the editor
Alexander Ebert [Mon, 27 Jun 2022 16:53:37 +0000 (18:53 +0200)]
Force restore saved selections after inserting links into the editor

Redactor‘s selection handling is very fragile and “forgetting” to restore the selection can cause some very strange side-effects.

The user will start typing inside a selection marker, which will not cause any visual effects, but the content will get lost once the editor removes the markers.

See https://www.woltlab.com/community/thread/296022-einf%C3%BCgen-von-links-im-editor-unter-ipados/
See https://www.woltlab.com/community/thread/296116-einf%C3%BCgen-von-links-im-editor-unter-ipados-text-verschwindet/
See https://www.woltlab.com/community/thread/294753-text-wird-beim-speichern-abgeschnitten/

2 years agoMerge branch '5.5' of https://github.com/WoltLab/WCF into 5.5
Marcel Werk [Mon, 27 Jun 2022 16:04:38 +0000 (18:04 +0200)]
Merge branch '5.5' of https://github.com/WoltLab/WCF into 5.5

2 years agoFix sorting of articles by number of comments
Marcel Werk [Mon, 27 Jun 2022 16:04:37 +0000 (18:04 +0200)]
Fix sorting of articles by number of comments

Sorting by comments resulted in an exception because the comments column is no longer present in the article table.

2 years agoDelegate to ->classNameToControllerName() in RoutingCacheBuilder::getCaseInsensitiveC...
Tim Düsterhus [Mon, 27 Jun 2022 15:00:37 +0000 (17:00 +0200)]
Delegate to ->classNameToControllerName() in RoutingCacheBuilder::getCaseInsensitiveControllers()

2 years agoStrengthen check for non-instantiable classes in ControllerMap::getClassData()
Tim Düsterhus [Mon, 27 Jun 2022 14:56:56 +0000 (16:56 +0200)]
Strengthen check for non-instantiable classes in ControllerMap::getClassData()

2 years agoCall `\strtolower()` only once in ControllerMap::transformController()
Tim Düsterhus [Mon, 27 Jun 2022 13:21:14 +0000 (15:21 +0200)]
Call `\strtolower()` only once in ControllerMap::transformController()

2 years agoUse ControllerMap::transformController() in RoutingCacheBuilder::getCaseInsensitiveCo...
Tim Düsterhus [Mon, 27 Jun 2022 13:10:54 +0000 (15:10 +0200)]
Use ControllerMap::transformController() in RoutingCacheBuilder::getCaseInsensitiveControllers()

The implementation is absolutely identical and thus can and should be unified.

A behavioral change without any externally visible effect is introduced: For
`TAJAXException` the last part (`Exception`) is no longer stripped. This is
completely irrelevant, as `ControllerMap::getLegacyClassData()` ignores all
classNames that do not end in Action, Form, or Page.

2 years agoRemove obsolete property accesss in RoutingCacheBuilder::getCaseInsensitiveControllers()
Tim Düsterhus [Mon, 27 Jun 2022 14:53:07 +0000 (16:53 +0200)]
Remove obsolete property accesss in RoutingCacheBuilder::getCaseInsensitiveControllers()

see b9d282d542780d231c3ffe79a6eb8b1bcabf0bd6

2 years agoMerge pull request #4880 from WoltLab/broken-controller
Tim Düsterhus [Mon, 27 Jun 2022 12:55:51 +0000 (14:55 +0200)]
Merge pull request #4880 from WoltLab/broken-controller

Stop faking custom URLs for controllers classes with exactly two consecutive uppercase characters

2 years agoStop faking custom URLs for controllers classes with exactly two consecutive uppercas...
Tim Düsterhus [Mon, 27 Jun 2022 12:10:10 +0000 (14:10 +0200)]
Stop faking custom URLs for controllers classes with exactly two consecutive uppercase characters

This was introduced in 519f15c7700222357952e8cab41bbe960730c7fd and its purpose
is not entirely clear: Everything works identically even without this, even in
WoltLab Suite 5.5.

RoutingCacheBuilder is only ever used within ControllerMap and within
ControllerMap there are just a few locations where custom URLs are processed:

- resolve(): This enforces that renamed controllers are accessed via their
  canonical URL. Not relevant here, because we are already working with the
  canonical URL and it's not an intentional rename.
- resolveCustomController(): This is what we intent to avoid. If this method
  does not match, then `->resolve()` will correctly match.
- lookup(): `self::transformController()` will perform the correct
  transformation.
- lookupCmsPage(): Not relevant, because we do not deal with CMS pages.

2 years agoUse `/` as regex delimiter in ControllerMap to enable syntax highlighting in IDE
Tim Düsterhus [Mon, 27 Jun 2022 11:38:29 +0000 (13:38 +0200)]
Use `/` as regex delimiter in ControllerMap to enable syntax highlighting in IDE

2 years agoMerge pull request #4879 from WoltLab/tmp-fallback-remove
Tim Düsterhus [Mon, 27 Jun 2022 11:23:13 +0000 (13:23 +0200)]
Merge pull request #4879 from WoltLab/tmp-fallback-remove

Remove fallbacks from FileUtil::getTempFolder()

2 years agoRemove fallbacks from FileUtil::getTempFolder()
Tim Düsterhus [Mon, 27 Jun 2022 10:15:32 +0000 (12:15 +0200)]
Remove fallbacks from FileUtil::getTempFolder()

The temporary folder within WCF_DIR is automatically created during WCFSetup
when the `.htaccess` is extracted. Based on how the method's written, it is
exceedingly unlikely that the system's temporary folder is used and it
indicates a severe misconfiguration. Remove the fallback for simplicity.

see e41dfd007b12baed65ab7679fb679e53bcd2adf5

2 years agoMerge pull request #4873 from WoltLab/lookup-request-route-wcf-fallback
Tim Düsterhus [Mon, 27 Jun 2022 09:40:02 +0000 (11:40 +0200)]
Merge pull request #4873 from WoltLab/lookup-request-route-wcf-fallback

Remove fallback to 'wcf' in LookupRequestRoute

2 years agoMerge pull request #4876 from WoltLab/controllermap-custom-url-redirect
Tim Düsterhus [Mon, 27 Jun 2022 09:39:55 +0000 (11:39 +0200)]
Merge pull request #4876 from WoltLab/controllermap-custom-url-redirect

Remove fallback to wcf's custom URLs in ControllerMap::resolve()

2 years agoMerge pull request #4875 from WoltLab/sensitive-parameter-value
Tim Düsterhus [Mon, 27 Jun 2022 09:08:57 +0000 (11:08 +0200)]
Merge pull request #4875 from WoltLab/sensitive-parameter-value

Use \SensitiveParameterValue as the replacement value in exception handling

2 years agoFix typo in parameter type name in ControllerMap
Tim Düsterhus [Fri, 24 Jun 2022 12:19:39 +0000 (14:19 +0200)]
Fix typo in parameter type name in ControllerMap

see a3ae99cdfc70906b0ffffa51df4e3a060141dff2

2 years agoAdd proper types to ControllerMap
Tim Düsterhus [Fri, 24 Jun 2022 12:16:36 +0000 (14:16 +0200)]
Add proper types to ControllerMap

2 years agoRemove fallback to wcf's custom URLs in ControllerMap::resolve()
Tim Düsterhus [Fri, 24 Jun 2022 10:02:10 +0000 (12:02 +0200)]
Remove fallback to wcf's custom URLs in ControllerMap::resolve()

This fallback was introduced in the very first version of the forced redirect
to the custom URL for requests that directly request the controller class name
in c2de61fb187cf357cd9653693a8fa7cad39ca6ef.

However this might make controllers entirely inaccessible, because the custom
URLs are scoped to the application without any fallback to 'wcf'. This is
reproducible even in the 5.5 branch before the refactoring of the routing
logic.

Consider the following example:

- 'wcf' has the AccountManagementForm
- 'blog' also has an AccountManagement controller
- wcf's AccountManagementForm has the custom controller 'kontoverwaltung'

Now the following happens:

- Links to wcf's AccountManagement will be generated as /index.php?kontoverwaltung
- Links to blog's AccountManagement will be generated as /blog/index.php?account-management

So far so good, this is the expected behavior. Further:

- Accessing /index.php?account-management redirects to /index.php?kontoverwaltung

This is correct: The canonical URL is 'kontoverwaltung' and the page loads, however:

- Accessing /blog/index.php?account-management redirects to /blog/index.php?kontoverwaltung

This is not correct: The blog does not have a custom controller
'kontoverwaltung'. Due to the fallback in LookupRequestRoute, this will route
to wcf's AccountManagement. This fallback will be removed in PR #4873. If that
PR is merged, then instead of routing to wcf's AccountManagement, this will
result in a 404.

Either way: Blog's AccountManagement will be entirely inaccessible and
LinkHandler will generate broken links.

Fix this by removing this incorrect fallback. Accessing
/blog/index.php?account-management will now behave as if wcf's
AccountManagement wasn't renamed.

2 years agoMerge branch '5.5'
Tim Düsterhus [Fri, 24 Jun 2022 09:47:14 +0000 (11:47 +0200)]
Merge branch '5.5'