Alexander Ebert [Mon, 4 Apr 2022 17:01:12 +0000 (19:01 +0200)]
Verify that the active dialog is closable
See https://www.woltlab.com/community/thread/294867-verschachtelte-dialoge-verwerfen-optionen-des-1-dialogs/
Sir-Will [Sun, 3 Apr 2022 01:19:51 +0000 (03:19 +0200)]
Update google console link
Closes #4716
Marcel Werk [Thu, 31 Mar 2022 12:05:56 +0000 (14:05 +0200)]
Article system allowed access to titles of hidden articles
The problem was caused by a redirect to the Canonical URL before the permissions were checked.
Marcel Werk [Tue, 29 Mar 2022 12:36:13 +0000 (14:36 +0200)]
Floating of attachments in simplified HTML did not work properly
Marcel Werk [Tue, 29 Mar 2022 12:01:36 +0000 (14:01 +0200)]
Incorrect handling of GIF cover photos when rebuilding users
Tim Düsterhus [Wed, 23 Mar 2022 08:10:40 +0000 (09:10 +0100)]
Whitelist `basename` in enterprise mode
Tim Düsterhus [Mon, 21 Mar 2022 10:08:46 +0000 (11:08 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 21 Mar 2022 10:03:59 +0000 (11:03 +0100)]
Merge pull request #4706 from WoltLab/guzzle-psr7-backport
Update guzzlehttp/psr7 to a custom fork
Tim Düsterhus [Sun, 20 Mar 2022 14:22:29 +0000 (15:22 +0100)]
Update guzzlehttp/psr7 to a custom fork
see WoltLab/guzzle-psr7@
ff7be9fcf7da87f971990b1a61d8a7f2b5aeac9b
see WoltLab/guzzle-psr7@
986596de01529f6e837a5cadfef9ec714ace7914
Tim Düsterhus [Fri, 18 Mar 2022 13:59:50 +0000 (14:59 +0100)]
Prevent possible brick when the upgrade to 5.5 fails between unpacking of files and unpacking of acptemplates
Alexander Ebert [Thu, 17 Mar 2022 16:41:10 +0000 (17:41 +0100)]
Release 5.4.15
Alexander Ebert [Thu, 17 Mar 2022 16:36:32 +0000 (17:36 +0100)]
Release 5.3.21
Alexander Ebert [Thu, 17 Mar 2022 16:34:59 +0000 (17:34 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Thu, 17 Mar 2022 16:33:49 +0000 (17:33 +0100)]
Release 5.2.20
Alexander Ebert [Thu, 17 Mar 2022 16:32:53 +0000 (17:32 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Thu, 17 Mar 2022 16:31:13 +0000 (17:31 +0100)]
Release 3.1.28
Alexander Ebert [Thu, 17 Mar 2022 14:43:27 +0000 (15:43 +0100)]
Release 3.1.28
Tim Düsterhus [Thu, 17 Mar 2022 13:31:44 +0000 (14:31 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:28:38 +0000 (14:28 +0100)]
Merge branch '5.2' into 5.3
WoltLab [Thu, 17 Mar 2022 13:27:24 +0000 (13:27 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:25:53 +0000 (14:25 +0100)]
Merge branch '3.1' into 5.2
WoltLab [Thu, 17 Mar 2022 13:23:56 +0000 (13:23 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:22:22 +0000 (14:22 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:21:34 +0000 (14:21 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Thu, 17 Mar 2022 13:20:55 +0000 (14:20 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
(cherry picked from commit
81b770284267db5dc8c8df86e303a20c3ccb8dce)
Tim Düsterhus [Thu, 17 Mar 2022 13:12:25 +0000 (14:12 +0100)]
Merge branch 'cronjobLogList-xss' into 3.1
Tim Düsterhus [Thu, 17 Mar 2022 08:10:12 +0000 (09:10 +0100)]
Fix XSS in the cronjob's error message in cronjobLogList
This can happen if untrusted information, such as the HTTP response body for a
failed Guzzle request, is embedded into the error message.
Thanks to @SoftCreatR for responsibly reporting the issue.
Alexander Ebert [Wed, 16 Mar 2022 19:01:43 +0000 (20:01 +0100)]
Release 5.4.15 dev 3
WoltLab [Wed, 16 Mar 2022 17:31:50 +0000 (17:31 +0000)]
Updating minified JavaScript files
WoltLab [Wed, 16 Mar 2022 17:17:31 +0000 (17:17 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 16 Mar 2022 16:56:10 +0000 (17:56 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
Marcel Werk [Wed, 16 Mar 2022 10:20:11 +0000 (11:20 +0100)]
An array as query string resulted in an error
joshuaruesweg [Wed, 16 Mar 2022 08:28:37 +0000 (09:28 +0100)]
Remove `Template.grammar.jison`
joshuaruesweg [Wed, 16 Mar 2022 08:24:48 +0000 (09:24 +0100)]
Delete old JS dir, before recompile TS
This ensures, that there are no superfluous files commited in the JS dir.
Tim Düsterhus [Wed, 16 Mar 2022 08:02:41 +0000 (09:02 +0100)]
Merge pull request #4702 from WoltLab/5.4-unfurl-charset
Catch `ValueError` while convert encoding
joshuaruesweg [Tue, 15 Mar 2022 18:00:53 +0000 (19:00 +0100)]
Catch `ValueError` while convert encoding
Since PHP 8.0 the function `mb_convert_encoding` throws an `ValueError` if the given charset is unknown. Prior to this, a PHP notice is thrown.
Fixes #4697
Alexander Ebert [Tue, 15 Mar 2022 17:12:54 +0000 (18:12 +0100)]
Release 5.4.15 dev 2
Tim Düsterhus [Tue, 15 Mar 2022 15:31:19 +0000 (16:31 +0100)]
Merge pull request #4701 from WoltLab/mysql-search-plus-min-token
Do not add the `+` prefix to search terms shorter than InnoDB's ft_min_token_size
Tim Düsterhus [Tue, 15 Mar 2022 14:40:39 +0000 (15:40 +0100)]
Do not add the `+` prefix to search terms shorter than InnoDB's ft_min_token_size
see https://www.woltlab.com/community/thread/294842-suchindex-richtig-vorbereiten/
Tim Düsterhus [Tue, 15 Mar 2022 14:39:53 +0000 (15:39 +0100)]
Add MysqlSearchEngine::getMinTokenSize() as a replacement for getFulltextMinimumWordLength()
This new method is private, because it is considered an implementation detail.
Marcel Werk [Mon, 14 Mar 2022 09:30:12 +0000 (10:30 +0100)]
Merge branch '5.3' into 5.4
Marcel Werk [Mon, 14 Mar 2022 09:27:14 +0000 (10:27 +0100)]
Only revert points when revoking a reaction
Tim Düsterhus [Fri, 11 Mar 2022 09:08:41 +0000 (10:08 +0100)]
Use explicit `return null` in DatabaseObjectList::search()
Tim Düsterhus [Thu, 10 Mar 2022 16:30:13 +0000 (17:30 +0100)]
Merge pull request #4699 from WoltLab/ds-store
Rerun the .DS_Store deletion script
Alexander Ebert [Thu, 10 Mar 2022 16:08:07 +0000 (17:08 +0100)]
Gracefully handle integers exceeding 32bit
See https://www.woltlab.com/community/thread/294731-profilfeld-wert-integer/
Tim Düsterhus [Thu, 10 Mar 2022 14:47:57 +0000 (15:47 +0100)]
Rerun the .DS_Store deletion script
Apparently some installations still contain .DS_Store files assigned to
official packages. These might come from 5.3 installations that were
immediately upgraded to 5.4.4 or higher, without going through 5.4.3.
see
2bd8c2dba79878269981aac94c1ad51e94b2308e
Alexander Ebert [Thu, 10 Mar 2022 11:48:11 +0000 (12:48 +0100)]
Release 5.4.15 dev 1
WoltLab [Thu, 10 Mar 2022 10:45:53 +0000 (10:45 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 9 Mar 2022 18:28:07 +0000 (19:28 +0100)]
Set `toFloat()` to `protected` for compatibility
Alexander Ebert [Wed, 9 Mar 2022 18:06:45 +0000 (19:06 +0100)]
Missing conversion of localized search values
Fixes https://www.woltlab.com/community/thread/294505-eingabefeld-profilfeld-dezimalzeichen-problem/
Alexander Ebert [Wed, 9 Mar 2022 18:05:41 +0000 (19:05 +0100)]
Moved the conversion of localized values to floats
Alexander Ebert [Wed, 9 Mar 2022 16:50:23 +0000 (17:50 +0100)]
Show the erroneous tab on submit
Fixes https://www.woltlab.com/community/thread/294204-meldung-bei-nicht-erfolgreichem-box-speichern-wegen-quellcode-modus/
Alexander Ebert [Wed, 9 Mar 2022 16:19:40 +0000 (17:19 +0100)]
Workaround for the selection of the quote tooltip
Fixes https://www.woltlab.com/community/thread/294684-sprung-zum-seitenanfang-beim-markieren-auf-mobilen-ger%C3%A4ten/
Alexander Ebert [Wed, 9 Mar 2022 15:14:14 +0000 (16:14 +0100)]
Improved the UX for page object id suggestions
See https://www.woltlab.com/community/thread/294550-men%C3%BCpunkt-mit-artikelbezug-artikel-id-heraussuchen-klick-%C3%B6ffnet-artikel/
Tim Düsterhus [Wed, 9 Mar 2022 14:23:47 +0000 (15:23 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 14:16:41 +0000 (15:16 +0100)]
Upgrade to `actions/checkout@v3`
Tim Düsterhus [Wed, 9 Mar 2022 14:14:53 +0000 (15:14 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 9 Mar 2022 14:14:35 +0000 (15:14 +0100)]
Upgrade to `actions/checkout@v3`
Tim Düsterhus [Wed, 9 Mar 2022 13:44:09 +0000 (14:44 +0100)]
Update npm dependencies
Tim Düsterhus [Wed, 9 Mar 2022 13:08:53 +0000 (14:08 +0100)]
Add missing space in indentation in LikeAction
Tim Düsterhus [Wed, 9 Mar 2022 12:55:24 +0000 (13:55 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 12:49:18 +0000 (13:49 +0100)]
Validate the `pageNo` in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 12:48:52 +0000 (13:48 +0100)]
Validate that the userID matches a user in UserFollowingAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:48:19 +0000 (13:48 +0100)]
Validate the `pageNo` in UserFollowingAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:47:42 +0000 (13:47 +0100)]
Validate that the userID matches a user in UserFollowAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:47:01 +0000 (13:47 +0100)]
Validate the `pageNo` in UserFollowAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:46:29 +0000 (13:46 +0100)]
Validate the `pageNo` in MediaAction::validateGetSearchResultList()
Tim Düsterhus [Wed, 9 Mar 2022 12:45:45 +0000 (13:45 +0100)]
Validate the `pageNo` in LikeAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 12:45:05 +0000 (13:45 +0100)]
Validate the `pageNo` in UserProfileVisitorAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 11:19:20 +0000 (12:19 +0100)]
Validate the limit and offset in Database::handleLimitParameter()
Tim Düsterhus [Wed, 9 Mar 2022 09:46:52 +0000 (10:46 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 9 Mar 2022 09:40:02 +0000 (10:40 +0100)]
Simplify condition in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 09:39:36 +0000 (10:39 +0100)]
Validate that the userID matches a user in UserTrophyAction::validateGetGroupedUserTrophyList()
Tim Düsterhus [Wed, 9 Mar 2022 09:38:04 +0000 (10:38 +0100)]
Validate that the userID matches a user in UserProfileVisitorAction::validateGetGroupedUserList()
Tim Düsterhus [Wed, 9 Mar 2022 09:33:51 +0000 (10:33 +0100)]
Fix typing of RuntimeCache's getObject() method
Alexander Ebert [Tue, 8 Mar 2022 18:12:26 +0000 (19:12 +0100)]
Disabled `input[type="date"]` were not initialized
See https://www.woltlab.com/community/thread/294503-ansicht-bei-einem-datumsfeld-fehlerhaft-plus-konsolenfehler-disabled/
Alexander Ebert [Tue, 8 Mar 2022 13:43:23 +0000 (14:43 +0100)]
`Escape` key now triggers `onBeforeClose`
See https://www.woltlab.com/community/thread/294772-closeconfirmmessage-onbeforeclose-bei-esc-taste/
Tim Düsterhus [Tue, 8 Mar 2022 09:07:32 +0000 (10:07 +0100)]
Fix PHP 8.1 compatibility when editing groups with NULL description
This can happen for the groups that are created during initial installation.
see #4694
Tim Düsterhus [Tue, 8 Mar 2022 09:05:27 +0000 (10:05 +0100)]
Create the initial user groups with explicit descriptions
Tim Düsterhus [Tue, 8 Mar 2022 08:59:46 +0000 (09:59 +0100)]
Correctly handle missing requirements without minversion in dev tools
Marcel Werk [Mon, 7 Mar 2022 17:51:02 +0000 (18:51 +0100)]
Indentation in label group availability was too large
Marcel Werk [Mon, 7 Mar 2022 17:45:39 +0000 (18:45 +0100)]
Label group availability could not be configured for deeper categories
Tim Düsterhus [Mon, 7 Mar 2022 09:37:35 +0000 (10:37 +0100)]
Fix PHP 8.1 compatibility in SignatureCache
> Message: preg_replace_callback(): Passing null to parameter #3 ($subject) of
> type array|string is deprecated
Alexander Ebert [Thu, 3 Mar 2022 18:38:04 +0000 (19:38 +0100)]
Restoring the selection immediately discarded it
See https://www.woltlab.com/community/thread/294654-links-werden-vom-editor-aus-dem-text-direkt-nach-ganz-oben-verschoben/
joshuaruesweg [Thu, 3 Mar 2022 12:59:02 +0000 (13:59 +0100)]
Merge branch '5.3'
joshuaruesweg [Thu, 3 Mar 2022 12:56:27 +0000 (13:56 +0100)]
Fix detection of ipv4 adresses for stopforumspam integration
joshuaruesweg [Thu, 3 Mar 2022 08:05:44 +0000 (09:05 +0100)]
Surpress output of empty labeled url user option fields
Tim Düsterhus [Mon, 28 Feb 2022 12:12:10 +0000 (13:12 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 28 Feb 2022 12:10:16 +0000 (13:10 +0100)]
Validate the messageObjectType in MessagePreviewAction::validateGetMessagePreview()
Tim Düsterhus [Mon, 28 Feb 2022 12:03:52 +0000 (13:03 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 28 Feb 2022 12:02:17 +0000 (13:02 +0100)]
Validate the object type definition in CommentAction::validateObjectType()
Tim Düsterhus [Mon, 28 Feb 2022 10:20:35 +0000 (11:20 +0100)]
Fix success message in ApplicationManagementForm
Fixes #4679
Tim Düsterhus [Thu, 24 Feb 2022 10:35:41 +0000 (11:35 +0100)]
Ignore non-HTTP schemes for URL unfurling
Tim Düsterhus [Mon, 21 Feb 2022 14:14:17 +0000 (15:14 +0100)]
Merge branch 'mysql-search-query-parser' into 5.4
Tim Düsterhus [Mon, 21 Feb 2022 14:12:38 +0000 (15:12 +0100)]
Fix handling of queries ending in a lone quote in MysqlSearchEngine::splitIntoTerms()
Tim Düsterhus [Mon, 21 Feb 2022 14:08:02 +0000 (15:08 +0100)]
Fix handling of quoted parentheses in MysqlSearchEngine::splitIntoTerms()
Tim Düsterhus [Mon, 21 Feb 2022 13:51:55 +0000 (14:51 +0100)]
Fix typo in comment in MysqlSearchEngine::splitIntoTerms()
Tim Düsterhus [Mon, 21 Feb 2022 09:05:12 +0000 (10:05 +0100)]