Tim Düsterhus [Thu, 2 Jun 2022 09:24:58 +0000 (11:24 +0200)]
Remove dead branch in ControllerMap::lookupDefaultController()
It was impossible to take this branch since
d10487d5b8f54ce86fa8d8f36649febd338dbae8, because since this commit i18n CMS
pages (which this branch was about) were unable to have an empty custom URL.
Since
1bfaae39040d6b56ed837b5c66aa7931ffaca9b5 it is entirely impossible for
any empty custom URLs to exist, making this branch completely dead.
Further it only ever supported the WCF landing page, not any application's
landing pages.
The original intent of this branch will be restored in a follow up commit.
Tim Düsterhus [Thu, 2 Jun 2022 11:24:37 +0000 (13:24 +0200)]
Merge pull request #4847 from WoltLab/ci-controller-lookup
Remove reverse lookup for RoutingCacheBuilder::getCaseInsensitiveControllers()
Tim Düsterhus [Thu, 2 Jun 2022 10:42:36 +0000 (12:42 +0200)]
Remove reverse lookup for RoutingCacheBuilder::getCaseInsensitiveControllers()
This reverse lookup is not used, drop it to simplify the logic.
Tim Düsterhus [Thu, 2 Jun 2022 10:09:48 +0000 (12:09 +0200)]
Remove useless temporary in RoutingCacheBuilder::getCustomUrls()
Tim Düsterhus [Thu, 2 Jun 2022 10:08:36 +0000 (12:08 +0200)]
Simplify RoutingCacheBuilder::getCustomUrls()
By creating the arrays for all known abbreviations early we can avoid checking
the existence of them over and over again.
Tim Düsterhus [Thu, 2 Jun 2022 10:06:24 +0000 (12:06 +0200)]
Simplify `isset()` check in ControllerMap::lookup()
The first test was a prefix of the second, thus it is implicitly checked.
Tim Düsterhus [Thu, 2 Jun 2022 10:03:52 +0000 (12:03 +0200)]
Simplify `isset()` check in ControllerMap::resolve()
The first test was a prefix of the second, thus it is implicitly checked.
Also run the `wcf` check in all cases, while this might check the same entry
twice for `$application == 'wcf'`, this will not have a relevant performance
impact and make the code much more readable.
Tim Düsterhus [Thu, 2 Jun 2022 09:13:26 +0000 (11:13 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 2 Jun 2022 08:37:15 +0000 (10:37 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 2 Jun 2022 08:35:38 +0000 (10:35 +0200)]
Create the initial user with a non-NULL signature
see #4845
see
8cf90dac71a2e42c56dafba6e23f0dd5a1c5d64c
Tim Düsterhus [Thu, 2 Jun 2022 08:33:43 +0000 (10:33 +0200)]
Fix PHP 8.1 compatibility in UserRebuildDataWorker for NULL signatures
see #4845
Alexander Ebert [Thu, 2 Jun 2022 08:22:58 +0000 (10:22 +0200)]
Release 5.4.18
Tim Düsterhus [Tue, 31 May 2022 13:42:50 +0000 (15:42 +0200)]
Adjust PHP versions in environment check for 5.5
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
(cherry picked from commit
c2ae090f6bf0a0eefd5eaf9796095a4ddd18c23a)
Tim Düsterhus [Wed, 1 Jun 2022 15:30:04 +0000 (17:30 +0200)]
Merge pull request #4844 from WoltLab/custom-controller
Clean up handling of custom controllers
Tim Düsterhus [Wed, 1 Jun 2022 15:04:47 +0000 (17:04 +0200)]
Remove now-unused $landingPages parameter from RoutingCacheBuilder::getCustomUrls()
Tim Düsterhus [Wed, 1 Jun 2022 15:00:55 +0000 (17:00 +0200)]
Remove dead branch in ControllerMap::isDefaultController()
Since the previous changes it is impossible for an entry `''` to exist in the
custom URL mapping, causing this branch to never be taken.
This essentially reverts
e6fac1cae9428760436179efc10cc7989c2d64b9.
Tim Düsterhus [Wed, 1 Jun 2022 14:58:32 +0000 (16:58 +0200)]
Revert "Revert "Reject empty `controller` in ControllerMap::resolveCustomController()""
This check will now work correctly, since the custom URL for non-i18n pages is
no longer cleared since the previous commit.
This reverts commit
bd46b32207b5784c481277f4c2a8c81deff49f9c.
Tim Düsterhus [Wed, 1 Jun 2022 14:40:56 +0000 (16:40 +0200)]
Remove logic for the clearing of custom URLs for CMS pages from RoutingCacheBuilder
This is workaround is no longer required or useful since the previous commit,
since `ControllerMap::isDefaultController()` will correctly return `true` for
those CMS pages, leading to the route builder dropping the controller part in
the URL.
WoltLab [Wed, 1 Jun 2022 14:46:52 +0000 (14:46 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 1 Jun 2022 14:41:15 +0000 (16:41 +0200)]
Release 5.4.17
Alexander Ebert [Wed, 1 Jun 2022 14:40:30 +0000 (16:40 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 1 Jun 2022 14:37:56 +0000 (16:37 +0200)]
Release 5.3.23
Alexander Ebert [Wed, 1 Jun 2022 14:37:15 +0000 (16:37 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 1 Jun 2022 14:30:28 +0000 (16:30 +0200)]
Skip page content without custom URL in RoutingCacheBuilder::getCustomUrls()
This select was missing this condition ever since it was added in commit
c2de61fb187cf357cd9653693a8fa7cad39ca6ef. It is not entirely clear, why this
condition is missing, but everything indicates that this is a bug:
The customURL for the page content can only ever be missing for pages backed by
an actual controller (i.e. non-CMS pages).
All those pages having the same empty controller will lead to conflicts in the
resulting mapping table, with some undefined entry "winning" and ending up in
the table. This specifically nullifies the effort of clearing the custom URL
for non-i18n CMS pages that are landing pages. However by chance this all ends
up working as intended, because the look up of the custom URL for those CMS
pages will then result in an empty string for the controller, which is then
completely ignored by the route building, skipping the logic in
ControllerMap::isDefaultController() which relies on the empty controller
pointing to the landing page instead of some random page.
Clean this up by properly ignoring page content without a custom URL.
Alexander Ebert [Wed, 1 Jun 2022 14:34:57 +0000 (16:34 +0200)]
Release 5.2.21
Marcel Werk [Wed, 1 Jun 2022 14:30:50 +0000 (16:30 +0200)]
Reduced width of dropdown menus in mobile view
Alexander Ebert [Wed, 1 Jun 2022 14:29:04 +0000 (16:29 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 1 Jun 2022 14:26:21 +0000 (16:26 +0200)]
Release 3.1.29
Tim Düsterhus [Wed, 1 Jun 2022 13:40:11 +0000 (15:40 +0200)]
Merge pull request #4842 from WoltLab/landing-page-cleanup
Remove Page::$isLandingPage
Tim Düsterhus [Wed, 1 Jun 2022 13:32:40 +0000 (15:32 +0200)]
Update composer dependencies
Tim Düsterhus [Wed, 1 Jun 2022 13:32:11 +0000 (15:32 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 1 Jun 2022 13:32:00 +0000 (15:32 +0200)]
Update composer dependencies
Tim Düsterhus [Wed, 1 Jun 2022 13:09:30 +0000 (15:09 +0200)]
Add database/update_com.woltlab.wcf_5.6.php
Tim Düsterhus [Wed, 1 Jun 2022 13:05:08 +0000 (15:05 +0200)]
Simplify RoutingCacheBuilder::getLandingPage()
Reduce the amount of special handling required for the 'wcf' app.
Tim Düsterhus [Wed, 1 Jun 2022 12:20:28 +0000 (14:20 +0200)]
Remove the Page::$isLandingPage property
This property is redundant with wcf1_application.landingPageID for the 'wcf'
app. Previously it needed to be kept in sync across both tables which didn't
really work well in all cases. Remove this property to gain a single source of
truth for the landing page.
Tim Düsterhus [Wed, 1 Jun 2022 12:02:03 +0000 (14:02 +0200)]
Check the landing page against PageCache::getLandingPage() in PageLocationManager
The landing page returned by `PageCache` is the landing page as used everywhere
else. Use that one instead of checking the property for consistency.
Tim Düsterhus [Wed, 1 Jun 2022 11:49:24 +0000 (13:49 +0200)]
Remove bogus `$menuItem->isLandingPage` check from acp/menuItemAdd.tpl
This property doesn't exist and even if it would exist, this change would only
be applied in the template, not in PHP. And even if the check would be applied
in PHP, it would not be required. It is perfectly supported to disable all menu
item, including the landing page's. It looks a bit odd, but does not cause
errors.
Tim Düsterhus [Wed, 1 Jun 2022 11:47:55 +0000 (13:47 +0200)]
Revert "Reject empty `controller` in ControllerMap::resolveCustomController()"
The assumptions in the commit message are not currently valid: For a non-i18n
CMS page the RoutingCacheBuilder will clear out the custom URL.
This reverts commit
4a40217a1e5bfe9a2f7d9f4b7c485add6baa7213.
Tim Düsterhus [Wed, 1 Jun 2022 10:17:23 +0000 (12:17 +0200)]
Merge pull request #4841 from WoltLab/routing-cleanup
Further cleanup of the routing logic
Tim Düsterhus [Wed, 1 Jun 2022 10:07:00 +0000 (12:07 +0200)]
Add proper types to ControllerMap::isDefaultController()
Tim Düsterhus [Wed, 1 Jun 2022 09:30:05 +0000 (11:30 +0200)]
Remove useless branch in ControllerMap::isDefaultController()
The previous change with `str_starts_with()` makes it pretty evident that this
condition is redundant with the regular expression above: The regular
expression also ensures that the `$controller` starts with `__WCF_CMS__` and at
the end of that branch the `$controller` will always be stripped of the
language ID suffix.
Tim Düsterhus [Wed, 1 Jun 2022 09:28:33 +0000 (11:28 +0200)]
Use `str_starts_with()` in ControllerMap::isDefaultController()
This replacement is not semantically identical, because the previous version
effectively was a `str_contains()`. However the `__WCF_CMS__` marker always
appears at the start of the string, making the previous version a bug.
Tim Düsterhus [Wed, 1 Jun 2022 09:26:31 +0000 (11:26 +0200)]
Remove useless use of `else` in ControllerMap::isDefaultController()
The “then” part always returns from the function, thus there is no need for an
explicit `else` here.
Tim Düsterhus [Wed, 1 Jun 2022 08:50:18 +0000 (10:50 +0200)]
Simplify `isset()` check in ControllerMap::resolveCustomController()
The first test was a prefix of the second, thus it is implicitly checked.
Tim Düsterhus [Wed, 1 Jun 2022 08:30:55 +0000 (10:30 +0200)]
Reject empty `controller` in ControllerMap::resolveCustomController()
Based on the current callers of this method it is impossible that an empty
string is passed in:
- In LookupRequestRoute the matched controller will always contain a non-slash
character, unless the URL itself only consists of slashes, which is rejected
early.
- In ControllerMap::lookupDefaultController() the method will only be called if
the `routePart` of the landing page matches `__WCF_CMS__` which is only the
case if the page does not have an controller assigned. In that case the invariant
that a custom URL must be configured holds and `->lookupCmsPage()` will not
return an empty controller value.
Tim Düsterhus [Wed, 1 Jun 2022 07:47:05 +0000 (09:47 +0200)]
Simplify `isset()` check in ControllerMap::isDefaultController()
The first parameter was a prefix of the second, thus it is implicitly checked.
Tim Düsterhus [Tue, 31 May 2022 14:43:55 +0000 (16:43 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 14:43:48 +0000 (16:43 +0200)]
Update to setup-node@v3
Tim Düsterhus [Tue, 31 May 2022 14:43:27 +0000 (16:43 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 31 May 2022 14:43:11 +0000 (16:43 +0200)]
Update to setup-node@v3
Tim Düsterhus [Tue, 31 May 2022 14:32:58 +0000 (16:32 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 14:31:29 +0000 (16:31 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 31 May 2022 14:30:03 +0000 (16:30 +0200)]
Check the WCF_VERSION only if the result might have changed
Tim Düsterhus [Tue, 31 May 2022 14:21:25 +0000 (16:21 +0200)]
Add workflow to check the WCF_VERSION
Alexander Ebert [Tue, 31 May 2022 14:05:55 +0000 (16:05 +0200)]
Missing update of the package version
Tim Düsterhus [Tue, 31 May 2022 13:50:13 +0000 (15:50 +0200)]
Tim Düsterhus [Tue, 31 May 2022 13:48:24 +0000 (15:48 +0200)]
Move system environment check into a middleware
Tim Düsterhus [Tue, 31 May 2022 13:44:54 +0000 (15:44 +0200)]
Adjust PHP versions in environment check for 5.6
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:44:00 +0000 (15:44 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 13:42:50 +0000 (15:42 +0200)]
Adjust PHP versions in environment check for 5.5
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:41:47 +0000 (15:41 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 31 May 2022 13:41:28 +0000 (15:41 +0200)]
Adjust PHP versions in environment check for 5.4
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:39:48 +0000 (15:39 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 31 May 2022 13:36:26 +0000 (15:36 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Tue, 31 May 2022 13:35:00 +0000 (15:35 +0200)]
Adjust PHP versions in environment check for 5.2
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:33:43 +0000 (15:33 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Tue, 31 May 2022 13:31:44 +0000 (15:31 +0200)]
Merge pull request #4840 from WoltLab/system-environment-check
Add basic check for the runtime environment
Tim Düsterhus [Tue, 31 May 2022 13:11:02 +0000 (15:11 +0200)]
Add basic check for the runtime environment
Running WoltLab Suite in an unsupported environment might work for the
majority of requests, some requests might fail very visibly. But there
also is a third type: A request that *appear* to execute properly, but
that subtly behaves incorrectly, due to a change in PHP's behavior.
The latter type is dangerous, as those requests might introduce errors
into the dataset that are very hard to impossible to correct after the
fact because the necessary information to fix up the data is no longer
available.
Prevent this situation from occuring by performing a basic test of the
runtime environment and halting processing early if this test fails to
ensure that it processed as little as possible.
Tim Düsterhus [Tue, 31 May 2022 12:57:44 +0000 (14:57 +0200)]
Enable HTML escaping of `->errorMessage` in packageUpdateServerList.tpl
This is not exploitable for a full-blown XSS attack, as any HTML tags are
stripped. Nonetheless the `"` character can cause issues, as the value is also
displayed in an HTML attribute and the error message contains uncontrolled
content.
Tim Düsterhus [Tue, 31 May 2022 11:27:11 +0000 (13:27 +0200)]
Merge pull request #4839 from WoltLab/sessionhandler-language-ids
Deprecate SessionHandler::getLanguageIDs()
Tim Düsterhus [Tue, 31 May 2022 10:47:21 +0000 (12:47 +0200)]
Remove useless calls to `->setAccessible()` for Reflection
These are no longer required as of PHP 8.1.
Tim Düsterhus [Tue, 31 May 2022 10:27:46 +0000 (12:27 +0200)]
Remove incorrect use of `@` from WCFSetup templates
Most of these values appear in attributes where `"` must be escaped. While the
`"` cannot appear in some of the values, WCFSetup is not performance critical,
so simply remove them everywhere to save the developer from needing to think
about this.
Tim Düsterhus [Tue, 31 May 2022 10:16:40 +0000 (12:16 +0200)]
Remove useless `isset()` check before calling `unset()` in LinkHandler::getLink()
Tim Düsterhus [Tue, 31 May 2022 10:00:16 +0000 (12:00 +0200)]
Merge branch '5.5'
Tim Düsterhus [Tue, 31 May 2022 09:37:34 +0000 (11:37 +0200)]
Release 5.5.0 Beta 4
WoltLab [Tue, 31 May 2022 09:32:57 +0000 (09:32 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Tue, 31 May 2022 09:31:02 +0000 (11:31 +0200)]
WoltLab [Tue, 31 May 2022 09:27:55 +0000 (09:27 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 31 May 2022 09:13:32 +0000 (11:13 +0200)]
Merge pull request #4838 from WoltLab/custom-color-picker
Custom color picker implementation
Alexander Ebert [Tue, 31 May 2022 09:13:26 +0000 (11:13 +0200)]
Simplified the code a bit
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
Tim Düsterhus [Tue, 31 May 2022 08:39:30 +0000 (10:39 +0200)]
Deprecate SessionHandler::getLanguageIDs()
This method is currently unused and basically only wraps
User::getLanguageIDs().
As it is unused the WCFSetup workaround should no longer be required either.
Tim Düsterhus [Tue, 31 May 2022 07:45:30 +0000 (09:45 +0200)]
Merge pull request #4837 from WoltLab/styleID-session
Remove styleID from SessionHandler
Tim Düsterhus [Tue, 31 May 2022 07:13:59 +0000 (09:13 +0200)]
Alexander Ebert [Mon, 30 May 2022 17:14:40 +0000 (19:14 +0200)]
Incorrect calculation of the saturation
Alexander Ebert [Mon, 30 May 2022 16:43:14 +0000 (18:43 +0200)]
Clean-up of legacy files, FF workaround
Alexander Ebert [Mon, 30 May 2022 15:58:14 +0000 (17:58 +0200)]
Unified the phrases for the color picker
Tim Düsterhus [Mon, 30 May 2022 15:07:38 +0000 (17:07 +0200)]
Do not use RequestHandler::redirect() for controller-less ACP requests
Specifically do not pass the unknown `$routeData` which might not be correct
for the IndexPage of `wcf`.
see
ed55fc721676e3a5b7cf52995c2f2701a4902f1e
Alexander Ebert [Mon, 30 May 2022 14:54:12 +0000 (16:54 +0200)]
Overhauled color picker with RGBA and HSL
Alexander Ebert [Mon, 30 May 2022 14:39:11 +0000 (16:39 +0200)]
Support for RGB <-> HSL
Tim Düsterhus [Mon, 30 May 2022 13:49:37 +0000 (15:49 +0200)]
Remove styleID from SessionHandler
See
094ee7c31ce505b293fc228d6831ecb4a42130cc for the majority of performed
changes.
Resolves #4835
Tim Düsterhus [Mon, 30 May 2022 08:57:56 +0000 (10:57 +0200)]
Merge branch '5.5'
Tim Düsterhus [Mon, 30 May 2022 08:54:48 +0000 (10:54 +0200)]
Re-deprecate SessionHandler's styleID functionality
see
094ee7c31ce505b293fc228d6831ecb4a42130cc
Tim Düsterhus [Mon, 30 May 2022 08:47:36 +0000 (10:47 +0200)]
Revert "Prevent saving `styleID` in sessions for user"
The intention behind that change still is valid. However using the
`StyleAction::changeStyle()` method which internally uses
`UserAction::update()` internally is problematic, due to events firing. At the
point where `initStyle()` runs, the applications are not yet initialized and
thus the event listener classes of applications will not be found by the
autoloader.
With
bb2430b495a4bfe7e8f205b97749f49ce4f59229 the handling of the `styleID`
parameter is already removed, thus ultimately solving the same problem, but
without the issues.
This reverts commit
cc5207457ef1157b44ecad54db32ab7438a1158e.
Tim Düsterhus [Mon, 30 May 2022 08:39:00 +0000 (10:39 +0200)]
Merge branch '5.5'
Alexander Ebert [Sun, 29 May 2022 18:06:26 +0000 (20:06 +0200)]
Use separate inputs for the RGB color channels
Marcel Werk [Sun, 29 May 2022 15:41:09 +0000 (17:41 +0200)]
Search for author without search term was not possible
Alexander Ebert [Sat, 28 May 2022 13:05:48 +0000 (15:05 +0200)]
Removed an outdated webkit work-around
This was required in <= 5.4 to fix an issue caused by the `transform: translateX(-50%)` offset used in these versions. 5.5 uses a pixel-perfect positioning that no longer relies on this hack.
Alexander Ebert [Sat, 28 May 2022 12:48:22 +0000 (14:48 +0200)]
Missing removal of existing error messages
See https://www.woltlab.com/community/thread/295622-bitte-f%C3%BCllen-sie-dieses-eingabefeld-aus-doppelt-angezeigt/
Alexander Ebert [Sat, 28 May 2022 12:40:49 +0000 (14:40 +0200)]
Bad access the editor from within a dialog
See https://www.woltlab.com/community/thread/295640-%C3%BCber-medien-hinzugef%C3%BCgtes-bild-l%C3%A4sst-sich-nach-der-entfernung-nicht-direkt-erneu/
Alexander Ebert [Sat, 28 May 2022 12:25:55 +0000 (14:25 +0200)]
Merge pull request #4833 from WoltLab/mobile-right-sidebar
Show content of the right sidebar below the main content (mobile view)