Tim Düsterhus [Wed, 11 May 2022 12:32:19 +0000 (14:32 +0200)]
Always restrict valid template modifiers to an allow list
Previously this allow list was only used in enterprise mode, but it is
generally a useful security feature. Thus the allow list previously known as
`$enterpriseFunctions` is applied in call cases.
This also makes it easier for developers, as there will be less differences
between the enterprise mode and the non-enterprise mode.
As before this allow list can easily be extended if a useful function is
missing from it.
Tim Düsterhus [Wed, 11 May 2022 12:02:15 +0000 (14:02 +0200)]
Add update_com.woltlab.wcf_5.5_checkSystemRequirements.php
see
48b47a4a8ba0260d52226c80063ebac081fa719b
Tim Düsterhus [Wed, 11 May 2022 09:40:37 +0000 (11:40 +0200)]
Drop obsolete upgrade instructions from 5.4 to 5.5
Tim Düsterhus [Wed, 11 May 2022 09:39:22 +0000 (11:39 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 11 May 2022 09:39:12 +0000 (11:39 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 11 May 2022 09:38:47 +0000 (11:38 +0200)]
Drop obsolete update_com.woltlab.wcf_5.4.15_deleteDsStore.php
Tim Düsterhus [Wed, 11 May 2022 09:37:38 +0000 (11:37 +0200)]
Drop obsolete fileDelete_5.5.xml
Tim Düsterhus [Wed, 11 May 2022 08:41:46 +0000 (10:41 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 11 May 2022 08:40:35 +0000 (10:40 +0200)]
Fix language items in recommended section of system requirements in WCFSetup
see
3445cbe2a005ead9843d9e17709a915631dd11b5
see
e88d06dc88bc263b7424fbccfa47c13907413b8c
Tim Düsterhus [Wed, 11 May 2022 08:01:03 +0000 (10:01 +0200)]
Run php-cs-fixer using PHP 8.1
Tim Düsterhus [Wed, 11 May 2022 07:58:47 +0000 (09:58 +0200)]
Merge pull request #4782 from WoltLab/system-requirements
Increase minimum PHP requirement
Alexander Ebert [Tue, 10 May 2022 20:58:18 +0000 (22:58 +0200)]
Release 5.5.0 Beta 2
Alexander Ebert [Tue, 10 May 2022 16:06:08 +0000 (18:06 +0200)]
Incorrect dialog position on smartphones
See https://www.woltlab.com/community/thread/295560-neues-thema-erstellen-au%C3%9Ferhalb-des-bildschirms/
Tim Düsterhus [Tue, 10 May 2022 15:36:21 +0000 (17:36 +0200)]
Tim Düsterhus [Mon, 9 May 2022 09:04:51 +0000 (11:04 +0200)]
Upgrade laminas/laminas-httphandlerrunner to 2.1.0
Tim Düsterhus [Mon, 9 May 2022 09:02:43 +0000 (11:02 +0200)]
Tighten up version constraints in composer.json
Tim Düsterhus [Mon, 9 May 2022 09:00:44 +0000 (11:00 +0200)]
Remove obsolete Symfony polyfills
Tim Düsterhus [Mon, 9 May 2022 09:00:13 +0000 (11:00 +0200)]
Update PHP platform version in composer.json
Tim Düsterhus [Mon, 9 May 2022 08:59:06 +0000 (10:59 +0200)]
Remove PHP < 8.1 from php.yml workflow
Tim Düsterhus [Mon, 9 May 2022 08:58:47 +0000 (10:58 +0200)]
Increase minimum PHP version to 8.1.2
Tim Düsterhus [Tue, 10 May 2022 15:33:34 +0000 (17:33 +0200)]
Add the 5.5 branch to GitHub workflows
Alexander Ebert [Tue, 10 May 2022 14:30:34 +0000 (16:30 +0200)]
Release 5.5.0 Beta 1
Alexander Ebert [Tue, 10 May 2022 14:12:26 +0000 (16:12 +0200)]
Removed the upgrade instructions from 5.4.*
WoltLab [Tue, 10 May 2022 13:53:32 +0000 (13:53 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Tue, 10 May 2022 07:26:40 +0000 (09:26 +0200)]
Merge branch '5.4'
Tim Düsterhus [Tue, 10 May 2022 07:25:42 +0000 (09:25 +0200)]
Fix English versions of `wcf.user.security.multifactor.backup.authenticationEmail.body.*`
The phrases contained broken template scripting, due to the use of the `'`
apostroph within a single quoted string.
Alexander Ebert [Mon, 9 May 2022 13:51:17 +0000 (15:51 +0200)]
Dialogs could become too wide with lots of text
Alexander Ebert [Mon, 9 May 2022 12:17:55 +0000 (14:17 +0200)]
Suppress the redundant loading indicator
See https://www.woltlab.com/community/thread/295539-doppelte-ladebalken/
Tim Düsterhus [Mon, 9 May 2022 11:31:31 +0000 (13:31 +0200)]
Merge pull request #4781 from WoltLab/ci-check
Flip only the file name casing on AbstractFileDeletePackageInstallationPlugin::isFilesystemCaseSensitive()
Tim Düsterhus [Mon, 9 May 2022 10:42:53 +0000 (12:42 +0200)]
Add fileDelete_5.5.xml
These files never were part of the git repository, but were accidentally
included in an upgrade package, because an unclean source directory was used
when building the upgrade.
Tim Düsterhus [Mon, 9 May 2022 09:06:38 +0000 (11:06 +0200)]
Flip only the file name casing on AbstractFileDeletePackageInstallationPlugin::isFilesystemCaseSensitive()
Flipping the whole path does not provide any real benefit, because we only care
about whether the file system where WoltLab Suite resides is case sensitive or
not. It does however break when `open_basedir` is configured.
Tim Düsterhus [Mon, 9 May 2022 08:49:45 +0000 (10:49 +0200)]
Merge branch '5.4'
Tim Düsterhus [Fri, 6 May 2022 13:11:45 +0000 (15:11 +0200)]
Remove the codestyle workflow from branches that are not master
Alexander Ebert [Sun, 8 May 2022 11:54:02 +0000 (13:54 +0200)]
Lazy loading the user’s avatar causes flashes
Safari (macOS and iOS) does not handle lazy loaded images above the fold gracefully. This causes the user’s avatar to flicker noticeably on ever page navigation.
Alexander Ebert [Sun, 8 May 2022 11:42:21 +0000 (13:42 +0200)]
Merge pull request #4779 from WoltLab/search-result-pagination
Tracked the result page number in the url
Alexander Ebert [Sun, 8 May 2022 11:38:09 +0000 (13:38 +0200)]
Merge pull request #4777 from WoltLab/article-comment-like-notifications
Notifications about reactions to article comments
Alexander Ebert [Sun, 8 May 2022 11:29:21 +0000 (13:29 +0200)]
Merge pull request #4776 from WoltLab/scroll-to-comments
Scrolling to a comment not visible by default did not work
Marcel Werk [Sat, 7 May 2022 17:11:55 +0000 (19:11 +0200)]
Proper prototype creation
Marcel Werk [Sat, 7 May 2022 17:09:50 +0000 (19:09 +0200)]
Tracked the result page number in the url
Marcel Werk [Sat, 7 May 2022 16:51:22 +0000 (18:51 +0200)]
Proper history navigation for searches
Marcel Werk [Sat, 7 May 2022 16:38:01 +0000 (18:38 +0200)]
Track the page number of search result in the url
Alexander Ebert [Sat, 7 May 2022 16:13:12 +0000 (18:13 +0200)]
Visual separator for specialized search filters
See https://www.woltlab.com/community/thread/295502-kategorie-auswahl-ist-verrutscht/
Marcel Werk [Sat, 7 May 2022 15:42:08 +0000 (17:42 +0200)]
Merge branch '5.4'
Marcel Werk [Sat, 7 May 2022 15:41:59 +0000 (17:41 +0200)]
Merge branch '5.3' into 5.4
Marcel Werk [Sat, 7 May 2022 15:41:46 +0000 (17:41 +0200)]
Merge branch '5.2' into 5.3
Marcel Werk [Sat, 7 May 2022 15:40:48 +0000 (17:40 +0200)]
Revert "Show always an no selection option in custom select options build with the OptionHandler"
This reverts commit
6fef8b82e15794eee5317e6b15bb0670f137315c.
Alexander Ebert [Sat, 7 May 2022 14:59:03 +0000 (16:59 +0200)]
Incorrect margin of `.formSubmit` in dialogs
This was caused by the negative margin introduced in
1d224f10cdd05e7f5d09f869ee1fbbbdff025749 which caused the calculation to be off by 10px, causing a visible gap.
See https://www.woltlab.com/community/thread/295497-fehlerhafte-mobile-darstellung-von-dialogen/
Marcel Werk [Fri, 6 May 2022 21:54:31 +0000 (23:54 +0200)]
Removed obsolete imports
Marcel Werk [Fri, 6 May 2022 21:47:38 +0000 (23:47 +0200)]
Notifications about reactions to article comments
Marcel Werk [Fri, 6 May 2022 21:47:11 +0000 (23:47 +0200)]
Use generic trait in existing notifications for article comments
Marcel Werk [Fri, 6 May 2022 21:46:46 +0000 (23:46 +0200)]
Added generic trait for article comment tests
Marcel Werk [Fri, 6 May 2022 15:57:21 +0000 (17:57 +0200)]
Notification type was not hidden when modules were disabled
Marcel Werk [Fri, 6 May 2022 15:49:54 +0000 (17:49 +0200)]
Scrolling to a comment not visible by default did not work
Alexander Ebert [Fri, 6 May 2022 15:27:59 +0000 (17:27 +0200)]
Inline editors had been not initialized properly
Marcel Werk [Fri, 6 May 2022 15:19:44 +0000 (17:19 +0200)]
Unified phrases
Tim Düsterhus [Fri, 6 May 2022 07:20:09 +0000 (09:20 +0200)]
Merge pull request #4774 from WoltLab/focus-trap-tabbable
Update focus-trap and tabbable npm dependencies
Tim Düsterhus [Fri, 6 May 2022 07:17:19 +0000 (09:17 +0200)]
Fix dependency sync check in javascript.yml
Tim Düsterhus [Fri, 6 May 2022 07:12:15 +0000 (09:12 +0200)]
Add check that dependencies are in sync to javascript.yml
Tim Düsterhus [Thu, 5 May 2022 13:25:48 +0000 (15:25 +0200)]
Update focus-trap and tabbable npm dependencies
Tim Düsterhus [Thu, 5 May 2022 13:24:11 +0000 (15:24 +0200)]
Merge branch '5.4'
Tim Düsterhus [Thu, 5 May 2022 13:23:19 +0000 (15:23 +0200)]
Update npm dependencies
Tim Düsterhus [Thu, 5 May 2022 12:52:05 +0000 (14:52 +0200)]
Add PHP 8.1 to the php.yml workflow
Tim Düsterhus [Thu, 5 May 2022 12:42:57 +0000 (14:42 +0200)]
Drop obsolete exclude in php.yml workflow
This should no longer be required since
123aedf297e0402e6bd3562fe08e2d74e24760d1.
Tim Düsterhus [Thu, 5 May 2022 09:04:03 +0000 (11:04 +0200)]
Update version constraints in composer.json
Require the currently locked versions as the minimum versions.
Tim Düsterhus [Thu, 5 May 2022 07:04:44 +0000 (09:04 +0200)]
Merge pull request #4772 from WoltLab/htmlpurifier-4.14
Update to ezyang/htmlpurifier 4.14.*
Marcel Werk [Wed, 4 May 2022 16:32:08 +0000 (18:32 +0200)]
Labeling for buttons (trash and delete) was identical
Tim Düsterhus [Wed, 4 May 2022 15:32:26 +0000 (17:32 +0200)]
Update to ezyang/htmlpurifier 4.14.*
Tim Düsterhus [Wed, 4 May 2022 15:26:27 +0000 (17:26 +0200)]
Sort dependencies in composer.json
Tim Düsterhus [Wed, 4 May 2022 15:25:13 +0000 (17:25 +0200)]
Add explicit composer dependency for guzzlehttp/psr7
Tim Düsterhus [Wed, 4 May 2022 13:27:22 +0000 (15:27 +0200)]
Remove validation attributes from __sourceCodeFormField.tpl
These are not supported with CodeMirror, because it only syncs the entered data
upon `submit()` which notably runs *after* validation.
see codemirror/CodeMirror#5092
Fixes #4732
Tim Düsterhus [Tue, 3 May 2022 21:36:15 +0000 (23:36 +0200)]
Fix typo in function name in AbstractFileDeletePackageInstallationPlugin
This must be `strtr` not `strstr`.
see #4714
Alexander Ebert [Wed, 4 May 2022 12:34:15 +0000 (14:34 +0200)]
Load the page logo using the `eager` policy
Using `loading="lazy"` for the page logo causes the image to flicker noticeably in Safari on both macOS and iOS.
See https://www.woltlab.com/community/thread/295403-logo-auf-der-startseite-beim-aktualisieren-ein-rechteck/
Tim Düsterhus [Tue, 3 May 2022 13:26:36 +0000 (15:26 +0200)]
Merge branch '5.4'
Tim Düsterhus [Tue, 3 May 2022 13:07:53 +0000 (15:07 +0200)]
Merge pull request #4768 from WoltLab/sitemap-page
Fix handling of CMS pages in sitemap
Tim Düsterhus [Tue, 3 May 2022 11:57:49 +0000 (13:57 +0200)]
Fix handling of CMS pages in sitemap
Delegate the visibility control and access control to the appropriate methods
in \wcf\data\page\Page instead of reimplementing it from scratch. Most notably
the inversion of the page ACL was not implemented correctly within the sitemap.
see
92fba0538afc1d88f411db1a80553af2d17c09b4
Closes #4767
Co-authored-by: mutec <mysterycode@mysterycode.de>
Alexander Ebert [Mon, 2 May 2022 15:27:06 +0000 (17:27 +0200)]
Release 5.5.0 Alpha 6
WoltLab [Mon, 2 May 2022 15:25:33 +0000 (15:25 +0000)]
Updating minified JavaScript files
Alexander Ebert [Mon, 2 May 2022 13:21:13 +0000 (15:21 +0200)]
Merge pull request #4764 from WoltLab/content-interaction-button-icons
Use icons in content interaction buttons
Marcel Werk [Mon, 2 May 2022 10:53:35 +0000 (12:53 +0200)]
Adapt icon dynamically to the actual sort order
Alexander Ebert [Mon, 2 May 2022 08:37:07 +0000 (10:37 +0200)]
Removed a superfluous data attribute
This was a temporary part of the development process.
Fixes #4765
Tim Düsterhus [Mon, 2 May 2022 07:25:38 +0000 (09:25 +0200)]
Merge pull request #4766 from mutec/appmanmudose
fix application management in multi domain setups
mutec [Sun, 1 May 2022 20:53:53 +0000 (22:53 +0200)]
fix application management in multi domain setups
Changing the landing pages of apps was failing since the domain name for single-domain-setups was validated for any case, but is not set when using a multi-domain-setup.
This lead to an un-meaningful error-message saying something is incorrect.
Marcel Werk [Sun, 1 May 2022 17:54:36 +0000 (19:54 +0200)]
Page change in search results scrolls to top automatically
Marcel Werk [Sun, 1 May 2022 17:54:24 +0000 (19:54 +0200)]
Added parameter to configure the scroll behavior
Marcel Werk [Sun, 1 May 2022 17:29:01 +0000 (19:29 +0200)]
Incorrect pronoun in article comment notifications
Marcel Werk [Sun, 1 May 2022 12:42:14 +0000 (14:42 +0200)]
Reduced size of form submit buttons (on mobile)
Alexander Ebert [Sun, 1 May 2022 09:18:03 +0000 (11:18 +0200)]
Swapped the position of the user and page menu
See https://www.woltlab.com/community/thread/295422-position-des-hamburger-men%C3%BCs/
Marcel Werk [Fri, 29 Apr 2022 16:22:52 +0000 (18:22 +0200)]
Use icons in content interaction buttons
Marcel Werk [Fri, 29 Apr 2022 16:22:40 +0000 (18:22 +0200)]
Stop hiding icons in content interaction buttons
Marcel Werk [Fri, 29 Apr 2022 15:10:13 +0000 (17:10 +0200)]
Merge pull request #4753 from WoltLab/article-timestamp
Ensures that the date of a published article is not in the future.
Marcel Werk [Fri, 29 Apr 2022 14:38:15 +0000 (16:38 +0200)]
Show error message if article date is in the future
Alexander Ebert [Fri, 29 Apr 2022 11:31:26 +0000 (13:31 +0200)]
Release 5.5.0 Alpha 5
WoltLab [Fri, 29 Apr 2022 11:30:00 +0000 (11:30 +0000)]
Updating minified JavaScript files
Alexander Ebert [Fri, 29 Apr 2022 11:18:14 +0000 (13:18 +0200)]
Merge pull request #4763 from WoltLab/user-profile-buttons
Overhauled user profile buttons
Alexander Ebert [Thu, 28 Apr 2022 17:45:12 +0000 (19:45 +0200)]
Ignore connection errors caused by page navigation
See WoltLab/com.woltlab.wbb#539
Alexander Ebert [Thu, 28 Apr 2022 16:30:02 +0000 (18:30 +0200)]
Delay menu interaction until the page is loaded
User menu providers are registered asynchronously and the UI does not know once they are all ready.
See https://www.woltlab.com/community/thread/295264-userpanel-l%C3%A4dt-unvollst%C3%A4ndig/
Alexander Ebert [Thu, 28 Apr 2022 14:58:46 +0000 (16:58 +0200)]
Simplified the code logic
Alexander Ebert [Thu, 28 Apr 2022 14:09:12 +0000 (16:09 +0200)]
Use icons to represent the moderation queue types
Fixes #4742
Marcel Werk [Thu, 28 Apr 2022 14:03:21 +0000 (16:03 +0200)]
Added standalone button for "edit profile"
Marcel Werk [Thu, 28 Apr 2022 13:53:12 +0000 (15:53 +0200)]
Removed duplicate link to avatar form
The avatar itself is already linked to the avatar form.