Tim Düsterhus [Fri, 5 May 2023 07:17:39 +0000 (09:17 +0200)]
Add missing space before ellipsis in wcf.acp.package.search.status.* in en.xml
see https://www.woltlab.com/community/thread/299749-language-wcf-acp-package-search-status-loading/
Tim Düsterhus [Fri, 5 May 2023 07:16:35 +0000 (09:16 +0200)]
Fix titlecasification in wcf.acp.user.security.multifactor
see https://www.woltlab.com/community/thread/299745-language-wcf-acp-user-security-multifactor/
Tim Düsterhus [Fri, 5 May 2023 07:14:43 +0000 (09:14 +0200)]
Fix typos in wcf.date.interval.* in en.xml
see https://www.woltlab.com/community/thread/299744-language-wcf-date-interval-months-plain/
Tim Düsterhus [Thu, 4 May 2023 07:17:06 +0000 (09:17 +0200)]
Fix wcf.user.notification.comment.like.message
see https://www.woltlab.com/community/thread/299735-language-wcf-user-notification-comment-like-message/
Tim Düsterhus [Tue, 2 May 2023 10:15:40 +0000 (12:15 +0200)]
Add missing “Address” for “Email Address” in wcf.user.email in en.xml
Fixes #5466
Tim Düsterhus [Fri, 28 Apr 2023 14:01:11 +0000 (16:01 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 28 Apr 2023 14:00:48 +0000 (16:00 +0200)]
Update to `actions/upload-artifact@v3` in wcfsetup.yml
This is required, because node.js 12 actions are deprecated.
Tim Düsterhus [Tue, 25 Apr 2023 09:33:59 +0000 (11:33 +0200)]
Improve phrasing for `user_authentication_failure_*` descriptions
Tim Düsterhus [Mon, 24 Apr 2023 13:07:17 +0000 (15:07 +0200)]
Fix creating menuItem PIP entries without parent using dev tools
Fixes #4754
Alexander Ebert [Wed, 19 Apr 2023 13:32:44 +0000 (15:32 +0200)]
Release 5.5.11
Alexander Ebert [Wed, 19 Apr 2023 12:57:09 +0000 (14:57 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 19 Apr 2023 12:56:08 +0000 (14:56 +0200)]
Release 5.4.27
Alexander Ebert [Wed, 19 Apr 2023 12:50:28 +0000 (14:50 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Apr 2023 12:48:51 +0000 (14:48 +0200)]
Release 5.3.28
WoltLab [Wed, 19 Apr 2023 11:59:20 +0000 (11:59 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:58:03 +0000 (13:58 +0200)]
Merge branch '5.4' into 5.5
WoltLab [Wed, 19 Apr 2023 11:57:15 +0000 (11:57 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:55:57 +0000 (13:55 +0200)]
Merge branch '5.3' into 5.4
WoltLab [Wed, 19 Apr 2023 11:55:07 +0000 (11:55 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:51:47 +0000 (13:51 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 19 Apr 2023 11:51:31 +0000 (13:51 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:45:04 +0000 (13:45 +0200)]
Merge branch 'article-clipboard' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:44:42 +0000 (13:44 +0200)]
Merge branch 'js-unescape-html' into 5.3
Tim Düsterhus [Tue, 18 Apr 2023 07:42:25 +0000 (09:42 +0200)]
Fix `StringUtil.unescapeHTML()`
The HTML was unescaped in an incorrect order, causing incorrect results for
inputs like:
StringUtil.unescapeHTML('"')
Tim Düsterhus [Tue, 28 Mar 2023 12:42:51 +0000 (14:42 +0200)]
Do not allow setting an inaccessible category in ArticleAction::validateSetCategory()
Tim Düsterhus [Tue, 28 Mar 2023 12:41:54 +0000 (14:41 +0200)]
Validate if an article may be edited in `setCategory` clipboard action
Tim Düsterhus [Mon, 17 Apr 2023 17:22:50 +0000 (19:22 +0200)]
Update laminas/laminas-diactoros
see laminas/laminas-diactoros@
2bc0d0bc2d15a3182d7853f761b6b7d2754821fe
Tim Düsterhus [Mon, 17 Apr 2023 17:20:13 +0000 (19:20 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Mon, 17 Apr 2023 16:23:38 +0000 (18:23 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 17 Apr 2023 16:21:29 +0000 (18:21 +0200)]
Alexander Ebert [Fri, 14 Apr 2023 13:29:54 +0000 (15:29 +0200)]
Fix the update instructions
Alexander Ebert [Fri, 14 Apr 2023 12:05:55 +0000 (14:05 +0200)]
Release 5.5.11 dev 1
Alexander Ebert [Thu, 13 Apr 2023 13:24:30 +0000 (15:24 +0200)]
Merge pull request #5420 from darkwood-studios/5.5
added new articleLikeButtons template event to article template
daniel [Thu, 13 Apr 2023 07:46:30 +0000 (09:46 +0200)]
added new articleLikeButtons template event to article template
WoltLab [Thu, 13 Apr 2023 07:20:19 +0000 (07:20 +0000)]
Updating minified JavaScript files
Marcel Werk [Mon, 10 Apr 2023 14:52:48 +0000 (16:52 +0200)]
Fix reading boolean field values in form builder dialogs
For normal forms, the value of `BooleanFormField` is passed as a string. In
form builder dialogs, however, it is passed as an int.
Resolves #5412
Alexander Ebert [Sat, 8 Apr 2023 10:23:58 +0000 (12:23 +0200)]
Merge pull request #5374 from SoftCreatR/bugfix/userBBCodeTag-sync
Add `userBBCodeTag` to the shared templates
Tim Düsterhus [Thu, 6 Apr 2023 11:56:09 +0000 (13:56 +0200)]
Fix redirect after submitting ContactForm
The empty string is an invalid controller name. The landing page link is
requested by either passing `null` or leaving out all parameters.
This misuse will throw an Exception in WoltLab Suite 6.0.
Fixes #5407
Olaf Braun [Sun, 2 Apr 2023 15:44:47 +0000 (17:44 +0200)]
Update TS StringUtil's HTML escaper to be consistent with PHP's
Commit
f631a7de6506e52095299c15042c25a3979a8200 updated the HTML escaper on the
server to encode a single quote (`'`) as `'`, however it did not update
the frontend / TypeScript implementation.
This specifically breaks loading of existing data for i18n fields containing
the single quote, because the JavaScript expects the value to be first JS
encoded and then HTML encoded and manually performs HTML decoding. This is
questionable, but likely not fixable without introducing security issues,
because some users *might* rely on the fact that the JS escaping already
happened and it's impossible to detect whether the given values are already
escaped or not.
Resolves #5381
[Tim: Written the entire commit message]
Tim Düsterhus [Tue, 4 Apr 2023 13:27:00 +0000 (15:27 +0200)]
Add `is_string` as template modifier
Resolves #5388
Tim Düsterhus [Tue, 4 Apr 2023 09:59:58 +0000 (11:59 +0200)]
Merge pull request #5384 from WoltLab/trim-utf-8
Gracefully handle non-UTF-8 inputs in StringUtil::trim()
Tim Düsterhus [Mon, 3 Apr 2023 13:40:08 +0000 (15:40 +0200)]
Gracefully handle non-UTF-8 inputs in StringUtil::trim()
Tim Düsterhus [Fri, 31 Mar 2023 10:15:24 +0000 (12:15 +0200)]
Merge pull request #5380 from WoltLab/style-setvariables-no-write
Do not write an updated style file in StyleEditor::setVariables()
Tim Düsterhus [Fri, 31 Mar 2023 10:05:08 +0000 (12:05 +0200)]
Do not write an updated style file in StyleEditor::setVariables()
If the style variables have already been loaded, which happens during style
import where the existing and to-be-updated style is currently taken from the
cache, the style will be rewritten with the old variables, effectively
resulting in a noop, making it a useless operation.
However if the existing variables are broken, e.g. because they contain a
syntax error, updating a broken style with a fixed one during package
installation will be impossible (without manually clearing the cache), because
the package installation aborts during compilation of the old SCSS, despite the
new SCSS already been written.
Fixes #5333
Alexander Ebert [Fri, 31 Mar 2023 09:46:04 +0000 (11:46 +0200)]
Merge pull request #5375 from WoltLab/search-index-html-tokens
Force replace some HTML tags before sending messages to the search index
Alexander Ebert [Thu, 30 Mar 2023 16:18:33 +0000 (18:18 +0200)]
Use a regex to insert a whitespace instead of stripping the tags
Alexander Ebert [Wed, 29 Mar 2023 16:24:45 +0000 (18:24 +0200)]
Force replace some HTML tags before sending messages to the search index
Stripping the HTML can cause certain words to be accidentally joined when there is no symbol between them that is recognized by the tokenizer. Inserting a whitespace at tag positions that are known to be prone is a stop-gap solution until we find a more stable replacement strategy.
See #4652 and WoltLab/com.woltlab.wcf.elasticSearch#14
Sascha Greuel [Tue, 28 Mar 2023 16:17:19 +0000 (18:17 +0200)]
Add `userBBCodeTag` to the shared templates
Tim Düsterhus [Tue, 28 Mar 2023 12:57:51 +0000 (14:57 +0200)]
Merge pull request #5372 from WoltLab/article-permissions
Fix several article related permissions
Tim Düsterhus [Tue, 28 Mar 2023 12:19:40 +0000 (14:19 +0200)]
Check edit permissions before showing edit link in ACP's article list
Tim Düsterhus [Tue, 28 Mar 2023 12:17:40 +0000 (14:17 +0200)]
Unify visibility of articles in ACP's article list with frontend
Tim Düsterhus [Tue, 28 Mar 2023 12:12:34 +0000 (14:12 +0200)]
Allow users that may contribute articles to see their own articles independent of publication status in lists
Tim Düsterhus [Tue, 28 Mar 2023 12:06:18 +0000 (14:06 +0200)]
Unify default publication status for users that may manage articles and users that may manage their own articles
Tim Düsterhus [Tue, 28 Mar 2023 12:03:05 +0000 (14:03 +0200)]
Allow users that may manage own articles to view them independent of publication status
Tim Düsterhus [Tue, 28 Mar 2023 11:57:50 +0000 (13:57 +0200)]
Allow users that may manage own articles to actually create articles
Tim Düsterhus [Fri, 17 Mar 2023 09:47:31 +0000 (10:47 +0100)]
Update to TypeScript 5.0
Tim Düsterhus [Fri, 17 Mar 2023 09:37:41 +0000 (10:37 +0100)]
Update eslint
Alexander Ebert [Thu, 16 Mar 2023 15:43:22 +0000 (16:43 +0100)]
Release 5.5.10
Alexander Ebert [Thu, 16 Mar 2023 15:32:19 +0000 (16:32 +0100)]
Merge branch '5.4' into 5.5
Alexander Ebert [Thu, 16 Mar 2023 15:25:26 +0000 (16:25 +0100)]
Release 5.4.26
Alexander Ebert [Thu, 16 Mar 2023 15:21:37 +0000 (16:21 +0100)]
Merge branch '5.3' into 5.4
Alexander Ebert [Thu, 16 Mar 2023 15:06:57 +0000 (16:06 +0100)]
Release 5.3.27
WoltLab [Thu, 16 Mar 2023 14:58:18 +0000 (14:58 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 16 Mar 2023 14:54:32 +0000 (15:54 +0100)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 16 Mar 2023 14:54:21 +0000 (15:54 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 16 Mar 2023 14:50:46 +0000 (15:50 +0100)]
Merge branch 'edit-permissions' into 5.3
Alexander Ebert [Mon, 13 Mar 2023 11:52:57 +0000 (12:52 +0100)]
Release 5.5.10 dev 1
WoltLab [Mon, 13 Mar 2023 11:51:33 +0000 (11:51 +0000)]
Updating minified JavaScript files
Alexander Ebert [Mon, 13 Mar 2023 11:27:47 +0000 (12:27 +0100)]
Fix the handling of external links in the mobile main menu
See https://www.woltlab.com/community/thread/299236-externe-hauptmen%C3%BC-links-werden-trotz-einstellung-im-acp-mobil-nicht-in-neuem-tab/
Tim Düsterhus [Fri, 10 Mar 2023 12:47:35 +0000 (13:47 +0100)]
Check if the article is readable in Article::canEdit()
Previously an editor could access the contents of an inaccessible article by
directly navigating to the edit form.
Tim Düsterhus [Fri, 10 Mar 2023 12:30:44 +0000 (13:30 +0100)]
Merge pull request #5353 from WoltLab/article-edit
Fix Article::canEdit() permission for article contributors
Tim Düsterhus [Fri, 10 Mar 2023 12:22:12 +0000 (13:22 +0100)]
Fix Article::canEdit() permission for article contributors
The previous return value was non-sense, because `false` is already the
default. Users that may contribute articles may edit their own articles until
they are published, thus this must `return true`.
This was introduced in
a40df44c036bd6201e4e8f9cef5fb878dba4dd4f.
Alexander Ebert [Thu, 9 Mar 2023 16:17:26 +0000 (17:17 +0100)]
Merge pull request #5344 from nice42q/patch-1
Resize Upright Videos
Tim Düsterhus [Thu, 9 Mar 2023 15:58:19 +0000 (16:58 +0100)]
Merge pull request #5347 from WoltLab/user-option-disabled
Check if a user option is disabled in UserOption::isVisible() and ::isEditable()
Tim Düsterhus [Thu, 9 Mar 2023 14:10:28 +0000 (15:10 +0100)]
Check if a user option is disabled in UserOption::isVisible() and ::isEditable()
see https://www.woltlab.com/community/thread/299193-gender-birthday-location-still-shows-in-profile-even-if-the-fields-are-disabled/
Tim Düsterhus [Wed, 8 Mar 2023 09:52:04 +0000 (10:52 +0100)]
Merge pull request #5343 from WoltLab/media-clipboard-bad-merge
Fix bad merge in Media/Clipboard.ts
Luke [Wed, 8 Mar 2023 09:31:53 +0000 (10:31 +0100)]
Resize Upright Videos
'vh' 1% of the viewport's height.
Responsive style for all devices
Tim Düsterhus [Wed, 8 Mar 2023 09:22:34 +0000 (10:22 +0100)]
Fix bad merge in Media/Clipboard.ts
The `_didInit = true` assignment added in
3510ed70b5abcd0786cca33469812b2781024cc9 got lost during the TypeScript
transformation in
b5030e676de80fc60f7619c0149999cfed394499.
Fixes #5341
WoltLab [Tue, 7 Mar 2023 15:23:39 +0000 (15:23 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Tue, 7 Mar 2023 15:22:04 +0000 (16:22 +0100)]
Update npm dependencies in extra/
Tim Düsterhus [Tue, 7 Mar 2023 11:27:12 +0000 (12:27 +0100)]
Merge pull request #5340 from WoltLab/x-frame-options-phrase
Drop misleading “deprecated” note in `wcf.acp.option.http_send_x_frame_options`
Tim Düsterhus [Tue, 7 Mar 2023 08:24:04 +0000 (09:24 +0100)]
Drop misleading “deprecated” note in `wcf.acp.option.http_send_x_frame_options`
Not the “disallowing of frame embeds” is deprecated, but the disabling of the
disallowing. This becomes clear when reading the description, but not when just
reading the option name + parenthesis.
Drop the parenthesis entirely, the description is quite clear and the ACP index
page will also show a warning if the option still is enabled.
see https://www.woltlab.com/community/thread/299182-einbindung-in-einem-frame-verhindern-veraltet-nicht-empfohlen/
Marcel Werk [Mon, 6 Mar 2023 15:36:13 +0000 (16:36 +0100)]
Fix missing deletion of articles after deletion of a category
Marcel Werk [Mon, 6 Mar 2023 15:29:01 +0000 (16:29 +0100)]
Fix missing custom confirm messages when deleting categories
Marcel Werk [Mon, 6 Mar 2023 15:01:02 +0000 (16:01 +0100)]
Fix missing deletion of subscriptions of article categories
Deleting article categories did not remove attached subscriptions.
Alexander Ebert [Mon, 6 Mar 2023 13:08:55 +0000 (14:08 +0100)]
Suppress the HTML encoding of values encoded by `|encodeJS`
This causes entities to be encoded, but the implementation expects them to be plain text.
See https://www.woltlab.com/community/thread/298737-sonderzeichen-in-umfragen/
Tim Düsterhus [Mon, 6 Mar 2023 10:34:22 +0000 (11:34 +0100)]
Handle `NULL` groupDescription in UserGroup::getDescription()
see
a48f51b3c73abff7e4fe9a5016b976682cb5ab3c
see #4694
Marcel Werk [Fri, 3 Mar 2023 14:52:46 +0000 (15:52 +0100)]
Fix exception when editing a user rank with a broken image
Closes #4860
Tim Düsterhus [Fri, 3 Mar 2023 11:27:08 +0000 (12:27 +0100)]
Update GitHub workflows to node.js 18
Tim Düsterhus [Fri, 24 Feb 2023 14:21:08 +0000 (15:21 +0100)]
Create the initial article category with explicit description
see #5323
Tim Düsterhus [Fri, 24 Feb 2023 14:20:12 +0000 (15:20 +0100)]
Fix PHP 8.1 compatibility in AbstractCategoryEditForm for NULL description
see #5323
Tim Düsterhus [Mon, 20 Feb 2023 14:53:15 +0000 (15:53 +0100)]
Fix stack trace rendering for strings with single quotes
Tim Düsterhus [Mon, 20 Feb 2023 09:55:22 +0000 (10:55 +0100)]
Merge pull request #5311 from WoltLab/about-me-validation
Fix aboutMe validation
Tim Düsterhus [Mon, 20 Feb 2023 09:12:03 +0000 (10:12 +0100)]
Reduce the maximum length for the aboutMe and signature to 65000
This is a nice round number and gives some additional wiggle room for HTML
processing changes in UserRebuildDataWorker before the hard limit is actually
reached and contents will need to be dropped.
Tim Düsterhus [Mon, 20 Feb 2023 09:10:06 +0000 (10:10 +0100)]
Fix length comparison for aboutMe text in UserRebuildDataWorker
Contrary to the comment's claim, a `TEXT` column supports 65535 characters
(depending on the charset), not 65535 bytes.
Tim Düsterhus [Mon, 20 Feb 2023 09:04:19 +0000 (10:04 +0100)]
Fix validation in AboutMeOptionType
The validation method previously checked the original input, not the processed
input. This possibly allowed the user to hide words from the Censorship,
because the HTMLPurifier removes elements, resulting in a semantic change. For
example: `Bad<script></script>word` will be `Badword` after purification.
For the length validation this might result in outputs exceeding the hard 65535
character limit (which is also the maximum configurable length in the user
group option).
This is fixed by checking:
1. The text content against the user group option as done everywhere.
2. The text content against the censorship as done everywhere.
3. The HTML content against the hard limit.
Tim Düsterhus [Fri, 17 Feb 2023 12:57:39 +0000 (13:57 +0100)]
Drop obsolete update_com.woltlab.wcf_5.5.9_systemId.php
Tim Düsterhus [Fri, 17 Feb 2023 11:54:31 +0000 (12:54 +0100)]
Merge pull request #5307 from WoltLab/unfurl-language
Add `accept-language` header to Unfurling requests
Tim Düsterhus [Fri, 17 Feb 2023 11:24:38 +0000 (12:24 +0100)]
Add `accept-language` header to Unfurling requests
The default language is preferred, but any language is acceptable with a lower
priority.
see https://www.woltlab.com/community/thread/299002-imdb-english-embed-links-displaying-german-text/
Alexander Ebert [Fri, 17 Feb 2023 11:03:00 +0000 (12:03 +0100)]
Release 5.5.9