GitHub/WoltLab/WCF.git
17 months agoRelease 5.4.29 5.4.29
Alexander Ebert [Wed, 21 Jun 2023 09:34:16 +0000 (11:34 +0200)]
Release 5.4.29

17 months agoRelease 5.4.28 5.4.28
Alexander Ebert [Tue, 20 Jun 2023 11:38:01 +0000 (13:38 +0200)]
Release 5.4.28

17 months agoDrop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug...
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524

It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.

According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.

see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/

(cherry picked from commit 832de3617df81b357430f8d99527dc34efd277a7)

18 months agoUpdate to `actions/upload-artifact@v3` in wcfsetup.yml
Tim Düsterhus [Fri, 28 Apr 2023 14:00:48 +0000 (16:00 +0200)]
Update to `actions/upload-artifact@v3` in wcfsetup.yml

This is required, because node.js 12 actions are deprecated.

19 months agoRelease 5.4.27 5.4.27
Alexander Ebert [Wed, 19 Apr 2023 12:56:08 +0000 (14:56 +0200)]
Release 5.4.27

19 months agoMerge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Apr 2023 12:50:28 +0000 (14:50 +0200)]
Merge branch '5.3' into 5.4

19 months agoRelease 5.3.28 5.3.28 5.3.final
Alexander Ebert [Wed, 19 Apr 2023 12:48:51 +0000 (14:48 +0200)]
Release 5.3.28

19 months agoUpdating minified JavaScript files
WoltLab [Wed, 19 Apr 2023 11:57:15 +0000 (11:57 +0000)]
Updating minified JavaScript files

19 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:55:57 +0000 (13:55 +0200)]
Merge branch '5.3' into 5.4

19 months agoUpdating minified JavaScript files
WoltLab [Wed, 19 Apr 2023 11:55:07 +0000 (11:55 +0000)]
Updating minified JavaScript files

19 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:51:31 +0000 (13:51 +0200)]
Merge branch '5.3' into 5.4

19 months agoMerge branch 'article-clipboard' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:45:04 +0000 (13:45 +0200)]
Merge branch 'article-clipboard' into 5.3

19 months agoMerge branch 'js-unescape-html' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:44:42 +0000 (13:44 +0200)]
Merge branch 'js-unescape-html' into 5.3

19 months agoFix `StringUtil.unescapeHTML()`
Tim Düsterhus [Tue, 18 Apr 2023 07:42:25 +0000 (09:42 +0200)]
Fix `StringUtil.unescapeHTML()`

The HTML was unescaped in an incorrect order, causing incorrect results for
inputs like:

    StringUtil.unescapeHTML('"')

19 months agoDo not allow setting an inaccessible category in ArticleAction::validateSetCategory()
Tim Düsterhus [Tue, 28 Mar 2023 12:42:51 +0000 (14:42 +0200)]
Do not allow setting an inaccessible category in ArticleAction::validateSetCategory()

19 months agoValidate if an article may be edited in `setCategory` clipboard action
Tim Düsterhus [Tue, 28 Mar 2023 12:41:54 +0000 (14:41 +0200)]
Validate if an article may be edited in `setCategory` clipboard action

19 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Mon, 17 Apr 2023 16:23:38 +0000 (18:23 +0200)]
Merge branch '5.3' into 5.4

19 months agoUpdate guzzlehttp/psr7
Tim Düsterhus [Mon, 17 Apr 2023 16:21:29 +0000 (18:21 +0200)]
Update guzzlehttp/psr7

see guzzle/psr7@18fd8915823bd9ca4156e84849e18970057dc7e4

20 months agoRelease 5.4.26 5.4.26
Alexander Ebert [Thu, 16 Mar 2023 15:25:26 +0000 (16:25 +0100)]
Release 5.4.26

20 months agoMerge branch '5.3' into 5.4
Alexander Ebert [Thu, 16 Mar 2023 15:21:37 +0000 (16:21 +0100)]
Merge branch '5.3' into 5.4

20 months agoRelease 5.3.27 5.3.27
Alexander Ebert [Thu, 16 Mar 2023 15:06:57 +0000 (16:06 +0100)]
Release 5.3.27

20 months agoUpdating minified JavaScript files
WoltLab [Thu, 16 Mar 2023 14:58:18 +0000 (14:58 +0000)]
Updating minified JavaScript files

20 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Thu, 16 Mar 2023 14:54:21 +0000 (15:54 +0100)]
Merge branch '5.3' into 5.4

20 months agoMerge branch 'edit-permissions' into 5.3
Tim Düsterhus [Thu, 16 Mar 2023 14:50:46 +0000 (15:50 +0100)]
Merge branch 'edit-permissions' into 5.3

20 months agoCheck if the article is readable in Article::canEdit()
Tim Düsterhus [Fri, 10 Mar 2023 12:47:35 +0000 (13:47 +0100)]
Check if the article is readable in Article::canEdit()

Previously an editor could access the contents of an inaccessible article by
directly navigating to the edit form.

22 months agoRelease 5.4.25 5.4.25
Alexander Ebert [Thu, 19 Jan 2023 13:22:17 +0000 (14:22 +0100)]
Release 5.4.25

22 months agoMerge branch '5.3' into 5.4
Alexander Ebert [Thu, 19 Jan 2023 13:21:54 +0000 (14:21 +0100)]
Merge branch '5.3' into 5.4

22 months agoRelease 5.3.26 5.3.26
Alexander Ebert [Thu, 19 Jan 2023 13:19:31 +0000 (14:19 +0100)]
Release 5.3.26

22 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Thu, 19 Jan 2023 13:16:28 +0000 (14:16 +0100)]
Merge branch '5.3' into 5.4

22 months agoMerge branch 'xss-activation' into 5.3
Tim Düsterhus [Thu, 19 Jan 2023 13:16:10 +0000 (14:16 +0100)]
Merge branch 'xss-activation' into 5.3

22 months agoMerge branch '5.3' into 5.4
Tim Düsterhus [Mon, 16 Jan 2023 13:51:47 +0000 (14:51 +0100)]
Merge branch '5.3' into 5.4

22 months agoRemove questionable `@` in __singleMediaSelectionFormField.tpl
Tim Düsterhus [Mon, 16 Jan 2023 13:48:54 +0000 (14:48 +0100)]
Remove questionable `@` in __singleMediaSelectionFormField.tpl

This looks like it is exploitable, because the value is not guaranteed to be an integer.

22 months agoFix XSS vulnerability in registerActivation.tpl
Tim Düsterhus [Mon, 16 Jan 2023 13:40:29 +0000 (14:40 +0100)]
Fix XSS vulnerability in registerActivation.tpl

This was introduced in a477e3522933a7204b02013cd6b6d47d0db1d254 when the
activation logic was refactored to no longer use numeric-only activation codes.

Thanks to Chabik Hatim for responsibly reporting the vulnerability.

22 months agoMerge pull request #5225 from WoltLab/supportexpiry-53
Tim Düsterhus [Mon, 16 Jan 2023 13:49:57 +0000 (14:49 +0100)]
Merge pull request #5225 from WoltLab/supportexpiry-53

Notify users of the expiring support (5.3)

22 months agoNotify users of the expiring support (5.3)
Tim Düsterhus [Tue, 2 Nov 2021 11:11:50 +0000 (12:11 +0100)]
Notify users of the expiring support (5.3)

see #4574

2 years agoRelease 5.4.24 5.4.24
Alexander Ebert [Tue, 18 Oct 2022 14:44:19 +0000 (16:44 +0200)]
Release 5.4.24

2 years agoMerge branch '5.3' into 5.4
Alexander Ebert [Tue, 18 Oct 2022 14:43:34 +0000 (16:43 +0200)]
Merge branch '5.3' into 5.4

2 years agoRelease 5.3.25 5.3.25
Alexander Ebert [Tue, 18 Oct 2022 14:38:23 +0000 (16:38 +0200)]
Release 5.3.25

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 18 Oct 2022 14:28:10 +0000 (16:28 +0200)]
Merge branch '5.3' into 5.4

2 years agoMerge branch 'js-relocate-xss' into 5.3
Tim Düsterhus [Tue, 18 Oct 2022 14:25:39 +0000 (16:25 +0200)]
Merge branch 'js-relocate-xss' into 5.3

2 years agoFix XSS vulnerability within the JavaScript relocator
Tim Düsterhus [Thu, 13 Oct 2022 15:19:17 +0000 (17:19 +0200)]
Fix XSS vulnerability within the JavaScript relocator

If the relocation placeholder appeared multiple times within the source code,
it would also be replaced multiple times. This might allow an attacker to blow
up the HTML structure by including the placeholder within UGC.

Fix this issue by only ever replacing the last placeholder, which should be the
“real” one from footer.tpl. In the future this should be protected further by
including a random nonce to prevent this attack entirely.

2 years agoRelease 5.4.23 5.4.23
Alexander Ebert [Thu, 22 Sep 2022 15:12:13 +0000 (17:12 +0200)]
Release 5.4.23

2 years agoMerge pull request #5009 from WoltLab/attachment-csp
Tim Düsterhus [Tue, 20 Sep 2022 08:34:58 +0000 (10:34 +0200)]
Merge pull request #5009 from WoltLab/attachment-csp

Add security headers to AttachmentPage

2 years agoPrevent MIME sniffing for attachments
Tim Düsterhus [Tue, 20 Sep 2022 07:19:46 +0000 (09:19 +0200)]
Prevent MIME sniffing for attachments

2 years agoConfigure a restrictive content-security-policy for attachments
Tim Düsterhus [Tue, 20 Sep 2022 07:18:56 +0000 (09:18 +0200)]
Configure a restrictive content-security-policy for attachments

2 years agoMerge pull request #4995 from WoltLab/package-fix-installation
Tim Düsterhus [Thu, 15 Sep 2022 11:00:41 +0000 (13:00 +0200)]
Merge pull request #4995 from WoltLab/package-fix-installation

Fix handling of multi-step upgrades that need to happen in lock-step

2 years agoAdd assertion to PackageInstallationNodeBuilder::buildPluginNodes()
Tim Düsterhus [Thu, 15 Sep 2022 10:44:38 +0000 (12:44 +0200)]
Add assertion to PackageInstallationNodeBuilder::buildPluginNodes()

2 years agoFix handling of multi-step upgrades that need to happen in lock-step
Tim Düsterhus [Thu, 15 Sep 2022 10:34:11 +0000 (12:34 +0200)]
Fix handling of multi-step upgrades that need to happen in lock-step

Consider the following situation:

- Package com.example.foo is installed in version 1.0.0.
- Version 1.0.1 can be upgraded from 1.0.0.
- Version 1.0.2 can be upgraded from 1.0.1 and adds a dependency on
  com.woltlab.bar which is not yet installed.
- Version 1.0.3 can be upgraded from 1.0.2.

Now the PackageinstallationScheduler will build the following plan when it's
desired to upgrade com.woltlab.foo from 1.0.0 to 1.0.2:

- Upgrade com.woltlab.foo to 1.0.1
- Install com.woltlab.bar to satisfy the dependencies for 1.0.2
- Upgrade com.woltlab.foo to 1.0.2
- Upgrade com.woltlab.foo to 1.0.3

Now when build the nodes for this plan, the upgrade instructions for 1.0.2 will
not be detected, as the "previous package" logic used for iterative upgrades
will set the previous package of com.woltlab.foo in 1.0.2 to com.woltlab.bar.
Thus when upgrading to 1.0.2 the node builder will believe that com.woltlab.foo
is installed in 1.0.0 when it actually is already upgraded to 1.0.1.

Fix this by leveraging the $pendingPackages list which is already kept up to
date for dependency resolution.

2 years agoAdd safety check to PackageInstallationNodeBuilder to detect corrupted installation...
Tim Düsterhus [Thu, 15 Sep 2022 10:33:33 +0000 (12:33 +0200)]
Add safety check to PackageInstallationNodeBuilder to detect corrupted installation plans

2 years agoFix possible SMTP desync if a timeout strikes
Tim Düsterhus [Fri, 9 Sep 2022 09:34:07 +0000 (11:34 +0200)]
Fix possible SMTP desync if a timeout strikes

see 9ae8a0e5da751e2abfcb00a621056c3a15ed009f

2 years agoExplicitly handle `fgets()` returning `false` in SmtpEmailTransport
Tim Düsterhus [Fri, 9 Sep 2022 08:16:02 +0000 (10:16 +0200)]
Explicitly handle `fgets()` returning `false` in SmtpEmailTransport

(cherry picked from commit a6ed0b255968e9ef44c6e37f7eb71fa4ad5256ea)

2 years agoMerge pull request #4981 from WoltLab/smtp-transport-desync
Tim Düsterhus [Mon, 5 Sep 2022 09:46:48 +0000 (11:46 +0200)]
Merge pull request #4981 from WoltLab/smtp-transport-desync

Detect possible SMTP connection desync in SmtpEmailTransport

2 years agoDetect possible SMTP connection desync in SmtpEmailTransport
Tim Düsterhus [Mon, 5 Sep 2022 08:19:44 +0000 (10:19 +0200)]
Detect possible SMTP connection desync in SmtpEmailTransport

see https://www.woltlab.com/community/thread/296850-smtp-probleme-nachdem-erste-mail-fehlschl%C3%A4gt/

2 years agoRelease 5.4.22 5.4.22
Alexander Ebert [Fri, 19 Aug 2022 12:54:05 +0000 (14:54 +0200)]
Release 5.4.22

2 years agoUnify “Datenbanktabelle” in de.xml
Tim Düsterhus [Fri, 12 Aug 2022 09:23:54 +0000 (11:23 +0200)]
Unify “Datenbanktabelle” in de.xml

2 years agoFix typo in de.xml
Tim Düsterhus [Fri, 12 Aug 2022 09:23:11 +0000 (11:23 +0200)]
Fix typo in de.xml

see #4952

2 years agoImprove character class definition in explanation for PIP identifiers
Tim Düsterhus [Thu, 11 Aug 2022 12:45:33 +0000 (14:45 +0200)]
Improve character class definition in explanation for PIP identifiers

see #4952

2 years agoUnify phrasing for PIP identifier explanations
Tim Düsterhus [Thu, 11 Aug 2022 12:43:58 +0000 (14:43 +0200)]
Unify phrasing for PIP identifier explanations

see #4952

2 years agoImprove phrasing in PIP identifier description
Tim Düsterhus [Thu, 11 Aug 2022 12:40:52 +0000 (14:40 +0200)]
Improve phrasing in PIP identifier description

see #4952

2 years agoFix grammar in de.xml
Tim Düsterhus [Thu, 11 Aug 2022 12:38:50 +0000 (14:38 +0200)]
Fix grammar in de.xml

Resolves #4952

Reported-by: Dennis Kraffczyk <github@dennis-kraffczyk.de>
2 years agoReplace “Example” by “Beispiel” in de.xml
Tim Düsterhus [Thu, 11 Aug 2022 12:37:14 +0000 (14:37 +0200)]
Replace “Example” by “Beispiel” in de.xml

see #4952

2 years agoMerge pull request #4921 from SoftCreatR/patch-2
Tim Düsterhus [Thu, 4 Aug 2022 07:04:07 +0000 (09:04 +0200)]
Merge pull request #4921 from SoftCreatR/patch-2

Fix Facebook media provider

2 years agoFixed Facebook media provider
Sascha Greuel [Thu, 4 Aug 2022 04:58:21 +0000 (06:58 +0200)]
Fixed Facebook media provider

Usernames CAN contain periods, but they're currently not supported. There's also no need for a trailing slash.

Example: https://www.facebook.com/RaiPlay.it/videos/1059491774481091

2 years agoFix typo in de.xml
Tim Düsterhus [Wed, 20 Jul 2022 12:51:10 +0000 (14:51 +0200)]
Fix typo in de.xml

see e1fa341f67d936b14006a70962734504c1a165cd

2 years agoRelease 5.4.21 5.4.21
Alexander Ebert [Wed, 20 Jul 2022 11:15:40 +0000 (13:15 +0200)]
Release 5.4.21

2 years agoMerge pull request #4908 from WoltLab/upgrade-override-success
Tim Düsterhus [Wed, 20 Jul 2022 10:54:50 +0000 (12:54 +0200)]
Merge pull request #4908 from WoltLab/upgrade-override-success

Add explicit “success” message to PackageEnableUpgradeOverrideForm

2 years agoImprove wording for success message in PackageEnableUpgradeOverrideForm
Tim Düsterhus [Wed, 20 Jul 2022 10:50:39 +0000 (12:50 +0200)]
Improve wording for success message in PackageEnableUpgradeOverrideForm

Co-authored-by: Alexander Ebert <ebert@woltlab.com>
2 years agoAdd explicit “success” message to PackageEnableUpgradeOverrideForm
Tim Düsterhus [Wed, 20 Jul 2022 07:59:59 +0000 (09:59 +0200)]
Add explicit “success” message to PackageEnableUpgradeOverrideForm

2 years agoUpdating minified JavaScript files
WoltLab [Wed, 20 Jul 2022 07:30:22 +0000 (07:30 +0000)]
Updating minified JavaScript files

2 years agoUpdate npm dependencies in extra/
Tim Düsterhus [Wed, 20 Jul 2022 07:26:10 +0000 (09:26 +0200)]
Update npm dependencies in extra/

2 years agoPreserve the aspect ratio of scaled thumbnails
Alexander Ebert [Thu, 14 Jul 2022 10:56:43 +0000 (12:56 +0200)]
Preserve the aspect ratio of scaled thumbnails

See https://www.woltlab.com/community/thread/296285-imageviewer-thumbnail-falsches-format/

2 years agoImprove exception message in ImageUtil::createWebpVariant()
Tim Düsterhus [Mon, 11 Jul 2022 09:57:11 +0000 (11:57 +0200)]
Improve exception message in ImageUtil::createWebpVariant()

2 years agoStop flagging the new version 5.5 as “Evaluation” 5.4.20
Alexander Ebert [Wed, 6 Jul 2022 10:38:08 +0000 (12:38 +0200)]
Stop flagging the new version 5.5 as “Evaluation”

See 9072d357de11116a15205073237498cab86dcd5c

2 years agoRelease 5.4.20
Alexander Ebert [Wed, 6 Jul 2022 10:35:02 +0000 (12:35 +0200)]
Release 5.4.20

2 years agoEnable the upgrade notice for 5.5 by default
Alexander Ebert [Wed, 6 Jul 2022 10:33:06 +0000 (12:33 +0200)]
Enable the upgrade notice for 5.5 by default

See WoltLab/com.woltlab.website#602

2 years agoUpdating minified JavaScript files
WoltLab [Wed, 6 Jul 2022 10:27:17 +0000 (10:27 +0000)]
Updating minified JavaScript files

2 years agoMerge branch '5.3' into 5.4
Alexander Ebert [Wed, 6 Jul 2022 10:25:55 +0000 (12:25 +0200)]
Merge branch '5.3' into 5.4

2 years agoRelease 5.3.24 5.3.24
Alexander Ebert [Wed, 6 Jul 2022 10:25:19 +0000 (12:25 +0200)]
Release 5.3.24

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 5 Jul 2022 11:27:48 +0000 (13:27 +0200)]
Merge branch '5.3' into 5.4

2 years agoMerge pull request #4896 from WoltLab/abstract-category-edit-check-type
Tim Düsterhus [Tue, 5 Jul 2022 11:25:39 +0000 (13:25 +0200)]
Merge pull request #4896 from WoltLab/abstract-category-edit-check-type

Verify that the category's objectType matches the form's objectType in AbstractCategoryEditForm

2 years agoMerge pull request #4894 from WoltLab/abstract-category-edit
Tim Düsterhus [Tue, 5 Jul 2022 11:25:14 +0000 (13:25 +0200)]
Merge pull request #4894 from WoltLab/abstract-category-edit

Make AbstractCategoryEditForm actually abstract

2 years agoMerge pull request #4893 from WoltLab/tabmenu-select-invalid-container
Tim Düsterhus [Tue, 5 Jul 2022 11:25:01 +0000 (13:25 +0200)]
Merge pull request #4893 from WoltLab/tabmenu-select-invalid-container

Select the first erroneous tab in a form if multiple are erroneous

2 years agoImprove type of exception for invalid object types in AbstractCategoryAddForm
Tim Düsterhus [Tue, 5 Jul 2022 09:02:19 +0000 (11:02 +0200)]
Improve type of exception for invalid object types in AbstractCategoryAddForm

This technically is a BC break, but this exception must not be caught anyway as
it indicates a clear programming error.

2 years agoMake AbstractCategoryEditForm actually abstract
Tim Düsterhus [Mon, 27 Jun 2022 14:03:31 +0000 (16:03 +0200)]
Make AbstractCategoryEditForm actually abstract

This form is not functional, unless an objectType is defined in a child class.

2 years agoHandle invalid `<textarea>` elements when submitting a form within a TabMenu
Tim Düsterhus [Tue, 5 Jul 2022 08:37:50 +0000 (10:37 +0200)]
Handle invalid `<textarea>` elements when submitting a form within a TabMenu

2 years agoSelect the first erroneous tab in a form if multiple are erroneous
Tim Düsterhus [Tue, 5 Jul 2022 07:51:24 +0000 (09:51 +0200)]
Select the first erroneous tab in a form if multiple are erroneous

This was incorrectly migrated to TypeScript. Before TypeScript this used a
regular `for` loop counting indices, allowing the `return;` to correctly leave
the loop.

see https://www.woltlab.com/community/thread/296198-formbuilder-tabmenuformcontainer-required-js-fehler/

2 years agoAdd `DOM.Iterable` to tsconfig.json's `lib` list
Tim Düsterhus [Tue, 5 Jul 2022 07:48:39 +0000 (09:48 +0200)]
Add `DOM.Iterable` to tsconfig.json's `lib` list

This makes `NodeList`, `FormData` et al iterable. This is part of ES 2015 and
thus can be used.

2 years agoMerge pull request #4891 from WoltLab/fetch-template-plugin
Tim Düsterhus [Mon, 4 Jul 2022 15:05:13 +0000 (17:05 +0200)]
Merge pull request #4891 from WoltLab/fetch-template-plugin

Deprecate the `{fetch}` template plugin

2 years agoDeprecate the `{fetch}` template plugin
Tim Düsterhus [Mon, 4 Jul 2022 14:27:39 +0000 (16:27 +0200)]
Deprecate the `{fetch}` template plugin

2 years agoMerge pull request #4890 from WoltLab/upgrade-override-always-disable
Tim Düsterhus [Mon, 4 Jul 2022 14:10:48 +0000 (16:10 +0200)]
Merge pull request #4890 from WoltLab/upgrade-override-always-disable

Always allow disabling the upgrade override if enabled

2 years agoVerify that the category's objectType matches the form's objectType in AbstractCatego...
Tim Düsterhus [Mon, 4 Jul 2022 14:08:34 +0000 (16:08 +0200)]
Verify that the category's objectType matches the form's objectType in AbstractCategoryEditForm

2 years agoAlways allow disabling the upgrade override if enabled
Tim Düsterhus [Mon, 4 Jul 2022 12:39:49 +0000 (14:39 +0200)]
Always allow disabling the upgrade override if enabled

Previously the following might happen:

- A community is running 5.3.
- They enable the upgrade override and upgrade to 5.4.
- They are offered the upgrade to 5.5, but don't want to do that, yet.
- They access the PackageEnableUpgradeOverrideForm to disable the upgrade.
- It complains that the search index was not yet migrated to InnoDB, preventing
  the disabling of the upgrade.

2 years agoUpdate typescript
Tim Düsterhus [Fri, 1 Jul 2022 11:44:06 +0000 (13:44 +0200)]
Update typescript

see 41b5a7f4fcc27a2fd4434d2feedb10e942930d51. We specifically upgrade
typescript also in 5.4 to ease merges, because the output of const enum
changed.

2 years agoBind event listeners on editor elements only once
Alexander Ebert [Thu, 23 Jun 2022 11:32:27 +0000 (13:32 +0200)]
Bind event listeners on editor elements only once

The previous code caused the event listeners to be bound with every iteration. Every invocation touches the DOM by updating the title, which in return caused `observe.load()` to be triggered again. This causes the number of bound event listeners (and thus DOM updates!) to increase exponentionally.

See https://www.woltlab.com/community/thread/296068-dialog-container-vom-spoiler-tag-kann-das-forum-aufh%C3%A4ngen/

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 21 Jun 2022 08:57:19 +0000 (10:57 +0200)]
Merge branch '5.3' into 5.4

2 years agoUpdate Guzzle
Tim Düsterhus [Tue, 21 Jun 2022 08:52:30 +0000 (10:52 +0200)]
Update Guzzle

see guzzle/guzzle@a52f0440530b54fa079ce76e8c5d196a42cad981

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 21 Jun 2022 08:47:11 +0000 (10:47 +0200)]
Merge branch '5.3' into 5.4

2 years agoUpdate guzzlehttp/psr7
Tim Düsterhus [Tue, 21 Jun 2022 08:44:38 +0000 (10:44 +0200)]
Update guzzlehttp/psr7

This is a dependency for an updated Guzzle.

see guzzle/psr7@e98e3e6d4f86621a9b75f623996e6bbdeb4b9318
see guzzle/guzzle@a52f0440530b54fa079ce76e8c5d196a42cad981

2 years agoMerge branch '5.3' into 5.4
Tim Düsterhus [Tue, 21 Jun 2022 08:43:19 +0000 (10:43 +0200)]
Merge branch '5.3' into 5.4

2 years agoRegenerate composer files
Tim Düsterhus [Tue, 21 Jun 2022 08:41:51 +0000 (10:41 +0200)]
Regenerate composer files