Alexander Ebert [Thu, 13 Aug 2020 11:29:36 +0000 (13:29 +0200)]
Merge pull request #3483 from WoltLab/page-action-buttons-overhaul
Overhauled the page action buttons' behavior
joshuaruesweg [Thu, 13 Aug 2020 07:46:00 +0000 (09:46 +0200)]
Merge branch '5.2'
joshuaruesweg [Thu, 13 Aug 2020 07:44:48 +0000 (09:44 +0200)]
Fix resizing images in Safari
Fixes #3506
Tim Düsterhus [Thu, 13 Aug 2020 07:07:10 +0000 (09:07 +0200)]
Merge pull request #3505 from WoltLab/create-thumbnail-leak
Clear thumbnail handles as soon as possible
Marcel Werk [Wed, 12 Aug 2020 16:23:53 +0000 (18:23 +0200)]
Merge branch '5.2'
Marcel Werk [Wed, 12 Aug 2020 16:22:56 +0000 (18:22 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Wed, 12 Aug 2020 16:22:37 +0000 (18:22 +0200)]
Prevent username overflow in the message sidebar
Marcel Werk [Wed, 12 Aug 2020 15:52:11 +0000 (17:52 +0200)]
Merge branch '5.2'
Marcel Werk [Wed, 12 Aug 2020 15:51:54 +0000 (17:51 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Wed, 12 Aug 2020 15:51:25 +0000 (17:51 +0200)]
Prevent changes to the showOrder setting of system boxes during an update
Marcel Werk [Wed, 12 Aug 2020 15:47:36 +0000 (17:47 +0200)]
Merge branch '5.2'
Marcel Werk [Wed, 12 Aug 2020 15:47:22 +0000 (17:47 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 29 Jan 2020 13:38:56 +0000 (14:38 +0100)]
Prevent changes to the visibility settings of system boxes during an update/upgrade
Tim Düsterhus [Wed, 12 Aug 2020 15:14:54 +0000 (17:14 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 12 Aug 2020 14:13:05 +0000 (16:13 +0200)]
Merge pull request #3502 from Krymonota/timing-safe-comparison-social-login
Use timing safe comparison to validate `state` parameter for social login
Niklas [Wed, 12 Aug 2020 14:08:29 +0000 (16:08 +0200)]
Fix type of `options` parameter in HTTPRequest PHPDoc (#3504)
Niklas (Krymonota) [Wed, 12 Aug 2020 13:59:26 +0000 (15:59 +0200)]
Use timing safe comparison to validate `state` parameter for social login
The Twitter social login is left out because the implementation still uses OAuth 1.0, which does not support the `state` parameter.
Closes #3501
Tim Düsterhus [Wed, 12 Aug 2020 13:55:02 +0000 (15:55 +0200)]
Clear thumbnail handles as soon as possible
This reproduces when rebuilding attachment thumbnails for largish animated
GIF files using ImageMagick. The ImageMagick on-disk cache quota is not
sufficient to hold:
1) The original
2) The tiny thumbnail
3) The in-progress regular thumbnail
The old value of the `$thumbnail` variable will only be destructed once (3)
returns. But the memory is already needed during execution of (3).
So this commit adjusts the code to `null` out the `$thumbnail` variable as
soon as possible, instead of waiting until it goes out of scope naturally.
Example stack trace from the worker:
ImagickException: cache resources exhausted `/var/www/html/attachments/00/1-*snip*.bin' @ error/cache.c/OpenPixelCache/4083 in /var/www/html/lib/system/image/adapter/ImagickImageAdapter.class.php:132
Stack trace:
#0 /var/www/html/lib/system/image/adapter/ImagickImageAdapter.class.php(132): Imagick->cropthumbnailimage(352, 198)
#1 /var/www/html/lib/system/image/adapter/ImageAdapter.class.php(82): wcf\system\image\adapter\ImagickImageAdapter->createThumbnail(352, 198, 0)
#2 /var/www/html/lib/system/upload/DefaultUploadFileSaveStrategy.class.php(323): wcf\system\image\adapter\ImageAdapter->createThumbnail(352, 198, 0)
#3 /var/www/html/lib/data/attachment/AttachmentAction.class.php(226): wcf\system\upload\DefaultUploadFileSaveStrategy->generateThumbnails(Object(wcf\data\attachment\Attachment))
#4 /var/www/html/lib/data/AbstractDatabaseObjectAction.class.php(204): wcf\data\attachment\AttachmentAction->generateThumbnails()
#5 /var/www/html/lib/system/worker/AttachmentRebuildDataWorker.class.php(48): wcf\data\AbstractDatabaseObjectAction->executeAction()
#6 /var/www/html/lib/system/cli/command/WorkerCLICommand.class.php(152): wcf\system\worker\AttachmentRebuildDataWorker->execute()
#7 /var/www/html/lib/system/CLIWCF.class.php(291): wcf\system\cli\command\WorkerCLICommand->execute(Array)
#8 /var/www/html/lib/system/CLIWCF.class.php(85): wcf\system\CLIWCF->initCommands()
#9 /var/www/html/cli.php(18): wcf\system\CLIWCF->__construct()
#10 {main}
Joshua Rüsweg [Tue, 11 Aug 2020 09:32:34 +0000 (11:32 +0200)]
Merge pull request #3499 from WoltLab/5.2-like-rebuild-data-fix
Fix calculation the cached reactions
joshuaruesweg [Mon, 10 Aug 2020 16:36:49 +0000 (18:36 +0200)]
Use proper placeholders for fetching the reactions
joshuaruesweg [Mon, 10 Aug 2020 15:57:26 +0000 (17:57 +0200)]
Fix calculation the cached reactions
Tim Düsterhus [Mon, 10 Aug 2020 15:20:05 +0000 (17:20 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Mon, 10 Aug 2020 15:19:21 +0000 (17:19 +0200)]
Merge pull request #3498 from WoltLab/dbo-action-php-8
Fix bogus call to `call_user_func_array` in AbstractDBOAction::validateAction()
Tim Düsterhus [Mon, 10 Aug 2020 14:16:37 +0000 (16:16 +0200)]
Fix bogus call to `call_user_func_array` in AbstractDBOAction::validateAction()
Fixes #3490
Alexander Ebert [Mon, 10 Aug 2020 12:42:17 +0000 (14:42 +0200)]
Merge pull request #3449 from WoltLab/password-security
Better password security estimation
Alexander Ebert [Mon, 10 Aug 2020 12:35:10 +0000 (14:35 +0200)]
Adjusted the bar sizes for the visual password strength
Old: 20/40/60/80/100
New: 5/20/50/85/100
Alexander Ebert [Mon, 10 Aug 2020 11:41:25 +0000 (13:41 +0200)]
Merge pull request #3496 from WoltLab/comment-object-author-cleanup
Add AbstractCommentManager::getObjectID() to DRY up isContentAuthor
Tim Düsterhus [Mon, 10 Aug 2020 10:01:43 +0000 (12:01 +0200)]
Prevent guests from being a comment’s content author
Tim Düsterhus [Mon, 10 Aug 2020 09:32:01 +0000 (11:32 +0200)]
Add AbstractCommentManager::getObjectID() to DRY up isContentAuthor
Tim Düsterhus [Mon, 10 Aug 2020 07:48:49 +0000 (09:48 +0200)]
Merge branch 'master' into password-security
Marcel Werk [Sun, 9 Aug 2020 12:02:34 +0000 (14:02 +0200)]
Skip the menu indicator on mobile if only sub level items have counters
Closes #3164
Alexander Ebert [Fri, 7 Aug 2020 23:21:12 +0000 (01:21 +0200)]
Typo
Marcel Werk [Fri, 7 Aug 2020 20:53:30 +0000 (22:53 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Fri, 7 Aug 2020 20:53:27 +0000 (22:53 +0200)]
Allow targeting of checkboxes in enableoptions
Closes #3277
Alexander Ebert [Fri, 7 Aug 2020 17:43:33 +0000 (19:43 +0200)]
Merge pull request #3493 from WoltLab/comment-object-author
Add contentAuthor badge to comments
Alexander Ebert [Fri, 7 Aug 2020 17:35:11 +0000 (19:35 +0200)]
Merge pull request #3482 from WoltLab/style-image-upload
Add upload for custom style assets
Alexander Ebert [Fri, 7 Aug 2020 16:35:12 +0000 (18:35 +0200)]
Improved the UI/UX for the password strength estimations
Alexander Ebert [Fri, 7 Aug 2020 14:52:41 +0000 (16:52 +0200)]
Ignore certain scroll events that are just side effects
Joshua Rüsweg [Fri, 7 Aug 2020 14:04:58 +0000 (16:04 +0200)]
Use a more defined description
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
joshuaruesweg [Fri, 7 Aug 2020 13:45:11 +0000 (15:45 +0200)]
Merge branch '5.2'
joshuaruesweg [Fri, 7 Aug 2020 13:43:27 +0000 (15:43 +0200)]
Remove superfluous `array_unique` call
No double value can occur in the array. When deleting, we already check if the object still exists in our file array and delete it only if it really still exists.
Tim Düsterhus [Fri, 7 Aug 2020 11:55:49 +0000 (13:55 +0200)]
Implement isContentAuthor for article comments
Tim Düsterhus [Fri, 7 Aug 2020 11:55:20 +0000 (13:55 +0200)]
Implement isContentAuthor for user profile comments
Tim Düsterhus [Fri, 7 Aug 2020 11:54:54 +0000 (13:54 +0200)]
Add contentAuthor badge to comments
Resolves #3386
Tim Düsterhus [Fri, 7 Aug 2020 11:54:35 +0000 (13:54 +0200)]
Add ICommentManager::isContentAuthor()
Marcel Werk [Fri, 7 Aug 2020 10:43:47 +0000 (12:43 +0200)]
Merge pull request #3488 from WoltLab/external-link-handling
External link handling
Marcel Werk [Fri, 7 Aug 2020 10:11:10 +0000 (12:11 +0200)]
Applied suggestions
Tim Düsterhus [Fri, 7 Aug 2020 09:56:58 +0000 (11:56 +0200)]
Fix return value of sort callback in TemplateListPage
Found using PHP 8's new warning:
> Message: uasort(): Returning bool from comparison function is deprecated,
> return an integer less than, equal to, or greater than zero
Tim Düsterhus [Fri, 7 Aug 2020 09:42:09 +0000 (11:42 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Fri, 7 Aug 2020 09:31:45 +0000 (11:31 +0200)]
Fix PHP 8 compatibility for WCFSetup's error handler
see
0267fa9af7e18aa6449726f748e672cdac192d12
Marcel Werk [Fri, 7 Aug 2020 08:28:47 +0000 (10:28 +0200)]
Applied suggestions
Marcel Werk [Fri, 7 Aug 2020 08:18:00 +0000 (10:18 +0200)]
Merge pull request #3487 from WoltLab/improved-package-search-results
Improve results when searching for packages
Alexander Ebert [Thu, 6 Aug 2020 22:14:51 +0000 (00:14 +0200)]
Merge pull request #3477 from WoltLab/style-cleanup-update
Add update script for style cleanup
Marcel Werk [Thu, 6 Aug 2020 21:24:22 +0000 (23:24 +0200)]
Added rel attribute for external links in menus
Marcel Werk [Thu, 6 Aug 2020 21:19:27 +0000 (23:19 +0200)]
Add rel="ugc" for links within user generated content
Alexander Ebert [Thu, 6 Aug 2020 20:48:57 +0000 (22:48 +0200)]
Improved the animation behavior by merging transitions
Marcel Werk [Thu, 6 Aug 2020 20:45:09 +0000 (22:45 +0200)]
isInternalURL() treats everything as internal that resides on the same subdomain
Marcel Werk [Thu, 6 Aug 2020 20:37:05 +0000 (22:37 +0200)]
Removed EXTERNAL_LINK_REL_NOFOLLOW
Marcel Werk [Thu, 6 Aug 2020 20:36:49 +0000 (22:36 +0200)]
New method to generate attributes for <a> tags
Marcel Werk [Thu, 6 Aug 2020 20:35:54 +0000 (22:35 +0200)]
Use of StringUtil::getAnchorTag()
Marcel Werk [Thu, 6 Aug 2020 19:51:51 +0000 (21:51 +0200)]
use StringUtil::getAnchorTag()
Alexander Ebert [Thu, 6 Aug 2020 17:24:52 +0000 (19:24 +0200)]
Merge pull request #3486 from Krymonota/use-generic-default-cookie-prefix
Use generic value for default cookie prefix
Marcel Werk [Thu, 6 Aug 2020 15:47:47 +0000 (17:47 +0200)]
Fixed image path issue
Marcel Werk [Thu, 6 Aug 2020 15:42:47 +0000 (17:42 +0200)]
Improve results when searching for packages
Closes #3407
Niklas (Krymonota) [Thu, 6 Aug 2020 15:23:31 +0000 (17:23 +0200)]
Use generic value for default cookie prefix
... so that it doesn't have to be adjusted for new versions.
Marcel Werk [Thu, 6 Aug 2020 14:26:20 +0000 (16:26 +0200)]
Merge branch '5.2'
Marcel Werk [Thu, 6 Aug 2020 14:25:45 +0000 (16:25 +0200)]
Added missing informal variant
Tim Düsterhus [Thu, 6 Aug 2020 12:59:46 +0000 (14:59 +0200)]
Merge pull request #3484 from WoltLab/wcfsetup-cookietest
Detect misconfigured hostnames during WCFSetup
Tim Düsterhus [Thu, 6 Aug 2020 12:38:02 +0000 (14:38 +0200)]
Detect misconfigured hostnames during WCFSetup
Misconfigured reverse reverse proxies might rewrite the `host` header to the
upstream's hostname, instead of preserving the `host` as it was sent by the
web browser. Such a misconfiguration will cause WoltLab Suite to generate
incorrect absolute URLs and more importantly this also causes it to specify
an incorrect `domain` within cookies. The latter leads to the browser ignoring
the cookie. At the end of WCFSetup this ultimately leads to the ACP session
cookie being ignored, which in turn leads to failing the transition from
WCFSetup into the package installation. Instead the user will be bounced to
the LoginForm which fails to load, because the necessary option.xml was not
yet installed.
An example HAProxy configuration that reproduces the issue is as follows:
listen test
mode http
bind *:80
http-request set-header host 172.19.0.5
server nginx 172.19.0.5:80
If the WCFSetup is accepted via any hostname that is not `172.19.0.5`, e.g.
by using `localhost` then cookies will fail to stick within the web browser.
This commit extends the system requirements step to:
- Compare the HTTP_HOST as seen by the web server against both:
1) The `Referer` header.
2) The `window.location.host` value in JavaScript.
If any of those mismatches, then the web server is not correctly configured.
- Read a cookie that was set earlier.
If this cookie is missing, then most likely the `domain` property was
incorrectly specified.
This commit most likely resolves #3024.
Alexander Ebert [Wed, 5 Aug 2020 22:41:55 +0000 (00:41 +0200)]
Merge branch 'master' into password-security
Alexander Ebert [Wed, 5 Aug 2020 22:29:37 +0000 (00:29 +0200)]
Force display buttons when a new button appears
Alexander Ebert [Wed, 5 Aug 2020 22:26:01 +0000 (00:26 +0200)]
Overhauled the page action buttons' behavior
Marcel Werk [Wed, 5 Aug 2020 16:49:12 +0000 (18:49 +0200)]
Merge pull request #3466 from Sir-Will/patch-1
Fixes exception when not using primary PayPal email
Tim Düsterhus [Wed, 5 Aug 2020 14:22:35 +0000 (16:22 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 14:21:45 +0000 (16:21 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 14:17:16 +0000 (16:17 +0200)]
Fix PHP 5.5 compatibility
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Sir-Will [Wed, 5 Aug 2020 13:51:26 +0000 (15:51 +0200)]
Verify if business argument is set in PayPal callback
Matthias Schmidt [Wed, 5 Aug 2020 13:51:11 +0000 (15:51 +0200)]
Merge branch '5.2'
Matthias Schmidt [Wed, 5 Aug 2020 13:48:58 +0000 (15:48 +0200)]
Fix handling of hidden form field values via AJAX
See #3053
Tim Düsterhus [Wed, 5 Aug 2020 13:34:58 +0000 (15:34 +0200)]
Add upload for custom style assets
Resolves #3364
Tim Düsterhus [Wed, 5 Aug 2020 11:54:50 +0000 (13:54 +0200)]
Fix UploadField::supportMultipleFiles() for unlimited maxFiles
Tim Düsterhus [Wed, 5 Aug 2020 11:37:45 +0000 (13:37 +0200)]
Do not hardcode the style's asset path in the update script
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Alexander Ebert [Wed, 5 Aug 2020 10:57:55 +0000 (12:57 +0200)]
Merge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:57:22 +0000 (12:57 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 5 Aug 2020 10:56:18 +0000 (12:56 +0200)]
Merge pull request #3462 from SoftCreatR/patch-14
Add detection for Chromium based Edge browser
Alexander Ebert [Wed, 5 Aug 2020 10:54:21 +0000 (12:54 +0200)]
Merge branch '5.2'
Alexander Ebert [Wed, 5 Aug 2020 10:51:35 +0000 (12:51 +0200)]
Merge pull request #3471 from WoltLab/disable-spider-visit-tracking
Disable visit tracking for search engines
Tim Düsterhus [Wed, 5 Aug 2020 10:07:01 +0000 (12:07 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 10:06:26 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 10:05:08 +0000 (12:05 +0200)]
Do not decrement wcf1_user.articles when deleting unpublished articles
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Tim Düsterhus [Wed, 5 Aug 2020 10:00:31 +0000 (12:00 +0200)]
Merge branch '5.2' into master
Tim Düsterhus [Wed, 5 Aug 2020 09:59:38 +0000 (11:59 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 09:58:13 +0000 (11:58 +0200)]
Update wcf1_user.articles when deleting articles
Fixes #3480
Marcel Werk [Wed, 5 Aug 2020 09:23:54 +0000 (11:23 +0200)]
Merge pull request #3479 from WoltLab/jump-to-content
Rename "Mark as Read" button to "Jump To Content" in notification mails
Marcel Werk [Wed, 5 Aug 2020 09:16:51 +0000 (11:16 +0200)]
Improved german phrasing
Tim Düsterhus [Wed, 5 Aug 2020 09:10:09 +0000 (11:10 +0200)]
Rename "Mark as Read" button to "Jump To Content" in notification mails
Resolves #3257
Tim Düsterhus [Wed, 5 Aug 2020 07:33:33 +0000 (09:33 +0200)]
Merge pull request #3475 from WoltLab/image-scale-memory
Add checkMemoryLimit() method to ImageAdapter
Alexander Ebert [Tue, 4 Aug 2020 18:55:20 +0000 (20:55 +0200)]
Prevent the incorrect focus of the close button for confirmation dialogs
Tim Düsterhus [Tue, 4 Aug 2020 14:57:48 +0000 (16:57 +0200)]
Duplicate logo on import of pageLogo = pageLogoMobile
Fixes #3478
Tim Düsterhus [Tue, 4 Aug 2020 13:07:31 +0000 (15:07 +0200)]
Add update script for style cleanup
Resolves #3468