Tim Düsterhus [Thu, 20 Jan 2022 10:29:39 +0000 (11:29 +0100)]
Unify StringUtil::decodeHTML() flags with ::encodeHTML()
see
f631a7de6506e52095299c15042c25a3979a8200
Tim Düsterhus [Thu, 20 Jan 2022 10:26:19 +0000 (11:26 +0100)]
Merge pull request #4620 from WoltLab/encode-html
Update `htmlspecialchars` flags for PHP 8.1 default
Tim Düsterhus [Thu, 20 Jan 2022 10:23:00 +0000 (11:23 +0100)]
Merge pull request #4644 from WoltLab/package-update-server-xsd-cleanup
Remove obsolete fields from packageUpdateServer.xsd
Tim Düsterhus [Tue, 4 Jan 2022 09:31:26 +0000 (10:31 +0100)]
Update `htmlspecialchars` flags for PHP 8.1 default
This change:
- Encodes `'` as `'`, whereas it previously was not touched.
- Inserts the Unicode replacement character instead of returning an empty
string when an invalid UTF-8 sequence is passed.
The first change might slightly improve security, whereas the second change
might improve debugging.
see also: https://php.watch/versions/8.1/html-entity-default-value-changes
Tim Düsterhus [Thu, 20 Jan 2022 10:12:37 +0000 (11:12 +0100)]
Do not implement encodeJSON() based on encodeJS()
JSON strings are more restricted than JavaScript strings, by implementing
encodeJSON() based on encodeJS() we need to reverse some of the encoding.
Simplify this by implementing encodeJSON() as a standalone function.
Tim Düsterhus [Thu, 20 Jan 2022 08:44:19 +0000 (09:44 +0100)]
Remove obsolete fields from packageUpdateServer.xsd
Neither `updatetype`, nor `versiontype` are read in any version of WCF starting at 2.0.
Tim Düsterhus [Wed, 19 Jan 2022 14:52:40 +0000 (15:52 +0100)]
Update composer dependencies
Tim Düsterhus [Wed, 19 Jan 2022 14:49:21 +0000 (15:49 +0100)]
Merge branch '5.4'
Alexander Ebert [Wed, 19 Jan 2022 13:26:02 +0000 (14:26 +0100)]
Release 5.4.11
Alexander Ebert [Wed, 19 Jan 2022 13:18:27 +0000 (14:18 +0100)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Jan 2022 13:10:10 +0000 (14:10 +0100)]
Release 5.3.17
Alexander Ebert [Wed, 19 Jan 2022 13:00:57 +0000 (14:00 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Wed, 19 Jan 2022 12:55:01 +0000 (13:55 +0100)]
Release 5.2.17
Alexander Ebert [Wed, 19 Jan 2022 12:50:25 +0000 (13:50 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 19 Jan 2022 12:46:00 +0000 (13:46 +0100)]
Release 3.1.25
Tim Düsterhus [Wed, 19 Jan 2022 12:40:58 +0000 (13:40 +0100)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Wed, 19 Jan 2022 12:39:47 +0000 (13:39 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 19 Jan 2022 12:38:26 +0000 (13:38 +0100)]
Consistently escape backslashes in StringUtil
This is not a functional change, this is just for consistency within the PHP
code, so that each backslash is properly escaped as `\\`.
Tim Düsterhus [Wed, 19 Jan 2022 12:31:58 +0000 (13:31 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Jan 2022 12:29:21 +0000 (13:29 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 19 Jan 2022 12:29:10 +0000 (13:29 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 19 Jan 2022 12:27:40 +0000 (13:27 +0100)]
Merge branch 'encode-js-quot' into 3.1
Joshua Rüsweg [Wed, 19 Jan 2022 09:42:27 +0000 (10:42 +0100)]
Merge pull request #4643 from WoltLab/5.5-moderation-comment-notification
Send notifications about moderation comments to all authorized users
joshuaruesweg [Tue, 18 Jan 2022 16:34:05 +0000 (17:34 +0100)]
Apply suggestions from code review
Tim Düsterhus [Wed, 19 Jan 2022 08:51:02 +0000 (09:51 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 19 Jan 2022 08:50:39 +0000 (09:50 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Jan 2022 08:48:30 +0000 (09:48 +0100)]
Merge pull request #4642 from WoltLab/php-ddl-app-install
Fix the replacing of WCF_N in PHP DDL during app installation
joshuaruesweg [Tue, 18 Jan 2022 14:32:35 +0000 (15:32 +0100)]
Send notifications about moderation comments to all authorized users
joshuaruesweg [Mon, 17 Jan 2022 10:06:07 +0000 (11:06 +0100)]
Add `$userID` parameter to `ModerationQueueManager::setAssignment`
Tim Düsterhus [Tue, 18 Jan 2022 11:36:04 +0000 (12:36 +0100)]
Fix the replacing of WCF_N in PHP DDL during app installation
During app installation the newly installed app might not yet be stored within
the application cache, thus failing to replace the `1` within the table
structure definition.
Fix this by setting the `skipCache` parameter to `true`. This will increase the
number of database queries, because applications will be checked once for each
defined table and for each defined FOREIGN KEY, but I don't see a simple fix
for this issue that avoids this increase in query count. Specifically we cannot
simply reset the application cache after inserting the application into
wcf1_application.
Marcel Werk [Mon, 17 Jan 2022 17:53:54 +0000 (18:53 +0100)]
Show title as title attribute in media manager dialog
Closes #4640
Marcel Werk [Mon, 17 Jan 2022 17:49:07 +0000 (18:49 +0100)]
Merge branch '5.4'
Marcel Werk [Mon, 17 Jan 2022 17:44:51 +0000 (18:44 +0100)]
When replacing media, the thumbnails were not reset
ref https://www.woltlab.com/community/thread/293960-fehlerhafte-thumbnails-nach-medien-ersetzung/
Alexander Ebert [Mon, 17 Jan 2022 09:51:45 +0000 (10:51 +0100)]
Merge pull request #4637 from WoltLab/55-images-lazy-loading
Lazy loading for article and media images
Tim Düsterhus [Mon, 17 Jan 2022 09:39:36 +0000 (10:39 +0100)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Mon, 17 Jan 2022 09:39:16 +0000 (10:39 +0100)]
Merge branch '5.4'
joshuaruesweg [Mon, 17 Jan 2022 09:17:26 +0000 (10:17 +0100)]
Use `UserProfileRuntimeCache` to receive user object
Tim Düsterhus [Mon, 17 Jan 2022 08:42:47 +0000 (09:42 +0100)]
Merge pull request #4638 from Krymonota/patch-20
Add `var_dump` to allowed enterprise functions
Niklas [Sun, 16 Jan 2022 16:23:16 +0000 (17:23 +0100)]
Add `var_dump` to allowed enterprise functions
Alexander Ebert [Sun, 16 Jan 2022 14:18:03 +0000 (15:18 +0100)]
Enable lazy loading of media thumbnails
Alexander Ebert [Sun, 16 Jan 2022 14:11:09 +0000 (15:11 +0100)]
Enable lazy loading for embedded media
Alexander Ebert [Sun, 16 Jan 2022 14:04:17 +0000 (15:04 +0100)]
Use `<img>` elements for articles to enable lazy loading
Marcel Werk [Sun, 16 Jan 2022 14:03:27 +0000 (15:03 +0100)]
Merge branch '5.4'
Marcel Werk [Sun, 16 Jan 2022 14:03:11 +0000 (15:03 +0100)]
Error class wasn't shown in box conditions
Marcel Werk [Sun, 16 Jan 2022 13:59:38 +0000 (14:59 +0100)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Alexander Ebert [Sat, 15 Jan 2022 12:47:21 +0000 (13:47 +0100)]
Incorrect behavior of legacy inline editors
Fixes #4633
Alexander Ebert [Fri, 14 Jan 2022 17:12:21 +0000 (18:12 +0100)]
Link the comment counter for articles to the comment section
This commit also fixes the indentation of the template that used spaces instead of tabs.
Closes #4252
Tim Düsterhus [Fri, 14 Jan 2022 13:33:03 +0000 (14:33 +0100)]
Deprecate WCF::getAnchor()
Resolves #4580
Tim Düsterhus [Fri, 14 Jan 2022 13:05:13 +0000 (14:05 +0100)]
Remove remaining call to `getAnchor()`
This file accidentally wasn't saved and thus not part of the previous commit.
see
c8abd7df4a2c0e434964c66ef86d236613e11fe4
see #4580
Tim Düsterhus [Fri, 14 Jan 2022 12:47:32 +0000 (13:47 +0100)]
Stop using getAnchor() with dynamic targets
see #4580
Alexander Ebert [Fri, 14 Jan 2022 12:22:52 +0000 (13:22 +0100)]
Provide an uninstall button from within the details page of a package
Replaces #4631
Alexander Ebert [Fri, 14 Jan 2022 12:14:15 +0000 (13:14 +0100)]
Decrease the visual size of the attachment meta data
Joshua Rüsweg [Fri, 14 Jan 2022 07:09:57 +0000 (08:09 +0100)]
Merge pull request #4635 from WoltLab/5.5-comment-max-length
Add user group permission for comment length
Alexander Ebert [Thu, 13 Jan 2022 17:56:26 +0000 (18:56 +0100)]
Support for ACP menu item actions
See https://github.com/WoltLab/WCF/issues/3953#issuecomment-
1010012633
joshuaruesweg [Thu, 13 Jan 2022 16:41:34 +0000 (17:41 +0100)]
Add option suffix `chars` for max comment length
joshuaruesweg [Thu, 13 Jan 2022 16:34:45 +0000 (17:34 +0100)]
Add user group permission for comment length
Closes #4195
Alexander Ebert [Thu, 13 Jan 2022 16:15:34 +0000 (17:15 +0100)]
Merge pull request #4634 from WoltLab/55-password-strength-levels
Improve the password strength scores, introduce level 3 ("strong")
Alexander Ebert [Thu, 13 Jan 2022 16:07:21 +0000 (17:07 +0100)]
Support for the zxcvbn score of `3`
Alexander Ebert [Thu, 13 Jan 2022 16:04:10 +0000 (17:04 +0100)]
Better labels for the existing scores
The old labels implied that the passwords are (very) weak, while they were actually still acceptable, creating a false impression.
Tim Düsterhus [Thu, 13 Jan 2022 14:39:53 +0000 (15:39 +0100)]
Merge branch '5.4'
Alexander Ebert [Thu, 13 Jan 2022 13:10:20 +0000 (14:10 +0100)]
Release 5.4.11 dev 1
WoltLab [Thu, 13 Jan 2022 12:33:37 +0000 (12:33 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 13 Jan 2022 08:49:32 +0000 (09:49 +0100)]
Sync wysiwyg.tpl
Alexander Ebert [Wed, 12 Jan 2022 21:28:28 +0000 (22:28 +0100)]
Improved the accessibility of mobile quick options
Marcel Werk [Wed, 12 Jan 2022 21:19:40 +0000 (22:19 +0100)]
Merge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Wed, 12 Jan 2022 21:19:39 +0000 (22:19 +0100)]
Fixed broken label
Alexander Ebert [Wed, 12 Jan 2022 20:56:14 +0000 (21:56 +0100)]
Removed a no longer existing phrase
Alexander Ebert [Wed, 12 Jan 2022 20:55:50 +0000 (21:55 +0100)]
Use a generic label for "More" type buttons
Marcel Werk [Wed, 12 Jan 2022 20:16:20 +0000 (21:16 +0100)]
New search form prevented display of dialogs
Closes #4624
Alexander Ebert [Wed, 12 Jan 2022 18:27:55 +0000 (19:27 +0100)]
Synchronized the templates
Alexander Ebert [Wed, 12 Jan 2022 17:53:28 +0000 (18:53 +0100)]
Added missing ARIA labels
Alexander Ebert [Wed, 12 Jan 2022 17:15:54 +0000 (18:15 +0100)]
Missing ARIA label for shadow links
Marcel Werk [Wed, 12 Jan 2022 16:02:40 +0000 (17:02 +0100)]
DateUtil::formatInterval returned empty string if interval is less than 60 seconds
Closes #4632
Alexander Ebert [Wed, 12 Jan 2022 15:43:36 +0000 (16:43 +0100)]
Missing label for the content interaction buttons
Alexander Ebert [Wed, 12 Jan 2022 15:32:36 +0000 (16:32 +0100)]
Misspelled ARIA label
Alexander Ebert [Wed, 12 Jan 2022 15:31:22 +0000 (16:31 +0100)]
Improved the behavior for the page logo
Tim Düsterhus [Tue, 11 Jan 2022 13:16:39 +0000 (14:16 +0100)]
Merge branch '5.4'
Marcel Werk [Tue, 11 Jan 2022 13:11:37 +0000 (14:11 +0100)]
Revert "Strip MariaDB replication version hack in MySQLDatabase::getVersion()"
This reverts commit
bfa8d95d6f016efdedb943c1fe977d89de13406c.
Tim Düsterhus [Tue, 11 Jan 2022 11:00:07 +0000 (12:00 +0100)]
Merge branch '5.4'
Alexander Ebert [Mon, 10 Jan 2022 13:59:52 +0000 (14:59 +0100)]
Replace legacy HTML tags during paste
See https://www.woltlab.com/community/thread/293870-artikel-beim-ersten-abspeichern-b-statt-strong/
Tim Düsterhus [Mon, 10 Jan 2022 13:41:12 +0000 (14:41 +0100)]
Merge pull request #4630 from mutec/styleupgrvarf
fixed typo in upgrade instructions for style variables
mutec [Mon, 10 Jan 2022 13:29:50 +0000 (14:29 +0100)]
fixed typo in upgrade instructions for style variables
Marcel Werk [Mon, 10 Jan 2022 11:24:27 +0000 (12:24 +0100)]
Merge pull request #4628 from WoltLab/article-comment-counter
Count article comments based on ArticleContent
Marcel Werk [Mon, 10 Jan 2022 10:49:07 +0000 (11:49 +0100)]
Applied code suggestions
Marcel Werk [Mon, 10 Jan 2022 10:45:33 +0000 (11:45 +0100)]
Removed obsolete code
Marcel Werk [Mon, 10 Jan 2022 10:08:36 +0000 (11:08 +0100)]
Merge pull request #4629 from WoltLab/mariadb-version-hack
Strip MariaDB replication version hack in MySQLDatabase::getVersion()
Tim Düsterhus [Mon, 10 Jan 2022 10:04:39 +0000 (11:04 +0100)]
Update npm dependencies
Tim Düsterhus [Mon, 10 Jan 2022 09:51:21 +0000 (10:51 +0100)]
Update composer dependencies
Tim Düsterhus [Mon, 10 Jan 2022 09:47:49 +0000 (10:47 +0100)]
Strip MariaDB replication version hack in MySQLDatabase::getVersion()
Resolves #4626
Marcel Werk [Sun, 9 Jan 2022 18:26:18 +0000 (19:26 +0100)]
Fixed code style
Marcel Werk [Sun, 9 Jan 2022 18:22:21 +0000 (19:22 +0100)]
Count article comments based on ArticleContent
Alexander Ebert [Sat, 8 Jan 2022 16:41:58 +0000 (17:41 +0100)]
Disallowing access to a CMS page now shows an error 403 instead of 404
Alexander Ebert [Sat, 8 Jan 2022 16:39:30 +0000 (17:39 +0100)]
Treat invalid timestamps as a missing date
Alexander Ebert [Sat, 8 Jan 2022 13:57:41 +0000 (14:57 +0100)]
Merge pull request #4627 from SoftCreatR/patch-3
Add size detection for WebP smileys
Sascha Greuel [Sat, 8 Jan 2022 08:27:38 +0000 (09:27 +0100)]
Added size detection for WebP smileys
Alexander Ebert [Fri, 7 Jan 2022 16:35:25 +0000 (17:35 +0100)]
Missing reset of the WebP flag for cover photos
Uploading a GIF after uploading a cover photo with a WebP variant caused the GIF to not show up.
See https://www.woltlab.com/community/thread/293665-gif-bilder-als-titelbild/
Alexander Ebert [Fri, 7 Jan 2022 16:12:36 +0000 (17:12 +0100)]
Incorrect handling of Shift+Enter inside code blocks
See https://www.woltlab.com/community/thread/293723-eingabetaste-erzeugt-weiteren-quellcode-bbcode/
Tim Düsterhus [Fri, 7 Jan 2022 14:36:31 +0000 (15:36 +0100)]
Merge branch '5.4'
Tim Düsterhus [Fri, 7 Jan 2022 13:52:02 +0000 (14:52 +0100)]
Merge pull request #4623 from WoltLab/php8.1-i18n-option
Fix PHP 8.1 compatibility when saving I18n options
Tim Düsterhus [Fri, 7 Jan 2022 08:54:19 +0000 (09:54 +0100)]
Default missing values to `''` in OptionHandler::validateOption()
This is required for PHP 8.1 compatibility of i18n options, as these are
handled separately using I18nHandler.
see
b46c272b28ba84892534b31c641a6dd412bb0a1e
see
860e98cff580e299cbbd8cdb7eb50d0113b938cc