Alexander Ebert [Thu, 3 Aug 2023 11:24:21 +0000 (13:24 +0200)]
Explicitly cast the thumbnail dimensions into int
The requested dimensions could be a result of a calculation that yields float values. `Imagick::thumbnailImage()` expects integers and will throw in PHP 8.1+ if it cannot safely cast them to int.
Tim Düsterhus [Wed, 2 Aug 2023 15:19:34 +0000 (17:19 +0200)]
Add `permissions` to GitHub Action Workflows
Tim Düsterhus [Wed, 2 Aug 2023 13:14:31 +0000 (15:14 +0200)]
Update some `@types` npm dependencies
Tim Düsterhus [Wed, 2 Aug 2023 13:00:30 +0000 (15:00 +0200)]
Stop abusing enums in Image/ExifUtil.ts
Tim Düsterhus [Wed, 2 Aug 2023 12:47:33 +0000 (14:47 +0200)]
Satisfy ESLint
Tim Düsterhus [Wed, 2 Aug 2023 12:33:27 +0000 (14:33 +0200)]
Upgrade typescript-eslint
Tim Düsterhus [Fri, 28 Jul 2023 13:59:45 +0000 (15:59 +0200)]
Update tslib
Tim Düsterhus [Fri, 28 Jul 2023 13:01:05 +0000 (15:01 +0200)]
Add missing `static` to FileUtil::extensionAllowsPhpExecution() definition
see #5593
Tim Düsterhus [Fri, 28 Jul 2023 12:34:45 +0000 (14:34 +0200)]
Merge pull request #5593 from WoltLab/fileutil-extensionAllowsPhpExecution
Add FileUtil::extensionAllowsPhpExecution()
Tim Düsterhus [Fri, 28 Jul 2023 11:57:50 +0000 (13:57 +0200)]
Perform a case-insensitive match in FileUtil::extensionAllowsPhpExecution()
Tim Düsterhus [Tue, 25 Jul 2023 14:32:10 +0000 (16:32 +0200)]
Add FileUtil::extensionAllowsPhpExecution()
see WoltLab/com.woltlab.gallery@
708e0a8707508c3e45b08ab6a8ae5083eabf00b7
Alexander Ebert [Tue, 25 Jul 2023 14:07:42 +0000 (16:07 +0200)]
Release 5.5.15
Alexander Ebert [Tue, 25 Jul 2023 14:07:16 +0000 (16:07 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 25 Jul 2023 14:06:36 +0000 (16:06 +0200)]
Release 5.4.31
Alexander Ebert [Tue, 25 Jul 2023 14:03:23 +0000 (16:03 +0200)]
Allow the news feed to open links in a new window
Marcel Werk [Tue, 25 Jul 2023 13:37:36 +0000 (15:37 +0200)]
When the month has 6 weeks the selected date was not marked correctly
Alexander Ebert [Tue, 25 Jul 2023 11:22:18 +0000 (13:22 +0200)]
Release 5.5.14
WoltLab [Tue, 25 Jul 2023 11:21:08 +0000 (11:21 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 25 Jul 2023 11:19:37 +0000 (13:19 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 25 Jul 2023 10:06:26 +0000 (12:06 +0200)]
Release 5.4.30
WoltLab [Tue, 25 Jul 2023 10:03:02 +0000 (10:03 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 25 Jul 2023 09:38:23 +0000 (11:38 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 25 Jul 2023 09:38:17 +0000 (11:38 +0200)]
Decrease the height of the news widget
Tim Düsterhus [Tue, 25 Jul 2023 09:22:46 +0000 (11:22 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Tue, 25 Jul 2023 09:20:28 +0000 (11:20 +0200)]
Fix comma detection in Ui/ItemList/Static
This got broken during the TypeScript migration in
c04fd6ce08b40262c660d38dbd491c37aed49a89.
see https://www.woltlab.com/community/thread/300812-itemlist-static-separierung-per-komma-funktioniert-nicht/
Tim Düsterhus [Fri, 14 Jul 2023 08:28:50 +0000 (10:28 +0200)]
Fix truncation of Unicode string query parameters in Benchmark
This needs to use `mb_substr()`, as we checked UTF-8 validity before to use
`UNHEX()` with binary strings. Previously UTF-8 sequences might've been cut
short and the resulting invalid sequence cannot be JSON encoded, as JSON
requires strings to be valid UTF-8.
see https://www.woltlab.com/community/thread/298853-schwer-reproduzierbar-fehlermeldungen-beim-importieren-von-sprachdateien/
Alexander Ebert [Mon, 10 Jul 2023 10:04:39 +0000 (12:04 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Mon, 10 Jul 2023 09:59:31 +0000 (11:59 +0200)]
Migrate the ACP news from Twitter to woltlab.com
Tim Düsterhus [Tue, 4 Jul 2023 08:07:05 +0000 (10:07 +0200)]
Update tslib
Tim Düsterhus [Tue, 4 Jul 2023 07:59:09 +0000 (09:59 +0200)]
Update npm dependencies
Marcel Werk [Fri, 23 Jun 2023 15:25:19 +0000 (17:25 +0200)]
Fix typo
Tim Düsterhus [Wed, 21 Jun 2023 12:58:35 +0000 (14:58 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 21 Jun 2023 09:34:16 +0000 (11:34 +0200)]
Release 5.4.29
Alexander Ebert [Tue, 20 Jun 2023 11:49:04 +0000 (13:49 +0200)]
Release 5.5.13
Alexander Ebert [Tue, 20 Jun 2023 11:39:24 +0000 (13:39 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Tue, 20 Jun 2023 11:38:01 +0000 (13:38 +0200)]
Release 5.4.28
Marcel Werk [Mon, 19 Jun 2023 13:57:54 +0000 (15:57 +0200)]
Fixed bug when blocking an avatar, signature or cover photo
The error occurred when the "Permanently Block" checkbox was not set and no "Unblocking Date" was set.
Alexander Ebert [Fri, 16 Jun 2023 13:10:27 +0000 (15:10 +0200)]
Release 5.5.13 dev 1
WoltLab [Fri, 16 Jun 2023 12:49:42 +0000 (12:49 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 15 Jun 2023 13:15:49 +0000 (15:15 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524
It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.
According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.
see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/
(cherry picked from commit
832de3617df81b357430f8d99527dc34efd277a7)
Tim Düsterhus [Thu, 15 Jun 2023 07:43:10 +0000 (09:43 +0200)]
Fix wcf.acp.group.option.user.signature.maxLength in en.xml
see
32f9c5d95163e06c351ae63c700a25aac37a3d95
see
854c03cce023034ae43f252b2ca560aeeda7ca56
see https://www.woltlab.com/community/thread/300146-language-wcf-acp-group-option-user-signature-maxlength/
Tim Düsterhus [Wed, 14 Jun 2023 14:27:16 +0000 (16:27 +0200)]
Fix typo in de.xml
see https://www.woltlab.com/community/thread/300142-tippfehler-im-blockieren-dialog/
Tim Düsterhus [Tue, 13 Jun 2023 07:28:25 +0000 (09:28 +0200)]
Remove duplicated spaces in phrases
see https://www.woltlab.com/community/thread/300126-language-wcf-moderation-activation-notification-commentresponse-mail-html/
Alexander Ebert [Mon, 12 Jun 2023 17:23:35 +0000 (19:23 +0200)]
Add the missing plural s
See https://www.woltlab.com/community/thread/300065-language-wcf-user-notification-com-woltlab-wcf-page/
Alexander Ebert [Mon, 12 Jun 2023 15:24:30 +0000 (17:24 +0200)]
Update the embed code for Instagram
Tim Düsterhus [Tue, 6 Jun 2023 08:15:56 +0000 (10:15 +0200)]
Unify password to “Kennwort” in de.xml
Tim Düsterhus [Tue, 6 Jun 2023 08:13:23 +0000 (10:13 +0200)]
Fix `<label>` targets in userAdd.tpl
Tim Düsterhus [Mon, 5 Jun 2023 08:15:11 +0000 (10:15 +0200)]
Fix HTML syntax in pageHeaderUser.tpl
see
6e5b36526f992eb1f04fb4ebc28f3ae38bed6aff
Fixes #5532
Tim Düsterhus [Mon, 5 Jun 2023 07:23:33 +0000 (09:23 +0200)]
Fix incorrect quotation mark in en.xml
see https://www.woltlab.com/community/thread/300024-language-wcf-acp-user-sendmail-from-description/
Marcel Werk [Mon, 29 May 2023 11:51:36 +0000 (13:51 +0200)]
Fix multiple consistency issues in language phrases
Tim Düsterhus [Mon, 22 May 2023 10:22:25 +0000 (12:22 +0200)]
Update tslib
Tim Düsterhus [Fri, 19 May 2023 13:32:44 +0000 (15:32 +0200)]
Allow `style-src 'unsafe-inline'` in AttachmentPage
Marcel Werk [Wed, 17 May 2023 16:26:08 +0000 (18:26 +0200)]
Fix multiple consistency issues in language phrases
Alexander Ebert [Tue, 16 May 2023 15:02:52 +0000 (17:02 +0200)]
Release 5.5.12
Luke [Tue, 16 May 2023 14:22:10 +0000 (16:22 +0200)]
Fix missing informal variant in de.xml
Resolves #5511
[Tim: Opted to choose a slightly different fix and reworded the commit message]
Alexander Ebert [Sun, 12 Mar 2023 22:56:03 +0000 (23:56 +0100)]
Add a button to discard a selected icon
Fixes #5207
Alexander Ebert [Fri, 12 May 2023 16:27:19 +0000 (18:27 +0200)]
Release 5.5.12 dev 2
WoltLab [Fri, 12 May 2023 16:19:53 +0000 (16:19 +0000)]
Updating minified JavaScript files
Alexander Ebert [Fri, 12 May 2023 15:01:31 +0000 (17:01 +0200)]
Release 5.5.12 dev 1
Tim Düsterhus [Fri, 12 May 2023 09:00:23 +0000 (11:00 +0200)]
Merge pull request #5504 from WoltLab/mailbox-name
Improve handling of Mailboxes with empty names
Tim Düsterhus [Fri, 12 May 2023 07:37:40 +0000 (09:37 +0200)]
Do not emit empty names in Mailbox::__toString()
Likely depending on the MUA this will either emit the email address in the best
case or show an empty field. In any case, this will likely look a little odd to
spam filters and thus should be simplified to just the email address.
Tim Düsterhus [Fri, 12 May 2023 07:35:58 +0000 (09:35 +0200)]
Trim the human readable name of a Mailbox
Whitespace around the name is going to be a little wonky and this is in
preparation of a future change that detects and suppresses empty names.
Tim Düsterhus [Wed, 10 May 2023 13:25:38 +0000 (15:25 +0200)]
Drop the SameSite attribute from the XSRF-Token cookie to work around WebKit Bug 255524
It appears that Safari 16.4+ sometimes loses SameSite cookies without explicit
expiry when performing subrequests, e.g. to load JavaScript or when using
`fetch()`. The conditions apply to the XSRF-Token cookie. Now if one of the
subrequests hits the application, the application will hand out a fresh
XSRF-Token cookie, due to the cookie being missing. This results in spurious
changes of the XSRF-Token and thus error messages for the user.
According to comments in the WebKit Bug a workaround for the issue is not
providing a SameSite attribute at all and we leverage this workaround for the
time being: The SameSite attribute on the XSRF-Token cookie is a defense in
depth measure.
see https://bugs.webkit.org/show_bug.cgi?id=255524
see https://www.woltlab.com/community/thread/299769-fehlerhafter-xsrf-token/
Tim Düsterhus [Wed, 10 May 2023 11:54:05 +0000 (13:54 +0200)]
Update @types/google.maps
Tim Düsterhus [Wed, 10 May 2023 11:32:58 +0000 (13:32 +0200)]
Merge pull request #5501 from WoltLab/contentInteraction-print
Hide `.contentInteraction` in print CSS
Tim Düsterhus [Wed, 10 May 2023 10:21:22 +0000 (12:21 +0200)]
Hide `.contentInteraction` in print CSS
Marcel Werk [Tue, 9 May 2023 10:18:34 +0000 (12:18 +0200)]
Merge pull request #5496 from WoltLab/avatar-validation
Fix multiple validation issues during the avatar upload
Marcel Werk [Mon, 8 May 2023 15:18:26 +0000 (17:18 +0200)]
Fix validation of the image file type
Previously it was possible to upload any image (e.g. bmp) as avatars using a faked file extension.
Marcel Werk [Mon, 8 May 2023 15:15:40 +0000 (17:15 +0200)]
Proper handling of the case that no image was uploaded
Tim Düsterhus [Mon, 8 May 2023 10:09:37 +0000 (12:09 +0200)]
Fix titlecasing of “with” in page.xml
Tim Düsterhus [Mon, 8 May 2023 07:19:21 +0000 (09:19 +0200)]
Fix wcf.acp.rebuildData.com.woltlab.wcf.activityPoint*
see https://www.woltlab.com/community/thread/299762-language-wcf-acp-rebuilddata-com-woltlab-wcf-activitypointevent/
Tim Düsterhus [Mon, 8 May 2023 07:16:17 +0000 (09:16 +0200)]
Add space in “Buffer Pool” in wcf.acp.systemCheck.mysql.bufferPool phrase
see https://www.woltlab.com/community/thread/299781-language-wcf-acp-systemcheck-mysql-bufferpool/
Tim Düsterhus [Fri, 5 May 2023 14:54:42 +0000 (16:54 +0200)]
Fix typo in de.xml
Marcel Werk [Fri, 5 May 2023 14:44:40 +0000 (16:44 +0200)]
Merge pull request #5479 from WoltLab/line-break-separated-text
Fix issues when pasting in `LineBreakSeparatedText` input fields
Marcel Werk [Fri, 5 May 2023 13:11:03 +0000 (15:11 +0200)]
Update outdated terms in trademark notice
Marcel Werk [Fri, 5 May 2023 12:54:57 +0000 (14:54 +0200)]
Fix issues when pasting in `LineBreakSeparatedText` input fields
Pasting from the clipboard could result in duplicates and empty entries.
Tim Düsterhus [Fri, 5 May 2023 07:17:39 +0000 (09:17 +0200)]
Add missing space before ellipsis in wcf.acp.package.search.status.* in en.xml
see https://www.woltlab.com/community/thread/299749-language-wcf-acp-package-search-status-loading/
Tim Düsterhus [Fri, 5 May 2023 07:16:35 +0000 (09:16 +0200)]
Fix titlecasification in wcf.acp.user.security.multifactor
see https://www.woltlab.com/community/thread/299745-language-wcf-acp-user-security-multifactor/
Tim Düsterhus [Fri, 5 May 2023 07:14:43 +0000 (09:14 +0200)]
Fix typos in wcf.date.interval.* in en.xml
see https://www.woltlab.com/community/thread/299744-language-wcf-date-interval-months-plain/
Tim Düsterhus [Thu, 4 May 2023 07:17:06 +0000 (09:17 +0200)]
Fix wcf.user.notification.comment.like.message
see https://www.woltlab.com/community/thread/299735-language-wcf-user-notification-comment-like-message/
Tim Düsterhus [Tue, 2 May 2023 10:15:40 +0000 (12:15 +0200)]
Add missing “Address” for “Email Address” in wcf.user.email in en.xml
Fixes #5466
Tim Düsterhus [Fri, 28 Apr 2023 14:01:11 +0000 (16:01 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 28 Apr 2023 14:00:48 +0000 (16:00 +0200)]
Update to `actions/upload-artifact@v3` in wcfsetup.yml
This is required, because node.js 12 actions are deprecated.
Tim Düsterhus [Tue, 25 Apr 2023 09:33:59 +0000 (11:33 +0200)]
Improve phrasing for `user_authentication_failure_*` descriptions
Tim Düsterhus [Mon, 24 Apr 2023 13:07:17 +0000 (15:07 +0200)]
Fix creating menuItem PIP entries without parent using dev tools
Fixes #4754
Alexander Ebert [Wed, 19 Apr 2023 13:32:44 +0000 (15:32 +0200)]
Release 5.5.11
Alexander Ebert [Wed, 19 Apr 2023 12:57:09 +0000 (14:57 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 19 Apr 2023 12:56:08 +0000 (14:56 +0200)]
Release 5.4.27
Alexander Ebert [Wed, 19 Apr 2023 12:50:28 +0000 (14:50 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 19 Apr 2023 12:48:51 +0000 (14:48 +0200)]
Release 5.3.28
WoltLab [Wed, 19 Apr 2023 11:59:20 +0000 (11:59 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:58:03 +0000 (13:58 +0200)]
Merge branch '5.4' into 5.5
WoltLab [Wed, 19 Apr 2023 11:57:15 +0000 (11:57 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:55:57 +0000 (13:55 +0200)]
Merge branch '5.3' into 5.4
WoltLab [Wed, 19 Apr 2023 11:55:07 +0000 (11:55 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 19 Apr 2023 11:51:47 +0000 (13:51 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 19 Apr 2023 11:51:31 +0000 (13:51 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 19 Apr 2023 11:45:04 +0000 (13:45 +0200)]
Merge branch 'article-clipboard' into 5.3
Tim Düsterhus [Wed, 19 Apr 2023 11:44:42 +0000 (13:44 +0200)]
Merge branch 'js-unescape-html' into 5.3