Alexander Ebert [Wed, 6 Jul 2022 10:38:08 +0000 (12:38 +0200)]
Stop flagging the new version 5.5 as “Evaluation”
See
9072d357de11116a15205073237498cab86dcd5c
Alexander Ebert [Wed, 6 Jul 2022 10:35:02 +0000 (12:35 +0200)]
Release 5.4.20
Alexander Ebert [Wed, 6 Jul 2022 10:33:06 +0000 (12:33 +0200)]
Enable the upgrade notice for 5.5 by default
See WoltLab/com.woltlab.website#602
WoltLab [Wed, 6 Jul 2022 10:27:17 +0000 (10:27 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 6 Jul 2022 10:25:55 +0000 (12:25 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 6 Jul 2022 10:25:19 +0000 (12:25 +0200)]
Release 5.3.24
Tim Düsterhus [Tue, 5 Jul 2022 11:27:48 +0000 (13:27 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 5 Jul 2022 11:25:39 +0000 (13:25 +0200)]
Merge pull request #4896 from WoltLab/abstract-category-edit-check-type
Verify that the category's objectType matches the form's objectType in AbstractCategoryEditForm
Tim Düsterhus [Tue, 5 Jul 2022 11:25:14 +0000 (13:25 +0200)]
Merge pull request #4894 from WoltLab/abstract-category-edit
Make AbstractCategoryEditForm actually abstract
Tim Düsterhus [Tue, 5 Jul 2022 11:25:01 +0000 (13:25 +0200)]
Merge pull request #4893 from WoltLab/tabmenu-select-invalid-container
Select the first erroneous tab in a form if multiple are erroneous
Tim Düsterhus [Tue, 5 Jul 2022 09:02:19 +0000 (11:02 +0200)]
Improve type of exception for invalid object types in AbstractCategoryAddForm
This technically is a BC break, but this exception must not be caught anyway as
it indicates a clear programming error.
Tim Düsterhus [Mon, 27 Jun 2022 14:03:31 +0000 (16:03 +0200)]
Make AbstractCategoryEditForm actually abstract
This form is not functional, unless an objectType is defined in a child class.
Tim Düsterhus [Tue, 5 Jul 2022 08:37:50 +0000 (10:37 +0200)]
Handle invalid `<textarea>` elements when submitting a form within a TabMenu
Tim Düsterhus [Tue, 5 Jul 2022 07:51:24 +0000 (09:51 +0200)]
Select the first erroneous tab in a form if multiple are erroneous
This was incorrectly migrated to TypeScript. Before TypeScript this used a
regular `for` loop counting indices, allowing the `return;` to correctly leave
the loop.
see https://www.woltlab.com/community/thread/296198-formbuilder-tabmenuformcontainer-required-js-fehler/
Tim Düsterhus [Tue, 5 Jul 2022 07:48:39 +0000 (09:48 +0200)]
Add `DOM.Iterable` to tsconfig.json's `lib` list
This makes `NodeList`, `FormData` et al iterable. This is part of ES 2015 and
thus can be used.
Tim Düsterhus [Mon, 4 Jul 2022 15:05:13 +0000 (17:05 +0200)]
Merge pull request #4891 from WoltLab/fetch-template-plugin
Deprecate the `{fetch}` template plugin
Tim Düsterhus [Mon, 4 Jul 2022 14:27:39 +0000 (16:27 +0200)]
Deprecate the `{fetch}` template plugin
Tim Düsterhus [Mon, 4 Jul 2022 14:10:48 +0000 (16:10 +0200)]
Merge pull request #4890 from WoltLab/upgrade-override-always-disable
Always allow disabling the upgrade override if enabled
Tim Düsterhus [Mon, 4 Jul 2022 14:08:34 +0000 (16:08 +0200)]
Verify that the category's objectType matches the form's objectType in AbstractCategoryEditForm
Tim Düsterhus [Mon, 4 Jul 2022 12:39:49 +0000 (14:39 +0200)]
Always allow disabling the upgrade override if enabled
Previously the following might happen:
- A community is running 5.3.
- They enable the upgrade override and upgrade to 5.4.
- They are offered the upgrade to 5.5, but don't want to do that, yet.
- They access the PackageEnableUpgradeOverrideForm to disable the upgrade.
- It complains that the search index was not yet migrated to InnoDB, preventing
the disabling of the upgrade.
Tim Düsterhus [Fri, 1 Jul 2022 11:44:06 +0000 (13:44 +0200)]
Update typescript
see
41b5a7f4fcc27a2fd4434d2feedb10e942930d51. We specifically upgrade
typescript also in 5.4 to ease merges, because the output of const enum
changed.
Alexander Ebert [Thu, 23 Jun 2022 11:32:27 +0000 (13:32 +0200)]
Bind event listeners on editor elements only once
The previous code caused the event listeners to be bound with every iteration. Every invocation touches the DOM by updating the title, which in return caused `observe.load()` to be triggered again. This causes the number of bound event listeners (and thus DOM updates!) to increase exponentionally.
See https://www.woltlab.com/community/thread/296068-dialog-container-vom-spoiler-tag-kann-das-forum-aufh%C3%A4ngen/
Tim Düsterhus [Tue, 21 Jun 2022 08:57:19 +0000 (10:57 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 21 Jun 2022 08:52:30 +0000 (10:52 +0200)]
Tim Düsterhus [Tue, 21 Jun 2022 08:47:11 +0000 (10:47 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 21 Jun 2022 08:44:38 +0000 (10:44 +0200)]
Update guzzlehttp/psr7
This is a dependency for an updated Guzzle.
see guzzle/psr7@
e98e3e6d4f86621a9b75f623996e6bbdeb4b9318
see guzzle/guzzle@
a52f0440530b54fa079ce76e8c5d196a42cad981
Tim Düsterhus [Tue, 21 Jun 2022 08:43:19 +0000 (10:43 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 21 Jun 2022 08:41:51 +0000 (10:41 +0200)]
Regenerate composer files
Tim Düsterhus [Wed, 15 Jun 2022 13:45:38 +0000 (15:45 +0200)]
Match foreign keys independent of referenced column casing in PHP DDL
Early versions of MySQL 8 contained a bug that would return the column names of
the referenced table in lowercase whenever querying the FOREIGN KEY or when
showing the table's structure:
https://bugs.mysql.com/bug.php?id=88718
This issue also affects the any created database dumps and is not corrected
when importing the dump into a fixed version of MySQL:
https://bugs.mysql.com/bug.php?id=98976
Thus any instances that were ever dumped with an affected version of MySQL 8
will have foreign keys with a mismatching column case.
The FOREIGN KEY itself will be completely functional, MySQL does not care about
the casing of column names.
However the PHP DDL considers those FOREIGN KEYs to be different when
attempting to find an existing FOREIGN KEY to update, thus believing that the
FOREIGN KEY does not yet exist. As a result it attemtps to create it,
generating a name that is identical to the existing FOREIGN KEY's, leading to
conflicts when attempting to log the change into package_installation_sql_log.
Fix this issue by lowercasing the referenced column names when grabbing the
`->getDiffData()`. The PHP DDL will then find the existing FOREIGN KEY, but it
will realize that it is different when diffing the `->getData()`.
This will lead to the "broken" FOREIGN KEY being dropped and it being recreated
correctly, both avoiding the duplicate key error and also actually correcting
the column name.
Tim Düsterhus [Fri, 10 Jun 2022 07:22:50 +0000 (09:22 +0200)]
Tim Düsterhus [Fri, 10 Jun 2022 07:22:17 +0000 (09:22 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Fri, 10 Jun 2022 07:21:12 +0000 (09:21 +0200)]
Alexander Ebert [Tue, 7 Jun 2022 15:02:19 +0000 (17:02 +0200)]
Release 5.4.19
Alexander Ebert [Sun, 5 Jun 2022 10:25:28 +0000 (12:25 +0200)]
Missing comma
Alexander Ebert [Fri, 3 Jun 2022 15:01:14 +0000 (17:01 +0200)]
Aborting a previously successful worker failed
See https://www.woltlab.com/community/thread/295857-schlie%C3%9Fen-des-dialogs-beim-anzeigen-aktualisieren-unterbricht-das-aktualisieren/
Alexander Ebert [Fri, 3 Jun 2022 14:49:07 +0000 (16:49 +0200)]
Merge pull request #4852 from WoltLab/upgrade-to-55
Enable the upgrade to WoltLab Suite 5.5
Alexander Ebert [Fri, 3 Jun 2022 13:36:39 +0000 (15:36 +0200)]
Incorrect URL for the upgrade instructions
Alexander Ebert [Fri, 3 Jun 2022 13:10:21 +0000 (15:10 +0200)]
Enable the upgrade to WoltLab Suite 5.5
Based on
41f100782ce6abe92f144810b719c15e53bf4849
Tim Düsterhus [Fri, 3 Jun 2022 12:21:57 +0000 (14:21 +0200)]
Merge pull request #4849 from WoltLab/package-override-55
Update checks in PackageEnableUpgradeOverrideForm for 5.5
Tim Düsterhus [Fri, 3 Jun 2022 12:18:56 +0000 (14:18 +0200)]
Improve issue description in PackageEnableUpgradeOverrideForm
Tim Düsterhus [Fri, 3 Jun 2022 12:14:54 +0000 (14:14 +0200)]
Fix PackageEnableUpgradeOverrideForm
The form differs from the update scripts by also having a title for each issue.
Tim Düsterhus [Fri, 3 Jun 2022 08:08:54 +0000 (10:08 +0200)]
Update checks in PackageEnableUpgradeOverrideForm for 5.5
- update_com.woltlab.wcf_5.5_ensureInnoDbSearch.php
Tim Düsterhus [Fri, 3 Jun 2022 08:13:41 +0000 (10:13 +0200)]
Drop duplicate empty line in RequestHandler
Alexander Ebert [Thu, 2 Jun 2022 14:11:32 +0000 (16:11 +0200)]
Preset was lacking the inversion of permissions
See https://www.woltlab.com/community/thread/295793-box-kopieren-option-wird-nicht-%C3%BCbernommen/
Alexander Ebert [Thu, 2 Jun 2022 14:02:02 +0000 (16:02 +0200)]
Force a refresh of CodeMirror on tab navigation
See https://www.woltlab.com/community/thread/295824-codemirror-gerne-mal-nicht-initialisiert/
Alexander Ebert [Thu, 2 Jun 2022 08:22:58 +0000 (10:22 +0200)]
Release 5.4.18
Tim Düsterhus [Tue, 31 May 2022 13:42:50 +0000 (15:42 +0200)]
Adjust PHP versions in environment check for 5.5
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
(cherry picked from commit
c2ae090f6bf0a0eefd5eaf9796095a4ddd18c23a)
WoltLab [Wed, 1 Jun 2022 14:46:52 +0000 (14:46 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 1 Jun 2022 14:41:15 +0000 (16:41 +0200)]
Release 5.4.17
Alexander Ebert [Wed, 1 Jun 2022 14:40:30 +0000 (16:40 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Wed, 1 Jun 2022 14:37:56 +0000 (16:37 +0200)]
Release 5.3.23
Alexander Ebert [Wed, 1 Jun 2022 14:37:15 +0000 (16:37 +0200)]
Merge branch '5.2' into 5.3
Alexander Ebert [Wed, 1 Jun 2022 14:34:57 +0000 (16:34 +0200)]
Release 5.2.21
Alexander Ebert [Wed, 1 Jun 2022 14:29:04 +0000 (16:29 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 1 Jun 2022 14:26:21 +0000 (16:26 +0200)]
Release 3.1.29
Tim Düsterhus [Tue, 31 May 2022 14:43:11 +0000 (16:43 +0200)]
Update to setup-node@v3
Tim Düsterhus [Tue, 31 May 2022 14:30:03 +0000 (16:30 +0200)]
Check the WCF_VERSION only if the result might have changed
Tim Düsterhus [Tue, 31 May 2022 14:21:25 +0000 (16:21 +0200)]
Add workflow to check the WCF_VERSION
Tim Düsterhus [Tue, 31 May 2022 13:50:13 +0000 (15:50 +0200)]
Tim Düsterhus [Tue, 31 May 2022 13:41:28 +0000 (15:41 +0200)]
Adjust PHP versions in environment check for 5.4
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:39:48 +0000 (15:39 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Tue, 31 May 2022 13:36:26 +0000 (15:36 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Tue, 31 May 2022 13:35:00 +0000 (15:35 +0200)]
Adjust PHP versions in environment check for 5.2
see
598b72301a2cdcd0f3a0c1196f6fc1107e01650e
Tim Düsterhus [Tue, 31 May 2022 13:33:43 +0000 (15:33 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Tue, 31 May 2022 13:31:44 +0000 (15:31 +0200)]
Merge pull request #4840 from WoltLab/system-environment-check
Add basic check for the runtime environment
Tim Düsterhus [Tue, 31 May 2022 13:11:02 +0000 (15:11 +0200)]
Add basic check for the runtime environment
Running WoltLab Suite in an unsupported environment might work for the
majority of requests, some requests might fail very visibly. But there
also is a third type: A request that *appear* to execute properly, but
that subtly behaves incorrectly, due to a change in PHP's behavior.
The latter type is dangerous, as those requests might introduce errors
into the dataset that are very hard to impossible to correct after the
fact because the necessary information to fix up the data is no longer
available.
Prevent this situation from occuring by performing a basic test of the
runtime environment and halting processing early if this test fails to
ensure that it processed as little as possible.
Tim Düsterhus [Tue, 31 May 2022 12:57:44 +0000 (14:57 +0200)]
Enable HTML escaping of `->errorMessage` in packageUpdateServerList.tpl
This is not exploitable for a full-blown XSS attack, as any HTML tags are
stripped. Nonetheless the `"` character can cause issues, as the value is also
displayed in an HTML attribute and the error message contains uncontrolled
content.
Tim Düsterhus [Wed, 25 May 2022 13:43:01 +0000 (15:43 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 25 May 2022 13:33:31 +0000 (15:33 +0200)]
Regenerate composer autoloader
Tim Düsterhus [Wed, 25 May 2022 13:31:40 +0000 (15:31 +0200)]
Tim Düsterhus [Wed, 25 May 2022 13:30:33 +0000 (15:30 +0200)]
Regenerate composer autoloader
Alexander Ebert [Mon, 23 May 2022 17:08:46 +0000 (19:08 +0200)]
Force case-insensitive check for smiley codes
The smiley table uses a case-insensitive unique key for the smiley code.
See https://www.woltlab.com/community/thread/295708-bug-beim-erstellen-eines-smileys-mit-bereits-vorhandenem-smileycode-duplikat/
Tim Düsterhus [Mon, 23 May 2022 07:58:20 +0000 (09:58 +0200)]
Fix typo in de.xml
Tim Düsterhus [Mon, 16 May 2022 09:36:19 +0000 (11:36 +0200)]
Fix `wcf.user.register.error.blacklistMatches` language variable in RegisterForm
Marcel Werk [Sat, 14 May 2022 11:46:05 +0000 (13:46 +0200)]
Truncate error message in cronjob log if necessary
Tim Düsterhus [Thu, 12 May 2022 13:38:20 +0000 (15:38 +0200)]
Merge pull request #4798 from pehbeh/patch-1
Update URL to WoltLab Community and Plugin-Store in acp/pageHeaderUser.tpl
pehbeh [Thu, 12 May 2022 13:31:54 +0000 (15:31 +0200)]
Update URL to WoltLab Community and Plugin-Store in acp/pageHeaderUser.tpl
Tim Düsterhus [Thu, 12 May 2022 11:48:13 +0000 (13:48 +0200)]
Update URL to WoltLab Ticket Support in acp/pageHeaderUser.tpl
Tim Düsterhus [Wed, 11 May 2022 12:56:48 +0000 (14:56 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 11 May 2022 12:56:09 +0000 (14:56 +0200)]
Add the `required` attribute to the recipientID select in contact.tpl
see
a8490749c3ba7014380d55462fc45dd635c1d71c
Tim Düsterhus [Wed, 11 May 2022 12:49:48 +0000 (14:49 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 11 May 2022 12:49:24 +0000 (14:49 +0200)]
Indicate that selecting a recipient is required in contact.tpl
Tim Düsterhus [Wed, 11 May 2022 09:38:47 +0000 (11:38 +0200)]
Drop obsolete update_com.woltlab.wcf_5.4.15_deleteDsStore.php
Tim Düsterhus [Tue, 10 May 2022 07:25:42 +0000 (09:25 +0200)]
Fix English versions of `wcf.user.security.multifactor.backup.authenticationEmail.body.*`
The phrases contained broken template scripting, due to the use of the `'`
apostroph within a single quoted string.
Tim Düsterhus [Fri, 6 May 2022 13:11:45 +0000 (15:11 +0200)]
Remove the codestyle workflow from branches that are not master
Marcel Werk [Sat, 7 May 2022 15:41:59 +0000 (17:41 +0200)]
Merge branch '5.3' into 5.4
Marcel Werk [Sat, 7 May 2022 15:41:46 +0000 (17:41 +0200)]
Merge branch '5.2' into 5.3
Marcel Werk [Sat, 7 May 2022 15:40:48 +0000 (17:40 +0200)]
Revert "Show always an no selection option in custom select options build with the OptionHandler"
This reverts commit
6fef8b82e15794eee5317e6b15bb0670f137315c.
Tim Düsterhus [Thu, 5 May 2022 13:23:19 +0000 (15:23 +0200)]
Update npm dependencies
Tim Düsterhus [Tue, 3 May 2022 13:07:53 +0000 (15:07 +0200)]
Merge pull request #4768 from WoltLab/sitemap-page
Fix handling of CMS pages in sitemap
Tim Düsterhus [Tue, 3 May 2022 11:57:49 +0000 (13:57 +0200)]
Fix handling of CMS pages in sitemap
Delegate the visibility control and access control to the appropriate methods
in \wcf\data\page\Page instead of reimplementing it from scratch. Most notably
the inversion of the page ACL was not implemented correctly within the sitemap.
see
92fba0538afc1d88f411db1a80553af2d17c09b4
Closes #4767
Co-authored-by: mutec <mysterycode@mysterycode.de>
Tim Düsterhus [Mon, 2 May 2022 07:25:38 +0000 (09:25 +0200)]
Merge pull request #4766 from mutec/appmanmudose
fix application management in multi domain setups
mutec [Sun, 1 May 2022 20:53:53 +0000 (22:53 +0200)]
fix application management in multi domain setups
Changing the landing pages of apps was failing since the domain name for single-domain-setups was validated for any case, but is not set when using a multi-domain-setup.
This lead to an un-meaningful error-message saying something is incorrect.
Tim Düsterhus [Thu, 28 Apr 2022 10:36:23 +0000 (12:36 +0200)]
Add the Drupal8 hashing algorithm
Tim Düsterhus [Thu, 28 Apr 2022 10:21:19 +0000 (12:21 +0200)]
Fix the TPhpass algorithm
The salt extraction used `mb_strpos` where `mb_substr` needs to be used.
see
c586e46e62dd1d714b7c7db7911eb6cf5d96cc7e
Tim Düsterhus [Wed, 27 Apr 2022 07:20:17 +0000 (09:20 +0200)]
Match stop words case insensitively in MysqlSearchEngine
Tim Düsterhus [Wed, 27 Apr 2022 07:18:47 +0000 (09:18 +0200)]
Replace MysqlSearchEngine::getStopWords() by ::isStopWord()
Sascha Greuel [Mon, 25 Apr 2022 10:32:11 +0000 (12:32 +0200)]
Set explicit `referrerpolicy` for Vimeo embeds
see
936c0f6d5d3f5a811110f7add4fa688a3e9a8377
see https://www.woltlab.com/community/thread/295351/?postID=
1891462#post1891462
Resolves #4755
Tim Düsterhus [Mon, 25 Apr 2022 10:49:48 +0000 (12:49 +0200)]
Set explicit `referrerpolicy` for YouTube embeds
YouTube requires the `Referer` header to be set for (some) embeds to work. By
using the attribute any `referrer-policy` header set on the top level document
is overridden (e.g. `same-origin`).
Co-authored-by: Sascha Greuel <github@1-2.dev>
Tim Düsterhus [Fri, 22 Apr 2022 13:26:13 +0000 (15:26 +0200)]
Remove reference to CONTRIBUTING.md from README.md
see
5d7b7d602e0f6efb077bffda4b3ecceed8534810