Marcel Werk [Wed, 7 Sep 2022 16:04:23 +0000 (18:04 +0200)]
Fix condition check for user trophies
The check was incorrectly not based on trophyID but on userTrophyID.
Marcel Werk [Wed, 7 Sep 2022 10:32:13 +0000 (12:32 +0200)]
Fix outdated cookie policy
There is no longer a login cookie and the session cookie is no longer temporary.
Tim Düsterhus [Tue, 6 Sep 2022 13:22:21 +0000 (15:22 +0200)]
Merge pull request #4984 from WoltLab/notification-delete-email
Add missing email status update for deleted notifications
Tim Düsterhus [Tue, 6 Sep 2022 11:53:43 +0000 (13:53 +0200)]
Add missing email status update for deleted notifications
Tim Düsterhus [Mon, 5 Sep 2022 11:58:41 +0000 (13:58 +0200)]
Guard against throwing unserialize handlers when unserializing session variables
Tim Düsterhus [Mon, 5 Sep 2022 09:47:09 +0000 (11:47 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Mon, 5 Sep 2022 09:46:48 +0000 (11:46 +0200)]
Merge pull request #4981 from WoltLab/smtp-transport-desync
Detect possible SMTP connection desync in SmtpEmailTransport
Tim Düsterhus [Mon, 5 Sep 2022 08:52:29 +0000 (10:52 +0200)]
Add `codemirror.tpl` to frontend templates
Fixes #4780
Tim Düsterhus [Mon, 5 Sep 2022 08:19:44 +0000 (10:19 +0200)]
Detect possible SMTP connection desync in SmtpEmailTransport
see https://www.woltlab.com/community/thread/296850-smtp-probleme-nachdem-erste-mail-fehlschl%C3%A4gt/
Tim Düsterhus [Fri, 2 Sep 2022 11:30:51 +0000 (13:30 +0200)]
Merge pull request #4978 from WoltLab/image-proxy-webp
Accept WebP payloads in ImageProxyAction
Tim Düsterhus [Fri, 2 Sep 2022 07:22:23 +0000 (09:22 +0200)]
Use `str_contains()` in ImageProxyAction
Tim Düsterhus [Fri, 2 Sep 2022 07:21:32 +0000 (09:21 +0200)]
Use `image_type_to_extension()` in ImageProxyAction
Tim Düsterhus [Fri, 2 Sep 2022 07:19:14 +0000 (09:19 +0200)]
Add messages to all DomainExceptions in ImageProxyAction
Tim Düsterhus [Fri, 2 Sep 2022 07:16:31 +0000 (09:16 +0200)]
Accept WebP payloads in ImageProxyAction
Marcel Werk [Thu, 1 Sep 2022 11:54:44 +0000 (13:54 +0200)]
Merge branch '5.5' of https://github.com/WoltLab/WCF into 5.5
Marcel Werk [Thu, 1 Sep 2022 11:54:42 +0000 (13:54 +0200)]
Fix error message when a user clicks the activation link multiple times
Tim Düsterhus [Thu, 1 Sep 2022 08:35:11 +0000 (10:35 +0200)]
Merge pull request #4974 from WoltLab/oauth-authorize-query
Support URIs with query-string in AbstractOauth2Action::getAuthorizeUrl()
Tim Düsterhus [Thu, 1 Sep 2022 08:21:41 +0000 (10:21 +0200)]
Do not assign in `if()` in AbstractOauth2Action
Tim Düsterhus [Thu, 1 Sep 2022 08:02:58 +0000 (10:02 +0200)]
Support URIs with query-string in AbstractOauth2Action::getAuthorizeUrl()
Tim Düsterhus [Tue, 30 Aug 2022 14:19:52 +0000 (16:19 +0200)]
Add `random_int` to template modifier allow-list
Resolves #4967
Tim Düsterhus [Tue, 30 Aug 2022 14:10:50 +0000 (16:10 +0200)]
Return `TIME_NOW` in Session::getLastActivityTime() for the current session
Since
b1adc239cb469a2c648d56d5e98e57c8a41d9b2c the lastActivityTime is only
updated once per minute to reduce the write traffic on the session table. This
might lead to the current session not appearing at the top in account security.
Fix this by returning the current time in `getLastActivityTime()` if the
session in question is the active session, because the current request is the
latest activity by definition.
Tim Düsterhus [Tue, 30 Aug 2022 13:13:53 +0000 (15:13 +0200)]
Validate the `from` with UserUtil::isValidEmail() in UserMailForm
see
af702ce9b143157350ee2ade5c33c98d3eba6ae9
Tim Düsterhus [Tue, 30 Aug 2022 13:11:54 +0000 (15:11 +0200)]
Validate the `from` with UserUtil::isValidEmail() in SendMailUserBulkProcessingAction
Do not use the `EmailGrammar` which might not include all the necessary
validation (e.g. for 8-bit characters).
Tim Düsterhus [Mon, 29 Aug 2022 12:20:02 +0000 (14:20 +0200)]
Update for PHP CS Fixer 3.10.0
Tim Düsterhus [Mon, 29 Aug 2022 10:14:46 +0000 (12:14 +0200)]
Update composer dependencies
Sascha Greuel [Sat, 13 Aug 2022 19:06:28 +0000 (21:06 +0200)]
Explicitly convert float to int in GDImageAdapter's alpha values
Implicit conversion from float to int is deprecated in PHP 8.1.
Closes #4958
Alexander Ebert [Fri, 19 Aug 2022 12:59:47 +0000 (14:59 +0200)]
Release 5.5.4
Alexander Ebert [Fri, 19 Aug 2022 12:56:16 +0000 (14:56 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Fri, 19 Aug 2022 12:54:05 +0000 (14:54 +0200)]
Release 5.4.22
Alexander Ebert [Thu, 18 Aug 2022 15:28:14 +0000 (17:28 +0200)]
Release 5.5.4 dev 3
WoltLab [Thu, 18 Aug 2022 15:15:41 +0000 (15:15 +0000)]
Updating minified JavaScript files
Alexander Ebert [Thu, 18 Aug 2022 13:19:38 +0000 (15:19 +0200)]
Prevent Safari from dispatching search requests twice
See https://www.woltlab.com/community/thread/296867-fetch-is-aborted-bei-suchergebnissen/
Alexander Ebert [Thu, 18 Aug 2022 12:08:44 +0000 (14:08 +0200)]
Fix the editing of links inside the editor
See https://www.woltlab.com/community/thread/296868-bearbeiten-von-link-ohne-tld-endung-f%C3%BCgt-https-hinzu/
Alexander Ebert [Thu, 18 Aug 2022 11:46:22 +0000 (13:46 +0200)]
Prevent attachment buttons from submitting the form
See https://www.woltlab.com/community/thread/296855-drag-drop-eines-bildes-f%C3%BChrt-zum-absenden-eines-neuen-themas-firefox/
Alexander Ebert [Tue, 16 Aug 2022 11:43:41 +0000 (13:43 +0200)]
Release 5.5.4 dev 2
Marcel Werk [Mon, 15 Aug 2022 16:30:09 +0000 (18:30 +0200)]
Fix issue when a user does not have permissions to use any search object type
Alexander Ebert [Fri, 12 Aug 2022 13:18:47 +0000 (15:18 +0200)]
Release 5.5.4 dev 1
Alexander Ebert [Fri, 12 Aug 2022 12:52:07 +0000 (14:52 +0200)]
Merge pull request #4953 from WoltLab/group-permission-check
Remove broken check for UserGroupPermissionCache consistency
Tim Düsterhus [Fri, 12 Aug 2022 12:22:37 +0000 (14:22 +0200)]
Remove broken check for UserGroupPermissionCache consistency
The purpose of this check is not entirely clear, as it exists since the very
first commit in git. Back then it was not yet broken, it got broken when the
caching system was refactored to reorder parameters, probably in order to
improve the cache hit rates:
When running the `worker`s using the CLI interface, for some reason, the cache
for guests gets rebuilt with the `$parameters` array (and thus by extension the
`groupIDs` value) being equal to `[2, 1]`, whereas everywhere else the
`$parameters` are consistently `[1, 2]`.
Now when rebuilding the data via the CLI, the cache will have the `[2, 1]`
order and when reloading the cache in a regular HTTP session this check will
fail, as `[2, 1] != [1, 2]`, thus completely disregarding the cache contents
and using an empty permissions array instead. This in turn leads to guests not
being able to access anything.
Fix this by removing the safety check:
- It's exceedingly unlikely for two unrelated `$parameters` to collide in the
cache filename, thus applying incorrect permissions.
- If the CacheBuilder itself is buggy, then all bets are off anyway.
WoltLab [Fri, 12 Aug 2022 11:38:24 +0000 (11:38 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Fri, 12 Aug 2022 09:24:21 +0000 (11:24 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Fri, 12 Aug 2022 09:23:54 +0000 (11:23 +0200)]
Unify “Datenbanktabelle” in de.xml
Tim Düsterhus [Fri, 12 Aug 2022 09:23:11 +0000 (11:23 +0200)]
Fix typo in de.xml
see #4952
Tim Düsterhus [Thu, 11 Aug 2022 12:46:41 +0000 (14:46 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 11 Aug 2022 12:45:33 +0000 (14:45 +0200)]
Improve character class definition in explanation for PIP identifiers
see #4952
Tim Düsterhus [Thu, 11 Aug 2022 12:43:58 +0000 (14:43 +0200)]
Unify phrasing for PIP identifier explanations
see #4952
Tim Düsterhus [Thu, 11 Aug 2022 12:40:52 +0000 (14:40 +0200)]
Improve phrasing in PIP identifier description
see #4952
Tim Düsterhus [Thu, 11 Aug 2022 12:38:50 +0000 (14:38 +0200)]
Fix grammar in de.xml
Resolves #4952
Reported-by: Dennis Kraffczyk <github@dennis-kraffczyk.de>
Tim Düsterhus [Thu, 11 Aug 2022 12:37:14 +0000 (14:37 +0200)]
Replace “Example” by “Beispiel” in de.xml
see #4952
Alexander Ebert [Wed, 10 Aug 2022 16:51:14 +0000 (18:51 +0200)]
Fix the check for the provided element
The implementation expects an input element, but an additional guard is in place to only accept DOM elements. The intention was to reject other values such as strings which were common with the previous jQuery implementation.
Tim Düsterhus [Fri, 5 Aug 2022 07:29:45 +0000 (09:29 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 4 Aug 2022 11:47:22 +0000 (13:47 +0200)]
Fix PHPDoc type in IFormField
Tim Düsterhus [Thu, 4 Aug 2022 10:20:26 +0000 (12:20 +0200)]
Merge pull request #4920 from WoltLab/row-format
Set an explicit `ROW_FORMAT=dynamic` in CREATE TABLE
Tim Düsterhus [Thu, 4 Aug 2022 07:04:07 +0000 (09:04 +0200)]
Merge pull request #4921 from SoftCreatR/patch-2
Fix Facebook media provider
Sascha Greuel [Thu, 4 Aug 2022 04:58:21 +0000 (06:58 +0200)]
Fixed Facebook media provider
Usernames CAN contain periods, but they're currently not supported. There's also no need for a trailing slash.
Example: https://www.facebook.com/RaiPlay.it/videos/
1059491774481091
Tim Düsterhus [Wed, 3 Aug 2022 12:14:07 +0000 (14:14 +0200)]
Set an explicit `ROW_FORMAT=dynamic` in CREATE TABLE
Resolves #4910.
Alexander Ebert [Tue, 2 Aug 2022 15:46:46 +0000 (17:46 +0200)]
Detect incorrect system font stack inserted in Chrome
Alexander Ebert [Tue, 2 Aug 2022 11:46:03 +0000 (13:46 +0200)]
Merge pull request #4917 from WoltLab/attachment-tab-a11y
Add missing button role in attachment management tab
Marcel Werk [Tue, 2 Aug 2022 11:38:02 +0000 (13:38 +0200)]
Add missing button role in attachment management tab
Marcel Werk [Mon, 1 Aug 2022 15:45:32 +0000 (17:45 +0200)]
Fix missing copying of conditions when copying boxes
Tim Düsterhus [Mon, 1 Aug 2022 12:07:32 +0000 (14:07 +0200)]
Add `str_contains`, `str_starts_with`, `str_ends_with` to allowed template modifiers
Tim Düsterhus [Mon, 1 Aug 2022 09:28:11 +0000 (11:28 +0200)]
Update composer dependencies
Alexander Ebert [Thu, 28 Jul 2022 11:11:57 +0000 (13:11 +0200)]
Scroll to the editor after inserting the quote
See https://www.woltlab.com/community/thread/296552-zitieren-von-kompletten-beitr%C3%A4gen-springt-nicht-in-den-editor/
Tim Düsterhus [Thu, 28 Jul 2022 09:38:39 +0000 (11:38 +0200)]
Update composer dependencies
Tim Düsterhus [Thu, 28 Jul 2022 09:35:17 +0000 (11:35 +0200)]
Tim Düsterhus [Thu, 28 Jul 2022 09:34:40 +0000 (11:34 +0200)]
Update laminas-progressbar to a custom fork
see laminas/laminas-progressbar#14
Tim Düsterhus [Thu, 28 Jul 2022 08:45:37 +0000 (10:45 +0200)]
Unify error handling of DatabaseTableIndex with DatabaseTableForeignKey
This fixes a misleading error message if `->getData()` is called, but no
columns have been set:
> implode(): Argument #1 ($pieces) must be of type array, string given
Alexander Ebert [Wed, 27 Jul 2022 17:18:27 +0000 (19:18 +0200)]
Prevent closing unclosable dialogs with the escape key
See https://www.woltlab.com/community/thread/296571-esc-schlie%C3%9Ft-login-dialog-im-acp/
Alexander Ebert [Wed, 27 Jul 2022 17:07:45 +0000 (19:07 +0200)]
Detect changes to the HEX value using the `input` event
The `keypress` event does not fire while making changes to some parts of the value. This becomes an issue when the dialog is submitted through the enter key without a blur happening.
See https://www.woltlab.com/community/thread/296596-farbw%C3%A4hler-durch-enter-speichert-den-wert-nicht/
Sascha Greuel [Wed, 27 Jul 2022 08:17:14 +0000 (10:17 +0200)]
Allow @-sign in username
Currently, the check for email addresses as username is too strict, as an email
address in user@host format is valid. However, this results in usernames no
longer being allowed to contain an @ character, otherwise they will be
recognized as a valid email address.
See https://www.woltlab.com/community/thread/296653-benutzernamen-mit-im-namen-bei-5-5-nicht-mehr-m%C3%B6glich
Resolves #4912
Tim Düsterhus [Wed, 27 Jul 2022 07:45:31 +0000 (09:45 +0200)]
Update composer dependencies
Tim Düsterhus [Wed, 27 Jul 2022 07:42:55 +0000 (09:42 +0200)]
Silence the PHP_ICO class in StyleAction
It is planned to remove it with #4885.
Resolves #4911
Tim Düsterhus [Thu, 21 Jul 2022 09:08:44 +0000 (11:08 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 20 Jul 2022 12:51:10 +0000 (14:51 +0200)]
Alexander Ebert [Wed, 20 Jul 2022 11:56:41 +0000 (13:56 +0200)]
Release 5.5.3
Alexander Ebert [Wed, 20 Jul 2022 11:48:45 +0000 (13:48 +0200)]
Merge branch '5.4' into 5.5
Alexander Ebert [Wed, 20 Jul 2022 11:15:40 +0000 (13:15 +0200)]
Release 5.4.21
Tim Düsterhus [Wed, 20 Jul 2022 10:55:36 +0000 (12:55 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 20 Jul 2022 10:54:50 +0000 (12:54 +0200)]
Merge pull request #4908 from WoltLab/upgrade-override-success
Add explicit “success” message to PackageEnableUpgradeOverrideForm
Tim Düsterhus [Wed, 20 Jul 2022 10:50:39 +0000 (12:50 +0200)]
Improve wording for success message in PackageEnableUpgradeOverrideForm
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Tim Düsterhus [Wed, 20 Jul 2022 07:59:59 +0000 (09:59 +0200)]
Add explicit “success” message to PackageEnableUpgradeOverrideForm
WoltLab [Wed, 20 Jul 2022 07:37:17 +0000 (07:37 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 20 Jul 2022 07:35:29 +0000 (09:35 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 20 Jul 2022 07:33:16 +0000 (09:33 +0200)]
Merge branch '5.4' into 5.5
WoltLab [Wed, 20 Jul 2022 07:30:22 +0000 (07:30 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 20 Jul 2022 07:26:10 +0000 (09:26 +0200)]
Update npm dependencies in extra/
Alexander Ebert [Tue, 19 Jul 2022 14:30:02 +0000 (16:30 +0200)]
Release 5.5.3 dev 2
WoltLab [Tue, 19 Jul 2022 14:21:11 +0000 (14:21 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 19 Jul 2022 13:34:26 +0000 (15:34 +0200)]
Restore the selection after closing a dialog
Attempting to restore it too early will cause the focus trap in Safari to move the selection immediately back.
See https://www.woltlab.com/community/thread/296469-beitragserstellung-bilder-werden-nicht-an-der-gew%C3%BCnschten-stelle-eingef%C3%BCgt/
Alexander Ebert [Tue, 19 Jul 2022 11:02:09 +0000 (13:02 +0200)]
Wait for `markAllAsRead` before updating the UI
The number of unread items relies on an internal counter that is updated based on the server-side value of the `markAllAsRead` action.
Not waiting for the action to complete will cause the UI to become out-of-sync. Notably the unread indicator of the mobile UI tab relies on the internal counter that is updated at a later stage.
See https://www.woltlab.com/community/thread/296509-mobiles-kontrollzentrum-icon-bleibt/
Alexander Ebert [Tue, 19 Jul 2022 10:26:06 +0000 (12:26 +0200)]
Move the focus into the first input field in dialogs
Tim Düsterhus [Tue, 19 Jul 2022 09:30:21 +0000 (11:30 +0200)]
Fix TypeScript code style
Tim Düsterhus [Tue, 19 Jul 2022 09:04:00 +0000 (11:04 +0200)]
Fix querying possible update versions in PackageUpdateDispatcher::getAvailableUpdates()
The previous `LEFT JOIN` might return `packageVersion = NULL` if a package
server does not have any accessible versions for an installed package,
ultimately erroring out in PHP 8.1, because `NULL` is passed to a `string`
parameter.
see https://www.woltlab.com/community/thread/296513-passing-null-to-parameter-3-subject-of-type-array-string-is-deprecated/
Alexander Ebert [Mon, 18 Jul 2022 16:25:27 +0000 (18:25 +0200)]
Fix the color of the search icon in the mobile header
See https://www.woltlab.com/community/thread/296499-mobiles-men%C3%BC-mit-falschen-farbzuweisungen/
Marcel Werk [Mon, 18 Jul 2022 15:01:05 +0000 (17:01 +0200)]
Fix javascript error when viewing polls as a guest
The view mistakenly assumed that the button for showing the results was always present. This caused a javascript error for guests or for users who could only see the result.
Alexander Ebert [Mon, 18 Jul 2022 11:12:58 +0000 (13:12 +0200)]
Fix the enable/disable option for styles
Clicks to toggle the style are only recognized on the icon which is not visible on mobile devices. Forward clicks on the link to the icon in these cases.
See https://www.woltlab.com/community/thread/296437-stile-lassen-sich-mobil-nicht-deaktivieren/
Alexander Ebert [Mon, 18 Jul 2022 10:20:11 +0000 (12:20 +0200)]
Replace use of a PHP 8+ feature
`DOMElement::$childElementCount` is supported in PHP 8.0+ only, for PHP 7 we need to manually check for child elements.
See https://www.woltlab.com/community/thread/296485-zitat-von-user-nochmal-zitieren/
Marcel Werk [Fri, 15 Jul 2022 13:35:03 +0000 (15:35 +0200)]
Merge branch '5.5' of https://github.com/WoltLab/WCF into 5.5
Marcel Werk [Fri, 15 Jul 2022 13:35:01 +0000 (15:35 +0200)]
Fix missing cache reset after deleting custom language variables
Alexander Ebert [Fri, 15 Jul 2022 13:01:05 +0000 (15:01 +0200)]
Release 5.5.3 dev 1