Alexander Ebert [Sat, 14 May 2022 12:30:38 +0000 (14:30 +0200)]
Incorrect handling of the return focus
Related https://www.woltlab.com/community/thread/295562-inhalte-k%C3%B6nnen-doppelt-gemeldet-werden/
Tim Düsterhus [Sat, 14 May 2022 12:02:40 +0000 (14:02 +0200)]
Merge pull request #4801 from WoltLab/template-event-javascript-head-include
Remove long-deprecated JavaScript template events from `headInclude.tpl`
Tim Düsterhus [Sat, 14 May 2022 12:02:30 +0000 (14:02 +0200)]
Merge pull request #4800 from WoltLab/convert-encoding
Deprecate StringUtil::convertEncoding()
Tim Düsterhus [Sat, 14 May 2022 12:02:19 +0000 (14:02 +0200)]
Merge pull request #4802 from WoltLab/sensitive-parameter
Use PHP 8.2's SensitiveParameter argument
Tim Düsterhus [Fri, 13 May 2022 14:05:24 +0000 (16:05 +0200)]
Remove accidentally commited bootstrap.php
see
4f33a332b8aaf66e6c2fb1c9919063146c328c56
Tim Düsterhus [Fri, 13 May 2022 14:01:16 +0000 (16:01 +0200)]
Use Guzzle in PackageAction::searchForPurchasedItems()
see #4281
Tim Düsterhus [Fri, 13 May 2022 13:52:49 +0000 (15:52 +0200)]
Use Guzzle in PackageUpdateDispatcher::getPurchasedVersions()
see #4281
Marcel Werk [Fri, 13 May 2022 11:31:01 +0000 (13:31 +0200)]
Merge pull request #4803 from WoltLab/deprecate-amp
Deprecated AMP support
Marcel Werk [Fri, 13 May 2022 11:19:15 +0000 (13:19 +0200)]
Deprecated AMP support
Tim Düsterhus [Fri, 13 May 2022 10:08:13 +0000 (12:08 +0200)]
Replace `\wcf\SensitiveArgument` by `\SensitiveParameter`
Tim Düsterhus [Fri, 13 May 2022 10:07:06 +0000 (12:07 +0200)]
Deprecate `\wcf\SensitiveArgument`
Tim Düsterhus [Fri, 13 May 2022 10:06:03 +0000 (12:06 +0200)]
Add support for PHP 8.2's native SensitiveParameter attribute
Tim Düsterhus [Fri, 13 May 2022 09:50:59 +0000 (11:50 +0200)]
Use checkstyle output for php-cs-fixer
Tim Düsterhus [Fri, 13 May 2022 09:45:32 +0000 (11:45 +0200)]
Install phpcs via `shivammathur/setup-php`
Apparently the previously used actions uses an out of date phpcs.
Tim Düsterhus [Fri, 13 May 2022 09:39:09 +0000 (11:39 +0200)]
Merge branch '5.5'
Tim Düsterhus [Fri, 13 May 2022 09:38:41 +0000 (11:38 +0200)]
Remove obsolete workaround for PHP_CodeSniffer bug
Tim Düsterhus [Fri, 13 May 2022 09:17:27 +0000 (11:17 +0200)]
Remove long-deprecated JavaScript template events from `headInclude.tpl`
Tim Düsterhus [Fri, 13 May 2022 09:14:19 +0000 (11:14 +0200)]
Use a `?` placeholder for the `USER_SESSION_LIMIT` in SessionHandler
MySQL supports placeholders within the `LIMIT`, make use of this to avoid the
string concatenation that breaks syntax highlighting of the SQL query within
the IDE.
Tim Düsterhus [Fri, 13 May 2022 08:52:17 +0000 (10:52 +0200)]
Stop using StringUtil::convertEncoding()
Tim Düsterhus [Fri, 13 May 2022 08:50:44 +0000 (10:50 +0200)]
Deprecate StringUtil::convertEncoding()
This method is a simple wrapper around `mb_convert_encoding()`, so that one can
simply be called directly.
Tim Düsterhus [Fri, 13 May 2022 08:49:52 +0000 (10:49 +0200)]
Remove use of `utf8_encode` / `utf8_decode`
These functions will be deprecated with PHP 8.2.
Tim Düsterhus [Fri, 13 May 2022 07:29:30 +0000 (09:29 +0200)]
Merge pull request #4790 from WoltLab/package-server-tls
Enforce TLS for package servers
Tim Düsterhus [Fri, 13 May 2022 07:22:56 +0000 (09:22 +0200)]
Merge branch 'master' into package-server-tls
Tim Düsterhus [Fri, 13 May 2022 07:20:20 +0000 (09:20 +0200)]
Merge branch '5.5'
Tim Düsterhus [Fri, 13 May 2022 07:18:52 +0000 (09:18 +0200)]
Merge pull request #4799 from WoltLab/wcf-force-logout
Immediately destroy the session for banned users
Tim Düsterhus [Fri, 13 May 2022 07:17:25 +0000 (09:17 +0200)]
Merge pull request #4795 from WoltLab/mb-strpos
Remove unneeded usage of `mb_strpos`
Tim Düsterhus [Fri, 13 May 2022 07:17:06 +0000 (09:17 +0200)]
Merge pull request #4786 from WoltLab/remove-x-frame-options
Always send `x-frame-options`
Tim Düsterhus [Fri, 13 May 2022 07:16:43 +0000 (09:16 +0200)]
Merge pull request #4793 from WoltLab/error-500
Use HTTP 500 in error conditions
Tim Düsterhus [Fri, 13 May 2022 07:16:25 +0000 (09:16 +0200)]
Merge pull request #4794 from WoltLab/wcfacp-initPackage
Remove obsolete WCFACP::initPackage()
Tim Düsterhus [Fri, 13 May 2022 07:16:14 +0000 (09:16 +0200)]
Merge pull request #4796 from WoltLab/canonical-url-s-parameter
Remove the obsolete stripping of the `s=<sessionID>` when handling the canonical URL
Tim Düsterhus [Fri, 13 May 2022 07:16:00 +0000 (09:16 +0200)]
Merge pull request #4788 from WoltLab/template-modifier-allowlist
Always restrict valid template modifiers to an allow list
Tim Düsterhus [Thu, 12 May 2022 15:16:54 +0000 (17:16 +0200)]
Immediately destroy the session for banned users
The forced logout for banned users was introduced in
ab84d9cab2f864c23f0b18dbeb67e7ea79b1fe9f and only destroyed the session during
shutdown.
At the point where this check runs the request effectively is fully booted up
and in any case the NamedUserException would abort any further booting, thus it
is safe to simply destroy the session immediately to keep all the necessary
logic in a single location.
Tim Düsterhus [Thu, 12 May 2022 15:13:13 +0000 (17:13 +0200)]
Use `->prepare()` instead of `->prepareStatement()` in SessionHandler
Tim Düsterhus [Thu, 12 May 2022 14:08:05 +0000 (16:08 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 12 May 2022 13:38:20 +0000 (15:38 +0200)]
Merge pull request #4798 from pehbeh/patch-1
Update URL to WoltLab Community and Plugin-Store in acp/pageHeaderUser.tpl
Tim Düsterhus [Thu, 12 May 2022 13:38:04 +0000 (15:38 +0200)]
Merge pull request #4797 from WoltLab/mysql-requirements
Increase minimum MySQL version to 8.0.29 / MariaDB 10.5.12
Tim Düsterhus [Thu, 12 May 2022 13:31:52 +0000 (15:31 +0200)]
Increase minimum MySQL version to 8.0.29 / MariaDB 10.5.12
pehbeh [Thu, 12 May 2022 13:31:54 +0000 (15:31 +0200)]
Update URL to WoltLab Community and Plugin-Store in acp/pageHeaderUser.tpl
Tim Düsterhus [Thu, 12 May 2022 13:19:14 +0000 (15:19 +0200)]
Remove the obsolete stripping of the `s=<sessionID>` when handling the canonical URL
Tim Düsterhus [Thu, 12 May 2022 12:39:24 +0000 (14:39 +0200)]
Remove unneeded usage of `mb_strpos`
If the return value of `mb_strpos` is only compared to `false` then there is no
need to use the multibyte engine, instead `str_contains()` does example the
same and is clearer.
The same applies if the return value is compared to `0`, in this case the size
of multibyte characters cannot have affected the offset. `str_starts_with()`
can be used instead.
Tim Düsterhus [Thu, 12 May 2022 12:50:09 +0000 (14:50 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 12 May 2022 12:48:06 +0000 (14:48 +0200)]
Fix incorrect use of `mb_strpos` in MysqlSearchEngine
The return value of `mb_strpos` needs to be checked type-safely, as both `0`
and `false` are falsy. In this case this likely was safe, as the inner join may
not appear at the start of the query, it was a questionable nonetheless.
Fix this by using `str_contains()` which makes the intent even clearer.
Tim Düsterhus [Thu, 12 May 2022 12:33:40 +0000 (14:33 +0200)]
Simplify PackageUpdateServer::isTrustedServer()
Tim Düsterhus [Thu, 12 May 2022 12:32:23 +0000 (14:32 +0200)]
Remove `UPDATE_SERVER_TRUSTED_MIRROR`
Tim Düsterhus [Thu, 12 May 2022 11:49:18 +0000 (13:49 +0200)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Thu, 12 May 2022 11:48:47 +0000 (13:48 +0200)]
Merge branch '5.5'
Tim Düsterhus [Thu, 12 May 2022 11:48:37 +0000 (13:48 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Thu, 12 May 2022 11:48:13 +0000 (13:48 +0200)]
Update URL to WoltLab Ticket Support in acp/pageHeaderUser.tpl
Tim Düsterhus [Thu, 12 May 2022 10:47:07 +0000 (12:47 +0200)]
Merge pull request #4792 from WoltLab/styleID-parameter
Remove the `$_REQUEST['styleID']` handling
Tim Düsterhus [Thu, 12 May 2022 10:39:18 +0000 (12:39 +0200)]
Remove obsolete WCFACP::initPackage()
Ever since WoltLab Suite Core got its own frontend the PACKAGE_ID constant
should be defined at all times, making this method obsolete.
Tim Düsterhus [Thu, 12 May 2022 10:29:34 +0000 (12:29 +0200)]
Remove the `$_REQUEST['styleID']` handling
Resolves #4533
Tim Düsterhus [Thu, 12 May 2022 10:32:41 +0000 (12:32 +0200)]
Use HTTP 500 in error conditions
Sending a 500 Internal Server Error for unplanned errors is more appropriate
than a 503 Service Unavailable, as the latter is defined:
RFC 7231#6.6.4:
> The 503 (Service Unavailable) status code indicates that the server
> is currently unable to handle the request due to a temporary overload
> or scheduled maintenance, which will likely be alleviated after some
> delay.
It's not likely that the exception will resolve itself after some delay.
Tim Düsterhus [Thu, 12 May 2022 10:02:31 +0000 (12:02 +0200)]
Simplify generation of random cookie prefix in WCFSetup
Tim Düsterhus [Thu, 12 May 2022 09:26:11 +0000 (11:26 +0200)]
Drop unused constant `URL_TO_LOWERCASE` from default options.inc.php
The option was removed in
f3aa502157efa11ac3c76e8471d69d0ac9f69f1f.
Tim Düsterhus [Thu, 12 May 2022 09:15:27 +0000 (11:15 +0200)]
Merge pull request #4791 from WoltLab/wcfsetup-n
Remove the WCF_N input in WCFSetup
Tim Düsterhus [Thu, 12 May 2022 09:04:02 +0000 (11:04 +0200)]
Remove the WCF_N input in WCFSetup
Users should install separate instances into separate databases for security
reasons. This also avoids issues with users running a non-standard number and
any existing guides / queries not working, because the database tables have a
different name.
Tim Düsterhus [Thu, 12 May 2022 08:44:59 +0000 (10:44 +0200)]
Merge branch 'header-normalize'
Tim Düsterhus [Wed, 11 May 2022 10:50:10 +0000 (12:50 +0200)]
Use `Header::normalize()` in `ImageUtil::browserSupportsWebp()`
see #4534
Tim Düsterhus [Wed, 11 May 2022 10:46:01 +0000 (12:46 +0200)]
Use `Header::normalize()` in `RequestHandler::sendPsr7Response()`
see #4534
Tim Düsterhus [Wed, 11 May 2022 15:06:17 +0000 (17:06 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 11 May 2022 14:57:25 +0000 (16:57 +0200)]
Merge pull request #4784 from WoltLab/require-x64
Require 64-bit support
Tim Düsterhus [Wed, 11 May 2022 14:54:27 +0000 (16:54 +0200)]
Merge pull request #4783 from WoltLab/ts-target
Target es2019 in tsconfig.json
Tim Düsterhus [Wed, 11 May 2022 14:25:45 +0000 (16:25 +0200)]
Add update_com.woltlab.wcf_5.5_checkUpdateServers.php
Tim Düsterhus [Wed, 11 May 2022 14:21:20 +0000 (16:21 +0200)]
Remove obsolete reordering of package servers in PackageUpdateDispatcher::refreshPackageDatabase()
Tim Düsterhus [Wed, 11 May 2022 14:20:39 +0000 (16:20 +0200)]
Remove processing of the `wcf-update-server-ssl` header in PackageUpdateDispatcher
Tim Düsterhus [Wed, 11 May 2022 14:19:15 +0000 (16:19 +0200)]
Remove calls to RemoteFile::supportsSSL()
Tim Düsterhus [Wed, 11 May 2022 14:16:50 +0000 (16:16 +0200)]
Deprecate RemoteFile::supportsSSL() and RemoteFile::disableSSL()
Tim Düsterhus [Wed, 11 May 2022 14:11:35 +0000 (16:11 +0200)]
Enforce the https scheme in PackageUpdateServer
Tim Düsterhus [Wed, 11 May 2022 14:13:20 +0000 (16:13 +0200)]
Remove the https to http downgrade fallback in PackageUpdateDispatcher
Tim Düsterhus [Wed, 11 May 2022 13:21:05 +0000 (15:21 +0200)]
Require package servers to use https on the default port in PackageUpdateServerAddForm
Tim Düsterhus [Wed, 11 May 2022 13:26:44 +0000 (15:26 +0200)]
Update WoltLab update servers URLs to the `https` scheme in PackageUpdateServer
Tim Düsterhus [Wed, 11 May 2022 13:07:20 +0000 (15:07 +0200)]
Adjust the default package server `serverURL` to use https in install.sql
Marcel Werk [Wed, 11 May 2022 13:06:27 +0000 (15:06 +0200)]
Merge pull request #4787 from WoltLab/user-online-list
User online statistics were invisible when all active users were invisible
Tim Düsterhus [Wed, 11 May 2022 12:57:23 +0000 (14:57 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 11 May 2022 12:56:48 +0000 (14:56 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 11 May 2022 12:56:09 +0000 (14:56 +0200)]
Add the `required` attribute to the recipientID select in contact.tpl
see
a8490749c3ba7014380d55462fc45dd635c1d71c
Tim Düsterhus [Wed, 11 May 2022 12:50:53 +0000 (14:50 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 11 May 2022 12:49:48 +0000 (14:49 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 11 May 2022 12:49:24 +0000 (14:49 +0200)]
Indicate that selecting a recipient is required in contact.tpl
Tim Düsterhus [Wed, 11 May 2022 12:32:19 +0000 (14:32 +0200)]
Always restrict valid template modifiers to an allow list
Previously this allow list was only used in enterprise mode, but it is
generally a useful security feature. Thus the allow list previously known as
`$enterpriseFunctions` is applied in call cases.
This also makes it easier for developers, as there will be less differences
between the enterprise mode and the non-enterprise mode.
As before this allow list can easily be extended if a useful function is
missing from it.
Tim Düsterhus [Wed, 11 May 2022 12:04:42 +0000 (14:04 +0200)]
Add 64-bit check to update_com.woltlab.wcf_5.5_checkSystemRequirements.php
Tim Düsterhus [Wed, 11 May 2022 12:02:52 +0000 (14:02 +0200)]
Merge branch 'master' into require-x64
Tim Düsterhus [Wed, 11 May 2022 12:02:15 +0000 (14:02 +0200)]
Add update_com.woltlab.wcf_5.5_checkSystemRequirements.php
see
48b47a4a8ba0260d52226c80063ebac081fa719b
Marcel Werk [Wed, 11 May 2022 11:09:44 +0000 (13:09 +0200)]
Applied code suggestions
Marcel Werk [Wed, 11 May 2022 10:25:15 +0000 (12:25 +0200)]
Show legend only when users are listed
Tim Düsterhus [Wed, 11 May 2022 10:24:13 +0000 (12:24 +0200)]
Always send `x-frame-options`
Resolves #4484
Marcel Werk [Wed, 11 May 2022 10:24:06 +0000 (12:24 +0200)]
User online statistics were invisible when all active users were invisible
Tim Düsterhus [Wed, 11 May 2022 09:40:37 +0000 (11:40 +0200)]
Drop obsolete upgrade instructions from 5.4 to 5.5
Tim Düsterhus [Wed, 11 May 2022 09:39:22 +0000 (11:39 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 11 May 2022 09:39:12 +0000 (11:39 +0200)]
Merge branch '5.4' into 5.5
Tim Düsterhus [Wed, 11 May 2022 09:38:47 +0000 (11:38 +0200)]
Drop obsolete update_com.woltlab.wcf_5.4.15_deleteDsStore.php
Tim Düsterhus [Wed, 11 May 2022 09:37:38 +0000 (11:37 +0200)]
Drop obsolete fileDelete_5.5.xml
Tim Düsterhus [Wed, 11 May 2022 09:26:08 +0000 (11:26 +0200)]
Check for 64-bit support in SystemCheckPage
Tim Düsterhus [Wed, 11 May 2022 09:16:18 +0000 (11:16 +0200)]
Require 64-bit PHP in WCFSetup
see #4512
Tim Düsterhus [Wed, 11 May 2022 08:41:46 +0000 (10:41 +0200)]
Merge branch '5.5'
Tim Düsterhus [Wed, 11 May 2022 08:40:35 +0000 (10:40 +0200)]
Fix language items in recommended section of system requirements in WCFSetup
see
3445cbe2a005ead9843d9e17709a915631dd11b5
see
e88d06dc88bc263b7424fbccfa47c13907413b8c
Tim Düsterhus [Wed, 11 May 2022 08:18:04 +0000 (10:18 +0200)]
Target es2019 in tsconfig.json
Resolves #4595
Tim Düsterhus [Wed, 11 May 2022 08:01:03 +0000 (10:01 +0200)]
Run php-cs-fixer using PHP 8.1
Tim Düsterhus [Wed, 11 May 2022 07:58:47 +0000 (09:58 +0200)]
Merge pull request #4782 from WoltLab/system-requirements
Increase minimum PHP requirement
Alexander Ebert [Tue, 10 May 2022 20:58:18 +0000 (22:58 +0200)]
Release 5.5.0 Beta 2