Alexander Ebert [Sat, 15 Aug 2020 17:35:58 +0000 (19:35 +0200)]
Prefer longer group names for mentions
Tim Düsterhus [Fri, 14 Aug 2020 10:22:16 +0000 (12:22 +0200)]
Skip display-name of Mailbox if display-name == addr-spec
If the human readable $name of a Mailbox matches the $address then leave
out the $name within the header representation and specify a bare email
address. The name is redundant in cases like this and this might lead to
negative spam scoring.
Alexander Ebert [Thu, 13 Aug 2020 11:31:37 +0000 (13:31 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Thu, 13 Aug 2020 11:31:16 +0000 (13:31 +0200)]
Merge pull request #3500 from Krymonota/patch-12
Add missing phrases to English 3rd party register language items
joshuaruesweg [Thu, 13 Aug 2020 07:44:48 +0000 (09:44 +0200)]
Fix resizing images in Safari
Fixes #3506
Marcel Werk [Wed, 12 Aug 2020 16:22:56 +0000 (18:22 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Wed, 12 Aug 2020 16:22:37 +0000 (18:22 +0200)]
Prevent username overflow in the message sidebar
Marcel Werk [Wed, 12 Aug 2020 15:51:54 +0000 (17:51 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Wed, 12 Aug 2020 15:51:25 +0000 (17:51 +0200)]
Prevent changes to the showOrder setting of system boxes during an update
Marcel Werk [Wed, 12 Aug 2020 15:47:22 +0000 (17:47 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 29 Jan 2020 13:38:56 +0000 (14:38 +0100)]
Prevent changes to the visibility settings of system boxes during an update/upgrade
Tim Düsterhus [Wed, 12 Aug 2020 14:13:05 +0000 (16:13 +0200)]
Merge pull request #3502 from Krymonota/timing-safe-comparison-social-login
Use timing safe comparison to validate `state` parameter for social login
Niklas [Wed, 12 Aug 2020 14:08:29 +0000 (16:08 +0200)]
Fix type of `options` parameter in HTTPRequest PHPDoc (#3504)
Niklas (Krymonota) [Wed, 12 Aug 2020 13:59:26 +0000 (15:59 +0200)]
Use timing safe comparison to validate `state` parameter for social login
The Twitter social login is left out because the implementation still uses OAuth 1.0, which does not support the `state` parameter.
Closes #3501
Niklas [Tue, 11 Aug 2020 16:16:41 +0000 (18:16 +0200)]
Add missing phrases to English 3rd party register language items
Joshua Rüsweg [Tue, 11 Aug 2020 09:32:34 +0000 (11:32 +0200)]
Merge pull request #3499 from WoltLab/5.2-like-rebuild-data-fix
Fix calculation the cached reactions
joshuaruesweg [Mon, 10 Aug 2020 16:36:49 +0000 (18:36 +0200)]
Use proper placeholders for fetching the reactions
joshuaruesweg [Mon, 10 Aug 2020 15:57:26 +0000 (17:57 +0200)]
Fix calculation the cached reactions
Tim Düsterhus [Mon, 10 Aug 2020 15:19:21 +0000 (17:19 +0200)]
Merge pull request #3498 from WoltLab/dbo-action-php-8
Fix bogus call to `call_user_func_array` in AbstractDBOAction::validateAction()
Tim Düsterhus [Mon, 10 Aug 2020 14:16:37 +0000 (16:16 +0200)]
Fix bogus call to `call_user_func_array` in AbstractDBOAction::validateAction()
Fixes #3490
joshuaruesweg [Fri, 7 Aug 2020 13:43:27 +0000 (15:43 +0200)]
Remove superfluous `array_unique` call
No double value can occur in the array. When deleting, we already check if the object still exists in our file array and delete it only if it really still exists.
Tim Düsterhus [Fri, 7 Aug 2020 09:56:58 +0000 (11:56 +0200)]
Fix return value of sort callback in TemplateListPage
Found using PHP 8's new warning:
> Message: uasort(): Returning bool from comparison function is deprecated,
> return an integer less than, equal to, or greater than zero
Tim Düsterhus [Fri, 7 Aug 2020 09:31:45 +0000 (11:31 +0200)]
Fix PHP 8 compatibility for WCFSetup's error handler
see
0267fa9af7e18aa6449726f748e672cdac192d12
Marcel Werk [Thu, 6 Aug 2020 14:25:45 +0000 (16:25 +0200)]
Added missing informal variant
Marcel Werk [Wed, 5 Aug 2020 16:49:12 +0000 (18:49 +0200)]
Merge pull request #3466 from Sir-Will/patch-1
Fixes exception when not using primary PayPal email
Tim Düsterhus [Wed, 5 Aug 2020 14:21:45 +0000 (16:21 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 14:17:16 +0000 (16:17 +0200)]
Fix PHP 5.5 compatibility
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Sir-Will [Wed, 5 Aug 2020 13:51:26 +0000 (15:51 +0200)]
Verify if business argument is set in PayPal callback
Matthias Schmidt [Wed, 5 Aug 2020 13:48:58 +0000 (15:48 +0200)]
Fix handling of hidden form field values via AJAX
See #3053
Alexander Ebert [Wed, 5 Aug 2020 10:57:22 +0000 (12:57 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Wed, 5 Aug 2020 10:56:18 +0000 (12:56 +0200)]
Merge pull request #3462 from SoftCreatR/patch-14
Add detection for Chromium based Edge browser
Alexander Ebert [Wed, 5 Aug 2020 10:51:35 +0000 (12:51 +0200)]
Merge pull request #3471 from WoltLab/disable-spider-visit-tracking
Disable visit tracking for search engines
Tim Düsterhus [Wed, 5 Aug 2020 10:06:26 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 10:05:08 +0000 (12:05 +0200)]
Do not decrement wcf1_user.articles when deleting unpublished articles
see
b044815dd9b6509fc44219684d7076cd28a80aa6
see #3480
Tim Düsterhus [Wed, 5 Aug 2020 09:59:38 +0000 (11:59 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 5 Aug 2020 09:58:13 +0000 (11:58 +0200)]
Update wcf1_user.articles when deleting articles
Fixes #3480
Sascha Greuel [Sun, 26 Jul 2020 15:19:00 +0000 (17:19 +0200)]
Added detection for Chromium based Edge browser
joshuaruesweg [Mon, 3 Aug 2020 16:23:12 +0000 (18:23 +0200)]
Add note, that the page.xml PIP instruction is needed with the next update
See #3474
joshuaruesweg [Mon, 3 Aug 2020 16:14:59 +0000 (18:14 +0200)]
Merge branch '3.1'
joshuaruesweg [Mon, 3 Aug 2020 16:12:07 +0000 (18:12 +0200)]
Fix updating `requireObjectID` for existing pages
Alexander Ebert [Sat, 1 Aug 2020 15:22:54 +0000 (17:22 +0200)]
The `data-user-id` is already set by the ReactionHandler
Fixes #3463
Alexander Ebert [Fri, 31 Jul 2020 15:10:25 +0000 (17:10 +0200)]
Prevent writes to the session rather than reads
Alexander Ebert [Fri, 31 Jul 2020 11:40:14 +0000 (13:40 +0200)]
Disable visit tracking for search engines
Tim Düsterhus [Thu, 30 Jul 2020 09:26:47 +0000 (11:26 +0200)]
Revert "Whitelist `unserialize()` when running in enterprise mode"
`unserialize()` is unsafe, because it potentially allows for arbitrary
code execution.
This reverts commit
564ba8525e42c9d4677ee1ddac58c4c9c67fc113.
Sir-Will [Tue, 28 Jul 2020 17:09:30 +0000 (19:09 +0200)]
Include PayPal business email in exception
Sir-Will [Tue, 28 Jul 2020 00:57:32 +0000 (02:57 +0200)]
Fixes exception when not using primary PayPal email
PayPal allows adding multiple emails, if you are using one of the alternative emails instead of the primary email then WoltLab will throw the exception.
The `receiver_email` is always the primary email while `business` is the secondary in the IPN.
Matthias Schmidt [Mon, 27 Jul 2020 16:44:45 +0000 (18:44 +0200)]
Clear language cache when clearing cronjob cache
Close #3465
Marcel Werk [Thu, 23 Jul 2020 10:30:53 +0000 (12:30 +0200)]
Invalid suffix value caused an error when rendering the form
Alexander Ebert [Sun, 19 Jul 2020 16:04:42 +0000 (18:04 +0200)]
Approved `uniqid` for the use when running in enterprise mode
Alexander Ebert [Sat, 18 Jul 2020 13:30:10 +0000 (15:30 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Sat, 18 Jul 2020 13:29:14 +0000 (15:29 +0200)]
Moved the remark on the cleanup script
Alexander Ebert [Sat, 18 Jul 2020 13:28:13 +0000 (15:28 +0200)]
Merge pull request #3450 from WoltLab/cms-embedded-object-remove
Removed embedded object references when deleting articles / pages
Tim Düsterhus [Fri, 17 Jul 2020 12:12:28 +0000 (14:12 +0200)]
Add update_com.woltlab.wcf_embeddedObjectOrphans.php
Tim Düsterhus [Fri, 17 Jul 2020 09:36:44 +0000 (11:36 +0200)]
Add note about deletion of orphaned embedded objects
see #3429
Tim Düsterhus [Fri, 17 Jul 2020 09:32:27 +0000 (11:32 +0200)]
Remove embedded object references when deleting pages
see #3429
Tim Düsterhus [Fri, 17 Jul 2020 09:25:24 +0000 (11:25 +0200)]
Remove embedded object references when deleting articles
see #3429
Tim Düsterhus [Thu, 16 Jul 2020 09:26:21 +0000 (11:26 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Thu, 16 Jul 2020 09:25:48 +0000 (11:25 +0200)]
Fix PHP 5.5 compatibility
Tim Düsterhus [Thu, 16 Jul 2020 09:24:05 +0000 (11:24 +0200)]
Tim Düsterhus [Thu, 16 Jul 2020 08:42:45 +0000 (10:42 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Thu, 16 Jul 2020 08:41:09 +0000 (10:41 +0200)]
Properly update page search index when editing
see #3430
Tim Düsterhus [Thu, 16 Jul 2020 08:40:38 +0000 (10:40 +0200)]
Properly update article search index when editing
see #3430
Marcel Werk [Tue, 14 Jul 2020 17:09:42 +0000 (19:09 +0200)]
Merge branch '3.1' into 5.2
Marcel Werk [Tue, 14 Jul 2020 17:09:26 +0000 (19:09 +0200)]
Improved detection of the links to twitch's clips
Matthias Schmidt [Tue, 14 Jul 2020 13:31:19 +0000 (15:31 +0200)]
Fix VoidFormDataProcessor for `null` values
Alexander Ebert [Mon, 13 Jul 2020 11:14:17 +0000 (13:14 +0200)]
Release 5.2.8
woltlab.com [Mon, 13 Jul 2020 11:06:11 +0000 (11:06 +0000)]
Updating minified JavaScript files
Alexander Ebert [Mon, 13 Jul 2020 10:59:40 +0000 (12:59 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Mon, 13 Jul 2020 10:59:02 +0000 (12:59 +0200)]
Release 3.1.16
Matthias Schmidt [Fri, 10 Jul 2020 16:04:47 +0000 (18:04 +0200)]
Add close callback to form builder dialog
woltlab.com [Thu, 9 Jul 2020 19:11:02 +0000 (19:11 +0000)]
Updating minified JavaScript files
Alexander Ebert [Thu, 9 Jul 2020 19:09:02 +0000 (21:09 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Thu, 9 Jul 2020 19:08:44 +0000 (21:08 +0200)]
Prevent Chromium browser form injecting base64 encoded images
Matthias Schmidt [Wed, 8 Jul 2020 12:24:07 +0000 (14:24 +0200)]
Fix button class for single media form field
Matthias Schmidt [Wed, 8 Jul 2020 12:08:30 +0000 (14:08 +0200)]
Fix duplicate data handler registration for captcha form fields
Close #3441
Peter Frühwirt [Wed, 8 Jul 2020 06:39:53 +0000 (08:39 +0200)]
Fixed error message in Form Builder
Alexander Ebert [Tue, 7 Jul 2020 16:26:16 +0000 (18:26 +0200)]
Whitelist `unserialize()` when running in enterprise mode
Tim Düsterhus [Tue, 7 Jul 2020 13:09:04 +0000 (15:09 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Tue, 7 Jul 2020 13:07:09 +0000 (15:07 +0200)]
Merge pull request #3439 from WoltLab/cronjob-fix2
Fix calculation of nextExec of cronjobs
Tim Düsterhus [Tue, 7 Jul 2020 12:26:20 +0000 (14:26 +0200)]
Fix calculation of nextExec of cronjobs
To properly calculate nextExec we must not specify the TIME_NOW parameter,
because if the cronjob is run on the scheduled time the nextExec() will
return the current time.
Not passing the TIME_NOW parameter adds at least 120 seconds of delay to
prevent this issue.
This bug was introduced in commit
485f8e1888824b862823de983e019afcb9bca7ce.
When moving the update of the execution time the calls were not correctly
moved and the explicit passing of TIME_NOW was added.
Alexander Ebert [Mon, 6 Jul 2020 15:53:12 +0000 (17:53 +0200)]
Release 5.2.8
Tim Düsterhus [Mon, 6 Jul 2020 15:21:01 +0000 (17:21 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Mon, 6 Jul 2020 15:20:12 +0000 (17:20 +0200)]
Merge pull request #3428 from WoltLab/url-is
Fix Url::is()
Marcel Werk [Mon, 6 Jul 2020 12:16:33 +0000 (14:16 +0200)]
Captcha setting was not considered
woltlab.com [Mon, 6 Jul 2020 11:25:05 +0000 (11:25 +0000)]
Updating minified JavaScript files
Marcel Werk [Mon, 6 Jul 2020 09:57:40 +0000 (11:57 +0200)]
Removed misleading description
Marcel Werk [Mon, 6 Jul 2020 09:57:14 +0000 (11:57 +0200)]
Missing module setting check
Marcel Werk [Mon, 6 Jul 2020 09:56:56 +0000 (11:56 +0200)]
Fixed parameter validation
Alexander Ebert [Fri, 3 Jul 2020 23:03:22 +0000 (01:03 +0200)]
Merge pull request #3435 from xopez/patch-1
Remove unused Packageservers for 5.2
xopez [Fri, 3 Jul 2020 18:00:39 +0000 (20:00 +0200)]
Update install.sql
Tim Düsterhus [Fri, 3 Jul 2020 15:15:49 +0000 (17:15 +0200)]
Merge pull request #3434 from WoltLab/fix-shadow-groups
Properly support multiple instances of WoltLabSuite/Core/Ui/ItemList/User
Tim Düsterhus [Fri, 3 Jul 2020 14:46:26 +0000 (16:46 +0200)]
Properly support multiple instances of WoltLabSuite/Core/Ui/ItemList/User
WoltLabSuite/Core/Ui/ItemList/User is a singleton and thus only has a single
instance of each object member. This lead to the `_shadowGroups` value being
fixed to the first input used.
Move the `_shadowGroups` into the existing `data` object (where the regular
`shadow` resides) to fix this issue.
Introduced in
8faf6ea10ac894b87b3e357f5248f67b4fd7b716.
Fixes #3433.
Tim Düsterhus [Fri, 3 Jul 2020 13:55:33 +0000 (15:55 +0200)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Fri, 3 Jul 2020 13:53:39 +0000 (15:53 +0200)]
Merge pull request #3432 from WoltLab/linked-blocked-img
Fix markup for linked, blocked images in UGC
Tim Düsterhus [Fri, 3 Jul 2020 13:10:38 +0000 (15:10 +0200)]
Fix markup for linked, blocked images in UGC
Fixes #3384
Matthias Schmidt [Thu, 2 Jul 2020 16:46:13 +0000 (18:46 +0200)]
Add missing closing quotation mark in English language item
Tim Düsterhus [Thu, 2 Jul 2020 14:40:16 +0000 (16:40 +0200)]
Fix Url::is()
`parse_url()` cannot be used to validate an URL, because it will accept
roughly everything. In fact this is documented in the parse_url() docs:
> This function is not meant to validate the given URL, it only breaks
> it up into the above listed parts. Partial URLs are also accepted,
> parse_url() tries its best to parse them correctly.
Fixes #3391
Alexander Ebert [Thu, 2 Jul 2020 11:20:39 +0000 (13:20 +0200)]
Merge pull request #3413 from WoltLab/existingMapping
Improve wording regarding existing import mapping
woltlab.com [Thu, 2 Jul 2020 10:32:06 +0000 (10:32 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 2 Jul 2020 09:55:33 +0000 (11:55 +0200)]
Fix formatting of text/plain notifications
see #325
projects / GitHub / WoltLab / WCF.git / log