GitHub/WoltLab/WCF.git
4 months agoRemove the additional secret for files
Alexander Ebert [Sat, 15 Jun 2024 10:13:47 +0000 (12:13 +0200)]
Remove the additional secret for files

It serves no real purpose. Guessing the SHA-256 hash is impossible due to entropy and if you *know* the hash then you pretty much know the file contents too.

There is no imaginable scenario where leaking the hash would not also leak the secret.

4 months agoMerge branch '6.0'
Alexander Ebert [Sat, 15 Jun 2024 09:42:10 +0000 (11:42 +0200)]
Merge branch '6.0'

4 months agoRelease 6.0.15 dev 1 6.0.15_dev_1
Alexander Ebert [Fri, 14 Jun 2024 16:31:02 +0000 (18:31 +0200)]
Release 6.0.15 dev 1

4 months agoUpdating minified JavaScript files
WoltLab [Fri, 14 Jun 2024 16:18:07 +0000 (16:18 +0000)]
Updating minified JavaScript files

4 months agoAdd a proper error message for incompatible Plugin-Store packages
Alexander Ebert [Fri, 14 Jun 2024 11:26:59 +0000 (13:26 +0200)]
Add a proper error message for incompatible Plugin-Store packages

Fixes #5800
See https://www.woltlab.com/community/thread/306394-error-message-when-trying-to-install-a-package-by-storecode/

4 months agoFix phpdoc
Marcel Werk [Fri, 14 Jun 2024 11:02:06 +0000 (13:02 +0200)]
Fix phpdoc

4 months agoFilter out restricted permissions in enterprise mode
Alexander Ebert [Fri, 14 Jun 2024 10:21:24 +0000 (12:21 +0200)]
Filter out restricted permissions in enterprise mode

4 months agoAdd a check that no attachment files have been deleted
Cyperghost [Fri, 14 Jun 2024 07:30:29 +0000 (09:30 +0200)]
Add a check that no attachment files have been deleted

4 months agoMake the URL filter a bit more lenient
Alexander Ebert [Thu, 13 Jun 2024 12:25:25 +0000 (14:25 +0200)]
Make the URL filter a bit more lenient

See https://www.woltlab.com/community/thread/305951-link-umwandlung-funktioniert-nicht-wenn-protokoll-im-text-steht/

4 months agoFix the overflow handling of the code box header
Alexander Ebert [Thu, 13 Jun 2024 12:02:31 +0000 (14:02 +0200)]
Fix the overflow handling of the code box header

See https://www.woltlab.com/community/thread/306288-erroneous-placement-of-icons-in-code-box-title-on-mobile/

4 months agoProperly handle possible NULL values for option values
Alexander Ebert [Thu, 13 Jun 2024 11:09:26 +0000 (13:09 +0200)]
Properly handle possible NULL values for option values

See https://www.woltlab.com/community/thread/306690-explode-passing-null-to-parameter-2-string-of-type-string-is-deprecated/

4 months agoPrevent scrolling when defocusing a reaction overlay
Alexander Ebert [Thu, 13 Jun 2024 11:02:19 +0000 (13:02 +0200)]
Prevent scrolling when defocusing a reaction overlay

See https://www.woltlab.com/community/thread/306559-scrolling-the-page-up-while-holding-the-reaction-button/

4 months agoNo longer add the description with the limits for uploading via the description....
Cyperghost [Thu, 13 Jun 2024 10:03:43 +0000 (12:03 +0200)]
No longer add the description with the limits for uploading via the description. This information is already available in the template

4 months agoIt Was only necessary for testing
Cyperghost [Thu, 13 Jun 2024 09:26:59 +0000 (11:26 +0200)]
It Was only necessary for testing

4 months agoMerge branch '6.0'
Alexander Ebert [Wed, 12 Jun 2024 12:40:14 +0000 (14:40 +0200)]
Merge branch '6.0'

4 months agoDo not focus the editor when resetting it
Alexander Ebert [Wed, 12 Jun 2024 12:39:48 +0000 (14:39 +0200)]
Do not focus the editor when resetting it

See https://www.woltlab.com/community/thread/306677-js-fehler-beim-antworten-auf-kommentare/

4 months agoFixes the problem if `maxHeight` and or `maxWidth` have the value `-1`. In this case...
Cyperghost [Wed, 12 Jun 2024 10:12:21 +0000 (12:12 +0200)]
Fixes the problem if `maxHeight` and or `maxWidth` have the value `-1`. In this case, the images were scaled anyway.

4 months agoFix wrong object type when deleting comment responses
Marcel Werk [Tue, 11 Jun 2024 13:10:02 +0000 (15:10 +0200)]
Fix wrong object type when deleting comment responses

4 months agoMerge pull request #5943 from WoltLab/bugfix/wysiwyg-form-field-attachment
Olaf Braun [Mon, 10 Jun 2024 10:08:13 +0000 (12:08 +0200)]
Merge pull request #5943 from WoltLab/bugfix/wysiwyg-form-field-attachment

Bugfix with WysiwygAttachmentFormField and FileProcessor

4 months agoMerge pull request #5942 from WoltLab/upload-pipeline-update-database
Olaf Braun [Mon, 10 Jun 2024 10:07:52 +0000 (12:07 +0200)]
Merge pull request #5942 from WoltLab/upload-pipeline-update-database

Add missing database columns for `wcf1_attachment`

4 months agoSimplify the usage of the helper function
Alexander Ebert [Mon, 10 Jun 2024 10:03:21 +0000 (12:03 +0200)]
Simplify the usage of the helper function

4 months agoFixes the problem that when using the WysiwygFormField with attachments, the `objectI...
Cyperghost [Mon, 10 Jun 2024 09:38:32 +0000 (11:38 +0200)]
Fixes the problem that when using the WysiwygFormField with attachments, the `objectID` can be `null` if it is not an EditForm.

4 months agoAdd missing database columns for `wcf1_attachment`, that are installed by the databas...
Cyperghost [Mon, 10 Jun 2024 08:51:30 +0000 (10:51 +0200)]
Add missing database columns for `wcf1_attachment`, that are installed by the database pip

4 months agoUse a helper function instead of a property
Alexander Ebert [Sun, 9 Jun 2024 19:53:59 +0000 (21:53 +0200)]
Use a helper function instead of a property

Using a property was a dumb idea because it breaks the promise of having the entire request data be made available through the parameters passed to `__invoke()`.

4 months agoFix the deletion of attachments through the file API
Alexander Ebert [Sun, 9 Jun 2024 19:28:59 +0000 (21:28 +0200)]
Fix the deletion of attachments through the file API

4 months agoAdd a helper attribute for object hydration
Alexander Ebert [Sun, 9 Jun 2024 19:25:20 +0000 (21:25 +0200)]
Add a helper attribute for object hydration

4 months agoRemove superfluous columns
Alexander Ebert [Sun, 9 Jun 2024 19:24:58 +0000 (21:24 +0200)]
Remove superfluous columns

Those columns were incorrectly copied and should not exist on `wcf1_file_temporary`.

4 months agoImprove the handling of server errors
Alexander Ebert [Sun, 9 Jun 2024 19:24:29 +0000 (21:24 +0200)]
Improve the handling of server errors

4 months agoMigrate the important workers to the linear rebuild worker
Alexander Ebert [Sun, 9 Jun 2024 10:56:24 +0000 (12:56 +0200)]
Migrate the important workers to the linear rebuild worker

4 months agoEnforce a consistent processing by id
Alexander Ebert [Sun, 9 Jun 2024 10:31:12 +0000 (12:31 +0200)]
Enforce a consistent processing by id

5 months agoMerge pull request #5939 from WoltLab/rebuild-html-performance
Alexander Ebert [Sat, 8 Jun 2024 11:46:04 +0000 (13:46 +0200)]
Merge pull request #5939 from WoltLab/rebuild-html-performance

Runtime and rebuild performance improvements

5 months agoMerge pull request #5940 from WoltLab/guest-token
Marcel Werk [Sat, 8 Jun 2024 11:45:24 +0000 (13:45 +0200)]
Merge pull request #5940 from WoltLab/guest-token

Guest tokens

5 months agoGuest tokens
Marcel Werk [Sat, 8 Jun 2024 11:34:57 +0000 (13:34 +0200)]
Guest tokens

5 months agoMerge branch '6.0'
Alexander Ebert [Sat, 8 Jun 2024 11:34:52 +0000 (13:34 +0200)]
Merge branch '6.0'

5 months agoMerge branch '5.5' into 6.0
Alexander Ebert [Sat, 8 Jun 2024 11:33:54 +0000 (13:33 +0200)]
Merge branch '5.5' into 6.0

5 months agoMerge pull request #5932 from SoftCreatR/bugfix/log-recursive
Alexander Ebert [Sat, 8 Jun 2024 11:33:15 +0000 (13:33 +0200)]
Merge pull request #5932 from SoftCreatR/bugfix/log-recursive

Disable log directory recursion

5 months agoChange template name to shared version
Marcel Werk [Sat, 8 Jun 2024 11:15:20 +0000 (13:15 +0200)]
Change template name to shared version

5 months agoMerge branch 'master' of https://github.com/WoltLab/WCF
Marcel Werk [Sat, 8 Jun 2024 11:13:31 +0000 (13:13 +0200)]
Merge branch 'master' of https://github.com/WoltLab/WCF

5 months agoRemove obsolete jquery code for the captcha registration
Marcel Werk [Sat, 8 Jun 2024 11:13:09 +0000 (13:13 +0200)]
Remove obsolete jquery code for the captcha registration

5 months agoConvert `captchaQuestion` to a shared template
Marcel Werk [Sat, 8 Jun 2024 11:02:20 +0000 (13:02 +0200)]
Convert `captchaQuestion` to a shared template

5 months agoInline the call to `DatabaseObject::__get()`
Alexander Ebert [Wed, 17 Apr 2024 17:02:20 +0000 (19:02 +0200)]
Inline the call to `DatabaseObject::__get()`

See eaf3ce8100824d6c805b6d588b67d02bb58a18b7

5 months agoImprove the runtime performance of `|date`
Alexander Ebert [Wed, 17 Apr 2024 17:01:10 +0000 (19:01 +0200)]
Improve the runtime performance of `|date`

See 75f848c4f07ef00dfa0b191665f40d8a81fa2d0c

5 months agoInline the call to `DatabaseObject::__get()`
Alexander Ebert [Tue, 16 Apr 2024 15:48:34 +0000 (17:48 +0200)]
Inline the call to `DatabaseObject::__get()`

`User::__get()` is called very often on each request, easily stacking up thousands of calls.

On a well populated board list this can easily account for up to 1% of runtime. Inlining the check against `$data` cuts down the time spent inside by up to 2/3.

5 months agoReuse the `\IntlDateFormatter`
Alexander Ebert [Mon, 15 Apr 2024 13:35:47 +0000 (15:35 +0200)]
Reuse the `\IntlDateFormatter`

Constructing the object every time is a rather expensive process.

The test for a page with 96 calls to the `|time` modifier showed an average of 8ms spent inside the `execute()` method.

The optimized version showed a consistent runtime of around 1.3ms.

5 months agoImprove the rebuild of users
Alexander Ebert [Fri, 12 Apr 2024 20:29:03 +0000 (22:29 +0200)]
Improve the rebuild of users

The regular query using `LIMIT` and `OFFSET` is painfully slow with large datasets.

Rebuilding 500k users previously took about 3 hours, afterwards the same action can be carried out in about 20 minutes.

5 months agoImprove the rebuild of user activity points
Alexander Ebert [Thu, 11 Apr 2024 16:23:38 +0000 (18:23 +0200)]
Improve the rebuild of user activity points

The previous implementation relied on `LIMIT … OFFSET …` which has an incredibly poor performance on large data sets. Changing this to `BETWEEN` yields a consistently low latency.

In the previous implementation, up to 92% of the request was spent fetching the target rows.

For a test with 500k records this cut down the time to rebuild from 2:30h down to 20m.

5 months agoCache the list of source and block BBCodes
Alexander Ebert [Thu, 11 Apr 2024 13:35:07 +0000 (15:35 +0200)]
Cache the list of source and block BBCodes

These methods exist in the hot path for the BBCode processing and are called often, but are known to have a static result at runtime.

Caching the result shows latency improvements of up to 3%.

5 months agoCache the list of known HTML tag handlers
Alexander Ebert [Thu, 11 Apr 2024 13:33:14 +0000 (15:33 +0200)]
Cache the list of known HTML tag handlers

The `\class_exists()` call for handlers that do not exist always go through the autoloaders.

For large sets of documents this change improves the request latency by up to 2%.

5 months agoImprove the parsing performance of HTML 5
Alexander Ebert [Thu, 11 Apr 2024 13:31:15 +0000 (15:31 +0200)]
Improve the parsing performance of HTML 5

LibXML handles HTML5 documents poorly and raises a lot of errors that are propagated to PHP and eventually get suppressed by the `@` operator.

This change will prevent LibXML from propagating the errors, allowing us to discard them without going through PHP.

For medium to large size messages this speeds up the `loadHTML()` call by 30-60%. For large sets of messages this can yield a latency reduction for the request of up to 5%.

5 months agoMerge pull request #5905 from WoltLab/upload-pipeline-v2
Alexander Ebert [Sat, 8 Jun 2024 10:23:07 +0000 (12:23 +0200)]
Merge pull request #5905 from WoltLab/upload-pipeline-v2

Upload Pipeline v2

5 months agoMark the legacy file system methods as deprecated
Alexander Ebert [Fri, 7 Jun 2024 16:30:10 +0000 (18:30 +0200)]
Mark the legacy file system methods as deprecated

5 months agoAdd support for copying files
Alexander Ebert [Fri, 7 Jun 2024 16:18:51 +0000 (18:18 +0200)]
Add support for copying files

5 months agoRemove legacy methods for attachment handling
Alexander Ebert [Fri, 7 Jun 2024 15:17:54 +0000 (17:17 +0200)]
Remove legacy methods for attachment handling

5 months agoReplace references to the old JS for attachments
Alexander Ebert [Fri, 7 Jun 2024 15:13:09 +0000 (17:13 +0200)]
Replace references to the old JS for attachments

5 months agoAdd the SQL structure to the DDL PIP
Alexander Ebert [Sun, 2 Jun 2024 11:16:51 +0000 (13:16 +0200)]
Add the SQL structure to the DDL PIP

5 months agoCreate a WebP variant of the source file
Alexander Ebert [Sat, 1 Jun 2024 12:38:11 +0000 (14:38 +0200)]
Create a WebP variant of the source file

5 months agoImprove the eTag handling of file downloads
Alexander Ebert [Sat, 25 May 2024 13:16:56 +0000 (15:16 +0200)]
Improve the eTag handling of file downloads

5 months agoMigrate attachments to the new file upload API
Alexander Ebert [Sat, 25 May 2024 13:12:42 +0000 (15:12 +0200)]
Migrate attachments to the new file upload API

5 months agoAdd a new worker implementation with a linear, predictable runtime
Alexander Ebert [Sat, 25 May 2024 13:12:05 +0000 (15:12 +0200)]
Add a new worker implementation with a linear, predictable runtime

5 months agoAdd an option to limit the maximum file size
Alexander Ebert [Sun, 19 May 2024 11:12:22 +0000 (13:12 +0200)]
Add an option to limit the maximum file size

5 months agoValidate the file size before querying the server
Alexander Ebert [Sat, 18 May 2024 11:55:19 +0000 (13:55 +0200)]
Validate the file size before querying the server

5 months agoFix the ETag handling
Alexander Ebert [Sat, 18 May 2024 11:34:59 +0000 (13:34 +0200)]
Fix the ETag handling

5 months agoIncrease the length of the secret to 32 characzers
Alexander Ebert [Sat, 18 May 2024 11:22:34 +0000 (13:22 +0200)]
Increase the length of the secret to 32 characzers

5 months agoFix the `expires` header and force lowercased http headers
Alexander Ebert [Sat, 18 May 2024 11:08:19 +0000 (13:08 +0200)]
Fix the `expires` header and force lowercased http headers

5 months agoMove the ETag handling and switch to weak comparisons
Alexander Ebert [Sat, 18 May 2024 10:56:13 +0000 (12:56 +0200)]
Move the ETag handling and switch to weak comparisons

5 months agoAdd support for limiting the number of uploaded files
Alexander Ebert [Sat, 18 May 2024 10:46:39 +0000 (12:46 +0200)]
Add support for limiting the number of uploaded files

5 months agoFix the call to a removed helper function
Alexander Ebert [Sat, 18 May 2024 10:20:00 +0000 (12:20 +0200)]
Fix the call to a removed helper function

5 months agoAdd checksums for thumbnails and a rebuild worker
Alexander Ebert [Sun, 12 May 2024 10:37:53 +0000 (12:37 +0200)]
Add checksums for thumbnails and a rebuild worker

The checksum is computed based on the configuration of the thumbnail, allowing to detect when a thumbnail needs to be regenerated. If the checksum matches, the file hash is checked instead to detect damaged files.

5 months agoDelete orphaned files
Alexander Ebert [Sat, 11 May 2024 11:56:22 +0000 (13:56 +0200)]
Delete orphaned files

5 months agoAdd caching support to file downloads
Alexander Ebert [Sat, 11 May 2024 11:43:35 +0000 (13:43 +0200)]
Add caching support to file downloads

5 months agoClean up files on delete
Alexander Ebert [Wed, 8 May 2024 10:02:15 +0000 (12:02 +0200)]
Clean up files on delete

5 months agoAdd support for download tracking
Alexander Ebert [Wed, 8 May 2024 09:30:03 +0000 (11:30 +0200)]
Add support for download tracking

This partially reverts the changes made in bde83e6b8fc090654deaac827b342cea0b69695d

5 months agoMinor code improvements
Alexander Ebert [Wed, 8 May 2024 09:10:55 +0000 (11:10 +0200)]
Minor code improvements

5 months agoAdd the documentation for the file processor interface
Alexander Ebert [Sun, 5 May 2024 21:29:11 +0000 (23:29 +0200)]
Add the documentation for the file processor interface

5 months agoAdd a default implementation for file processors
Alexander Ebert [Sun, 5 May 2024 21:14:24 +0000 (23:14 +0200)]
Add a default implementation for file processors

5 months agoAdd basic error messages
Alexander Ebert [Sun, 5 May 2024 21:05:09 +0000 (23:05 +0200)]
Add basic error messages

5 months agoAdd button phrases and simplify the button creation
Alexander Ebert [Sun, 5 May 2024 11:02:17 +0000 (13:02 +0200)]
Add button phrases and simplify the button creation

5 months agoClean up the error and editor id handling
Alexander Ebert [Sun, 5 May 2024 10:50:23 +0000 (12:50 +0200)]
Clean up the error and editor id handling

5 months agoMove the attachment logic into a separate file
Alexander Ebert [Sun, 5 May 2024 10:19:16 +0000 (12:19 +0200)]
Move the attachment logic into a separate file

5 months agoReorganize the action buttons for attachments
Alexander Ebert [Sat, 4 May 2024 11:11:54 +0000 (13:11 +0200)]
Reorganize the action buttons for attachments

5 months agoInitialize the image viewer for dynamic attachments
Alexander Ebert [Sat, 4 May 2024 10:08:05 +0000 (12:08 +0200)]
Initialize the image viewer for dynamic attachments

5 months agoUse `objectTypeID` instead of `typeName`
Alexander Ebert [Sat, 4 May 2024 10:03:29 +0000 (12:03 +0200)]
Use `objectTypeID` instead of `typeName`

5 months agoAdd support for the image viewer for attachments
Alexander Ebert [Sat, 4 May 2024 09:37:15 +0000 (11:37 +0200)]
Add support for the image viewer for attachments

5 months agoImplement a cleanup on file delete
Alexander Ebert [Fri, 3 May 2024 15:23:48 +0000 (17:23 +0200)]
Implement a cleanup on file delete

5 months agoRemove `downloads` and `lastDownloadTime`
Alexander Ebert [Fri, 3 May 2024 13:30:53 +0000 (15:30 +0200)]
Remove `downloads` and `lastDownloadTime`

These have been meaningless metrics for most of the time and also do not play nicely with the efficient distribution of files.

5 months agoImprove the UI of uploaded attachments
Alexander Ebert [Fri, 3 May 2024 13:02:47 +0000 (15:02 +0200)]
Improve the UI of uploaded attachments

5 months agoAdd some basic styling for uploaded attachments
Alexander Ebert [Mon, 29 Apr 2024 14:53:42 +0000 (16:53 +0200)]
Add some basic styling for uploaded attachments

5 months agoAdd support for uploads through drag and drop on the editor
Alexander Ebert [Mon, 29 Apr 2024 12:58:58 +0000 (14:58 +0200)]
Add support for uploads through drag and drop on the editor

5 months agoBlock drag & drop for illegal file extensions
Alexander Ebert [Fri, 26 Apr 2024 15:44:40 +0000 (17:44 +0200)]
Block drag & drop for illegal file extensions

5 months agoAdd the link to the full version to files
Alexander Ebert [Fri, 26 Apr 2024 13:41:48 +0000 (15:41 +0200)]
Add the link to the full version to files

5 months agoInitialize existing attachments
Alexander Ebert [Fri, 26 Apr 2024 13:28:32 +0000 (15:28 +0200)]
Initialize existing attachments

5 months agoBind uploaded attachments to the current user
Alexander Ebert [Fri, 26 Apr 2024 11:23:59 +0000 (13:23 +0200)]
Bind uploaded attachments to the current user

5 months agoAdd an automated resizing for images exceeding the limits
Alexander Ebert [Thu, 25 Apr 2024 15:30:36 +0000 (17:30 +0200)]
Add an automated resizing for images exceeding the limits

5 months agoPrevent the generation of thumbnails for small images
Alexander Ebert [Thu, 25 Apr 2024 14:28:27 +0000 (16:28 +0200)]
Prevent the generation of thumbnails for small images

5 months agoUnify the styling of attachments below a message
Alexander Ebert [Mon, 15 Apr 2024 16:34:14 +0000 (18:34 +0200)]
Unify the styling of attachments below a message

5 months agoFix the loading of the files of attachments
Alexander Ebert [Mon, 15 Apr 2024 16:19:53 +0000 (18:19 +0200)]
Fix the loading of the files of attachments

The list of files (plus their thumbnails) is already fetched in the base implementation `AttachmentList`.

5 months agoAdd a secret to upload files
Alexander Ebert [Mon, 15 Apr 2024 10:50:00 +0000 (12:50 +0200)]
Add a secret to upload files

The placement of files depends on the file extension, allowing files to be efficiently served by the web server instead of blocking a PHP worker.

5 months agoUse file extensions other than `.bin` for safe types
Alexander Ebert [Mon, 15 Apr 2024 10:46:33 +0000 (12:46 +0200)]
Use file extensions other than `.bin` for safe types

5 months agoSkip thumbnails for non-image files
Alexander Ebert [Mon, 15 Apr 2024 10:18:16 +0000 (12:18 +0200)]
Skip thumbnails for non-image files

5 months agoUse `File::getSourceName()` to avoid accidental leaks
Alexander Ebert [Sun, 14 Apr 2024 11:11:09 +0000 (13:11 +0200)]
Use `File::getSourceName()` to avoid accidental leaks