Tim Düsterhus [Tue, 10 Aug 2021 12:44:21 +0000 (14:44 +0200)]
Use PSR-7 responses in NotificationDisableAction
Tim Düsterhus [Fri, 6 Aug 2021 13:59:01 +0000 (15:59 +0200)]
Use PSR-7 responses in GithubAuthAction
Tim Düsterhus [Fri, 6 Aug 2021 13:58:09 +0000 (15:58 +0200)]
Use PSR-7 responses in FacebookAuthAction
Tim Düsterhus [Fri, 6 Aug 2021 13:56:48 +0000 (15:56 +0200)]
Use PSR-7 responses in GoogleAuthAction
Tim Düsterhus [Fri, 6 Aug 2021 13:55:13 +0000 (15:55 +0200)]
Support returning PSR-7 responses in AbstractOauth2Action
Tim Düsterhus [Fri, 6 Aug 2021 13:51:37 +0000 (15:51 +0200)]
Use PSR-7 responses in CoreRewriteTestAction
Tim Düsterhus [Fri, 6 Aug 2021 13:49:17 +0000 (15:49 +0200)]
Use PSR-7 responses in BackgroundQueuePerformAction
Tim Düsterhus [Fri, 6 Aug 2021 13:43:16 +0000 (15:43 +0200)]
Use PSR-7 responses in UserQuickSearchAction
Tim Düsterhus [Fri, 6 Aug 2021 13:37:58 +0000 (15:37 +0200)]
Use PSR-7 responses in UserExportGdprAction
Tim Düsterhus [Fri, 6 Aug 2021 13:36:30 +0000 (15:36 +0200)]
Add HeaderUtil::withNoCacheHeaders()
Tim Düsterhus [Fri, 6 Aug 2021 13:29:44 +0000 (15:29 +0200)]
Use PSR-7 responses in FullLogoutAction
Tim Düsterhus [Fri, 6 Aug 2021 13:28:51 +0000 (15:28 +0200)]
Use PSR-7 responses in CacheClearAction
Tim Düsterhus [Wed, 11 Aug 2021 11:40:48 +0000 (13:40 +0200)]
Merge pull request #4454 from WoltLab/psr-7-cache-control-private
Add `cache-control: private` to PSR-7 responses
Tim Düsterhus [Wed, 11 Aug 2021 11:32:06 +0000 (13:32 +0200)]
Clean up the `cache-control` processing in RequestHandler::sendPsr7Response()
Tim Düsterhus [Tue, 10 Aug 2021 15:21:31 +0000 (17:21 +0200)]
Add `cache-control: private` to PSR-7 responses
see #4273
Tim Düsterhus [Tue, 10 Aug 2021 14:08:56 +0000 (16:08 +0200)]
Merge branch 'master' into meta-psr-7
Tim Düsterhus [Tue, 10 Aug 2021 14:06:44 +0000 (16:06 +0200)]
Merge branch '5.4'
Tim Düsterhus [Tue, 10 Aug 2021 14:06:04 +0000 (16:06 +0200)]
Add missing `@since` tags for PSR-7 methods
Tim Düsterhus [Tue, 10 Aug 2021 13:48:44 +0000 (15:48 +0200)]
Merge pull request #4436 from WoltLab/psr-7
Add initial support for sending PSR-7 responses
Tim Düsterhus [Tue, 10 Aug 2021 13:40:25 +0000 (15:40 +0200)]
Merge pull request #4452 from WoltLab/markQuotesForRemoval
Deprecate MessageQuoteAction::markForRemoval()
WoltLab [Tue, 10 Aug 2021 13:30:36 +0000 (13:30 +0000)]
Updating minified JavaScript files
Alexander Ebert [Tue, 10 Aug 2021 13:26:04 +0000 (15:26 +0200)]
Release 5.4.4
Tim Düsterhus [Tue, 10 Aug 2021 13:15:22 +0000 (15:15 +0200)]
Deprecate MessageQuoteAction::markForRemoval()
This method is no longer used as of commit
9d118fa4c035827b399acdcb4c6c05ad1be5f3c5 (3.0.x).
Tim Düsterhus [Tue, 10 Aug 2021 12:36:32 +0000 (14:36 +0200)]
Tim Düsterhus [Tue, 10 Aug 2021 12:34:12 +0000 (14:34 +0200)]
Tim Düsterhus [Tue, 10 Aug 2021 10:19:35 +0000 (12:19 +0200)]
Merge branch '5.4'
mutec [Tue, 10 Aug 2021 10:06:27 +0000 (12:06 +0200)]
use the sessions language id instead of the user's default in `I18nDatabaseObjectList`
`WCF::getUser()->languageID` doesn't return a valid language id as integer in every case. Additionally we (normally) want to use a specific language or the session's language - which might be different from the user's default in some moments.
see #4407
Alexander Ebert [Tue, 10 Aug 2021 09:05:07 +0000 (11:05 +0200)]
Release 5.4.3
WoltLab [Mon, 9 Aug 2021 16:39:16 +0000 (16:39 +0000)]
Updating minified JavaScript files
Alexander Ebert [Mon, 9 Aug 2021 16:36:13 +0000 (18:36 +0200)]
Workaround for unfreezing the screen in iOS Safari
The change to the CSS class and the properties cause a recalculation that could sometimes interfere with the page scrolling.
Forcing the scrolling into the next iteration of the event loop solves this issue by separating both actions. Since the scrolling does depend on the actions in the lines above it, this is reasonably safe to do.
Tim Düsterhus [Mon, 9 Aug 2021 15:18:13 +0000 (17:18 +0200)]
Merge pull request #4451 from WoltLab/multiselect-condition
Fix conditions for MultiSelectOptionType
joshuaruesweg [Mon, 9 Aug 2021 13:22:31 +0000 (15:22 +0200)]
Fix sorting status column in emailLogList.tpl
Tim Düsterhus [Fri, 9 Jul 2021 14:58:42 +0000 (16:58 +0200)]
Fix conditions for MultiSelectOptionType
This cleans up the SQL conditions used for searching for users with a specific
selection and fixes the following issues:
- It avoids the use of `escapeString()` in favor of proper prepared statements.
- It avoids the use of `preg_quote()` to escape a regular expression for use in
MySQL, which might not be safe.
- It fixes matching when the options are later reordered, as the saved value is
not being normalized and instead reused the order of the options within the
select.
The generated query does not look great, but is not really worse than the
regular expression either.
In the future it might be possible to migrate this option type to a JSON based
storage and to use `JSON_CONTAINS()`.
Tim Düsterhus [Mon, 9 Aug 2021 12:39:01 +0000 (14:39 +0200)]
Merge branch '5.4'
Alexander Ebert [Mon, 9 Aug 2021 12:00:00 +0000 (14:00 +0200)]
Skip XML that have been unchanged for 5.3 -> 5.4
Alexander Ebert [Mon, 9 Aug 2021 10:53:43 +0000 (12:53 +0200)]
Merge pull request #4445 from WoltLab/template-sandbox-foreachvars
Sandbox `foreachVars` in templates
Tim Düsterhus [Mon, 9 Aug 2021 09:48:45 +0000 (11:48 +0200)]
Merge branch '5.4'
Marcel Werk [Mon, 9 Aug 2021 09:35:07 +0000 (11:35 +0200)]
Merge pull request #4446 from WoltLab/mfa-setup-allocation-failed
Show nicer error message if allocating the MFA setup fails
Tim Düsterhus [Mon, 9 Aug 2021 09:27:51 +0000 (11:27 +0200)]
Show nicer error message if allocating the MFA setup fails
`Setup::allocateSetUpId` can deadlock if the form is submitted twice at the
same time. This error should not be normally seen by the user. If they do they
will be directed to "Try again" and then see that MFA is active, because one of
the requests succeeded. They will also receive the info mail letting them know
where to regenerate their backup codes if necessary.
Tim Düsterhus [Mon, 9 Aug 2021 09:07:27 +0000 (11:07 +0200)]
Add RejectEverythingFormField if email MFA is already active
We must not allow submitting the form in this case, because we will trigger the
assertion otherwise.
Tim Düsterhus [Mon, 9 Aug 2021 09:06:39 +0000 (11:06 +0200)]
Fix assertion in EmailMultifactorMethod::processManagementForm()
Alexander Ebert [Sun, 8 Aug 2021 09:29:26 +0000 (11:29 +0200)]
Sandbox `foreachVars` in templates
Nesting the same template inside a `foreach` loop that is also accessed inside the nested call will overwrite the values from the outer template due to identical identifiers being used.
The sandbox did not protected `$this->foreachVars` despite being stateful.
See #4431
Fixes #4444
Marcel Werk [Sat, 7 Aug 2021 09:42:38 +0000 (11:42 +0200)]
Search for not filled user option fields was not possible
Marcel Werk [Sat, 7 Aug 2021 09:18:22 +0000 (11:18 +0200)]
Improved acp search
Closes #3335
Alexander Ebert [Sat, 7 Aug 2021 08:48:34 +0000 (10:48 +0200)]
Merge branch '5.4'
Alexander Ebert [Sat, 7 Aug 2021 08:48:11 +0000 (10:48 +0200)]
Merge pull request #4442 from SoftCreatR/css-optimizations
Prefixed CSS First
Sascha Greuel [Fri, 6 Aug 2021 18:42:21 +0000 (20:42 +0200)]
Prefixed CSS First
Ensured vendor-prefixed versions of a CSS property are listed before the standardized, unprefixed version.
When multiple versions of the same CSS property are specified, the last supported one will be used due to how browsers handle fallback values. This means the order matters when using both vendor-prefixed and unprefixed versions of the same property. Specifically, the unprefixed version must be listed last to ensure standardized behavior takes precedence.
Alexander Ebert [Fri, 6 Aug 2021 16:15:55 +0000 (18:15 +0200)]
Removing inline formatting yielded empty elements and broke the selection
See https://community.woltlab.com/thread/291496-fettmarkierung-bei-einem-einzelnen-wort-kann-nicht-mehr-entfernt-werden/
Alexander Ebert [Fri, 6 Aug 2021 14:44:42 +0000 (16:44 +0200)]
Strip de fact empty paragraphs in messages
Tim Düsterhus [Fri, 6 Aug 2021 13:25:14 +0000 (15:25 +0200)]
Merge branch '5.4'
WoltLab [Fri, 6 Aug 2021 12:52:45 +0000 (12:52 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Fri, 6 Aug 2021 12:44:42 +0000 (14:44 +0200)]
Merge pull request #4440 from WoltLab/sourcemap-proxy
Add proxy_sourcemap.php
Alexander Ebert [Fri, 6 Aug 2021 12:41:10 +0000 (14:41 +0200)]
Merge branch '5.3' into 5.4
Alexander Ebert [Fri, 6 Aug 2021 12:41:00 +0000 (14:41 +0200)]
Prevent submitting an empty message to the preview
Tim Düsterhus [Fri, 6 Aug 2021 12:34:52 +0000 (14:34 +0200)]
Merge pull request #4441 from WoltLab/acp-logout-to-reauth
Redirect the user to ACP reauthentication instead of frontend after logout
Tim Düsterhus [Fri, 6 Aug 2021 08:04:23 +0000 (10:04 +0200)]
Add proxy_sourcemap.php
Tim Düsterhus [Fri, 6 Aug 2021 11:43:36 +0000 (13:43 +0200)]
Redirect the user to ACP reauthentication instead of frontend after logout
Tim Düsterhus [Fri, 6 Aug 2021 11:34:59 +0000 (13:34 +0200)]
Revert "Update Open Sans"
This reverts Open Sans back to the non-variable version, as the variable one
appears to render pretty badly on Windows.
This reverts commit
33c8866a790e9e6bc46358f6e82df76d2e32f56e.
Tim Düsterhus [Fri, 6 Aug 2021 10:32:25 +0000 (12:32 +0200)]
Merge branch '5.4'
Tim Düsterhus [Fri, 6 Aug 2021 10:31:18 +0000 (12:31 +0200)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Fri, 6 Aug 2021 10:26:36 +0000 (12:26 +0200)]
Merge branch '5.2' into 5.3
Joshua Rüsweg [Fri, 6 Aug 2021 09:22:18 +0000 (11:22 +0200)]
Merge pull request #4439 from xopez/5.2
Fixes Bings Sitemap Howto
Marcel Werk [Thu, 5 Aug 2021 15:56:02 +0000 (17:56 +0200)]
Reactions were not displayed in article list when sorted by title
Marcel Werk [Thu, 5 Aug 2021 15:48:20 +0000 (17:48 +0200)]
Mark as read doesn't removed the badge in the mobile menu
xopez [Thu, 5 Aug 2021 14:55:45 +0000 (16:55 +0200)]
Fixes Bings Sitemap Howto
This includes the correct links if the Bing Webmaster Tools help & how-to for sitemaps.
Tim Düsterhus [Thu, 5 Aug 2021 13:44:44 +0000 (15:44 +0200)]
Merge pull request #4438 from WoltLab/5.4-fix-missing-salts
Fix having an incorrect parameter if a hash does not contains a salt
Tim Düsterhus [Thu, 5 Aug 2021 13:03:09 +0000 (15:03 +0200)]
Use less specific return type for ReauthenticationForm::getRedirectResponse()
Tim Düsterhus [Thu, 5 Aug 2021 12:58:38 +0000 (14:58 +0200)]
Add AbstractPage::hasPsr7Response()
Tim Düsterhus [Thu, 5 Aug 2021 12:55:36 +0000 (14:55 +0200)]
Use less generic name for the PSR-7 methods in AbstractPage
joshuaruesweg [Thu, 5 Aug 2021 12:43:29 +0000 (14:43 +0200)]
Fix having an incorrect parameter if a hash does not contains a salt
Fixes #4416
Tim Düsterhus [Thu, 5 Aug 2021 11:50:22 +0000 (13:50 +0200)]
Use PSR-7 responses for if-none-match in MediaPage
Tim Düsterhus [Thu, 5 Aug 2021 11:48:40 +0000 (13:48 +0200)]
Use PSR-7 responses for if-none-match in AttachmentPage
Tim Düsterhus [Thu, 5 Aug 2021 11:43:09 +0000 (13:43 +0200)]
Use PSR-7 responses for redirect in ReauthenticationForm
Alexander Ebert [Thu, 5 Aug 2021 11:39:03 +0000 (13:39 +0200)]
Reset the avatar cache to force the use of the WebP variants
Fixes #4424
joshuaruesweg [Thu, 5 Aug 2021 11:04:46 +0000 (13:04 +0200)]
Delete reaction type icon on delete action
Tim Düsterhus [Thu, 5 Aug 2021 10:52:28 +0000 (12:52 +0200)]
Allow the use of `return` for PSR-7 responses in AbstractForm/AbstractPage
Tim Düsterhus [Thu, 5 Aug 2021 10:42:47 +0000 (12:42 +0200)]
Add PSR-7 support to AbstractPage and AbstractForm
Tim Düsterhus [Thu, 5 Aug 2021 10:01:30 +0000 (12:01 +0200)]
Use PSR-7 responses in RescueModeForm::__run()
Tim Düsterhus [Thu, 5 Aug 2021 08:42:39 +0000 (10:42 +0200)]
Use PSR-7 responses in ImageProxyAction
Tim Düsterhus [Thu, 5 Aug 2021 08:41:17 +0000 (10:41 +0200)]
Use PSR-7 responses in DeleteSessionAction
Tim Düsterhus [Thu, 5 Aug 2021 08:40:00 +0000 (10:40 +0200)]
Use PSR-7 responses in LogoutAction
Tim Düsterhus [Tue, 13 Jul 2021 14:02:33 +0000 (16:02 +0200)]
Pass through the return value of parent::__run() in controllers
Tim Düsterhus [Thu, 5 Aug 2021 08:37:07 +0000 (10:37 +0200)]
Support sending PSR-7 responses in AbstractAction
Tim Düsterhus [Thu, 5 Aug 2021 08:36:06 +0000 (10:36 +0200)]
Support sending PSR-7 responses from controllers
Tim Düsterhus [Thu, 5 Aug 2021 08:34:55 +0000 (10:34 +0200)]
Add laminas/laminas-httphandlerrunner to composer dependencies
Tim Düsterhus [Thu, 5 Aug 2021 08:33:04 +0000 (10:33 +0200)]
Add laminas/laminas-diactoros to composer dependencies
Tim Düsterhus [Thu, 5 Aug 2021 09:40:52 +0000 (11:40 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Thu, 5 Aug 2021 09:40:26 +0000 (11:40 +0200)]
Merge branch '5.4'
Tim Düsterhus [Thu, 5 Aug 2021 09:40:15 +0000 (11:40 +0200)]
Run SCSS prettier
Tim Düsterhus [Thu, 5 Aug 2021 07:16:18 +0000 (09:16 +0200)]
Fix typo in watchedArticleList.tpl
Tim Düsterhus [Wed, 4 Aug 2021 13:32:52 +0000 (15:32 +0200)]
Merge branch '5.4'
Tim Düsterhus [Wed, 4 Aug 2021 13:32:36 +0000 (15:32 +0200)]
Merge branch '5.3' into 5.4
Marcel Werk [Wed, 4 Aug 2021 13:27:50 +0000 (15:27 +0200)]
Some external links in the admin panel did not open in a new window
Alexander Ebert [Wed, 4 Aug 2021 12:23:34 +0000 (14:23 +0200)]
Trim the preview height using traditional overflow
`-webkit-line-clamp` is broken in Firefox and Safari once complex HTML is used.
See https://community.woltlab.com/thread/291373-rich-embeds-mit-liste-fehlerhaft/
Alexander Ebert [Wed, 4 Aug 2021 11:49:05 +0000 (13:49 +0200)]
Skip the user menu initialization if there are no items
Alexander Ebert [Wed, 4 Aug 2021 10:33:43 +0000 (12:33 +0200)]
Detect `<center>` as a block element
Tim Düsterhus [Wed, 4 Aug 2021 09:26:15 +0000 (11:26 +0200)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Wed, 4 Aug 2021 09:25:25 +0000 (11:25 +0200)]
Merge pull request #4435 from WoltLab/php-ddl-diff
PHP DDL Fixes
Tim Düsterhus [Wed, 4 Aug 2021 08:57:06 +0000 (10:57 +0200)]
Take the array key into account when checking whether a column is up to date in DatabaseTableChangeProcessor
Previously updating a column that looks like this:
column VARCHAR(1) NOT NULL
to:
column VARCHAR(1) NULL
would not do anything.
Converted into the `getData()` representation of the PHP DDL API these would
look like:
[ 'default' => null
, 'notNull' => 1
, 'type' => 'VARCHAR'
, 'length' => 1
]
and
[ 'default' => null
, 'notNull' => 0
, 'type' => 'VARCHAR'
, 'length' => 1
]
respectively.
Now taking the diff of the first array against the second array (subtracting
the second from the first) will remove *both* 1 values, resulting in an
empty difference, thus believing both columns are identical.
Fix this issue by using `array_diff_assoc` which will also take the key into
account.
Tim Düsterhus [Wed, 4 Aug 2021 08:36:12 +0000 (10:36 +0200)]
Take the array key into account when checking whether a KEY is up to date in DatabaseTableChangeProcessor
Previously updating a (pretty contrived) KEY that looks like this:
[…] UNIQUE KEY someIndex (`UNIQUE`)
to:
[…] KEY someIndex (`UNIQUE`)
would not do anything.
Converted into the `getData()` representation of the PHP DDL API these would
look like:
[ 'columns' => 'UNIQUE'
, 'type' => 'UNIQUE'
]
and
[ 'columns' => 'UNIQUE'
, 'type' => null
]
respectively.
Now taking the diff of the first array against the second array (subtracting
the second from the first) will remove *both* 'UNIQUE' values, resulting in an
empty difference, thus believing both KEYs are identical.
Fix this issue by using `array_diff_assoc` which will also take the key into
account.