joshuaruesweg [Wed, 6 Apr 2022 08:41:04 +0000 (10:41 +0200)]
Use internal class to mask IP addresses
Marcel Werk [Tue, 5 Apr 2022 14:06:13 +0000 (16:06 +0200)]
Article teaser was incorrectly formatted when automatically generated from the article content
Marcel Werk [Tue, 5 Apr 2022 13:59:00 +0000 (15:59 +0200)]
Fixed wrong margin for content item images
Alexander Ebert [Mon, 4 Apr 2022 13:47:47 +0000 (15:47 +0200)]
Removed obsolete method calls of deprecated method
See #4718
Alexander Ebert [Mon, 4 Apr 2022 13:46:30 +0000 (15:46 +0200)]
Removed unused code from WSC <3.0
See #4718
Joshua Rüsweg [Mon, 4 Apr 2022 13:16:56 +0000 (15:16 +0200)]
Merge pull request #4714 from WoltLab/5.5-fix-ci-file-delete
Make FileDeletePIP safe for ci file systems
joshuaruesweg [Wed, 30 Mar 2022 12:55:03 +0000 (14:55 +0200)]
Make FileDeletePIP safe for ci file systems
Alexander Ebert [Mon, 4 Apr 2022 12:47:00 +0000 (14:47 +0200)]
Added file archive for the upgrade
The current package builder does not handle dynamic files nicely.
Marcel Werk [Mon, 4 Apr 2022 11:22:43 +0000 (13:22 +0200)]
Merge pull request #4713 from WoltLab/content-language-filtering
Option to filter notifications by content language settings
Marcel Werk [Mon, 4 Apr 2022 11:17:02 +0000 (13:17 +0200)]
Added parameter documentation
Marcel Werk [Mon, 4 Apr 2022 11:14:42 +0000 (13:14 +0200)]
Apply suggestions from code review
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
joshuaruesweg [Mon, 4 Apr 2022 07:09:43 +0000 (09:09 +0200)]
Merge branch '5.4'
Sir-Will [Sun, 3 Apr 2022 01:19:51 +0000 (03:19 +0200)]
Update google console link
Closes #4716
Marcel Werk [Thu, 31 Mar 2022 12:11:15 +0000 (14:11 +0200)]
Check permissions before redirecting to the canonical URL
Redirecting to the Canonical URL can lead to information disclosure, for example, if the URL contains the title of the object. Therefore, it is important to check the permissions before redirecting.
Marcel Werk [Thu, 31 Mar 2022 12:06:21 +0000 (14:06 +0200)]
Merge branch '5.4'
Marcel Werk [Thu, 31 Mar 2022 12:05:56 +0000 (14:05 +0200)]
Article system allowed access to titles of hidden articles
The problem was caused by a redirect to the Canonical URL before the permissions were checked.
Marcel Werk [Thu, 31 Mar 2022 09:10:36 +0000 (11:10 +0200)]
Removed duplicate paragraph in privacy policy
Marcel Werk [Wed, 30 Mar 2022 14:41:02 +0000 (16:41 +0200)]
Updated privacy policy
* Renamed Facebook to Meta Platforms
* Add new sections about:
** Storage duration
** General information on the legal basis for the data processing
** Information on data transfer to the USA and other non-EU countries
Marcel Werk [Wed, 30 Mar 2022 13:48:56 +0000 (15:48 +0200)]
Use 'do not track' option for vimeo videos
Joshua Rüsweg [Tue, 29 Mar 2022 15:21:53 +0000 (17:21 +0200)]
Merge pull request #4712 from WoltLab/5.5-eventlistener-validation
Enforce unique names for XML PIPs
Marcel Werk [Tue, 29 Mar 2022 14:38:40 +0000 (16:38 +0200)]
Option to filter notifications by content language settings
Marcel Werk [Tue, 29 Mar 2022 12:36:13 +0000 (14:36 +0200)]
Floating of attachments in simplified HTML did not work properly
Marcel Werk [Tue, 29 Mar 2022 12:11:49 +0000 (14:11 +0200)]
Merge branch '5.4'
Marcel Werk [Tue, 29 Mar 2022 12:01:36 +0000 (14:01 +0200)]
Incorrect handling of GIF cover photos when rebuilding users
joshuaruesweg [Mon, 28 Mar 2022 12:32:41 +0000 (14:32 +0200)]
Fix typo
joshuaruesweg [Mon, 28 Mar 2022 12:31:26 +0000 (14:31 +0200)]
Fix registration with local IPv6 address
Fixes #4689
joshuaruesweg [Mon, 28 Mar 2022 09:02:24 +0000 (11:02 +0200)]
Enforce unique names for userprofilemenus
joshuaruesweg [Mon, 28 Mar 2022 09:02:15 +0000 (11:02 +0200)]
Enforce unique names for smileys
joshuaruesweg [Mon, 28 Mar 2022 09:02:08 +0000 (11:02 +0200)]
Enforce unique names for pages
joshuaruesweg [Mon, 28 Mar 2022 09:02:00 +0000 (11:02 +0200)]
Enforce unique names for objectTypeDefinitions
joshuaruesweg [Mon, 28 Mar 2022 09:01:46 +0000 (11:01 +0200)]
Enforce unique names for menu
joshuaruesweg [Mon, 28 Mar 2022 09:01:40 +0000 (11:01 +0200)]
Enforce unique names for menuitem
joshuaruesweg [Mon, 28 Mar 2022 09:01:29 +0000 (11:01 +0200)]
Enforce unique names for media providers
joshuaruesweg [Mon, 28 Mar 2022 09:01:13 +0000 (11:01 +0200)]
Enforce unique names for cronjobs
joshuaruesweg [Mon, 28 Mar 2022 09:01:05 +0000 (11:01 +0200)]
Enforce unique names for boxes
joshuaruesweg [Mon, 28 Mar 2022 08:59:14 +0000 (10:59 +0200)]
Enforce unique names for bbcodes
joshuaruesweg [Mon, 28 Mar 2022 08:58:58 +0000 (10:58 +0200)]
Enforce unique names for acp search providers
joshuaruesweg [Fri, 25 Mar 2022 14:37:05 +0000 (15:37 +0100)]
Enforce unique names for eventlisteners
joshuaruesweg [Fri, 25 Mar 2022 14:36:38 +0000 (15:36 +0100)]
Add `IUniqueNameXMLPackageInstallationPlugin` to enforce unique names
Debugging is very tedious when elements with non-unique names are supplied in a plugin, because the first element is always overwritten with the second element. This can never be intentional and is always a fault of the developer, which is difficult to find. This interface ensures that all identifiers supplied for a PIP are unique.
Alexander Ebert [Wed, 23 Mar 2022 19:01:35 +0000 (20:01 +0100)]
Mark the anonymous function as static
Alexander Ebert [Wed, 23 Mar 2022 18:45:54 +0000 (19:45 +0100)]
Better UX of disabled flexible button groups
The buttons are now semi transparent to reflect the active value regardless of its state.
Alexander Ebert [Wed, 23 Mar 2022 18:30:31 +0000 (19:30 +0100)]
Moved important pips to the top, smaller layout
Alexander Ebert [Wed, 23 Mar 2022 17:57:22 +0000 (18:57 +0100)]
Stop declaring the tiny builds as experimental
Alexander Ebert [Wed, 23 Mar 2022 13:36:49 +0000 (14:36 +0100)]
Cleaned up a warning about a type mismatch
Alexander Ebert [Wed, 23 Mar 2022 13:35:32 +0000 (14:35 +0100)]
Bad behavior of incorrectly nested BBCodes
Test case:
```
<p>Hello [tt]test<strong>[/tt]</strong> world!</p>
```
Previously the `[/tt]` was implicitly moved to the end of the `</p>`, because parent inline elements were handled incorrectly.
Marcel Werk [Wed, 23 Mar 2022 12:34:33 +0000 (13:34 +0100)]
Merge pull request #4710 from WoltLab/rescue-mode-directory-change
Trigger rescue mode if directory has changed
Marcel Werk [Wed, 23 Mar 2022 12:18:32 +0000 (13:18 +0100)]
Trigger rescue mode if directory has changed
Marcel Werk [Wed, 23 Mar 2022 12:04:01 +0000 (13:04 +0100)]
Removed obsolete google font loading
Tim Düsterhus [Wed, 23 Mar 2022 10:05:03 +0000 (11:05 +0100)]
Update fileDelete.xml
Tim Düsterhus [Wed, 23 Mar 2022 08:10:40 +0000 (09:10 +0100)]
Whitelist `basename` in enterprise mode
Marcel Werk [Tue, 22 Mar 2022 15:20:39 +0000 (16:20 +0100)]
Moved "edit page" button into contentInteractionButtons
Previously, the "edit page" button was not available if the page did not have a title.
Niklas [Tue, 22 Mar 2022 11:22:16 +0000 (12:22 +0100)]
Fix typo in DE language item `wcf.acp.package.validation.errorCode.20` (#4709)
joshuaruesweg [Mon, 21 Mar 2022 15:25:47 +0000 (16:25 +0100)]
Fix typo for `INVALID_EXCLUDED_PACKAGE_VERSION_NUMBER`
Joshua Rüsweg [Mon, 21 Mar 2022 14:52:44 +0000 (15:52 +0100)]
Merge pull request #4708 from WoltLab/5.5-self-exclude
Forbid plugins to exclude itself
joshuaruesweg [Mon, 21 Mar 2022 14:45:34 +0000 (15:45 +0100)]
Add missing `@since` tag for `INVALID_EXCLUDED_PACKAGE_VERSION_NUBMER` constant
joshuaruesweg [Mon, 21 Mar 2022 14:36:48 +0000 (15:36 +0100)]
Forbid plugins to exclude themselves
Joshua Rüsweg [Mon, 21 Mar 2022 14:20:15 +0000 (15:20 +0100)]
Merge pull request #4707 from WoltLab/5.5-exclusion
Support explicit `*` for excluded parameters
joshuaruesweg [Mon, 21 Mar 2022 13:06:44 +0000 (14:06 +0100)]
Add cleanup script to clean invalid excluded versions
joshuaruesweg [Mon, 21 Mar 2022 12:16:01 +0000 (13:16 +0100)]
Support explicit `*` for excluded parameters
Tim Düsterhus [Mon, 21 Mar 2022 10:10:54 +0000 (11:10 +0100)]
Update composer dependencies
Tim Düsterhus [Mon, 21 Mar 2022 10:10:30 +0000 (11:10 +0100)]
Merge branch '5.4'
Tim Düsterhus [Mon, 21 Mar 2022 10:08:46 +0000 (11:08 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Mon, 21 Mar 2022 10:03:59 +0000 (11:03 +0100)]
Merge pull request #4706 from WoltLab/guzzle-psr7-backport
Update guzzlehttp/psr7 to a custom fork
Tim Düsterhus [Sun, 20 Mar 2022 14:22:29 +0000 (15:22 +0100)]
Update guzzlehttp/psr7 to a custom fork
see WoltLab/guzzle-psr7@
ff7be9fcf7da87f971990b1a61d8a7f2b5aeac9b
see WoltLab/guzzle-psr7@
986596de01529f6e837a5cadfef9ec714ace7914
Tim Düsterhus [Fri, 18 Mar 2022 14:01:46 +0000 (15:01 +0100)]
Merge branch '5.4'
Tim Düsterhus [Fri, 18 Mar 2022 13:59:50 +0000 (14:59 +0100)]
Prevent possible brick when the upgrade to 5.5 fails between unpacking of files and unpacking of acptemplates
Tim Düsterhus [Fri, 18 Mar 2022 11:45:05 +0000 (12:45 +0100)]
Merge pull request #4705 from WoltLab/acp-security-headers
Add additional security headers to ACP requests
Tim Düsterhus [Fri, 18 Mar 2022 11:36:49 +0000 (12:36 +0100)]
Add additional security headers to ACP requests
Alexander Ebert [Thu, 17 Mar 2022 16:41:10 +0000 (17:41 +0100)]
Release 5.4.15
Alexander Ebert [Thu, 17 Mar 2022 16:36:32 +0000 (17:36 +0100)]
Release 5.3.21
Alexander Ebert [Thu, 17 Mar 2022 16:34:59 +0000 (17:34 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Thu, 17 Mar 2022 16:33:49 +0000 (17:33 +0100)]
Release 5.2.20
Alexander Ebert [Thu, 17 Mar 2022 16:32:53 +0000 (17:32 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Thu, 17 Mar 2022 16:31:13 +0000 (17:31 +0100)]
Release 3.1.28
Alexander Ebert [Thu, 17 Mar 2022 14:43:27 +0000 (15:43 +0100)]
Release 3.1.28
Tim Düsterhus [Thu, 17 Mar 2022 13:31:44 +0000 (14:31 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:28:38 +0000 (14:28 +0100)]
Merge branch '5.2' into 5.3
WoltLab [Thu, 17 Mar 2022 13:27:24 +0000 (13:27 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:25:53 +0000 (14:25 +0100)]
Merge branch '3.1' into 5.2
WoltLab [Thu, 17 Mar 2022 13:23:56 +0000 (13:23 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Thu, 17 Mar 2022 13:22:22 +0000 (14:22 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Thu, 17 Mar 2022 13:21:34 +0000 (14:21 +0100)]
Merge branch '5.2' into 5.3
Tim Düsterhus [Thu, 17 Mar 2022 13:20:55 +0000 (14:20 +0100)]
Merge branch '3.1' into 5.2
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
(cherry picked from commit
81b770284267db5dc8c8df86e303a20c3ccb8dce)
Tim Düsterhus [Thu, 17 Mar 2022 13:12:25 +0000 (14:12 +0100)]
Merge branch 'cronjobLogList-xss' into 3.1
Tim Düsterhus [Thu, 17 Mar 2022 08:10:12 +0000 (09:10 +0100)]
Fix XSS in the cronjob's error message in cronjobLogList
This can happen if untrusted information, such as the HTTP response body for a
failed Guzzle request, is embedded into the error message.
Thanks to @SoftCreatR for responsibly reporting the issue.
Alexander Ebert [Wed, 16 Mar 2022 19:01:43 +0000 (20:01 +0100)]
Release 5.4.15 dev 3
WoltLab [Wed, 16 Mar 2022 17:31:50 +0000 (17:31 +0000)]
Updating minified JavaScript files
WoltLab [Wed, 16 Mar 2022 17:17:31 +0000 (17:17 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Wed, 16 Mar 2022 16:56:52 +0000 (17:56 +0100)]
Merge remote-tracking branch 'origin/master'
Tim Düsterhus [Wed, 16 Mar 2022 16:56:23 +0000 (17:56 +0100)]
Merge branch '5.4'
Tim Düsterhus [Wed, 16 Mar 2022 16:56:10 +0000 (17:56 +0100)]
Merge branch '5.3' into 5.4
Tim Düsterhus [Wed, 16 Mar 2022 16:55:20 +0000 (17:55 +0100)]
Escape HTML in the filename of the progress indicator during attachment upload
Marcel Werk [Wed, 16 Mar 2022 10:25:20 +0000 (11:25 +0100)]
Merge branch '5.4'
Marcel Werk [Wed, 16 Mar 2022 10:20:11 +0000 (11:20 +0100)]
An array as query string resulted in an error
Tim Düsterhus [Wed, 16 Mar 2022 08:43:54 +0000 (09:43 +0100)]
Merge branch '5.4'
joshuaruesweg [Wed, 16 Mar 2022 08:28:37 +0000 (09:28 +0100)]
Remove `Template.grammar.jison`
joshuaruesweg [Wed, 16 Mar 2022 08:24:48 +0000 (09:24 +0100)]
Delete old JS dir, before recompile TS
This ensures, that there are no superfluous files commited in the JS dir.
Tim Düsterhus [Wed, 16 Mar 2022 08:02:41 +0000 (09:02 +0100)]
Merge pull request #4702 from WoltLab/5.4-unfurl-charset
Catch `ValueError` while convert encoding
joshuaruesweg [Tue, 15 Mar 2022 18:00:53 +0000 (19:00 +0100)]
Catch `ValueError` while convert encoding
Since PHP 8.0 the function `mb_convert_encoding` throws an `ValueError` if the given charset is unknown. Prior to this, a PHP notice is thrown.
Fixes #4697
projects / GitHub / WoltLab / WCF.git / log