Commit Graph

3474 Commits

Author SHA1 Message Date
Franz Liedke
10ba2e9464 Revert "Remove deprecated bootstrap.php fallback"
This reverts commit 4abd6d61a9.

We will keep this fallback in place, to avoid unnecessary breakage of
backwards compatibility for extension authors.

Removal is planned for the final 0.1 release.
2019-07-14 22:22:06 +02:00
Franz Liedke
928b360135 Clean up database query
- Use existing `selectRaw()` method to avoid using the global `app()`
  helper as a service locator, which hides dependencies.
- Do the same for the join.
- The `Expression` is necessary to prevent the aliased column from being
  prefixed with the database table prefix, if configured.
2019-07-11 22:35:19 +02:00
dependabot[bot]
2697397376 Bump lodash-es from 4.17.11 to 4.17.14 in /js (#1818)
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-11 09:21:17 +02:00
Daniël Klabbers
ffb7495266 fixed class property hint for event post content attribute 2019-07-09 08:31:48 +02:00
Daniël Klabbers
84a3edaba8 fix return type hint for event post content attribute 2019-07-09 08:30:10 +02:00
David Sevilla Martín
aa442f2cb8 Set Whoops middleware HTTP status to error code (#1648)
* Use error code for HTTP status, defaults to 500
* Use logic from HandleErrorsWithView, make sure status is valid
2019-07-07 14:57:40 +02:00
Daniël Klabbers
7e0855d9da moved GetDisplayName event to User namespace (#1768) 2019-07-06 19:27:44 +02:00
Franz Liedke
741ce3acd4 Get rid of unnecessary method 2019-07-06 02:25:06 +02:00
Franz Liedke
4abd6d61a9 Remove deprecated bootstrap.php fallback
Closes #1557.
2019-07-06 02:11:09 +02:00
Franz Liedke
f19d80ee0f Travis: Allow PHP 7.4 to fail for now
We are currently experiencing issues due to Mockery not yet being 100%
compatible with PHP.

See https://github.com/mockery/mockery/pull/980.
2019-07-06 01:56:54 +02:00
Franz Liedke
67040303f9 Update test libraries 2019-07-06 01:49:55 +02:00
Franz Liedke
7c05033405 Travis: Test against the upcoming PHP 7.4 2019-07-06 01:30:59 +02:00
Franz Liedke
1ea617239b Convert more helpers in tests 2019-07-06 01:30:59 +02:00
Franz Liedke
5103a50711 Type hint contract, not implementation 2019-07-06 01:30:58 +02:00
Franz Liedke
32e84d651c Use Laravel's class-based Str and Arr helpers
Starting with version 5.9, the global funtions will be deprecated.

* https://laravel-news.com/laravel-5-8-deprecates-string-and-array-helpers
* https://github.com/laravel/framework/pull/26898
2019-07-06 01:30:58 +02:00
Franz Liedke
039973c5f8 Issue templates: Remove vulnerability information
GitHub now automatically displays this information (or rather, links to
the Security Policy) at the issue type selection page.
2019-07-06 00:08:55 +02:00
Franz Liedke
c76f606437 Use class constant instead of strings 2019-07-06 00:03:25 +02:00
Franz Liedke
bbd0cc5676 Add descriptions to custom Composer scripts 2019-07-05 23:34:23 +02:00
David Sevilla Martín
02ab9eb905 Update Application version string to beta 9 (#1784) 2019-07-05 12:37:02 +02:00
flarum-bot
eb68b3ec3a Bundled output for commit 26b9a3ec69 [skip ci] 2019-06-27 19:23:54 +00:00
David Sevilla Martín
26b9a3ec69 Merge pull request #1803 from flarum/ds/1777-previous-route-default
Visit home page if previous route does not exist when going back in history
2019-06-27 15:17:41 -04:00
David Sevilla Martín
28e5f5cdb2 Update CHANGELOG.md 2019-06-27 15:07:53 -04:00
David Sevilla Martín
20dfcfc39c Visit home page if no previous route exists
Fixes #1777
2019-06-27 14:58:05 -04:00
Daniël Klabbers
f71db08467 added changelog item for mediumText fix in posts.content 2019-06-24 14:57:13 +02:00
Daniël Klabbers
b7e1cfd88e Merge branch 'master' of github.com:flarum/core 2019-06-24 14:55:05 +02:00
Daniël Klabbers
0b7c611715 fixes #1801, increasing the size of posts.content to mediumText correctly 2019-06-24 14:53:56 +02:00
Daniël Klabbers
c443aa09e3 fixed tests on master, missing views directory and suppressing notices from tempnam when storing files in tmp 2019-06-24 13:00:36 +02:00
Daniël Klabbers
cbd57be8f1 Merge branch 'master' into advisory-fix-1 2019-06-24 12:53:37 +02:00
Daniël Klabbers
de5ab3a436 Merge branch 'master' of github.com:flarum/core 2019-06-24 10:49:39 +02:00
Daniël Klabbers
96bf238aea removed link to home, go back, which is always the case with csrf token invalidation 2019-06-24 10:49:31 +02:00
Daniël Klabbers
c935f8c74d Apply fixes from StyleCI (#1800)
[ci skip] [skip ci]
2019-06-24 09:15:15 +02:00
Franz Liedke
a65074d01b Merge pull request from GHSA-3wjh-93gr-chh6
* Integration tests: Memoize request handler as well

This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).

* Add tests for CSRF token check

* Integration tests: Configure vendor path

Now that this is possible, make the easy change...

* Implement middleware for CSRF token verification

This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.

* Accept CSRF token in request body as well

* Refactor tests to shorten HTTP requests

Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.

* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware

* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.

* added custom view, now needs translation
2019-06-24 09:14:38 +02:00
Daniël Klabbers
f49564b548 added custom view, now needs translation 2019-06-22 19:40:20 +02:00
Daniël Klabbers
304e36ca22 Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
2019-06-18 17:45:29 +02:00
Daniël Klabbers
b69b24eea6 Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
2019-06-18 17:22:23 +02:00
Daniël Klabbers
6fe9ea3dee Update CHANGELOG.md
clarifying reason for change on the `like` fix
2019-06-13 09:13:31 +02:00
Franz Liedke
5a16992398 Update changelog 2019-06-13 01:03:39 +02:00
Franz Liedke
953cae0de1 Refactor tests to shorten HTTP requests
Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.
2019-06-13 00:13:59 +02:00
Franz Liedke
3899cd8487 Accept CSRF token in request body as well 2019-06-13 00:13:58 +02:00
Franz Liedke
aa43d1475e Implement middleware for CSRF token verification
This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.
2019-06-13 00:13:58 +02:00
Franz Liedke
69fdd82ffc Add tests for CSRF token check 2019-06-13 00:13:57 +02:00
Franz Liedke
53cc505037 Integration tests: Configure vendor path
Now that this is possible, make the easy change...
2019-06-13 00:13:57 +02:00
Franz Liedke
a7259bbd5f Integration tests: Memoize request handler as well
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
2019-06-13 00:13:57 +02:00
Franz Liedke
5632ffb62b Integration tests: Fix test setup 2019-06-13 00:13:38 +02:00
Franz Liedke
3f2d1ffd02 Fix syntax error 2019-06-13 00:11:57 +02:00
Franz Liedke
ae409751c1 Apply fixes from StyleCI (#1793)
[ci skip] [skip ci]
2019-06-12 23:50:21 +02:00
Franz Liedke
a5b70d5175 Introduce a vendor path
This lets us or anyone modify the path from where dependencies (usually
installed into /vendor by Composer) are loaded. We need to be able to
tweak this in our integration tests, where the application code under
test needs access to certain dependencies.
2019-06-12 23:48:22 +02:00
Franz Liedke
ab731f090f Inject app, not container, to avoid global helpers 2019-06-12 23:48:22 +02:00
Daniël Klabbers
20207e1294 Update CHANGELOG.md
added fix for js compiler tmp path fix to changelog
2019-06-12 17:18:21 +02:00
Daniël Klabbers
e8beafa1d4 Merge branch 'master' of github.com:flarum/core 2019-06-12 16:47:15 +02:00