github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-13 15:02:45 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,387 Commits 90 Branches 52 Tags 191 MiB
a4910f3d94
Commit Graph

3387 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franz Liedke
d00fc2c49d
Remove obsolete constructor parameter 
This was removed in commit 484c6d2e.
 2019-08-10 00:16:21 +02:00
flarum-bot
f3b889a665 Bundled output for commit c5122bf5d5 [skip ci] 2019-08-08 23:12:56 +00:00
Franz Liedke
c5122bf5d5
a11y: Try to make screenreaders read tooltips 
Refs #1835.
 2019-08-08 22:40:30 +02:00
David Sevilla Martín
5ed55195e1 Add canonical URL to discussion list (#1814) 2019-08-08 00:01:25 +02:00
Franz Liedke
8604ea3020
Bypass CSRF token check when using access tokens 
Fixes #1828.
 2019-08-01 22:53:31 +02:00
Franz Liedke
2648e960a7
Make exception message dynamic as well 2019-08-01 22:25:28 +02:00
Daniël Klabbers
f0dff95d62 Merge branch 'master' of github.com:flarum/core 2019-07-31 17:10:47 +02:00
Daniël Klabbers
894db01ad8 Allows configuration of where the language files live. So that 
language packs can optionally decide for themselves if they want
to use a different directory.
 2019-07-31 17:10:13 +02:00
Franz Liedke
bd04023359
Determine default route after extensions 
Fixes #1819.
 2019-07-30 00:56:29 +02:00
Franz Liedke
f357434a72
PHPUnit: Get rid of deprecated annotation 
Refs #1795.
 2019-07-30 00:09:10 +02:00
Daniël Klabbers
c2586586c4 fixes #1695, take into consideration is_private with counts on User stats 2019-07-28 20:59:12 +02:00
Daniël Klabbers
06cd062a1b fixed ci, make green again; mysql service wasnt booted 2019-07-27 22:24:39 +02:00
Franz Liedke
1502fc98d8
Prevent MySQL search operators from taking effect 
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.

Fixes #1498.
 2019-07-23 23:55:06 +02:00
Franz Liedke
ed97989ca2
Revert "Remove deprecated bootstrap.php fallback" 
This reverts commit f8061bbca1.

We will keep this fallback in place, to avoid unnecessary breakage of
backwards compatibility for extension authors.

Removal is planned for the final 0.1 release.
 2019-07-14 22:22:06 +02:00
Franz Liedke
7f1048352d
Clean up database query 
- Use existing `selectRaw()` method to avoid using the global `app()`
  helper as a service locator, which hides dependencies.
- Do the same for the join.
- The `Expression` is necessary to prevent the aliased column from being
  prefixed with the database table prefix, if configured.
 2019-07-11 22:35:19 +02:00
dependabot[bot]
d2700961ba Bump lodash-es from 4.17.11 to 4.17.14 in /js (#1818) 
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14)

Signed-off-by: dependabot[bot] <support@github.com>
 2019-07-11 09:21:17 +02:00
Daniël Klabbers
b2dbb0439c fixed class property hint for event post content attribute 2019-07-09 08:31:48 +02:00
Daniël Klabbers
085c924a07 fix return type hint for event post content attribute 2019-07-09 08:30:10 +02:00
David Sevilla Martín
f31f02d4cc Set Whoops middleware HTTP status to error code (#1648) 
* Use error code for HTTP status, defaults to 500
* Use logic from HandleErrorsWithView, make sure status is valid
 2019-07-07 14:57:40 +02:00
Daniël Klabbers
797f6eea50 moved GetDisplayName event to User namespace (#1768) 2019-07-06 19:27:44 +02:00
Franz Liedke
9fb3a31b51
Get rid of unnecessary method 2019-07-06 02:25:06 +02:00
Franz Liedke
f8061bbca1
Remove deprecated bootstrap.php fallback 
Closes #1557.
 2019-07-06 02:11:09 +02:00
Franz Liedke
de67927ef2
Travis: Allow PHP 7.4 to fail for now 
We are currently experiencing issues due to Mockery not yet being 100%
compatible with PHP.

See https://github.com/mockery/mockery/pull/980.
 2019-07-06 01:56:54 +02:00
Franz Liedke
8c841c3266
Update test libraries 2019-07-06 01:49:55 +02:00
Franz Liedke
2f656146a7
Travis: Test against the upcoming PHP 7.4 2019-07-06 01:30:59 +02:00
Franz Liedke
d66d2aa26e
Convert more helpers in tests 2019-07-06 01:30:59 +02:00
Franz Liedke
f4c0d4ba87
Type hint contract, not implementation 2019-07-06 01:30:58 +02:00
Franz Liedke
646bd40bca
Use Laravel's class-based Str and Arr helpers 
Starting with version 5.9, the global funtions will be deprecated.

* https://laravel-news.com/laravel-5-8-deprecates-string-and-array-helpers
* https://github.com/laravel/framework/pull/26898
 2019-07-06 01:30:58 +02:00
Franz Liedke
307b912019
Issue templates: Remove vulnerability information 
GitHub now automatically displays this information (or rather, links to
the Security Policy) at the issue type selection page.
 2019-07-06 00:08:55 +02:00
Franz Liedke
cbc896eba7
Use class constant instead of strings 2019-07-06 00:03:25 +02:00
Franz Liedke
cc4e4a068b
Add descriptions to custom Composer scripts 2019-07-05 23:34:23 +02:00
David Sevilla Martín
a720f6f651 Update Application version string to beta 9 (#1784) 2019-07-05 12:37:02 +02:00
flarum-bot
54d7c0d3b6 Bundled output for commit b5876d9f31 [skip ci] 2019-06-27 19:23:54 +00:00
David Sevilla Martín
b5876d9f31
Merge pull request #1803 from flarum/ds/1777-previous-route-default 
Visit home page if previous route does not exist when going back in history
 2019-06-27 15:17:41 -04:00
David Sevilla Martín
25ef4c10bd
Update CHANGELOG.md 2019-06-27 15:07:53 -04:00
David Sevilla Martín
985b87da6c
Visit home page if no previous route exists 
Fixes #1777
 2019-06-27 14:58:05 -04:00
Daniël Klabbers
a6aa28566c added changelog item for mediumText fix in posts.content 2019-06-24 14:57:13 +02:00
Daniël Klabbers
e3340ba3e1 Merge branch 'master' of github.com:flarum/core 2019-06-24 14:55:05 +02:00
Daniël Klabbers
590b311570 fixes #1801, increasing the size of posts.content to mediumText correctly 2019-06-24 14:53:56 +02:00
Daniël Klabbers
935a968257 fixed tests on master, missing views directory and suppressing notices from tempnam when storing files in tmp 2019-06-24 13:00:36 +02:00
Daniël Klabbers
fe558eb0ba Merge branch 'master' into advisory-fix-1 2019-06-24 12:53:37 +02:00
Daniël Klabbers
fda9cba4ce Merge branch 'master' of github.com:flarum/core 2019-06-24 10:49:39 +02:00
Daniël Klabbers
89f6cfd949 removed link to home, go back, which is always the case with csrf token invalidation 2019-06-24 10:49:31 +02:00
Daniël Klabbers
803582c437
Apply fixes from StyleCI (#1800) 
[ci skip] [skip ci]
 2019-06-24 09:15:15 +02:00
Franz Liedke
8e86d38804 Merge pull request from GHSA-3wjh-93gr-chh6 
* Integration tests: Memoize request handler as well

This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).

* Add tests for CSRF token check

* Integration tests: Configure vendor path

Now that this is possible, make the easy change...

* Implement middleware for CSRF token verification

This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.

* Accept CSRF token in request body as well

* Refactor tests to shorten HTTP requests

Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.

* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware

* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.

* added custom view, now needs translation
 2019-06-24 09:14:38 +02:00
Daniël Klabbers
fd66722945 added custom view, now needs translation 2019-06-22 19:40:20 +02:00
Daniël Klabbers
ce42b5e035 Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set. 
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
 2019-06-18 17:45:29 +02:00
Daniël Klabbers
bfd3a667dd Fixed issue with tmp/storage/views not existing, this caused tmpname to notice. 
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
 2019-06-18 17:22:23 +02:00
Daniël Klabbers
b669490d33
Update CHANGELOG.md 
clarifying reason for change on the `like` fix
 2019-06-13 09:13:31 +02:00
Franz Liedke
ba956f51ac
Update changelog 2019-06-13 01:03:39 +02:00