github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-11-30 13:36:10 +08:00
Code Issues Actions 26 Packages Projects Releases Wiki Activity
3,137 Commits 87 Branches 50 Tags 181 MiB
dbbfb01e3a
Commit Graph

3137 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franz Liedke
dbbfb01e3a Remove obsolete constructor parameter 
This was removed in commit 7b2807a8.
 2019-08-10 00:16:21 +02:00
flarum-bot
e79d1b8f6b Bundled output for commit 1702929079 [skip ci] 2019-08-08 23:12:56 +00:00
Franz Liedke
1702929079 a11y: Try to make screenreaders read tooltips 
Refs #1835.
 2019-08-08 22:40:30 +02:00
David Sevilla Martín
b3019e72fe Add canonical URL to discussion list (#1814) 2019-08-08 00:01:25 +02:00
Franz Liedke
2fc2cd5863 Bypass CSRF token check when using access tokens 
Fixes #1828.
 2019-08-01 22:53:31 +02:00
Franz Liedke
51b33c8cab Make exception message dynamic as well 2019-08-01 22:25:28 +02:00
Daniël Klabbers
a46c9b0c1d Merge branch 'master' of github.com:flarum/core 2019-07-31 17:10:47 +02:00
Daniël Klabbers
9209a5f588 Allows configuration of where the language files live. So that 
language packs can optionally decide for themselves if they want
to use a different directory.
 2019-07-31 17:10:13 +02:00
Franz Liedke
1169e4aca6 Determine default route after extensions 
Fixes #1819.
 2019-07-30 00:56:29 +02:00
Franz Liedke
b59aef7838 PHPUnit: Get rid of deprecated annotation 
Refs #1795.
 2019-07-30 00:09:10 +02:00
Daniël Klabbers
720c88e73a fixes #1695, take into consideration is_private with counts on User stats 2019-07-28 20:59:12 +02:00
Daniël Klabbers
6745f55ad7 fixed ci, make green again; mysql service wasnt booted 2019-07-27 22:24:39 +02:00
Franz Liedke
7ca47b67c3 Prevent MySQL search operators from taking effect 
We do not want to inherit MySQL's fulltext query language, so let's
just drop all non-word characters from the search term.

Fixes #1498.
 2019-07-23 23:55:06 +02:00
Franz Liedke
10ba2e9464 Revert "Remove deprecated bootstrap.php fallback" 
This reverts commit 4abd6d61a9.

We will keep this fallback in place, to avoid unnecessary breakage of
backwards compatibility for extension authors.

Removal is planned for the final 0.1 release.
 2019-07-14 22:22:06 +02:00
Franz Liedke
928b360135 Clean up database query 
- Use existing `selectRaw()` method to avoid using the global `app()`
  helper as a service locator, which hides dependencies.
- Do the same for the join.
- The `Expression` is necessary to prevent the aliased column from being
  prefixed with the database table prefix, if configured.
 2019-07-11 22:35:19 +02:00
dependabot[bot]
2697397376 Bump lodash-es from 4.17.11 to 4.17.14 in /js (#1818) 
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14)

Signed-off-by: dependabot[bot] <support@github.com>
 2019-07-11 09:21:17 +02:00
Daniël Klabbers
ffb7495266 fixed class property hint for event post content attribute 2019-07-09 08:31:48 +02:00
Daniël Klabbers
84a3edaba8 fix return type hint for event post content attribute 2019-07-09 08:30:10 +02:00
David Sevilla Martín
aa442f2cb8 Set Whoops middleware HTTP status to error code (#1648) 
* Use error code for HTTP status, defaults to 500
* Use logic from HandleErrorsWithView, make sure status is valid
 2019-07-07 14:57:40 +02:00
Daniël Klabbers
7e0855d9da moved GetDisplayName event to User namespace (#1768) 2019-07-06 19:27:44 +02:00
Franz Liedke
741ce3acd4 Get rid of unnecessary method 2019-07-06 02:25:06 +02:00
Franz Liedke
4abd6d61a9 Remove deprecated bootstrap.php fallback 
Closes #1557.
 2019-07-06 02:11:09 +02:00
Franz Liedke
f19d80ee0f Travis: Allow PHP 7.4 to fail for now 
We are currently experiencing issues due to Mockery not yet being 100%
compatible with PHP.

See https://github.com/mockery/mockery/pull/980.
 2019-07-06 01:56:54 +02:00
Franz Liedke
67040303f9 Update test libraries 2019-07-06 01:49:55 +02:00
Franz Liedke
7c05033405 Travis: Test against the upcoming PHP 7.4 2019-07-06 01:30:59 +02:00
Franz Liedke
1ea617239b Convert more helpers in tests 2019-07-06 01:30:59 +02:00
Franz Liedke
5103a50711 Type hint contract, not implementation 2019-07-06 01:30:58 +02:00
Franz Liedke
32e84d651c Use Laravel's class-based Str and Arr helpers 
Starting with version 5.9, the global funtions will be deprecated.

* https://laravel-news.com/laravel-5-8-deprecates-string-and-array-helpers
* https://github.com/laravel/framework/pull/26898
 2019-07-06 01:30:58 +02:00
Franz Liedke
039973c5f8 Issue templates: Remove vulnerability information 
GitHub now automatically displays this information (or rather, links to
the Security Policy) at the issue type selection page.
 2019-07-06 00:08:55 +02:00
Franz Liedke
c76f606437 Use class constant instead of strings 2019-07-06 00:03:25 +02:00
Franz Liedke
bbd0cc5676 Add descriptions to custom Composer scripts 2019-07-05 23:34:23 +02:00
David Sevilla Martín
02ab9eb905 Update Application version string to beta 9 (#1784) 2019-07-05 12:37:02 +02:00
flarum-bot
eb68b3ec3a Bundled output for commit 26b9a3ec69 [skip ci] 2019-06-27 19:23:54 +00:00
David Sevilla Martín
26b9a3ec69 Merge pull request #1803 from flarum/ds/1777-previous-route-default 
Visit home page if previous route does not exist when going back in history
 2019-06-27 15:17:41 -04:00
David Sevilla Martín
28e5f5cdb2 Update CHANGELOG.md 2019-06-27 15:07:53 -04:00
David Sevilla Martín
20dfcfc39c Visit home page if no previous route exists 
Fixes #1777
 2019-06-27 14:58:05 -04:00
Daniël Klabbers
f71db08467 added changelog item for mediumText fix in posts.content 2019-06-24 14:57:13 +02:00
Daniël Klabbers
b7e1cfd88e Merge branch 'master' of github.com:flarum/core 2019-06-24 14:55:05 +02:00
Daniël Klabbers
0b7c611715 fixes #1801, increasing the size of posts.content to mediumText correctly 2019-06-24 14:53:56 +02:00
Daniël Klabbers
c443aa09e3 fixed tests on master, missing views directory and suppressing notices from tempnam when storing files in tmp 2019-06-24 13:00:36 +02:00
Daniël Klabbers
cbd57be8f1 Merge branch 'master' into advisory-fix-1 2019-06-24 12:53:37 +02:00
Daniël Klabbers
de5ab3a436 Merge branch 'master' of github.com:flarum/core 2019-06-24 10:49:39 +02:00
Daniël Klabbers
96bf238aea removed link to home, go back, which is always the case with csrf token invalidation 2019-06-24 10:49:31 +02:00
Daniël Klabbers
c935f8c74d Apply fixes from StyleCI (#1800) 
[ci skip] [skip ci]
 2019-06-24 09:15:15 +02:00
Franz Liedke
a65074d01b Merge pull request from GHSA-3wjh-93gr-chh6 
* Integration tests: Memoize request handler as well

This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).

* Add tests for CSRF token check

* Integration tests: Configure vendor path

Now that this is possible, make the easy change...

* Implement middleware for CSRF token verification

This fixes a rather large oversight in Flarum's codebase, which was that
we had no explicit CSRF protection using the traditional token approach.

The JS frontend was actually sending these tokens, but the backend did
not require them.

* Accept CSRF token in request body as well

* Refactor tests to shorten HTTP requests

Multiple tests now provide JSON request bodies, and others copy cookies
from previous responses, so let's provide convenient helpers for these.

* Fixed issue with tmp/storage/views not existing, this caused tmpname to notice.
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware

* Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set.
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.

* added custom view, now needs translation
 2019-06-24 09:14:38 +02:00
Daniël Klabbers
f49564b548 added custom view, now needs translation 2019-06-22 19:40:20 +02:00
Daniël Klabbers
304e36ca22 Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set. 
Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default.
 2019-06-18 17:45:29 +02:00
Daniël Klabbers
b69b24eea6 Fixed issue with tmp/storage/views not existing, this caused tmpname to notice. 
Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
 2019-06-18 17:22:23 +02:00
Daniël Klabbers
6fe9ea3dee Update CHANGELOG.md 
clarifying reason for change on the `like` fix
 2019-06-13 09:13:31 +02:00
Franz Liedke
5a16992398 Update changelog 2019-06-13 01:03:39 +02:00