Sets some reasonable limits, which are higher when logged in since that
infers a little extra trust.
Helps prevent against large resource consuption attacks via super heavy
search queries.
Thanks to Gabriel Rodrigues AKA TEXUGO for reporting.
Checks files within the ZIP again the app upload file limit
before using/streaming/extracting, to help ensure that they do no exceed
what might be expected on that instance, and to prevent disk exhaustion
via things like super high compression ratio files.
Thanks to Jeong Woo Lee (eclipse07077-ljw) for reporting.
Includes major version change of antonioribeiro/google2fa which changes
secret length. From manual testing of old MFA secrets and new, this
should not be breaking at all.
- Added advisory on role permission form to advise which allow listing
of users/roles.
- Updated database config to avoid PHP8.5 deprecation.
- Tweaked migration to remove unused index.
- Fixed test namespace.
- Added new user notification preference, opt-in by default
- Added parser to extract mentions from comment HTML, with tests to
cover.
- Added notification and notification handling
Not yet tested, needs testing coverage.
Updated setting display to show mulitple number inputs under one heading
group.
Updated settings to use general number field form view template.
Updated translations to match display changes, and to advise on counts.
Added page count control for search results.
Added setting service method, to get settings as integers, with
min/max/default control.
Updating sorting group to be names "Lists & Sorting".
Added tests to cover.
Which was occuring in chrome, where background requests to the PWA
manifest, or opensearch, endpoint caused OIDC to fail due to lost state
since it was only flashed to the session.
This persists it with a manual TTL.
Added tests to cover.
Manually tested against Azure.
For #5929
This means that it would be possible to jump between light/dark mode
with just the class, and no reload needed.
Not something we'll directly use right now, but may be useful in
customizations.
Had prevented public access for images when secure_restricted images was
enabled (and for just secure images) when app settings allowed public
access.
This considers the app public setting, and adds tests to cover extra
scenarios to prevent regression.
For #5885
Adds to, uses and cleans-up central permission checking in ImageService
to mirror that which would be experienced by users in the UI to result
in the same image access conditions.
Adds testing to cover.
Reverted change for activities table so that a record is retained of
past activity, and added a check where the ID may be displayed to ensure
it does not mislead and accidentially reference other, newer users.
Updated uses of user ID to nullify on delete.
Added testing to cover deletion of user relations.
Added model factories to support changes and potential other tests.
Cleans existing ID references in the DB via migration.
As per PR #5800
* DB: Planned out new entity table format via migrations
* DB: Created entity migration logic
Made some other tweaks/fixes while testing.
* DB: Added change of entity relation columns to suit new entities table
* DB: Got most view queries working for new structure
* Entities: Started logic change to new structure
Updated base entity class, and worked through BaseRepo.
Need to go through other repos next.
Removed a couple of redundant interfaces as part of this since we can
move the logic onto the shared ContainerData model as needed.
* Entities: Been through repos to update for new format
* Entities: Updated repos to act on refreshed clones
Changes to core entity models are now done on clones to ensure clean
state before save, and those clones are returned back if changes are
needed after that action.
* Entities: Updated model classes & relations for changes
* Entities: Changed from *Data to a common "contents" system
Added smart loading from builder instances which should hydrate with
"contents()" loaded via join, while keeping the core model original.
* Entities: Moved entity description/covers to own non-model classes
Added back some interfaces.
* Entities: Removed use of contents system for data access
* Entities: Got most queries back to working order
* Entities: Reverted back to data from contents, fixed various issues
* Entities: Started addressing issues from tests
* Entities: Addressed further tests/issues
* Entities: Been through tests to get all passing in dev
Fixed issues and needed test changes along the way.
* Entities: Addressed phpstan errors
* Entities: Reviewed TODO notes
* Entities: Ensured book/shelf relation data removed on destroy
* Entities: Been through API responses & adjusted field visibility
* Entities: Added type index to massively improve query speed
