Tim Düsterhus
Tim Düsterhus
Resolves #4304
This method should be used everywhere where `->banned` is currently checked, especially since the majority of locations does not also check for owner access. see https://github.com/WoltLab/WCF/pull/4935/files#r940140082
#4929 removed Gravatar support, but did not make any adjustments for a cleanup. Likely a worker should be added to perform a one-time cleanup of existing Gravatar downloads.
… and ideally the XSRF token should not be passed in the URL, requiring the Cache Clear button on CacheListPage to reside in a ``.
see: https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html#charset-unicode-sets-uca `utf8mb4_0900_*` would be preferable, as this is more modern, but those are not supported by MariaDB.
- [ ] Do not generate a .ico favicon: Browsers support `.png` well. - [ ] This avoids the need for an external library that is no longer maintained. -...
- [ ] Timestamp / Zeitpunkt - [ ] Group Name / Gruppenname - [ ] Country Names
The ServerRequestFactory in the RequestHandler is directly exposed to all kinds of untrusted real world garbage: https://github.com/WoltLab/WCF/blob/78a336120c6245add9545f46ac304a1afcae2d75/wcfsetup/install/files/lib/system/request/RequestHandler.class.php#L76-L87 Some input values, e.g. NUL bytes in headers, might lead to a remotely...