New Features in WoltLab Suite 5.4: Administrative Improvements

Photo by Roma Kaiuk on Unsplash

Email Log

Reliable email delivery is essential for the success of your community. Activation emails should arrive before the user already has forgotten their registration, notifications and newsletters ensure that users return to the community, and for multi-factor authentication based on emails, the email must be in the user's inbox within 5 minutes, otherwise the security code expires.

Despite the importance of the topic, the correct configuration of email sending is a constant source of problems. Most of the problems occur on the way between WoltLab Suite and the mail server, for example, due to typos in passwords, expired TLS certificates or even incorrect information provided by your own web host. Often the settings have to be adjusted after a server move.

To facilitate the diagnosis of such problems, WoltLab Suite 5.4 integrates a new email log. Every generated email is included in the log and the sending process between WoltLab Suite and the configured mail server is logged in detail. The path of each email to its recipient starts with the "Waiting" state. Such an email has been stored in the list of background tasks introduced in WoltLab Suite 3.0.

The new email log with 5 emails.

Ideally, the email log for waiting emails can record a success in the form of "Successfully sent" a few seconds later. The mail server of your own web host has accepted the email and is now responsible for delivering it to the recipient. In case of success, the SMTP server's response is also saved so that the email can be clearly identified in the web host's email log in case of later problems.

The success message returned by the SMTP server: “2.0.0 Ok: queued as 058052535”.

If things go less well, then the status changes to "Transient Failure" or "Ultimately failed". In the former case, WoltLab Suite will try to send the email again at a later time. This is the case, for example, if the mail server is temporarily unavailable due to maintenance work. If the sending "finally failed", then the email is lost. This is the case if subsequent delivery attempts could not be completed successfully either, or if the mail server explicitly refuses to send the email. In any case, the exact error message is logged.

The error message returned by the SMTP server: “Sender address rejected: not owned by user”.

WebP Images

WebP is a newer graphics format that offers more image quality per amount of data compared to older graphics formats, usually saving bandwidth.

With WoltLab Suite 5.4, uploaded graphics in the area of avatars, cover photos, and style logos are automatically converted to WebP format. Additionally, a fallback file in an older graphics format is created and served to older browsers that do not support the WebP format.

Deletion of Content from Multiple Users

In WoltLab Suite 5.2 we integrated the simple deletion of all content of a user. WoltLab Suite 5.4 integrates this removal into the list of available actions for selected users. This way, unwanted content from a spam attack can be removed even more easily.

Content deletion in the list of available actions. Selection of to-be-deleted contents of the marked users.

File Upload for User Ranks

After making it easier to upload style images in WoltLab Suite 5.3, we are extending this convenient direct upload integration to rank images. Rank images can now be uploaded directly via the administration panel. Uploading via an FTP program with subsequent error-prone manual entry of the correct file path is no longer necessary.

Upload of the Twemoji star as a rank image.

The star used as an example as a ranking graphic comes from Twitter Emoji (Twemoji) and is CC-BY 4.0 licensed.

Button to Run All Rebuild Workers

Rebuilding the data is necessary, for example, after major updates or a data import. Until now, the actions had to be triggered individually, which can be relatively tedious. With WoltLab Suite 5.4, a single button can be used to trigger the execution of all actions. In this case, the actions are automatically executed one after the other.

The process of rebuilding everything at step 5 of 21.

Invert Permissions for Pages and Boxes

Pages and boxes of the CMS integrated in WoltLab Suite Core have always been able to be assigned permissions for users and groups. Until now, however, it was only possible to assign permissions to a defined set of authorized users. Sometimes, however, it can make sense to exclude a set of users from visibility. For example, it does not make sense to display a box that informs about the premium membership in one's own community to members who have already purchased this premium membership.

The inverted authorization when creating a new box.

Permissions for Signature Attachments

Let's stay on the topic of permissions for a moment: In WoltLab Suite 5.2, we added support for uploading file attachments in the signature. Previously, these file attachments used the general file attachment permissions of messages, such as forum posts. In WoltLab Suite 5.4, signatures get a separate set of permissions so that signature images remain slim, even if high-resolution photos are to be supported in posts.

The available permissions for signatures, including new permissions for attachment uploads.

Improvement of "List" Options

This news is already visible on the screenshot of the new signature permissions at the very bottom of the allowed file extensions: WoltLab Suite 5.4 improves the entry of enumerated lists in the settings and permissions. Until now, such lists had to be entered in a text field separated by line breaks. This makes it difficult to keep track of a large number of entries, which can easily lead to mistakes. The new input mask in WoltLab Suite 5.4 automatically sorts the entries in alphabetical order and ensures that duplicate entries are automatically filtered out. In addition, the input field automatically grows with the number of entries up to a certain maximum height. Empty fields are thus very space-efficient, leaving more room for other options.

The option for reserved usernames with an empty list. The same option after entering “Administrator”. And also after trying to enter an existing entry into a fully packed list of reserved usernames.

This new form of input is already in use in all packages of WoltLab Suite. In used plugins adjustments by the developer are necessary. Our developer manual explains the use of the lineBreakSeparatedText OptionType.

Safety Improvements

The changes presented in our first article already significantly improve the security of your own community. However, WoltLab Suite 5.4 contains even more, less obvious, changes to further increase the security level.

Flood Control

A flood control for individual content has always been built into WoltLab Suite. WoltLab Suite 5.4 includes a new flood control framework so that developers can easily add flood abuse protection to their plugins. The Migration Guide in our Developer Guide provides instructions on how to use this framework.

But not only developers, but also end customers and members in communities based on WoltLab Suite benefit from this flood control framework. Conversations, the "forgot password" function and also multi-factor authentication are protected by default based on this framework. For example, guessing multi-factor codes is stopped after a few attempts to protect user accounts from unauthorized access.

Session Log

The well-known log of performed actions in the administration panel is now more detailed. The exact path is now logged for each request. In case of AJAX requests that all use the same path, the executed action is additionally stored in the log.

The improved log of ACP sessions.