From cbe4464178eac58ee5a847e5fb952b9ecb3055b1 Mon Sep 17 00:00:00 2001
From: epoxa <epoxa@users.noreply.github.com>
Date: Sat, 19 Aug 2017 12:13:21 +0700
Subject: [PATCH 01/72] Fix oauth controller wrong session method call (#1226)

---
 src/Forum/Controller/AbstractOAuth2Controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Forum/Controller/AbstractOAuth2Controller.php b/src/Forum/Controller/AbstractOAuth2Controller.php
index 5083e793d..52f8c1e17 100644
--- a/src/Forum/Controller/AbstractOAuth2Controller.php
+++ b/src/Forum/Controller/AbstractOAuth2Controller.php
@@ -66,7 +66,7 @@ abstract class AbstractOAuth2Controller implements ControllerInterface
 
             return new RedirectResponse($authUrl.'&display=popup');
         } elseif (! $state || $state !== $session->get('oauth2state')) {
-            $session->forget('oauth2state');
+            $session->remove('oauth2state');
             echo 'Invalid state. Please close the window and try again.';
             exit;
         }

From ad153c84844fc5ef2ff8dd1c9089e0de113af338 Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Tue, 12 Sep 2017 20:41:17 +0200
Subject: [PATCH 02/72] Issue template: Explanation first

---
 .github/ISSUE_TEMPLATE.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 4f940e093..e7a082240 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -2,7 +2,13 @@
 ---
 > Try to complete the below form as far as you are able and are willing to share. Add a screenshot of the issue if you can.
 
-## Bug report
+## Explanation
+
+Explain, in simple terms, but with as much detail as possible, your issue.
+Be specific: What happened? What would you expect to happen? What have you tried so far?
+
+## Technical details
+
 - Version of Flarum: x.y.z
 - Website URL where the bug is visible: http://example.com
 - The webserver you are running: apache, nginx or something else
@@ -16,9 +22,6 @@
 Output of "php flarum info", run this in terminal in your Flarum directory.
 ```
 
-## Additional comments
-Some additional information you'd like to share, eg what have you tried so far.
-
 ## Log files
 
 ```

From 1e8399c0149e26cafd229a28536b13e2d22b358b Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Fri, 15 Sep 2017 13:27:11 +0200
Subject: [PATCH 03/72] Update zend-diactoros to v1.6

This release contains a useful fix for Content-Length problems
that we have experienced before.

See https://github.com/zendframework/zend-diactoros/releases/tag/1.6.0.
---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index efdb49182..1ee4195f0 100644
--- a/composer.json
+++ b/composer.json
@@ -52,7 +52,7 @@
         "symfony/yaml": "^2.7",
         "s9e/text-formatter": "^0.8.1",
         "tobscure/json-api": "^0.3.0",
-        "zendframework/zend-diactoros": "^1.1",
+        "zendframework/zend-diactoros": "^1.6",
         "zendframework/zend-stratigility": "^1.3"
     },
     "require-dev": {

From 084f74946d74ddde14f42bbb1b0ef75ab9ef6a09 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 19 Sep 2017 12:13:24 +0930
Subject: [PATCH 04/72] Allow setting the raw content of a CommentPost

---
 src/Core/Post/CommentPost.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Core/Post/CommentPost.php b/src/Core/Post/CommentPost.php
index 492088552..3db0c7555 100755
--- a/src/Core/Post/CommentPost.php
+++ b/src/Core/Post/CommentPost.php
@@ -153,6 +153,16 @@ class CommentPost extends Post
         $this->attributes['content'] = $value ? static::$formatter->parse($value, $this) : null;
     }
 
+    /**
+     * Set the parsed/raw content.
+     *
+     * @param string $value
+     */
+    public function setParsedContentAttribute($value)
+    {
+        $this->attributes['content'] = $value;
+    }
+
     /**
      * Get the content rendered as HTML.
      *

From c31c1ea062d7be4bc0214330e4a1e5d130815b73 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 19 Sep 2017 19:03:12 +0930
Subject: [PATCH 05/72] Allow full URLs to be used as the avatar path

This is useful for forums integrating with an external website (eg. a
WordPress site), so they can reference existing avatars directly.

For alternative storage locations (eg. S3) the best practice will still
be to store a relative path and then configure an external base "assets
URL" (this is not currently possible - TODO).

Given this change, I think it would probably make sense to rename the
column to `avatar_url` in the upcoming batch of database naming changes
- then it can contain either a relative or an absolute URL -
@franzliedke do you agree?
---
 src/Core/User.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Core/User.php b/src/Core/User.php
index 32f58e86a..338d38d47 100755
--- a/src/Core/User.php
+++ b/src/Core/User.php
@@ -323,7 +323,14 @@ class User extends AbstractModel
      */
     public function getAvatarUrlAttribute()
     {
-        $urlGenerator = app('Flarum\Forum\UrlGenerator');
+        if ($this->avatar_path) {
+            if (strpos($this->avatar_path, '://') !== false) {
+                return $this->avatar_path;
+            } else {
+                return app('Flarum\Forum\UrlGenerator')->toPath('assets/avatars/'.$this->avatar_path);
+            }
+        }
+    }
 
         return $this->avatar_path ? $urlGenerator->toPath('assets/avatars/'.$this->avatar_path) : null;
     }

From 37cf95f94dc3f04f79639586e002ac7096a6b05f Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 19 Sep 2017 19:10:07 +0930
Subject: [PATCH 06/72] Don't include post content in the "basic" serializer

Currently all of a post's replies are loaded in full whenever the post
is loaded, which is kind of overkill - we really just need to know that
they exist (and who posted them) in order to render the "X replied to
this" line.
---
 src/Api/Serializer/DiscussionBasicSerializer.php | 6 +++---
 src/Api/Serializer/PostBasicSerializer.php       | 6 ------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/src/Api/Serializer/DiscussionBasicSerializer.php b/src/Api/Serializer/DiscussionBasicSerializer.php
index 39bee72ff..99416b10e 100644
--- a/src/Api/Serializer/DiscussionBasicSerializer.php
+++ b/src/Api/Serializer/DiscussionBasicSerializer.php
@@ -54,7 +54,7 @@ class DiscussionBasicSerializer extends AbstractSerializer
      */
     protected function startPost($discussion)
     {
-        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostBasicSerializer');
+        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostSerializer');
     }
 
     /**
@@ -70,7 +70,7 @@ class DiscussionBasicSerializer extends AbstractSerializer
      */
     protected function lastPost($discussion)
     {
-        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostBasicSerializer');
+        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostSerializer');
     }
 
     /**
@@ -86,6 +86,6 @@ class DiscussionBasicSerializer extends AbstractSerializer
      */
     protected function relevantPosts($discussion)
     {
-        return $this->hasMany($discussion, 'Flarum\Api\Serializer\PostBasicSerializer');
+        return $this->hasMany($discussion, 'Flarum\Api\Serializer\PostSerializer');
     }
 }
diff --git a/src/Api/Serializer/PostBasicSerializer.php b/src/Api/Serializer/PostBasicSerializer.php
index 962a7b28b..c5ef11168 100644
--- a/src/Api/Serializer/PostBasicSerializer.php
+++ b/src/Api/Serializer/PostBasicSerializer.php
@@ -43,12 +43,6 @@ class PostBasicSerializer extends AbstractSerializer
             'contentType' => $post->type
         ];
 
-        if ($post instanceof CommentPost) {
-            $attributes['contentHtml'] = $post->content_html;
-        } else {
-            $attributes['content'] = $post->content;
-        }
-
         return $attributes;
     }
 

From 377d439c474dad2f768575028ded0daa6557e4b0 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 19 Sep 2017 19:13:02 +0930
Subject: [PATCH 07/72] =?UTF-8?q?=F0=9F=98=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Core/User.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/Core/User.php b/src/Core/User.php
index 338d38d47..fa4568df7 100755
--- a/src/Core/User.php
+++ b/src/Core/User.php
@@ -332,9 +332,6 @@ class User extends AbstractModel
         }
     }
 
-        return $this->avatar_path ? $urlGenerator->toPath('assets/avatars/'.$this->avatar_path) : null;
-    }
-
     /**
      * Get the user's locale, falling back to the forum's default if they
      * haven't set one.

From ef89b1f6b18e8a7fa5f59a2990034b54bbb86c57 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 19 Sep 2017 19:44:43 +0930
Subject: [PATCH 08/72] Remove unnecessary else statement

---
 src/Core/User.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Core/User.php b/src/Core/User.php
index fa4568df7..4f6238278 100755
--- a/src/Core/User.php
+++ b/src/Core/User.php
@@ -326,9 +326,9 @@ class User extends AbstractModel
         if ($this->avatar_path) {
             if (strpos($this->avatar_path, '://') !== false) {
                 return $this->avatar_path;
-            } else {
-                return app('Flarum\Forum\UrlGenerator')->toPath('assets/avatars/'.$this->avatar_path);
             }
+
+            return app('Flarum\Forum\UrlGenerator')->toPath('assets/avatars/'.$this->avatar_path);
         }
     }
 

From f917d1438c1e2fad898b24086b2d3bef877edbc6 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 19 Sep 2017 19:45:31 +0930
Subject: [PATCH 09/72] Use ::class

---
 src/Core/User.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Core/User.php b/src/Core/User.php
index 4f6238278..dd50ab449 100755
--- a/src/Core/User.php
+++ b/src/Core/User.php
@@ -29,6 +29,7 @@ use Flarum\Event\UserWasActivated;
 use Flarum\Event\UserWasDeleted;
 use Flarum\Event\UserWasRegistered;
 use Flarum\Event\UserWasRenamed;
+use Flarum\Forum\UrlGenerator;
 use Flarum\Foundation\Application;
 use Illuminate\Contracts\Hashing\Hasher;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
@@ -328,7 +329,7 @@ class User extends AbstractModel
                 return $this->avatar_path;
             }
 
-            return app('Flarum\Forum\UrlGenerator')->toPath('assets/avatars/'.$this->avatar_path);
+            return app(UrlGenerator::class)->toPath('assets/avatars/'.$this->avatar_path);
         }
     }
 

From eb72307a546cf1bd604dc15b93e699a24a37b2c4 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 20 Sep 2017 16:42:18 +0930
Subject: [PATCH 10/72] User display names (#1246)

* Introduce user display names

It is not uncommon for forums to be intergrated with sites where users
don't have a unique "handle" - they might just have their first name,
or a full name, which is not guaranteed to be unique.

This commit introduces the concept of "display names" for users. By
default display names are the same as usernames, but extensions may
override this and set them to something different. The important thing
is that all code should use `display_name` whenever intending to output
a human-readable name - `username` is reserved for cases where you want
to output a unique identifier (which may or may not be human-friendly).

The new "GetDisplayName" API is probably sub-optimal, but I didn't worry
too much because we can come up with something better in `next-back`.

ref #557

* Apply fixes from StyleCI

[ci skip] [skip ci]
---
 js/forum/dist/app.js                          |  7 +++--
 js/forum/src/components/UsersSearchSource.js  |  2 +-
 js/lib/helpers/username.js                    |  2 +-
 js/lib/models/User.js                         |  1 +
 src/Api/Serializer/PostBasicSerializer.php    |  1 -
 src/Api/Serializer/UserBasicSerializer.php    |  5 ++--
 .../Command/RequestPasswordResetHandler.php   |  2 +-
 src/Core/Listener/EmailConfirmationMailer.php |  2 +-
 src/Core/User.php                             | 11 +++++++
 src/Event/GetDisplayName.php                  | 30 +++++++++++++++++++
 10 files changed, 54 insertions(+), 9 deletions(-)
 create mode 100644 src/Event/GetDisplayName.php

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index 16374dc0b..fffd65333 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -28942,7 +28942,9 @@ System.register('flarum/components/UsersSearchSource', ['flarum/helpers/highligh
             query = query.toLowerCase();
 
             var results = app.store.all('users').filter(function (user) {
-              return user.username().toLowerCase().substr(0, query.length) === query;
+              return [user.username(), user.displayName()].some(function (value) {
+                return value.toLowerCase().substr(0, query.length) === query;
+              });
             });
 
             if (!results.length) return '';
@@ -29534,7 +29536,7 @@ System.register("flarum/helpers/username", [], function (_export, _context) {
   "use strict";
 
   function username(user) {
-    var name = user && user.username() || app.translator.trans('core.lib.username.deleted_text');
+    var name = user && user.displayName() || app.translator.trans('core.lib.username.deleted_text');
 
     return m(
       "span",
@@ -30533,6 +30535,7 @@ System.register('flarum/models/User', ['flarum/Model', 'flarum/utils/stringToCol
 
       babelHelpers.extends(User.prototype, {
         username: Model.attribute('username'),
+        displayName: Model.attribute('displayName'),
         email: Model.attribute('email'),
         isActivated: Model.attribute('isActivated'),
         password: Model.attribute('password'),
diff --git a/js/forum/src/components/UsersSearchSource.js b/js/forum/src/components/UsersSearchSource.js
index f05fbb30d..7f687b811 100644
--- a/js/forum/src/components/UsersSearchSource.js
+++ b/js/forum/src/components/UsersSearchSource.js
@@ -20,7 +20,7 @@ export default class UsersSearchResults {
     query = query.toLowerCase();
 
     const results = app.store.all('users')
-      .filter(user => user.username().toLowerCase().substr(0, query.length) === query);
+      .filter(user => [user.username(), user.displayName()].some(value => value.toLowerCase().substr(0, query.length) === query));
 
     if (!results.length) return '';
 
diff --git a/js/lib/helpers/username.js b/js/lib/helpers/username.js
index 16e12654f..7e05ca4d6 100644
--- a/js/lib/helpers/username.js
+++ b/js/lib/helpers/username.js
@@ -6,7 +6,7 @@
  * @return {Object}
  */
 export default function username(user) {
-  const name = (user && user.username()) || app.translator.trans('core.lib.username.deleted_text');
+  const name = (user && user.displayName()) || app.translator.trans('core.lib.username.deleted_text');
 
   return <span className="username">{name}</span>;
 }
diff --git a/js/lib/models/User.js b/js/lib/models/User.js
index a28173c3b..07d5aaf1b 100644
--- a/js/lib/models/User.js
+++ b/js/lib/models/User.js
@@ -10,6 +10,7 @@ export default class User extends Model {}
 
 Object.assign(User.prototype, {
   username: Model.attribute('username'),
+  displayName: Model.attribute('displayName'),
   email: Model.attribute('email'),
   isActivated: Model.attribute('isActivated'),
   password: Model.attribute('password'),
diff --git a/src/Api/Serializer/PostBasicSerializer.php b/src/Api/Serializer/PostBasicSerializer.php
index c5ef11168..3a79eed84 100644
--- a/src/Api/Serializer/PostBasicSerializer.php
+++ b/src/Api/Serializer/PostBasicSerializer.php
@@ -12,7 +12,6 @@
 namespace Flarum\Api\Serializer;
 
 use Flarum\Core\Post;
-use Flarum\Core\Post\CommentPost;
 use InvalidArgumentException;
 
 class PostBasicSerializer extends AbstractSerializer
diff --git a/src/Api/Serializer/UserBasicSerializer.php b/src/Api/Serializer/UserBasicSerializer.php
index 2699c8714..f5919ebf5 100644
--- a/src/Api/Serializer/UserBasicSerializer.php
+++ b/src/Api/Serializer/UserBasicSerializer.php
@@ -36,8 +36,9 @@ class UserBasicSerializer extends AbstractSerializer
         }
 
         return [
-            'username'  => $user->username,
-            'avatarUrl' => $user->avatar_url
+            'username'    => $user->username,
+            'displayName' => $user->display_name,
+            'avatarUrl'   => $user->avatar_url
         ];
     }
 
diff --git a/src/Core/Command/RequestPasswordResetHandler.php b/src/Core/Command/RequestPasswordResetHandler.php
index fb484fbda..3318c9882 100644
--- a/src/Core/Command/RequestPasswordResetHandler.php
+++ b/src/Core/Command/RequestPasswordResetHandler.php
@@ -107,7 +107,7 @@ class RequestPasswordResetHandler
         $token->save();
 
         $data = [
-            '{username}' => $user->username,
+            '{username}' => $user->display_name,
             '{url}' => $this->url->toRoute('resetPassword', ['token' => $token->id]),
             '{forum}' => $this->settings->get('forum_title'),
         ];
diff --git a/src/Core/Listener/EmailConfirmationMailer.php b/src/Core/Listener/EmailConfirmationMailer.php
index 295d45d7c..6c7583cad 100755
--- a/src/Core/Listener/EmailConfirmationMailer.php
+++ b/src/Core/Listener/EmailConfirmationMailer.php
@@ -130,7 +130,7 @@ class EmailConfirmationMailer
         $token = $this->generateToken($user, $email);
 
         return [
-            '{username}' => $user->username,
+            '{username}' => $user->display_name,
             '{url}' => $this->url->toRoute('confirmEmail', ['token' => $token->id]),
             '{forum}' => $this->settings->get('forum_title')
         ];
diff --git a/src/Core/User.php b/src/Core/User.php
index dd50ab449..e8325b0e5 100755
--- a/src/Core/User.php
+++ b/src/Core/User.php
@@ -18,6 +18,7 @@ use Flarum\Core\Support\ScopeVisibilityTrait;
 use Flarum\Database\AbstractModel;
 use Flarum\Event\CheckUserPassword;
 use Flarum\Event\ConfigureUserPreferences;
+use Flarum\Event\GetDisplayName;
 use Flarum\Event\PostWasDeleted;
 use Flarum\Event\PrepareUserGroups;
 use Flarum\Event\UserAvatarWasChanged;
@@ -333,6 +334,16 @@ class User extends AbstractModel
         }
     }
 
+    /**
+     * Get the user's display name.
+     *
+     * @return string
+     */
+    public function getDisplayNameAttribute()
+    {
+        return static::$dispatcher->until(new GetDisplayName($this)) ?: $this->username;
+    }
+
     /**
      * Get the user's locale, falling back to the forum's default if they
      * haven't set one.
diff --git a/src/Event/GetDisplayName.php b/src/Event/GetDisplayName.php
new file mode 100644
index 000000000..71fbe6ba4
--- /dev/null
+++ b/src/Event/GetDisplayName.php
@@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Event;
+
+use Flarum\Core\User;
+
+class GetDisplayName
+{
+    /**
+     * @var User
+     */
+    public $user;
+
+    /**
+     * @param User $user
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}

From 02377663cebff5689161eb7c093c465c90aa50e5 Mon Sep 17 00:00:00 2001
From: Tobias Weichart <tobias.weichart@internetx.com>
Date: Wed, 4 Oct 2017 08:38:36 +0200
Subject: [PATCH 11/72] minor change for getting the path * should be used via
 x_path() methods + parameter

---
 src/Asset/LessCompiler.php        | 2 +-
 src/Database/MigrationCreator.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Asset/LessCompiler.php b/src/Asset/LessCompiler.php
index 382a1b210..d498b08d9 100644
--- a/src/Asset/LessCompiler.php
+++ b/src/Asset/LessCompiler.php
@@ -49,7 +49,7 @@ class LessCompiler extends RevisionCompiler
             'compress' => true,
             'cache_dir' => $this->cachePath,
             'import_dirs' => [
-                base_path().'/vendor/components/font-awesome/less' => '',
+                base_path('vendor/components/font-awesome/less') => '',
             ],
         ]);
 
diff --git a/src/Database/MigrationCreator.php b/src/Database/MigrationCreator.php
index b3a912206..53fa22bff 100755
--- a/src/Database/MigrationCreator.php
+++ b/src/Database/MigrationCreator.php
@@ -107,7 +107,7 @@ class MigrationCreator
      */
     protected function getMigrationPath($extension)
     {
-        $parent = $extension ? public_path().'/extensions/'.$extension : __DIR__.'/../..';
+        $parent = $extension ? public_path('extensions/'.$extension) : __DIR__.'/../..';
 
         return $parent.'/migrations';
     }

From 19d15d43023353f26042f6b6c5d1ebcc505f6b9d Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 5 Oct 2017 11:43:12 +1030
Subject: [PATCH 12/72] Use display name as document title

---
 js/forum/src/components/UserPage.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/forum/src/components/UserPage.js b/js/forum/src/components/UserPage.js
index e7bebdd34..e8679ea58 100644
--- a/js/forum/src/components/UserPage.js
+++ b/js/forum/src/components/UserPage.js
@@ -72,7 +72,7 @@ export default class UserPage extends Page {
   show(user) {
     this.user = user;
 
-    app.setTitle(user.username());
+    app.setTitle(user.displayName());
 
     m.redraw();
   }

From ea4d889b76ba03ddf55a77d6333c0a8352b9b854 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 5 Oct 2017 11:48:10 +1030
Subject: [PATCH 13/72] Fix post contentHtml sometimes breaking script parsing

<\/script> tags in post content would sometimes be recognized as
actually ending the script tag, even when escaped (not exactly sure
why). This is fixed by encoding the < > characters in unicode.
---
 views/app.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/app.blade.php b/views/app.blade.php
index 2f98cb715..198fde143 100644
--- a/views/app.blade.php
+++ b/views/app.blade.php
@@ -49,7 +49,7 @@
             if (module.default) module.default(app);
           }
 
-          app.boot({!! json_encode($payload) !!});
+          app.boot({!! json_encode($payload, JSON_HEX_TAG) !!});
         @if (! $debug)
         } catch (e) {
           window.location += (window.location.search ? '&' : '?') + 'nojs=1';

From 8ccfb1aac6171c314ecfaa84491e40346c36ee45 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 5 Oct 2017 12:25:30 +1030
Subject: [PATCH 14/72] Use a constant instead of a property

---
 src/Http/Middleware/AuthenticateWithHeader.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/Http/Middleware/AuthenticateWithHeader.php b/src/Http/Middleware/AuthenticateWithHeader.php
index 9b34b11dc..1bf1fd51b 100644
--- a/src/Http/Middleware/AuthenticateWithHeader.php
+++ b/src/Http/Middleware/AuthenticateWithHeader.php
@@ -20,10 +20,7 @@ use Zend\Stratigility\MiddlewareInterface;
 
 class AuthenticateWithHeader implements MiddlewareInterface
 {
-    /**
-     * @var string
-     */
-    protected $prefix = 'Token ';
+    const TOKEN_PREFIX = 'Token ';
 
     /**
      * {@inheritdoc}
@@ -34,8 +31,8 @@ class AuthenticateWithHeader implements MiddlewareInterface
 
         $parts = explode(';', $headerLine);
 
-        if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
-            $id = substr($parts[0], strlen($this->prefix));
+        if (isset($parts[0]) && starts_with($parts[0], self::TOKEN_PREFIX)) {
+            $id = substr($parts[0], strlen(self::TOKEN_PREFIX));
 
             if (isset($parts[1])) {
                 if (ApiKey::find($id)) {

From 096e552c74ce88dfc1f5da45d5bbea6435a0c7a9 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 5 Oct 2017 12:26:05 +1030
Subject: [PATCH 15/72] Add the ApiKey model as a request attribute

---
 src/Http/Middleware/AuthenticateWithHeader.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Http/Middleware/AuthenticateWithHeader.php b/src/Http/Middleware/AuthenticateWithHeader.php
index 1bf1fd51b..dfb3f8e9c 100644
--- a/src/Http/Middleware/AuthenticateWithHeader.php
+++ b/src/Http/Middleware/AuthenticateWithHeader.php
@@ -35,9 +35,10 @@ class AuthenticateWithHeader implements MiddlewareInterface
             $id = substr($parts[0], strlen(self::TOKEN_PREFIX));
 
             if (isset($parts[1])) {
-                if (ApiKey::find($id)) {
+                if ($key = ApiKey::find($id)) {
                     $actor = $this->getUser($parts[1]);
 
+                    $request = $request->withAttribute('apiKey', $key);
                     $request = $request->withAttribute('bypassFloodgate', true);
                 }
             } elseif ($token = AccessToken::find($id)) {

From 87bf84ef6e1b04d1fa248f7298fb96981251319e Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 5 Oct 2017 12:39:40 +1030
Subject: [PATCH 16/72] Allow configuring cookie attributes

I decided to put this in config.php because if cookie settings were to
be stored in the database and configured via admin UI, entering
incorrect settings could cause the admin session to be destroyed,
requiring manual database intervention to fix. But it's a good prompt
for discussion as to which kind of settings belong in config.php vs the
database. Thoughts?
---
 src/Http/CookieFactory.php           | 35 +++++++++++++++++++++++++---
 src/Http/Middleware/StartSession.php |  7 +++---
 src/Http/Rememberer.php              |  9 ++++---
 3 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/src/Http/CookieFactory.php b/src/Http/CookieFactory.php
index 868db278c..aacaff7f5 100644
--- a/src/Http/CookieFactory.php
+++ b/src/Http/CookieFactory.php
@@ -45,7 +45,7 @@ class CookieFactory
         // Parse the forum's base URL so that we can determine the optimal cookie settings
         $url = parse_url(rtrim($this->app->url(), '/'));
 
-        $cookie = SetCookie::create($name, $value);
+        $cookie = SetCookie::create($this->getName($name), $value);
 
         // Make sure we send both the MaxAge and Expires parameters (the former
         // is not supported by all browser versions)
@@ -55,9 +55,38 @@ class CookieFactory
                 ->withExpires(time() + $maxAge);
         }
 
+        if ($domain = $this->app->config('cookie.domain')) {
+            $cookie = $cookie->withDomain($domain);
+        }
+
+        $path = $this->app->config('cookie.path', array_get($url, 'path') ?: '/');
+        $secure = $this->app->config('cookie.secure', array_get($url, 'scheme') === 'https');
+
         return $cookie
-            ->withPath(array_get($url, 'path') ?: '/')
-            ->withSecure(array_get($url, 'scheme') === 'https')
+            ->withPath($path)
+            ->withSecure($secure)
             ->withHttpOnly(true);
     }
+
+    /**
+     * Make an expired cookie instance.
+     *
+     * @param string $name
+     * @return \Dflydev\FigCookies\SetCookie
+     */
+    public function expire($name)
+    {
+        return $this->make($name)->expire();
+    }
+
+    /**
+     * Get a cookie name.
+     *
+     * @param string $name
+     * @return string
+     */
+    public function getName($name)
+    {
+        return $this->app->config('cookie.name', 'flarum').'_'.$name;
+    }
 }
diff --git a/src/Http/Middleware/StartSession.php b/src/Http/Middleware/StartSession.php
index 9c6060bfc..bf714c99e 100644
--- a/src/Http/Middleware/StartSession.php
+++ b/src/Http/Middleware/StartSession.php
@@ -22,13 +22,14 @@ use Zend\Stratigility\MiddlewareInterface;
 
 class StartSession implements MiddlewareInterface
 {
+    const COOKIE_NAME = 'session';
+
     /**
      * @var CookieFactory
      */
     protected $cookie;
 
     /**
-     * Rememberer constructor.
      * @param CookieFactory $cookie
      */
     public function __construct(CookieFactory $cookie)
@@ -56,7 +57,7 @@ class StartSession implements MiddlewareInterface
     {
         $session = new Session;
 
-        $session->setName('flarum_session');
+        $session->setName($this->cookie->getName(self::COOKIE_NAME));
         $session->start();
 
         if (! $session->has('csrf_token')) {
@@ -79,7 +80,7 @@ class StartSession implements MiddlewareInterface
     {
         return FigResponseCookies::set(
             $response,
-            $this->cookie->make($session->getName(), $session->getId())
+            $this->cookie->make(self::COOKIE_NAME, $session->getId())
         );
     }
 }
diff --git a/src/Http/Rememberer.php b/src/Http/Rememberer.php
index a014c99d9..d331d796c 100644
--- a/src/Http/Rememberer.php
+++ b/src/Http/Rememberer.php
@@ -16,7 +16,7 @@ use Psr\Http\Message\ResponseInterface;
 
 class Rememberer
 {
-    protected $cookieName = 'flarum_remember';
+    const COOKIE_NAME = 'remember';
 
     /**
      * @var CookieFactory
@@ -43,7 +43,7 @@ class Rememberer
 
         return FigResponseCookies::set(
             $response,
-            $this->cookie->make($this->cookieName, $token->id, $lifetime)
+            $this->cookie->make(self::COOKIE_NAME, $token->id, $lifetime)
         );
     }
 
@@ -56,6 +56,9 @@ class Rememberer
 
     public function forget(ResponseInterface $response)
     {
-        return FigResponseCookies::expire($response, $this->cookieName);
+        return FigResponseCookies::set(
+            $response,
+            $this->cookie->expire(self::COOKIE_NAME)
+        );
     }
 }

From 2dbcfe02d85c03e2fe212e477a0d5d3bb66fd4b5 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 7 Oct 2017 17:39:27 +1030
Subject: [PATCH 17/72] Consolidate avatar uploading, allow avatarUrl to be
 used when updating user

---
 src/Core/AvatarUploader.php              | 55 ++++++++++++++++++
 src/Core/Command/DeleteAvatarHandler.php | 18 +++---
 src/Core/Command/EditUserHandler.php     | 37 +++++++++++-
 src/Core/Command/RegisterUserHandler.php | 59 +++++--------------
 src/Core/Command/UploadAvatarHandler.php | 72 ++++++++----------------
 src/Core/CoreServiceProvider.php         | 10 +---
 src/Event/AvatarWillBeSaved.php          | 13 +++--
 7 files changed, 143 insertions(+), 121 deletions(-)
 create mode 100755 src/Core/AvatarUploader.php

diff --git a/src/Core/AvatarUploader.php b/src/Core/AvatarUploader.php
new file mode 100755
index 000000000..3d7c018e7
--- /dev/null
+++ b/src/Core/AvatarUploader.php
@@ -0,0 +1,55 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Core;
+
+use Intervention\Image\Image;
+use League\Flysystem\FilesystemInterface;
+use Illuminate\Support\Str;
+
+class AvatarUploader
+{
+    protected $uploadDir;
+
+    public function __construct(FilesystemInterface $uploadDir)
+    {
+        $this->uploadDir = $uploadDir;
+    }
+
+    public function upload(User $user, Image $image)
+    {
+        if (extension_loaded('exif')) {
+            $image->orientate();
+        }
+
+        $encodedImage = $image->fit(100, 100)->encode('png');
+
+        $avatarPath = Str::quickRandom().'.png';
+
+        $this->remove($user);
+        $user->changeAvatarPath($avatarPath);
+
+        $this->uploadDir->put($avatarPath, $encodedImage);
+    }
+
+    public function remove(User $user)
+    {
+        $avatarPath = $user->avatar_path;
+
+        $user->afterSave(function () use ($avatarPath) {
+            if ($this->uploadDir->has($avatarPath)) {
+                $this->uploadDir->delete($avatarPath);
+            }
+        });
+
+        $user->changeAvatarPath(null);
+    }
+}
diff --git a/src/Core/Command/DeleteAvatarHandler.php b/src/Core/Command/DeleteAvatarHandler.php
index 8efd972c7..2a7cb1638 100644
--- a/src/Core/Command/DeleteAvatarHandler.php
+++ b/src/Core/Command/DeleteAvatarHandler.php
@@ -12,6 +12,7 @@
 namespace Flarum\Core\Command;
 
 use Flarum\Core\Access\AssertPermissionTrait;
+use Flarum\Core\AvatarUploader;
 use Flarum\Core\Exception\PermissionDeniedException;
 use Flarum\Core\Repository\UserRepository;
 use Flarum\Core\Support\DispatchEventsTrait;
@@ -30,20 +31,20 @@ class DeleteAvatarHandler
     protected $users;
 
     /**
-     * @var FilesystemInterface
+     * @var AvatarUploader
      */
-    protected $uploadDir;
+    protected $uploader;
 
     /**
      * @param Dispatcher $events
      * @param UserRepository $users
-     * @param FilesystemInterface $uploadDir
+     * @param AvatarUploader $uploader
      */
-    public function __construct(Dispatcher $events, UserRepository $users, FilesystemInterface $uploadDir)
+    public function __construct(Dispatcher $events, UserRepository $users, AvatarUploader $uploader)
     {
         $this->events = $events;
         $this->users = $users;
-        $this->uploadDir = $uploadDir;
+        $this->uploader = $uploader;
     }
 
     /**
@@ -61,8 +62,7 @@ class DeleteAvatarHandler
             $this->assertCan($actor, 'edit', $user);
         }
 
-        $avatarPath = $user->avatar_path;
-        $user->changeAvatarPath(null);
+        $this->uploader->remove($user);
 
         $this->events->fire(
             new AvatarWillBeDeleted($user, $actor)
@@ -70,10 +70,6 @@ class DeleteAvatarHandler
 
         $user->save();
 
-        if ($this->uploadDir->has($avatarPath)) {
-            $this->uploadDir->delete($avatarPath);
-        }
-
         $this->dispatchEventsFor($user, $actor);
 
         return $user;
diff --git a/src/Core/Command/EditUserHandler.php b/src/Core/Command/EditUserHandler.php
index d42acdfc9..d5d4bae1b 100644
--- a/src/Core/Command/EditUserHandler.php
+++ b/src/Core/Command/EditUserHandler.php
@@ -11,7 +11,9 @@
 
 namespace Flarum\Core\Command;
 
+use Exception;
 use Flarum\Core\Access\AssertPermissionTrait;
+use Flarum\Core\AvatarUploader;
 use Flarum\Core\Repository\UserRepository;
 use Flarum\Core\Support\DispatchEventsTrait;
 use Flarum\Core\User;
@@ -19,6 +21,9 @@ use Flarum\Core\Validator\UserValidator;
 use Flarum\Event\UserGroupsWereChanged;
 use Flarum\Event\UserWillBeSaved;
 use Illuminate\Contracts\Events\Dispatcher;
+use Illuminate\Contracts\Validation\Factory;
+use Illuminate\Contracts\Validation\ValidationException;
+use Intervention\Image\ImageManager;
 
 class EditUserHandler
 {
@@ -35,16 +40,30 @@ class EditUserHandler
      */
     protected $validator;
 
+    /**
+     * @var AvatarUploader
+     */
+    protected $avatarUploader;
+
+    /**
+     * @var Factory
+     */
+    private $validatorFactory;
+
     /**
      * @param Dispatcher $events
      * @param UserRepository $users
      * @param UserValidator $validator
+     * @param AvatarUploader $avatarUploader
+     * @param Factory $validatorFactory
      */
-    public function __construct(Dispatcher $events, UserRepository $users, UserValidator $validator)
+    public function __construct(Dispatcher $events, UserRepository $users, UserValidator $validator, AvatarUploader $avatarUploader, Factory $validatorFactory)
     {
         $this->events = $events;
         $this->users = $users;
         $this->validator = $validator;
+        $this->avatarUploader = $avatarUploader;
+        $this->validatorFactory = $validatorFactory;
     }
 
     /**
@@ -135,6 +154,22 @@ class EditUserHandler
             });
         }
 
+        if ($avatarUrl = array_get($attributes, 'avatarUrl')) {
+            $validation = $this->validatorFactory->make(compact('avatarUrl'), ['avatarUrl' => 'url']);
+
+            if ($validation->fails()) {
+                throw new ValidationException($validation);
+            }
+
+            try {
+                $image = (new ImageManager)->make($avatarUrl);
+
+                $this->avatarUploader->upload($user, $image);
+            } catch (Exception $e) {
+                //
+            }
+        }
+
         $this->events->fire(
             new UserWillBeSaved($user, $actor, $data)
         );
diff --git a/src/Core/Command/RegisterUserHandler.php b/src/Core/Command/RegisterUserHandler.php
index c7daf38fa..f57492548 100644
--- a/src/Core/Command/RegisterUserHandler.php
+++ b/src/Core/Command/RegisterUserHandler.php
@@ -14,22 +14,17 @@ namespace Flarum\Core\Command;
 use Exception;
 use Flarum\Core\Access\AssertPermissionTrait;
 use Flarum\Core\AuthToken;
+use Flarum\Core\AvatarUploader;
 use Flarum\Core\Exception\PermissionDeniedException;
 use Flarum\Core\Support\DispatchEventsTrait;
 use Flarum\Core\User;
 use Flarum\Core\Validator\UserValidator;
 use Flarum\Event\UserWillBeSaved;
-use Flarum\Foundation\Application;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Illuminate\Contracts\Events\Dispatcher;
 use Illuminate\Contracts\Validation\Factory;
 use Illuminate\Contracts\Validation\ValidationException;
-use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
-use League\Flysystem\Adapter\Local;
-use League\Flysystem\Filesystem;
-use League\Flysystem\FilesystemInterface;
-use League\Flysystem\MountManager;
 
 class RegisterUserHandler
 {
@@ -47,14 +42,9 @@ class RegisterUserHandler
     protected $validator;
 
     /**
-     * @var Application
+     * @var AvatarUploader
      */
-    protected $app;
-
-    /**
-     * @var FilesystemInterface
-     */
-    protected $uploadDir;
+    protected $avatarUploader;
 
     /**
      * @var Factory
@@ -65,17 +55,15 @@ class RegisterUserHandler
      * @param Dispatcher $events
      * @param SettingsRepositoryInterface $settings
      * @param UserValidator $validator
-     * @param Application $app
-     * @param FilesystemInterface $uploadDir
+     * @param AvatarUploader $avatarUploader
      * @param Factory $validatorFactory
      */
-    public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings, UserValidator $validator, Application $app, FilesystemInterface $uploadDir, Factory $validatorFactory)
+    public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings, UserValidator $validator, AvatarUploader $avatarUploader, Factory $validatorFactory)
     {
         $this->events = $events;
         $this->settings = $settings;
         $this->validator = $validator;
-        $this->app = $app;
-        $this->uploadDir = $uploadDir;
+        $this->avatarUploader = $avatarUploader;
         $this->validatorFactory = $validatorFactory;
     }
 
@@ -130,12 +118,6 @@ class RegisterUserHandler
             $user->activate();
         }
 
-        $this->events->fire(
-            new UserWillBeSaved($user, $actor, $data)
-        );
-
-        $this->validator->assertValid(array_merge($user->getAttributes(), compact('password')));
-
         if ($avatarUrl = array_get($data, 'attributes.avatarUrl')) {
             $validation = $this->validatorFactory->make(compact('avatarUrl'), ['avatarUrl' => 'url']);
 
@@ -144,12 +126,20 @@ class RegisterUserHandler
             }
 
             try {
-                $this->saveAvatarFromUrl($user, $avatarUrl);
+                $image = (new ImageManager)->make($avatarUrl);
+
+                $this->avatarUploader->upload($user, $avatarUrl);
             } catch (Exception $e) {
                 //
             }
         }
 
+        $this->events->fire(
+            new UserWillBeSaved($user, $actor, $data)
+        );
+
+        $this->validator->assertValid(array_merge($user->getAttributes(), compact('password')));
+
         $user->save();
 
         if (isset($token)) {
@@ -160,23 +150,4 @@ class RegisterUserHandler
 
         return $user;
     }
-
-    private function saveAvatarFromUrl(User $user, $url)
-    {
-        $tmpFile = tempnam($this->app->storagePath().'/tmp', 'avatar');
-
-        $manager = new ImageManager;
-        $manager->make($url)->fit(100, 100)->save($tmpFile);
-
-        $mount = new MountManager([
-            'source' => new Filesystem(new Local(pathinfo($tmpFile, PATHINFO_DIRNAME))),
-            'target' => $this->uploadDir,
-        ]);
-
-        $uploadName = Str::lower(Str::quickRandom()).'.png';
-
-        $user->changeAvatarPath($uploadName);
-
-        $mount->move('source://'.pathinfo($tmpFile, PATHINFO_BASENAME), "target://$uploadName");
-    }
 }
diff --git a/src/Core/Command/UploadAvatarHandler.php b/src/Core/Command/UploadAvatarHandler.php
index de451a074..02e655bd6 100644
--- a/src/Core/Command/UploadAvatarHandler.php
+++ b/src/Core/Command/UploadAvatarHandler.php
@@ -13,18 +13,14 @@ namespace Flarum\Core\Command;
 
 use Exception;
 use Flarum\Core\Access\AssertPermissionTrait;
+use Flarum\Core\AvatarUploader;
 use Flarum\Core\Repository\UserRepository;
 use Flarum\Core\Support\DispatchEventsTrait;
 use Flarum\Core\Validator\AvatarValidator;
 use Flarum\Event\AvatarWillBeSaved;
 use Flarum\Foundation\Application;
 use Illuminate\Contracts\Events\Dispatcher;
-use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
-use League\Flysystem\Adapter\Local;
-use League\Flysystem\Filesystem;
-use League\Flysystem\FilesystemInterface;
-use League\Flysystem\MountManager;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 
 class UploadAvatarHandler
@@ -37,16 +33,16 @@ class UploadAvatarHandler
      */
     protected $users;
 
-    /**
-     * @var FilesystemInterface
-     */
-    protected $uploadDir;
-
     /**
      * @var Application
      */
     protected $app;
 
+    /**
+     * @var AvatarUploader
+     */
+    protected $uploader;
+
     /**
      * @var AvatarValidator
      */
@@ -55,16 +51,16 @@ class UploadAvatarHandler
     /**
      * @param Dispatcher $events
      * @param UserRepository $users
-     * @param FilesystemInterface $uploadDir
      * @param Application $app
+     * @param AvatarUploader $uploader
      * @param AvatarValidator $validator
      */
-    public function __construct(Dispatcher $events, UserRepository $users, FilesystemInterface $uploadDir, Application $app, AvatarValidator $validator)
+    public function __construct(Dispatcher $events, UserRepository $users, Application $app, AvatarUploader $uploader, AvatarValidator $validator)
     {
         $this->events = $events;
         $this->users = $users;
-        $this->uploadDir = $uploadDir;
         $this->app = $app;
+        $this->uploader = $uploader;
         $this->validator = $validator;
     }
 
@@ -83,60 +79,36 @@ class UploadAvatarHandler
             $this->assertCan($actor, 'edit', $user);
         }
 
+        $file = $command->file;
+
         $tmpFile = tempnam($this->app->storagePath().'/tmp', 'avatar');
-        $command->file->moveTo($tmpFile);
+        $file->moveTo($tmpFile);
 
         try {
             $file = new UploadedFile(
                 $tmpFile,
-                $command->file->getClientFilename(),
-                $command->file->getClientMediaType(),
-                $command->file->getSize(),
-                $command->file->getError(),
+                $file->getClientFilename(),
+                $file->getClientMediaType(),
+                $file->getSize(),
+                $file->getError(),
                 true
             );
 
             $this->validator->assertValid(['avatar' => $file]);
 
-            $manager = new ImageManager;
-
-            // Explicitly tell Intervention to encode the image as PNG (instead of having to guess from the extension)
-            // Read exif data to orientate avatar only if EXIF extension is enabled
-            if (extension_loaded('exif')) {
-                $encodedImage = $manager->make($tmpFile)->orientate()->fit(100, 100)->encode('png', 100);
-            } else {
-                $encodedImage = $manager->make($tmpFile)->fit(100, 100)->encode('png', 100);
-            }
-            file_put_contents($tmpFile, $encodedImage);
+            $image = (new ImageManager)->make($tmpFile);
 
             $this->events->fire(
-                new AvatarWillBeSaved($user, $actor, $tmpFile)
+                new AvatarWillBeSaved($user, $actor, $image)
             );
 
-            $mount = new MountManager([
-                'source' => new Filesystem(new Local(pathinfo($tmpFile, PATHINFO_DIRNAME))),
-                'target' => $this->uploadDir,
-            ]);
-
-            if ($user->avatar_path && $mount->has($file = "target://$user->avatar_path")) {
-                $mount->delete($file);
-            }
-
-            $uploadName = Str::lower(Str::quickRandom()).'.png';
-
-            $user->changeAvatarPath($uploadName);
-
-            $mount->move('source://'.pathinfo($tmpFile, PATHINFO_BASENAME), "target://$uploadName");
+            $this->uploader->upload($user, $image);
 
             $user->save();
-
-            $this->dispatchEventsFor($user, $actor);
-
-            return $user;
-        } catch (Exception $e) {
+        } finally {
             @unlink($tmpFile);
-
-            throw $e;
         }
+
+        return $user;
     }
 }
diff --git a/src/Core/CoreServiceProvider.php b/src/Core/CoreServiceProvider.php
index 551cdcfda..713e5758e 100644
--- a/src/Core/CoreServiceProvider.php
+++ b/src/Core/CoreServiceProvider.php
@@ -49,15 +49,7 @@ class CoreServiceProvider extends AbstractServiceProvider
             return $app->make('Illuminate\Contracts\Filesystem\Factory')->disk('flarum-avatars')->getDriver();
         };
 
-        $this->app->when('Flarum\Core\Command\UploadAvatarHandler')
-            ->needs('League\Flysystem\FilesystemInterface')
-            ->give($avatarsFilesystem);
-
-        $this->app->when('Flarum\Core\Command\DeleteAvatarHandler')
-            ->needs('League\Flysystem\FilesystemInterface')
-            ->give($avatarsFilesystem);
-
-        $this->app->when('Flarum\Core\Command\RegisterUserHandler')
+        $this->app->when('Flarum\Core\AvatarUploader')
             ->needs('League\Flysystem\FilesystemInterface')
             ->give($avatarsFilesystem);
     }
diff --git a/src/Event/AvatarWillBeSaved.php b/src/Event/AvatarWillBeSaved.php
index f4e52bb65..0c52399cc 100644
--- a/src/Event/AvatarWillBeSaved.php
+++ b/src/Event/AvatarWillBeSaved.php
@@ -12,6 +12,7 @@
 namespace Flarum\Event;
 
 use Flarum\Core\User;
+use Intervention\Image\Image;
 
 class AvatarWillBeSaved
 {
@@ -30,21 +31,21 @@ class AvatarWillBeSaved
     public $actor;
 
     /**
-     * The path to the avatar that will be saved.
+     * The image that will be saved.
      *
-     * @var string
+     * @var Image
      */
-    public $path;
+    public $image;
 
     /**
      * @param User $user The user whose avatar will be saved.
      * @param User $actor The user performing the action.
-     * @param string $path The path to the avatar that will be saved.
+     * @param Image $image The image that will be saved.
      */
-    public function __construct(User $user, User $actor, $path)
+    public function __construct(User $user, User $actor, Image $image)
     {
         $this->user = $user;
         $this->actor = $actor;
-        $this->path = $path;
+        $this->image = $image;
     }
 }

From 3b1f8771c49aff952f9988e901fe6b732d131cb6 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 7 Oct 2017 17:51:30 +1030
Subject: [PATCH 18/72] No need to set a remember cookie if only logging in for
 session

---
 src/Forum/Controller/LogInController.php |  4 +++-
 src/Http/Rememberer.php                  | 11 ++++-------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/Forum/Controller/LogInController.php b/src/Forum/Controller/LogInController.php
index f131150f9..8fc2fd879 100644
--- a/src/Forum/Controller/LogInController.php
+++ b/src/Forum/Controller/LogInController.php
@@ -81,7 +81,9 @@ class LogInController implements ControllerInterface
 
             event(new UserLoggedIn($this->users->findOrFail($data->userId), $token));
 
-            $response = $this->rememberer->remember($response, $token, ! array_get($body, 'remember'));
+            if (array_get($body, 'remember')) {
+                $response = $this->rememberer->remember($response, $token);
+            }
         }
 
         return $response;
diff --git a/src/Http/Rememberer.php b/src/Http/Rememberer.php
index d331d796c..697cfe243 100644
--- a/src/Http/Rememberer.php
+++ b/src/Http/Rememberer.php
@@ -24,7 +24,6 @@ class Rememberer
     protected $cookie;
 
     /**
-     * Rememberer constructor.
      * @param CookieFactory $cookie
      */
     public function __construct(CookieFactory $cookie)
@@ -32,18 +31,16 @@ class Rememberer
         $this->cookie = $cookie;
     }
 
-    public function remember(ResponseInterface $response, AccessToken $token, $session = false)
+    public function remember(ResponseInterface $response, AccessToken $token)
     {
         $lifetime = null;
 
-        if (! $session) {
-            $token->lifetime = $lifetime = 5 * 365 * 24 * 60 * 60; // 5 years
-            $token->save();
-        }
+        $token->lifetime = 5 * 365 * 24 * 60 * 60; // 5 years
+        $token->save();
 
         return FigResponseCookies::set(
             $response,
-            $this->cookie->make(self::COOKIE_NAME, $token->id, $lifetime)
+            $this->cookie->make(self::COOKIE_NAME, $token->id, $token->lifetime)
         );
     }
 

From bedf7107683b92d1210b45852b8a3ceb8041e3ad Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 7 Oct 2017 19:17:59 +1030
Subject: [PATCH 19/72] Fix variable

---
 src/Core/Command/RegisterUserHandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Core/Command/RegisterUserHandler.php b/src/Core/Command/RegisterUserHandler.php
index f57492548..809b5b38e 100644
--- a/src/Core/Command/RegisterUserHandler.php
+++ b/src/Core/Command/RegisterUserHandler.php
@@ -128,7 +128,7 @@ class RegisterUserHandler
             try {
                 $image = (new ImageManager)->make($avatarUrl);
 
-                $this->avatarUploader->upload($user, $avatarUrl);
+                $this->avatarUploader->upload($user, $image);
             } catch (Exception $e) {
                 //
             }

From cb92deee982c52ed605b3e30620700849d0d44c2 Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Sat, 7 Oct 2017 11:20:38 +0200
Subject: [PATCH 20/72] Fix namespace imports

---
 src/Core/AvatarUploader.php              | 2 +-
 src/Core/Command/DeleteAvatarHandler.php | 1 -
 src/Core/Command/UploadAvatarHandler.php | 1 -
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Core/AvatarUploader.php b/src/Core/AvatarUploader.php
index 3d7c018e7..394a966e6 100755
--- a/src/Core/AvatarUploader.php
+++ b/src/Core/AvatarUploader.php
@@ -11,9 +11,9 @@
 
 namespace Flarum\Core;
 
+use Illuminate\Support\Str;
 use Intervention\Image\Image;
 use League\Flysystem\FilesystemInterface;
-use Illuminate\Support\Str;
 
 class AvatarUploader
 {
diff --git a/src/Core/Command/DeleteAvatarHandler.php b/src/Core/Command/DeleteAvatarHandler.php
index 2a7cb1638..2e735582d 100644
--- a/src/Core/Command/DeleteAvatarHandler.php
+++ b/src/Core/Command/DeleteAvatarHandler.php
@@ -18,7 +18,6 @@ use Flarum\Core\Repository\UserRepository;
 use Flarum\Core\Support\DispatchEventsTrait;
 use Flarum\Event\AvatarWillBeDeleted;
 use Illuminate\Contracts\Events\Dispatcher;
-use League\Flysystem\FilesystemInterface;
 
 class DeleteAvatarHandler
 {
diff --git a/src/Core/Command/UploadAvatarHandler.php b/src/Core/Command/UploadAvatarHandler.php
index 02e655bd6..0750ff0b7 100644
--- a/src/Core/Command/UploadAvatarHandler.php
+++ b/src/Core/Command/UploadAvatarHandler.php
@@ -11,7 +11,6 @@
 
 namespace Flarum\Core\Command;
 
-use Exception;
 use Flarum\Core\Access\AssertPermissionTrait;
 use Flarum\Core\AvatarUploader;
 use Flarum\Core\Repository\UserRepository;

From 06aa37d2fd0446d62501fc5ac052d7c001462c86 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 7 Oct 2017 20:10:50 +1030
Subject: [PATCH 21/72] Use display names in avatars

---
 js/lib/helpers/avatar.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/lib/helpers/avatar.js b/js/lib/helpers/avatar.js
index c9174c7fb..ef47173b7 100644
--- a/js/lib/helpers/avatar.js
+++ b/js/lib/helpers/avatar.js
@@ -19,7 +19,7 @@ export default function avatar(user, attrs = {}) {
   // uploaded image, or the first letter of their username if they haven't
   // uploaded one.
   if (user) {
-    const username = user.username() || '?';
+    const username = user.displayName() || '?';
     const avatarUrl = user.avatarUrl();
 
     if (hasTitle) attrs.title = attrs.title || username;

From 6a10b4484f2c08ceeaf11c5f880ad12a8b1c3327 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 7 Oct 2017 20:12:15 +1030
Subject: [PATCH 22/72] Recompile JS

---
 js/admin/dist/app.js | 5 +++--
 js/forum/dist/app.js | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/js/admin/dist/app.js b/js/admin/dist/app.js
index 16a08b91b..b8f9c3745 100644
--- a/js/admin/dist/app.js
+++ b/js/admin/dist/app.js
@@ -21364,7 +21364,7 @@ System.register('flarum/helpers/avatar', [], function (_export, _context) {
     // uploaded image, or the first letter of their username if they haven't
     // uploaded one.
     if (user) {
-      var username = user.username() || '?';
+      var username = user.displayName() || '?';
       var avatarUrl = user.avatarUrl();
 
       if (hasTitle) attrs.title = attrs.title || username;
@@ -21614,7 +21614,7 @@ System.register("flarum/helpers/username", [], function (_export, _context) {
   "use strict";
 
   function username(user) {
-    var name = user && user.username() || app.translator.trans('core.lib.username.deleted_text');
+    var name = user && user.displayName() || app.translator.trans('core.lib.username.deleted_text');
 
     return m(
       "span",
@@ -22445,6 +22445,7 @@ System.register('flarum/models/User', ['flarum/Model', 'flarum/utils/stringToCol
 
       babelHelpers.extends(User.prototype, {
         username: Model.attribute('username'),
+        displayName: Model.attribute('displayName'),
         email: Model.attribute('email'),
         isActivated: Model.attribute('isActivated'),
         password: Model.attribute('password'),
diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index fffd65333..8a51d8577 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -28828,7 +28828,7 @@ System.register('flarum/components/UserPage', ['flarum/components/Page', 'flarum
           value: function show(user) {
             this.user = user;
 
-            app.setTitle(user.username());
+            app.setTitle(user.displayName());
 
             m.redraw();
           }
@@ -29286,7 +29286,7 @@ System.register('flarum/helpers/avatar', [], function (_export, _context) {
     // uploaded image, or the first letter of their username if they haven't
     // uploaded one.
     if (user) {
-      var username = user.username() || '?';
+      var username = user.displayName() || '?';
       var avatarUrl = user.avatarUrl();
 
       if (hasTitle) attrs.title = attrs.title || username;

From 5a43f915cbe1c9c3210c559d2db9d5f3857c8ed8 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 7 Oct 2017 20:28:15 +1030
Subject: [PATCH 23/72] Let avatarUrl attribute delete the avatar as well

---
 src/Core/Command/EditUserHandler.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Core/Command/EditUserHandler.php b/src/Core/Command/EditUserHandler.php
index d5d4bae1b..0b366dcec 100644
--- a/src/Core/Command/EditUserHandler.php
+++ b/src/Core/Command/EditUserHandler.php
@@ -168,6 +168,8 @@ class EditUserHandler
             } catch (Exception $e) {
                 //
             }
+        } elseif (array_key_exists('avatarUrl', $attributes)) {
+            $this->avatarUploader->remove($user);
         }
 
         $this->events->fire(

From 42ecee42a196d3e336ae6c0ac5c8a15c33ed51cc Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 8 Oct 2017 08:59:18 +1030
Subject: [PATCH 24/72] Make sure components receive all children properly

---
 js/lib/utils/patchMithril.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/lib/utils/patchMithril.js b/js/lib/utils/patchMithril.js
index 672b2e39e..8935b2e79 100644
--- a/js/lib/utils/patchMithril.js
+++ b/js/lib/utils/patchMithril.js
@@ -5,7 +5,7 @@ export default function patchMithril(global) {
 
   const m = function(comp, ...args) {
     if (comp.prototype && comp.prototype instanceof Component) {
-      return comp.component(...args);
+      return comp.component(args[0], args.slice(1));
     }
 
     const node = mo.apply(this, arguments);

From f3b4d3558794b512a9afa87ace759c73eaa34ac4 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 8 Oct 2017 08:59:54 +1030
Subject: [PATCH 25/72] Fix extractText breaking in some cases

---
 js/lib/utils/extractText.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/lib/utils/extractText.js b/js/lib/utils/extractText.js
index faa6bd048..13d55862e 100644
--- a/js/lib/utils/extractText.js
+++ b/js/lib/utils/extractText.js
@@ -7,7 +7,7 @@
 export default function extractText(vdom) {
   if (vdom instanceof Array) {
     return vdom.map(element => extractText(element)).join('');
-  } else if (typeof vdom === 'object') {
+  } else if (typeof vdom === 'object' && vdom !== null) {
     return extractText(vdom.children);
   } else {
     return vdom;

From 123c8bb73d4ad2c9894622f9a99a0b2fb9c7abe0 Mon Sep 17 00:00:00 2001
From: Joseph <josephle@me.com>
Date: Sun, 22 Oct 2017 13:37:08 -0700
Subject: [PATCH 26/72] Add drag and drop avatar uploading

---
 js/forum/src/components/AvatarEditor.js | 100 +++++++++++++++++++-----
 less/forum/AvatarEditor.less            |   5 +-
 2 files changed, 83 insertions(+), 22 deletions(-)

diff --git a/js/forum/src/components/AvatarEditor.js b/js/forum/src/components/AvatarEditor.js
index 8d7f6c525..869904b33 100644
--- a/js/forum/src/components/AvatarEditor.js
+++ b/js/forum/src/components/AvatarEditor.js
@@ -23,6 +23,13 @@ export default class AvatarEditor extends Component {
      * @type {Boolean}
      */
     this.loading = false;
+
+    /**
+     * Whether or not an image has been dragged over the dropzone.
+     *
+     * @type {Boolean}
+     */
+    this.isDraggedOver = false;
   }
 
   static initProps(props) {
@@ -35,12 +42,17 @@ export default class AvatarEditor extends Component {
     const user = this.props.user;
 
     return (
-      <div className={'AvatarEditor Dropdown ' + this.props.className + (this.loading ? ' loading' : '')}>
+      <div className={'AvatarEditor Dropdown ' + this.props.className + (this.loading ? ' loading' : '') + (this.isDraggedOver ? ' dragover' : '')}>
         {avatar(user)}
         <a className={ user.avatarUrl() ? "Dropdown-toggle" : "Dropdown-toggle AvatarEditor--noAvatar" }
           title={app.translator.trans('core.forum.user.avatar_upload_tooltip')}
           data-toggle="dropdown"
-          onclick={this.quickUpload.bind(this)}>
+          onclick={this.quickUpload.bind(this)}
+          ondragover={this.enableDragover.bind(this)}
+          ondragenter={this.enableDragover.bind(this)}
+          ondragleave={this.disableDragover.bind(this)}
+          ondragend={this.disableDragover.bind(this)}
+          ondrop={this.dropUpload.bind(this)}>
           {this.loading ? LoadingIndicator.component() : (user.avatarUrl() ? icon('pencil') : icon('plus-circle'))}
         </a>
         <ul className="Dropdown-menu Menu">
@@ -62,7 +74,7 @@ export default class AvatarEditor extends Component {
       Button.component({
         icon: 'upload',
         children: app.translator.trans('core.forum.user.avatar_upload_button'),
-        onclick: this.upload.bind(this)
+        onclick: this.openPicker.bind(this)
       })
     );
 
@@ -77,6 +89,40 @@ export default class AvatarEditor extends Component {
     return items;
   }
 
+  /**
+   * Enable dragover style
+   *
+   * @param {Event} e
+   */
+  enableDragover(e) {
+    e.preventDefault();
+    e.stopPropagation();
+    this.isDraggedOver = true;
+  }
+
+  /**
+   * Disable dragover style
+   *
+   * @param {Event} e
+   */
+  disableDragover(e) {
+    e.preventDefault();
+    e.stopPropagation();
+    this.isDraggedOver = false;
+  }
+
+  /**
+   * Upload avatar when file is dropped into dropzone.
+   *
+   * @param {Event} e
+   */
+  dropUpload(e) {
+    e.preventDefault();
+    e.stopPropagation();
+    this.isDraggedOver = false;
+    this.upload(e.dataTransfer.files[0]);
+  }
+
   /**
    * If the user doesn't have an avatar, there's no point in showing the
    * controls dropdown, because only one option would be viable: uploading.
@@ -89,14 +135,14 @@ export default class AvatarEditor extends Component {
     if (!this.props.user.avatarUrl()) {
       e.preventDefault();
       e.stopPropagation();
-      this.upload();
+      this.openPicker();
     }
   }
 
   /**
-   * Prompt the user to upload a new avatar.
+   * Upload avatar using file picker
    */
-  upload() {
+  openPicker() {
     if (this.loading) return;
 
     // Create a hidden HTML input element and click on it so the user can select
@@ -105,24 +151,36 @@ export default class AvatarEditor extends Component {
     const $input = $('<input type="file">');
 
     $input.appendTo('body').hide().click().on('change', e => {
-      const data = new FormData();
-      data.append('avatar', $(e.target)[0].files[0]);
-
-      this.loading = true;
-      m.redraw();
-
-      app.request({
-        method: 'POST',
-        url: app.forum.attribute('apiUrl') + '/users/' + user.id() + '/avatar',
-        serialize: raw => raw,
-        data
-      }).then(
-        this.success.bind(this),
-        this.failure.bind(this)
-      );
+      this.upload($(e.target)[0].files[0]);
     });
   }
 
+  /**
+   * Upload avatar
+   *
+   * @param {File} file
+   */
+  upload(file) {
+    if (this.loading) return;
+
+    const user = this.props.user;
+    const data = new FormData();
+    data.append('avatar', file);
+
+    this.loading = true;
+    m.redraw();
+
+    app.request({
+      method: 'POST',
+      url: app.forum.attribute('apiUrl') + '/users/' + user.id() + '/avatar',
+      serialize: raw => raw,
+      data
+    }).then(
+      this.success.bind(this),
+      this.failure.bind(this)
+    );
+  }
+
   /**
    * Remove the user's avatar.
    */
diff --git a/less/forum/AvatarEditor.less b/less/forum/AvatarEditor.less
index 72fc55eda..7f6dc7a9b 100644
--- a/less/forum/AvatarEditor.less
+++ b/less/forum/AvatarEditor.less
@@ -17,7 +17,10 @@
   .AvatarEditor--noAvatar {
     opacity: 0.7;
   }
-  &:hover .Dropdown-toggle, &.open .Dropdown-toggle, &.loading .Dropdown-toggle {
+  &:hover .Dropdown-toggle,
+  &.open .Dropdown-toggle,
+  &.loading .Dropdown-toggle,
+  &.dragover .Dropdown-toggle {
     opacity: 1;
   }
   .LoadingIndicator {

From 2754a8c8671a404a3d69bc80cf45d7e99559052c Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 25 Oct 2017 12:36:09 +1030
Subject: [PATCH 27/72] Add LESS variable to configure expansion of sideNav
 dropdowns

---
 less/lib/sideNav.less   | 71 ++++++++++++++++++++++-------------------
 less/lib/variables.less |  2 ++
 2 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/less/lib/sideNav.less b/less/lib/sideNav.less
index ebc1caee2..13383a41b 100755
--- a/less/lib/sideNav.less
+++ b/less/lib/sideNav.less
@@ -9,7 +9,7 @@
 // control; the new discussion button is the primary-control. On anything
 // larger than a phone, however, we need to affix the sidebar and expand the
 // .dropdown-select into a plain list.
-@media @tablet-up {
+@media @expand-side-nav {
   .sideNav {
     // Expand the dropdown-select component into a normal nav list.
     & .Dropdown--select {
@@ -48,45 +48,50 @@
   }
 }
 
-.sideNav--horizontal {
-  padding: 15px 0;
-  white-space: nowrap;
-  overflow: auto;
-  -webkit-overflow-scrolling: touch;
+.sideNav--horizontal {}
 
-  &:after {
-    content: " ";
-    position: absolute;
-    left: 0;
-    right: 0;
-    margin-top: 15px;
-    border-bottom: 1px solid @control-bg;
-  }
+@media @expand-side-nav {
+  .sideNav--horizontal {
+    padding: 15px 0;
+    white-space: nowrap;
+    overflow: auto;
+    -webkit-overflow-scrolling: touch;
 
-  > ul > li, .Dropdown-menu > li {
-    display: inline-block;
-    margin: 0 20px 0 0;
-    vertical-align: top;
-  }
-  .Dropdown-separator {
-    display: none;
-  }
+    &:after {
+      content: " ";
+      position: absolute;
+      left: 0;
+      right: 0;
+      margin-top: 15px;
+      border-bottom: 1px solid @control-bg;
+    }
 
-  .Dropdown--select .Dropdown-menu > li > a {
-    padding-left: 25px;
+    > ul > li, .Dropdown-menu > li {
+      display: inline-block;
+      margin: 0 20px 0 0;
+      vertical-align: top;
+    }
+    .Dropdown-separator {
+      display: none;
+    }
 
-    .icon {
-      margin-left: -25px;
+    .Dropdown--select .Dropdown-menu > li > a {
+      padding-left: 25px;
+
+      .icon {
+        margin-left: -25px;
+      }
+    }
+
+    .affix {
+      position: static;
     }
   }
 
-  .affix {
-    position: static;
-  }
-}
-@media @tablet {
-  .sideNav {
-    .sideNav--horizontal();
+  @media @tablet {
+    .sideNav {
+      .sideNav--horizontal();
+    }
   }
 }
 
diff --git a/less/lib/variables.less b/less/lib/variables.less
index 501e52372..bc2ba5f32 100755
--- a/less/lib/variables.less
+++ b/less/lib/variables.less
@@ -110,6 +110,8 @@
 @zindex-alerts:                    1060;
 @zindex-tooltip:                   1070;
 
+@expand-side-nav:                  @tablet-up;
+
 // ---------------------------------
 // BREAKPOINTS
 

From 40ebc13292b64271418aa3d5683d0927e6db778e Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 25 Oct 2017 13:40:57 +1030
Subject: [PATCH 28/72] Only apply custom CSS and header HTML on forum, not
 admin

---
 src/Forum/WebApp.php               | 4 ++++
 src/Http/WebApp/AbstractWebApp.php | 4 ----
 views/admin.blade.php              | 2 --
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/Forum/WebApp.php b/src/Forum/WebApp.php
index 310532922..eecfbee44 100644
--- a/src/Forum/WebApp.php
+++ b/src/Forum/WebApp.php
@@ -51,6 +51,10 @@ class WebApp extends AbstractWebApp
             return $this->formatter->getJs();
         });
 
+        $view->getCss()->addString(function () {
+            return $this->settings->get('custom_less');
+        });
+
         return $view;
     }
 
diff --git a/src/Http/WebApp/AbstractWebApp.php b/src/Http/WebApp/AbstractWebApp.php
index 0e2bc24aa..e20ec3cac 100644
--- a/src/Http/WebApp/AbstractWebApp.php
+++ b/src/Http/WebApp/AbstractWebApp.php
@@ -131,10 +131,6 @@ abstract class AbstractWebApp
 
         $css->addString($lessVariables);
         $localeCss->addString($lessVariables);
-
-        $css->addString(function () {
-            return $this->settings->get('custom_less');
-        });
     }
 
     /**
diff --git a/views/admin.blade.php b/views/admin.blade.php
index 80a0856a8..47275da32 100644
--- a/views/admin.blade.php
+++ b/views/admin.blade.php
@@ -1,5 +1,3 @@
-{!! array_get($forum, 'attributes.headerHtml') !!}
-
 <div id="app" class="App">
 
   <div id="app-navigation" class="App-navigation"></div>

From eeed7c20e142ee74236de207c40270c7a52a9581 Mon Sep 17 00:00:00 2001
From: Mark <markvapps@gmail.com>
Date: Mon, 30 Oct 2017 02:54:02 +1030
Subject: [PATCH 29/72] Fix blurry chrome image rendering for Avatar / Logo -
 closes #1259 (#1276)

* Fix blurry chrome image rendering for Avatar / Logo - closes #1259

* Add comments for Chrome css fix
---
 less/lib/App.less    | 2 ++
 less/lib/Avatar.less | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/less/lib/App.less b/less/lib/App.less
index c8af74833..0ee490ba5 100755
--- a/less/lib/App.less
+++ b/less/lib/App.less
@@ -171,6 +171,8 @@
 .Header-logo {
   max-height: 30px;
   vertical-align: middle;
+  // Prevent blurriness in Chrome
+  image-rendering: -webkit-optimize-contrast;
 }
 
 // On phones, the header is displayed inside of the drawer. We lay its
diff --git a/less/lib/Avatar.less b/less/lib/Avatar.less
index 5fe5054c8..b65e014c8 100755
--- a/less/lib/Avatar.less
+++ b/less/lib/Avatar.less
@@ -14,6 +14,8 @@
     height: 100%;
     border-radius: 100%;
     vertical-align: top;
+    // Prevent blurriness in Chrome
+    image-rendering: -webkit-optimize-contrast;
   }
 }
 

From 1b7cb3bec2e5f413e9c22d20d5a848c5c640cbe1 Mon Sep 17 00:00:00 2001
From: Lukas <LukBukkit@users.noreply.github.com>
Date: Thu, 2 Nov 2017 00:51:31 +0100
Subject: [PATCH 30/72] The CookieFactory now also works if no configuration
 exists (#1258)

* Returning the $default value if there's no config

This is especially important for the CookieFactory which accesses
the configuration before the application is installed

* Injecting the configuration values into the CookieFactory
---
 src/Foundation/Application.php |  2 +-
 src/Http/CookieFactory.php     | 52 +++++++++++++++++++++++++---------
 2 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/src/Foundation/Application.php b/src/Foundation/Application.php
index a432bdbb8..b3edee9fe 100644
--- a/src/Foundation/Application.php
+++ b/src/Foundation/Application.php
@@ -143,7 +143,7 @@ class Application extends Container implements ApplicationContract
      */
     public function config($key, $default = null)
     {
-        return array_get($this->make('flarum.config'), $key, $default);
+        return $this->isInstalled() ? array_get($this->make('flarum.config'), $key, $default) : $default;
     }
 
     /**
diff --git a/src/Http/CookieFactory.php b/src/Http/CookieFactory.php
index aacaff7f5..0ddb3de4c 100644
--- a/src/Http/CookieFactory.php
+++ b/src/Http/CookieFactory.php
@@ -17,16 +17,46 @@ use Flarum\Foundation\Application;
 class CookieFactory
 {
     /**
-     * @var Application
+     * The prefix for the cookie names.
+     *
+     * @var string
      */
-    protected $app;
+    protected $prefix;
+
+    /**
+     * A path scope for the cookies.
+     *
+     * @var string
+     */
+    protected $path;
+
+    /**
+     * A domain scope for the cookies.
+     *
+     * @var string
+     */
+    protected $domain;
+
+    /**
+     * Whether the cookie(s) can be requested only over HTTPS.
+     *
+     * @var bool
+     */
+    protected $secure;
 
     /**
      * @param Application $app
      */
     public function __construct(Application $app)
     {
-        $this->app = $app;
+        // Parse the forum's base URL so that we can determine the optimal cookie settings
+        $url = parse_url(rtrim($app->url(), '/'));
+
+        // Get the cookie settings from the config or use the default values
+        $this->prefix = $app->config('cookie.name', 'flarum');
+        $this->path = $app->config('cookie.path', array_get($url, 'path') ?: '/');
+        $this->domain = $app->config('cookie.domain');
+        $this->secure = $app->config('cookie.secure', array_get($url, 'scheme') === 'https');
     }
 
     /**
@@ -42,9 +72,6 @@ class CookieFactory
      */
     public function make($name, $value = null, $maxAge = null)
     {
-        // Parse the forum's base URL so that we can determine the optimal cookie settings
-        $url = parse_url(rtrim($this->app->url(), '/'));
-
         $cookie = SetCookie::create($this->getName($name), $value);
 
         // Make sure we send both the MaxAge and Expires parameters (the former
@@ -55,16 +82,13 @@ class CookieFactory
                 ->withExpires(time() + $maxAge);
         }
 
-        if ($domain = $this->app->config('cookie.domain')) {
-            $cookie = $cookie->withDomain($domain);
+        if ($this->domain != null) {
+            $cookie = $cookie->withDomain($this->domain);
         }
 
-        $path = $this->app->config('cookie.path', array_get($url, 'path') ?: '/');
-        $secure = $this->app->config('cookie.secure', array_get($url, 'scheme') === 'https');
-
         return $cookie
-            ->withPath($path)
-            ->withSecure($secure)
+            ->withPath($this->path)
+            ->withSecure($this->secure)
             ->withHttpOnly(true);
     }
 
@@ -87,6 +111,6 @@ class CookieFactory
      */
     public function getName($name)
     {
-        return $this->app->config('cookie.name', 'flarum').'_'.$name;
+        return $this->prefix.'_'.$name;
     }
 }

From 914b94b62d7316498b45d3a684a04ad502e2d053 Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Thu, 2 Nov 2017 01:12:49 +0100
Subject: [PATCH 31/72] Remove user bio feature (#1214)

The feature is very limited in scope, and we hope for community
extensions to take over this feature and make it much better.
---
 js/admin/dist/app.js                  |   4 -
 js/forum/dist/app.js                  | 148 +-------------------------
 js/forum/src/components/UserBio.js    | 104 ------------------
 js/forum/src/components/UserCard.js   |   8 --
 js/lib/models/User.js                 |   2 -
 less/forum/UserCard.less              |  31 ------
 src/Api/Serializer/UserSerializer.php |   1 -
 src/Core/Command/EditUserHandler.php  |   8 --
 src/Core/User.php                     |  17 ---
 src/Event/UserBioWasChanged.php       |  37 -------
 10 files changed, 2 insertions(+), 358 deletions(-)
 delete mode 100644 js/forum/src/components/UserBio.js
 delete mode 100644 src/Event/UserBioWasChanged.php

diff --git a/js/admin/dist/app.js b/js/admin/dist/app.js
index b8f9c3745..4a38b31f5 100644
--- a/js/admin/dist/app.js
+++ b/js/admin/dist/app.js
@@ -22451,10 +22451,6 @@ System.register('flarum/models/User', ['flarum/Model', 'flarum/utils/stringToCol
         password: Model.attribute('password'),
 
         avatarUrl: Model.attribute('avatarUrl'),
-        bio: Model.attribute('bio'),
-        bioHtml: computed('bio', function (bio) {
-          return bio ? '<p>' + $('<div/>').text(bio).html().replace(/\n/g, '<br>').autoLink({ rel: 'nofollow' }) + '</p>' : '';
-        }),
         preferences: Model.attribute('preferences'),
         groups: Model.hasMany('groups'),
 
diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index 8a51d8577..efc6992d7 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -28478,143 +28478,10 @@ System.register('flarum/components/TextEditor', ['flarum/Component', 'flarum/uti
 });;
 'use strict';
 
-System.register('flarum/components/UserBio', ['flarum/Component', 'flarum/components/LoadingIndicator', 'flarum/utils/classList', 'flarum/utils/extractText'], function (_export, _context) {
+System.register('flarum/components/UserCard', ['flarum/Component', 'flarum/utils/humanTime', 'flarum/utils/ItemList', 'flarum/utils/UserControls', 'flarum/helpers/avatar', 'flarum/helpers/username', 'flarum/helpers/icon', 'flarum/components/Dropdown', 'flarum/components/AvatarEditor', 'flarum/helpers/listItems'], function (_export, _context) {
   "use strict";
 
-  var Component, LoadingIndicator, classList, extractText, UserBio;
-  return {
-    setters: [function (_flarumComponent) {
-      Component = _flarumComponent.default;
-    }, function (_flarumComponentsLoadingIndicator) {
-      LoadingIndicator = _flarumComponentsLoadingIndicator.default;
-    }, function (_flarumUtilsClassList) {
-      classList = _flarumUtilsClassList.default;
-    }, function (_flarumUtilsExtractText) {
-      extractText = _flarumUtilsExtractText.default;
-    }],
-    execute: function () {
-      UserBio = function (_Component) {
-        babelHelpers.inherits(UserBio, _Component);
-
-        function UserBio() {
-          babelHelpers.classCallCheck(this, UserBio);
-          return babelHelpers.possibleConstructorReturn(this, (UserBio.__proto__ || Object.getPrototypeOf(UserBio)).apply(this, arguments));
-        }
-
-        babelHelpers.createClass(UserBio, [{
-          key: 'init',
-          value: function init() {
-            /**
-             * Whether or not the bio is currently being edited.
-             *
-             * @type {Boolean}
-             */
-            this.editing = false;
-
-            /**
-             * Whether or not the bio is currently being saved.
-             *
-             * @type {Boolean}
-             */
-            this.loading = false;
-          }
-        }, {
-          key: 'view',
-          value: function view() {
-            var user = this.props.user;
-            var content = void 0;
-
-            if (this.editing) {
-              content = m('textarea', { className: 'FormControl', placeholder: extractText(app.translator.trans('core.forum.user.bio_placeholder')), rows: '3', value: user.bio() });
-            } else {
-              var subContent = void 0;
-
-              if (this.loading) {
-                subContent = m(
-                  'p',
-                  { className: 'UserBio-placeholder' },
-                  LoadingIndicator.component({ size: 'tiny' })
-                );
-              } else {
-                var bioHtml = user.bioHtml();
-
-                if (bioHtml) {
-                  subContent = m.trust(bioHtml);
-                } else if (this.props.editable) {
-                  subContent = m(
-                    'p',
-                    { className: 'UserBio-placeholder' },
-                    app.translator.trans('core.forum.user.bio_placeholder')
-                  );
-                }
-              }
-
-              content = m(
-                'div',
-                { className: 'UserBio-content', onclick: this.edit.bind(this) },
-                subContent
-              );
-            }
-
-            return m(
-              'div',
-              { className: 'UserBio ' + classList({
-                  editable: this.props.editable,
-                  editing: this.editing
-                }) },
-              content
-            );
-          }
-        }, {
-          key: 'edit',
-          value: function edit() {
-            if (!this.props.editable) return;
-
-            this.editing = true;
-            m.redraw();
-
-            var bio = this;
-            var save = function save(e) {
-              if (e.shiftKey) return;
-              e.preventDefault();
-              bio.save($(this).val());
-            };
-
-            this.$('textarea').focus().bind('blur', save).bind('keydown', 'return', save);
-          }
-        }, {
-          key: 'save',
-          value: function save(value) {
-            var _this2 = this;
-
-            var user = this.props.user;
-
-            if (user.bio() !== value) {
-              this.loading = true;
-
-              user.save({ bio: value }).catch(function () {}).then(function () {
-                _this2.loading = false;
-                m.redraw();
-              });
-            }
-
-            this.editing = false;
-            m.redraw();
-          }
-        }]);
-        return UserBio;
-      }(Component);
-
-      _export('default', UserBio);
-    }
-  };
-});;
-'use strict';
-
-System.register('flarum/components/UserCard', ['flarum/Component', 'flarum/utils/humanTime', 'flarum/utils/ItemList', 'flarum/utils/UserControls', 'flarum/helpers/avatar', 'flarum/helpers/username', 'flarum/helpers/icon', 'flarum/components/Dropdown', 'flarum/components/UserBio', 'flarum/components/AvatarEditor', 'flarum/helpers/listItems'], function (_export, _context) {
-  "use strict";
-
-  var Component, humanTime, ItemList, UserControls, avatar, username, icon, Dropdown, UserBio, AvatarEditor, listItems, UserCard;
+  var Component, humanTime, ItemList, UserControls, avatar, username, icon, Dropdown, AvatarEditor, listItems, UserCard;
   return {
     setters: [function (_flarumComponent) {
       Component = _flarumComponent.default;
@@ -28632,8 +28499,6 @@ System.register('flarum/components/UserCard', ['flarum/Component', 'flarum/utils
       icon = _flarumHelpersIcon.default;
     }, function (_flarumComponentsDropdown) {
       Dropdown = _flarumComponentsDropdown.default;
-    }, function (_flarumComponentsUserBio) {
-      UserBio = _flarumComponentsUserBio.default;
     }, function (_flarumComponentsAvatarEditor) {
       AvatarEditor = _flarumComponentsAvatarEditor.default;
     }, function (_flarumHelpersListItems) {
@@ -28713,11 +28578,6 @@ System.register('flarum/components/UserCard', ['flarum/Component', 'flarum/utils
             var user = this.props.user;
             var lastSeenTime = user.lastSeenTime();
 
-            items.add('bio', UserBio.component({
-              user: user,
-              editable: this.props.editable
-            }));
-
             if (lastSeenTime) {
               var online = user.isOnline();
 
@@ -30541,10 +30401,6 @@ System.register('flarum/models/User', ['flarum/Model', 'flarum/utils/stringToCol
         password: Model.attribute('password'),
 
         avatarUrl: Model.attribute('avatarUrl'),
-        bio: Model.attribute('bio'),
-        bioHtml: computed('bio', function (bio) {
-          return bio ? '<p>' + $('<div/>').text(bio).html().replace(/\n/g, '<br>').autoLink({ rel: 'nofollow' }) + '</p>' : '';
-        }),
         preferences: Model.attribute('preferences'),
         groups: Model.hasMany('groups'),
 
diff --git a/js/forum/src/components/UserBio.js b/js/forum/src/components/UserBio.js
deleted file mode 100644
index 41795a05f..000000000
--- a/js/forum/src/components/UserBio.js
+++ /dev/null
@@ -1,104 +0,0 @@
-import Component from 'flarum/Component';
-import LoadingIndicator from 'flarum/components/LoadingIndicator';
-import classList from 'flarum/utils/classList';
-import extractText from 'flarum/utils/extractText';
-
-/**
- * The `UserBio` component displays a user's bio, optionally letting the user
- * edit it.
- */
-export default class UserBio extends Component {
-  init() {
-    /**
-     * Whether or not the bio is currently being edited.
-     *
-     * @type {Boolean}
-     */
-    this.editing = false;
-
-    /**
-     * Whether or not the bio is currently being saved.
-     *
-     * @type {Boolean}
-     */
-    this.loading = false;
-  }
-
-  view() {
-    const user = this.props.user;
-    let content;
-
-    if (this.editing) {
-      content = <textarea className="FormControl" placeholder={extractText(app.translator.trans('core.forum.user.bio_placeholder'))} rows="3" value={user.bio()}/>;
-    } else {
-      let subContent;
-
-      if (this.loading) {
-        subContent = <p className="UserBio-placeholder">{LoadingIndicator.component({size: 'tiny'})}</p>;
-      } else {
-        const bioHtml = user.bioHtml();
-
-        if (bioHtml) {
-          subContent = m.trust(bioHtml);
-        } else if (this.props.editable) {
-          subContent = <p className="UserBio-placeholder">{app.translator.trans('core.forum.user.bio_placeholder')}</p>;
-        }
-      }
-
-      content = <div className="UserBio-content" onclick={this.edit.bind(this)}>{subContent}</div>;
-    }
-
-    return (
-      <div className={'UserBio ' + classList({
-          editable: this.props.editable,
-          editing: this.editing
-        })}>
-        {content}
-      </div>
-    );
-  }
-
-  /**
-   * Edit the bio.
-   */
-  edit() {
-    if (!this.props.editable) return;
-
-    this.editing = true;
-    m.redraw();
-
-    const bio = this;
-    const save = function(e) {
-      if (e.shiftKey) return;
-      e.preventDefault();
-      bio.save($(this).val());
-    };
-
-    this.$('textarea').focus()
-      .bind('blur', save)
-      .bind('keydown', 'return', save);
-  }
-
-  /**
-   * Save the bio.
-   *
-   * @param {String} value
-   */
-  save(value) {
-    const user = this.props.user;
-
-    if (user.bio() !== value) {
-      this.loading = true;
-
-      user.save({bio: value})
-        .catch(() => {})
-        .then(() => {
-          this.loading = false;
-          m.redraw();
-        });
-    }
-
-    this.editing = false;
-    m.redraw();
-  }
-}
diff --git a/js/forum/src/components/UserCard.js b/js/forum/src/components/UserCard.js
index 6b9fec29c..94c116a44 100644
--- a/js/forum/src/components/UserCard.js
+++ b/js/forum/src/components/UserCard.js
@@ -6,7 +6,6 @@ import avatar from 'flarum/helpers/avatar';
 import username from 'flarum/helpers/username';
 import icon from 'flarum/helpers/icon';
 import Dropdown from 'flarum/components/Dropdown';
-import UserBio from 'flarum/components/UserBio';
 import AvatarEditor from 'flarum/components/AvatarEditor';
 import listItems from 'flarum/helpers/listItems';
 
@@ -82,13 +81,6 @@ export default class UserCard extends Component {
     const user = this.props.user;
     const lastSeenTime = user.lastSeenTime();
 
-    items.add('bio',
-      UserBio.component({
-        user,
-        editable: this.props.editable
-      })
-    );
-
     if (lastSeenTime) {
       const online = user.isOnline();
 
diff --git a/js/lib/models/User.js b/js/lib/models/User.js
index 07d5aaf1b..e81e1ebcb 100644
--- a/js/lib/models/User.js
+++ b/js/lib/models/User.js
@@ -16,8 +16,6 @@ Object.assign(User.prototype, {
   password: Model.attribute('password'),
 
   avatarUrl: Model.attribute('avatarUrl'),
-  bio: Model.attribute('bio'),
-  bioHtml: computed('bio', bio => bio ? '<p>' + $('<div/>').text(bio).html().replace(/\n/g, '<br>').autoLink({rel: 'nofollow'}) + '</p>' : ''),
   preferences: Model.attribute('preferences'),
   groups: Model.hasMany('groups'),
 
diff --git a/less/forum/UserCard.less b/less/forum/UserCard.less
index 731ea28c2..8c9caa50b 100644
--- a/less/forum/UserCard.less
+++ b/less/forum/UserCard.less
@@ -90,37 +90,6 @@
     display: inline-block;
     margin-right: 15px;
   }
-  .item-bio {
-    display: block;
-    margin: 0;
-  }
-}
-.UserBio {
-  margin: -10px -10px 10px;
-  border: 1px dashed transparent;
-  border-radius: @border-radius;
-
-  &.editable:not(.editing) {
-    cursor: text;
-
-    &:hover {
-      border-color: rgba(255, 255, 255, 0.2);
-    }
-  }
-  &, textarea {
-    font-size: 14px;
-  }
-  textarea {
-    padding: 10px;
-    font-size: 14px;
-    resize: none;
-  }
-}
-.UserBio-content {
-  padding: 10px 10px 1px;
-}
-.UserBio-placeholder {
-  opacity: 0.3;
 }
 .UserCard-lastSeen {
   & .icon {
diff --git a/src/Api/Serializer/UserSerializer.php b/src/Api/Serializer/UserSerializer.php
index 5db640678..0a289284c 100644
--- a/src/Api/Serializer/UserSerializer.php
+++ b/src/Api/Serializer/UserSerializer.php
@@ -40,7 +40,6 @@ class UserSerializer extends UserBasicSerializer
         $canEdit = $gate->allows('edit', $user);
 
         $attributes += [
-            'bio'              => $user->bio,
             'joinTime'         => $this->formatDate($user->join_time),
             'discussionsCount' => (int) $user->discussions_count,
             'commentsCount'    => (int) $user->comments_count,
diff --git a/src/Core/Command/EditUserHandler.php b/src/Core/Command/EditUserHandler.php
index 0b366dcec..7b336ae93 100644
--- a/src/Core/Command/EditUserHandler.php
+++ b/src/Core/Command/EditUserHandler.php
@@ -114,14 +114,6 @@ class EditUserHandler
             $validate['password'] = $attributes['password'];
         }
 
-        if (isset($attributes['bio'])) {
-            if (! $isSelf) {
-                $this->assertPermission($canEdit);
-            }
-
-            $user->changeBio($attributes['bio']);
-        }
-
         if (! empty($attributes['readTime'])) {
             $this->assertPermission($isSelf);
             $user->markAllAsRead();
diff --git a/src/Core/User.php b/src/Core/User.php
index e8325b0e5..13f57e728 100755
--- a/src/Core/User.php
+++ b/src/Core/User.php
@@ -22,7 +22,6 @@ use Flarum\Event\GetDisplayName;
 use Flarum\Event\PostWasDeleted;
 use Flarum\Event\PrepareUserGroups;
 use Flarum\Event\UserAvatarWasChanged;
-use Flarum\Event\UserBioWasChanged;
 use Flarum\Event\UserEmailChangeWasRequested;
 use Flarum\Event\UserEmailWasChanged;
 use Flarum\Event\UserPasswordWasChanged;
@@ -42,7 +41,6 @@ use Symfony\Component\HttpFoundation\Session\SessionInterface;
  * @property bool $is_activated
  * @property string $password
  * @property string $locale
- * @property string $bio
  * @property string|null $avatar_path
  * @property string $avatar_url
  * @property array $preferences
@@ -263,21 +261,6 @@ class User extends AbstractModel
         $this->attributes['password'] = $value ? static::$hasher->make($value) : '';
     }
 
-    /**
-     * Change the user's bio.
-     *
-     * @param string $bio
-     * @return $this
-     */
-    public function changeBio($bio)
-    {
-        $this->bio = $bio;
-
-        $this->raise(new UserBioWasChanged($this));
-
-        return $this;
-    }
-
     /**
      * Mark all discussions as read.
      *
diff --git a/src/Event/UserBioWasChanged.php b/src/Event/UserBioWasChanged.php
deleted file mode 100644
index dfde182b0..000000000
--- a/src/Event/UserBioWasChanged.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Event;
-
-use Flarum\Core\User;
-
-class UserBioWasChanged
-{
-    /**
-     * @var User
-     */
-    public $user;
-
-    /**
-     * @var User
-     */
-    public $actor;
-
-    /**
-     * @param User $user
-     * @param User $actor
-     */
-    public function __construct(User $user, User $actor = null)
-    {
-        $this->user = $user;
-        $this->actor = $actor;
-    }
-}

From 1a928ca0abaf83b8d5e8065227f29f745caae95d Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:12:26 +1030
Subject: [PATCH 32/72] Fix admin navigation not rendering

Not sure why this started happening now, but the admin navigation
dropdown wasn't receiving its children properly. This commit fixes a
flaw in our Mithril patch and allows an array of children to be passed
in the normal JSX way, rather than as an attribute.
---
 js/admin/src/components/AdminNav.js | 6 +++---
 js/lib/utils/patchMithril.js        | 7 ++++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/js/admin/src/components/AdminNav.js b/js/admin/src/components/AdminNav.js
index 64c6d547c..5384e2bc7 100644
--- a/js/admin/src/components/AdminNav.js
+++ b/js/admin/src/components/AdminNav.js
@@ -18,9 +18,9 @@ export default class AdminNav extends Component {
     return (
       <SelectDropdown
         className="AdminNav App-titleControl"
-        buttonClassName="Button"
-        children={this.items().toArray()}
-        />
+        buttonClassName="Button">
+        {this.items().toArray()}
+      </SelectDropdown>
     );
   }
 
diff --git a/js/lib/utils/patchMithril.js b/js/lib/utils/patchMithril.js
index 8935b2e79..3b88e1035 100644
--- a/js/lib/utils/patchMithril.js
+++ b/js/lib/utils/patchMithril.js
@@ -5,7 +5,12 @@ export default function patchMithril(global) {
 
   const m = function(comp, ...args) {
     if (comp.prototype && comp.prototype instanceof Component) {
-      return comp.component(args[0], args.slice(1));
+      let children = args.slice(1);
+      if (children.length === 1 && Array.isArray(children[0])) {
+        children = children[0]
+      }
+
+      return comp.component(args[0], children);
     }
 
     const node = mo.apply(this, arguments);

From 257ee936f44f026baf74e0b879e661d70828ef9f Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:17:15 +1030
Subject: [PATCH 33/72] Revert color to text input type

#1074 changed the input type for these fields to "color", but it turns
out the browser support for this input type sucks (they give you a very
limited color picker, and make it hard to input hex codes).
---
 js/admin/dist/app.js                      | 29 ++++++++++++++++-------
 js/admin/src/components/AppearancePage.js |  4 ++--
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/js/admin/dist/app.js b/js/admin/dist/app.js
index 4a38b31f5..bacc3fc03 100644
--- a/js/admin/dist/app.js
+++ b/js/admin/dist/app.js
@@ -17536,11 +17536,13 @@ System.register('flarum/components/AdminNav', ['flarum/Component', 'flarum/compo
         babelHelpers.createClass(AdminNav, [{
           key: 'view',
           value: function view() {
-            return m(SelectDropdown, {
-              className: 'AdminNav App-titleControl',
-              buttonClassName: 'Button',
-              children: this.items().toArray()
-            });
+            return m(
+              SelectDropdown,
+              {
+                className: 'AdminNav App-titleControl',
+                buttonClassName: 'Button' },
+              this.items().toArray()
+            );
           }
         }, {
           key: 'items',
@@ -17832,8 +17834,8 @@ System.register('flarum/components/AppearancePage', ['flarum/components/Page', '
                     m(
                       'div',
                       { className: 'AppearancePage-colors-input' },
-                      m('input', { className: 'FormControl', type: 'color', placeholder: '#aaaaaa', value: this.primaryColor(), onchange: m.withAttr('value', this.primaryColor) }),
-                      m('input', { className: 'FormControl', type: 'color', placeholder: '#aaaaaa', value: this.secondaryColor(), onchange: m.withAttr('value', this.secondaryColor) })
+                      m('input', { className: 'FormControl', type: 'text', placeholder: '#aaaaaa', value: this.primaryColor(), onchange: m.withAttr('value', this.primaryColor) }),
+                      m('input', { className: 'FormControl', type: 'text', placeholder: '#aaaaaa', value: this.secondaryColor(), onchange: m.withAttr('value', this.secondaryColor) })
                     ),
                     Switch.component({
                       state: this.darkMode(),
@@ -18509,6 +18511,10 @@ System.register('flarum/components/Dropdown', ['flarum/Component', 'flarum/helpe
 
               $menu.toggleClass('Dropdown-menu--top', $menu.offset().top + $menu.height() > $(window).scrollTop() + $(window).height());
 
+              if ($menu.offset().top < 0) {
+                $menu.removeClass('Dropdown-menu--top');
+              }
+
               $menu.toggleClass('Dropdown-menu--right', isRight || $menu.offset().left + $menu.width() > $(window).scrollLeft() + $(window).width());
             });
 
@@ -23313,7 +23319,7 @@ System.register('flarum/utils/extractText', [], function (_export, _context) {
       return vdom.map(function (element) {
         return extractText(element);
       }).join('');
-    } else if ((typeof vdom === 'undefined' ? 'undefined' : babelHelpers.typeof(vdom)) === 'object') {
+    } else if ((typeof vdom === 'undefined' ? 'undefined' : babelHelpers.typeof(vdom)) === 'object' && vdom !== null) {
       return extractText(vdom.children);
     } else {
       return vdom;
@@ -23599,7 +23605,12 @@ System.register('flarum/utils/patchMithril', ['../Component'], function (_export
       }
 
       if (comp.prototype && comp.prototype instanceof Component) {
-        return comp.component.apply(comp, args);
+        var children = args.slice(1);
+        if (children.length === 1 && Array.isArray(children[0])) {
+          children = children[0];
+        }
+
+        return comp.component(args[0], children);
       }
 
       var node = mo.apply(this, arguments);
diff --git a/js/admin/src/components/AppearancePage.js b/js/admin/src/components/AppearancePage.js
index 8e35a958a..c59a039af 100644
--- a/js/admin/src/components/AppearancePage.js
+++ b/js/admin/src/components/AppearancePage.js
@@ -28,8 +28,8 @@ export default class AppearancePage extends Page {
               </div>
 
               <div className="AppearancePage-colors-input">
-                <input className="FormControl" type="color" placeholder="#aaaaaa" value={this.primaryColor()} onchange={m.withAttr('value', this.primaryColor)}/>
-                <input className="FormControl" type="color" placeholder="#aaaaaa" value={this.secondaryColor()} onchange={m.withAttr('value', this.secondaryColor)}/>
+                <input className="FormControl" type="text" placeholder="#aaaaaa" value={this.primaryColor()} onchange={m.withAttr('value', this.primaryColor)}/>
+                <input className="FormControl" type="text" placeholder="#aaaaaa" value={this.secondaryColor()} onchange={m.withAttr('value', this.secondaryColor)}/>
               </div>
 
               {Switch.component({

From 3be98b9f8ef04c993623c30205c5918a8bb3f4c3 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:17:50 +1030
Subject: [PATCH 34/72] Make sure dropdowns don't go above the edge of the
 screen

---
 js/lib/components/Dropdown.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/js/lib/components/Dropdown.js b/js/lib/components/Dropdown.js
index 8093ba506..d3fa8ae3f 100644
--- a/js/lib/components/Dropdown.js
+++ b/js/lib/components/Dropdown.js
@@ -69,6 +69,10 @@ export default class Dropdown extends Component {
         $menu.offset().top + $menu.height() > $(window).scrollTop() + $(window).height()
       );
 
+      if ($menu.offset().top < 0) {
+        $menu.removeClass('Dropdown-menu--top');
+      }
+
       $menu.toggleClass(
         'Dropdown-menu--right',
         isRight || $menu.offset().left + $menu.width() > $(window).scrollLeft() + $(window).width()

From 54597ee5ebc8d761abf24b0eb730383de2a064b2 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:21:18 +1030
Subject: [PATCH 35/72] Attempt fix for #1268

I believe the constant overlay of a loading div may be what's causing
the iOS cursor issues. This commit removes the fade animation so that
we can simply set display to none, which will hopefully fix the issue.
---
 less/forum/Composer.less | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/less/forum/Composer.less b/less/forum/Composer.less
index 4bb7668ce..9707b9327 100644
--- a/less/forum/Composer.less
+++ b/less/forum/Composer.less
@@ -88,14 +88,11 @@
   right: 0;
   bottom: 0;
   background: fade(@body-bg, 90%);
-  opacity: 0;
-  pointer-events: none;
+  display: none;
   border-radius: @border-radius @border-radius 0 0;
-  .transition(opacity 0.2s);
 
   &.active {
-    opacity: 1;
-    pointer-events: auto;
+    display: block;
   }
 }
 .ComposerBody-editor {

From 094345de853632ee248dbbdc3fe204503aac1862 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:25:21 +1030
Subject: [PATCH 36/72] Improve mobile composer behaviour

- Don't scroll to the bottom of the discussion when selecting "Reply"
  from the menu if the composer is in full screen mode (ie. on mobile).
  ref #1271

- After posting a reply, scroll to the end of the discussion

- Reduce the textarea height - previously it was 100vh, but this doesn't
  account for the height of the iOS keyboard, so I've just arbitrarily
  chosen 300px instead. There may be a better solution for this.
  ref #1269
---
 js/forum/dist/app.js                     | 26 +++++++++++++++++-------
 js/forum/src/components/PostStream.js    |  2 +-
 js/forum/src/components/ReplyComposer.js |  5 +++--
 js/forum/src/utils/DiscussionControls.js |  2 +-
 less/forum/Composer.less                 |  2 +-
 5 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index efc6992d7..dfc862936 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -22359,6 +22359,10 @@ System.register('flarum/components/Dropdown', ['flarum/Component', 'flarum/helpe
 
               $menu.toggleClass('Dropdown-menu--top', $menu.offset().top + $menu.height() > $(window).scrollTop() + $(window).height());
 
+              if ($menu.offset().top < 0) {
+                $menu.removeClass('Dropdown-menu--top');
+              }
+
               $menu.toggleClass('Dropdown-menu--right', isRight || $menu.offset().left + $menu.width() > $(window).scrollLeft() + $(window).width());
             });
 
@@ -25654,7 +25658,7 @@ System.register('flarum/components/PostStream', ['flarum/Component', 'flarum/uti
 
             this.visibleEnd = this.count();
 
-            this.loadRange(this.visibleStart, this.visibleEnd).then(function () {
+            return this.loadRange(this.visibleStart, this.visibleEnd).then(function () {
               return m.redraw();
             });
           }
@@ -27033,9 +27037,11 @@ System.register('flarum/components/ReplyComposer', ['flarum/components/ComposerB
 
             app.store.createRecord('posts').save(data).then(function (post) {
               // If we're currently viewing the discussion which this reply was made
-              // in, then we can update the post stream.
+              // in, then we can update the post stream and scroll to the post.
               if (app.viewingDiscussion(discussion)) {
-                app.current.stream.update();
+                app.current.stream.update().then(function () {
+                  return app.current.stream.goToNumber(post.number());
+                });
               } else {
                 // Otherwise, we'll create an alert message to inform the user that
                 // their reply has been posted, containing a button which will
@@ -28413,7 +28419,8 @@ System.register('flarum/components/TextEditor', ['flarum/Component', 'flarum/uti
               items.add('preview', Button.component({
                 icon: 'eye',
                 className: 'Button Button--icon',
-                onclick: this.props.preview
+                onclick: this.props.preview,
+                title: app.translator.trans('core.forum.composer.preview_tooltip')
               }));
             }
 
@@ -31279,7 +31286,7 @@ System.register('flarum/utils/DiscussionControls', ['flarum/components/Discussio
               }
               app.composer.show();
 
-              if (goToLast && app.viewingDiscussion(this)) {
+              if (goToLast && app.viewingDiscussion(this) && !app.composer.isFullScreen()) {
                 app.current.stream.goToNumber('reply');
               }
 
@@ -31489,7 +31496,7 @@ System.register('flarum/utils/extractText', [], function (_export, _context) {
       return vdom.map(function (element) {
         return extractText(element);
       }).join('');
-    } else if ((typeof vdom === 'undefined' ? 'undefined' : babelHelpers.typeof(vdom)) === 'object') {
+    } else if ((typeof vdom === 'undefined' ? 'undefined' : babelHelpers.typeof(vdom)) === 'object' && vdom !== null) {
       return extractText(vdom.children);
     } else {
       return vdom;
@@ -32107,7 +32114,12 @@ System.register('flarum/utils/patchMithril', ['../Component'], function (_export
       }
 
       if (comp.prototype && comp.prototype instanceof Component) {
-        return comp.component.apply(comp, args);
+        var children = args.slice(1);
+        if (children.length === 1 && Array.isArray(children[0])) {
+          children = children[0];
+        }
+
+        return comp.component(args[0], children);
       }
 
       var node = mo.apply(this, arguments);
diff --git a/js/forum/src/components/PostStream.js b/js/forum/src/components/PostStream.js
index 5fc1cff41..3b27884c4 100644
--- a/js/forum/src/components/PostStream.js
+++ b/js/forum/src/components/PostStream.js
@@ -126,7 +126,7 @@ class PostStream extends Component {
 
     this.visibleEnd = this.count();
 
-    this.loadRange(this.visibleStart, this.visibleEnd).then(() => m.redraw());
+    return this.loadRange(this.visibleStart, this.visibleEnd).then(() => m.redraw());
   }
 
   /**
diff --git a/js/forum/src/components/ReplyComposer.js b/js/forum/src/components/ReplyComposer.js
index 7048ae7ba..e1601315b 100644
--- a/js/forum/src/components/ReplyComposer.js
+++ b/js/forum/src/components/ReplyComposer.js
@@ -82,9 +82,10 @@ export default class ReplyComposer extends ComposerBody {
     app.store.createRecord('posts').save(data).then(
       post => {
         // If we're currently viewing the discussion which this reply was made
-        // in, then we can update the post stream.
+        // in, then we can update the post stream and scroll to the post.
         if (app.viewingDiscussion(discussion)) {
-          app.current.stream.update();
+          app.current.stream.update().then(() => app.current.stream.goToNumber(post.number()));
+
         } else {
           // Otherwise, we'll create an alert message to inform the user that
           // their reply has been posted, containing a button which will
diff --git a/js/forum/src/utils/DiscussionControls.js b/js/forum/src/utils/DiscussionControls.js
index 02355d43f..8d897eee6 100644
--- a/js/forum/src/utils/DiscussionControls.js
+++ b/js/forum/src/utils/DiscussionControls.js
@@ -162,7 +162,7 @@ export default {
         }
         app.composer.show();
 
-        if (goToLast && app.viewingDiscussion(this)) {
+        if (goToLast && app.viewingDiscussion(this) && ! app.composer.isFullScreen()) {
           app.current.stream.goToNumber('reply');
         }
 
diff --git a/less/forum/Composer.less b/less/forum/Composer.less
index 9707b9327..da922dd33 100644
--- a/less/forum/Composer.less
+++ b/less/forum/Composer.less
@@ -116,7 +116,7 @@
     &:not(.minimized) {
       position: absolute;
       top: 0;
-      height: 100vh !important;
+      height: 300px !important;
       padding-top: @header-height-phone;
 
       &:before {

From 41df32f66e52805c246f9f15d43f117f5ff06b49 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:25:34 +1030
Subject: [PATCH 37/72] Add a tooltip to the Preview button

---
 js/forum/src/components/TextEditor.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/js/forum/src/components/TextEditor.js b/js/forum/src/components/TextEditor.js
index 3bc299c2d..1b8d2cd4d 100644
--- a/js/forum/src/components/TextEditor.js
+++ b/js/forum/src/components/TextEditor.js
@@ -82,7 +82,8 @@ export default class TextEditor extends Component {
         Button.component({
           icon: 'eye',
           className: 'Button Button--icon',
-          onclick: this.props.preview
+          onclick: this.props.preview,
+          title: app.translator.trans('core.forum.composer.preview_tooltip')
         })
       );
     }

From 15b573bd93f4e2fc70d26b4f15f50a99177fe7ca Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 16:27:28 +1030
Subject: [PATCH 38/72] Update asset revision whenever custom LESS is changed

This should remove the need for a hard browser refresh whenever you
update the custom LESS.
---
 src/Asset/RevisionCompiler.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Asset/RevisionCompiler.php b/src/Asset/RevisionCompiler.php
index 3993b90a7..9911c5b11 100644
--- a/src/Asset/RevisionCompiler.php
+++ b/src/Asset/RevisionCompiler.php
@@ -81,6 +81,10 @@ class RevisionCompiler implements CompilerInterface
                 $cacheDifferentiator[] = [$source, filemtime($source)];
             }
 
+            foreach ($this->strings as $callback) {
+                $cacheDifferentiator[] = $callback();
+            }
+
             $current = hash('crc32b', serialize($cacheDifferentiator));
         }
 

From a8826dcd88f2ed43c0182015037720fef8cab115 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 17:32:43 +1030
Subject: [PATCH 39/72] Remove FastClick. Fixes #1268

Turns out FastClick was causing textareas to be buggy on iOS Safari,
and it wasn't really doing any good.
---
 js/bower.json                     | 1 -
 js/forum/Gulpfile.js              | 1 -
 js/forum/src/initializers/boot.js | 4 ----
 3 files changed, 6 deletions(-)

diff --git a/js/bower.json b/js/bower.json
index d6532da73..d4d647f54 100644
--- a/js/bower.json
+++ b/js/bower.json
@@ -9,7 +9,6 @@
     "color-thief": "v2.0",
     "mithril": "lhorie/mithril.js#v0.2.5",
     "es6-micro-loader": "caridy/es6-micro-loader#v0.2.1",
-    "fastclick": "~1.0.6",
     "autolink": "~1.0.0",
     "m.attrs.bidi": "tobscure/m.attrs.bidi",
     "punycode": "http://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/punycode.js"
diff --git a/js/forum/Gulpfile.js b/js/forum/Gulpfile.js
index 338eabc31..491fcde63 100644
--- a/js/forum/Gulpfile.js
+++ b/js/forum/Gulpfile.js
@@ -23,7 +23,6 @@ gulp({
 
     bowerDir + '/spin.js/spin.js',
     bowerDir + '/spin.js/jquery.spin.js',
-    bowerDir + '/fastclick/lib/fastclick.js',
     bowerDir + '/punycode/index.js'
   ],
   modules: {
diff --git a/js/forum/src/initializers/boot.js b/js/forum/src/initializers/boot.js
index f2b919024..1cf42350d 100644
--- a/js/forum/src/initializers/boot.js
+++ b/js/forum/src/initializers/boot.js
@@ -78,11 +78,7 @@ export default function boot(app) {
       .toggleClass('scrolled', top > offset);
   }).start();
 
-  // Initialize FastClick, which makes links and buttons much more responsive on
-  // touch devices.
   $(() => {
-    FastClick.attach(document.body);
-
     $('body').addClass('ontouchstart' in window ? 'touch' : 'no-touch');
   });
 

From 3321b4e829ed16e023b5d3663f7b8ff1317de787 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 17:35:13 +1030
Subject: [PATCH 40/72] Give the mobile composer a bit more height

---
 less/forum/Composer.less | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/less/forum/Composer.less b/less/forum/Composer.less
index da922dd33..ebddc5538 100644
--- a/less/forum/Composer.less
+++ b/less/forum/Composer.less
@@ -116,7 +116,7 @@
     &:not(.minimized) {
       position: absolute;
       top: 0;
-      height: 300px !important;
+      height: 350px !important;
       padding-top: @header-height-phone;
 
       &:before {

From b43fdec2e91e250df3063741c45029551d4eec98 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 17:38:30 +1030
Subject: [PATCH 41/72] Recompile JS

---
 js/forum/dist/app.js | 899 ++-----------------------------------------
 1 file changed, 26 insertions(+), 873 deletions(-)

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index dfc862936..c0f196994 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -17672,848 +17672,6 @@ $('#el').spin('flower', 'red');
 
 }));
 ;
-;(function () {
-	'use strict';
-
-	/**
-	 * @preserve FastClick: polyfill to remove click delays on browsers with touch UIs.
-	 *
-	 * @codingstandard ftlabs-jsv2
-	 * @copyright The Financial Times Limited [All Rights Reserved]
-	 * @license MIT License (see LICENSE.txt)
-	 */
-
-	/*jslint browser:true, node:true*/
-	/*global define, Event, Node*/
-
-
-	/**
-	 * Instantiate fast-clicking listeners on the specified layer.
-	 *
-	 * @constructor
-	 * @param {Element} layer The layer to listen on
-	 * @param {Object} [options={}] The options to override the defaults
-	 */
-	function FastClick(layer, options) {
-		var oldOnClick;
-
-		options = options || {};
-
-		/**
-		 * Whether a click is currently being tracked.
-		 *
-		 * @type boolean
-		 */
-		this.trackingClick = false;
-
-
-		/**
-		 * Timestamp for when click tracking started.
-		 *
-		 * @type number
-		 */
-		this.trackingClickStart = 0;
-
-
-		/**
-		 * The element being tracked for a click.
-		 *
-		 * @type EventTarget
-		 */
-		this.targetElement = null;
-
-
-		/**
-		 * X-coordinate of touch start event.
-		 *
-		 * @type number
-		 */
-		this.touchStartX = 0;
-
-
-		/**
-		 * Y-coordinate of touch start event.
-		 *
-		 * @type number
-		 */
-		this.touchStartY = 0;
-
-
-		/**
-		 * ID of the last touch, retrieved from Touch.identifier.
-		 *
-		 * @type number
-		 */
-		this.lastTouchIdentifier = 0;
-
-
-		/**
-		 * Touchmove boundary, beyond which a click will be cancelled.
-		 *
-		 * @type number
-		 */
-		this.touchBoundary = options.touchBoundary || 10;
-
-
-		/**
-		 * The FastClick layer.
-		 *
-		 * @type Element
-		 */
-		this.layer = layer;
-
-		/**
-		 * The minimum time between tap(touchstart and touchend) events
-		 *
-		 * @type number
-		 */
-		this.tapDelay = options.tapDelay || 200;
-
-		/**
-		 * The maximum time for a tap
-		 *
-		 * @type number
-		 */
-		this.tapTimeout = options.tapTimeout || 700;
-
-		if (FastClick.notNeeded(layer)) {
-			return;
-		}
-
-		// Some old versions of Android don't have Function.prototype.bind
-		function bind(method, context) {
-			return function() { return method.apply(context, arguments); };
-		}
-
-
-		var methods = ['onMouse', 'onClick', 'onTouchStart', 'onTouchMove', 'onTouchEnd', 'onTouchCancel'];
-		var context = this;
-		for (var i = 0, l = methods.length; i < l; i++) {
-			context[methods[i]] = bind(context[methods[i]], context);
-		}
-
-		// Set up event handlers as required
-		if (deviceIsAndroid) {
-			layer.addEventListener('mouseover', this.onMouse, true);
-			layer.addEventListener('mousedown', this.onMouse, true);
-			layer.addEventListener('mouseup', this.onMouse, true);
-		}
-
-		layer.addEventListener('click', this.onClick, true);
-		layer.addEventListener('touchstart', this.onTouchStart, false);
-		layer.addEventListener('touchmove', this.onTouchMove, false);
-		layer.addEventListener('touchend', this.onTouchEnd, false);
-		layer.addEventListener('touchcancel', this.onTouchCancel, false);
-
-		// Hack is required for browsers that don't support Event#stopImmediatePropagation (e.g. Android 2)
-		// which is how FastClick normally stops click events bubbling to callbacks registered on the FastClick
-		// layer when they are cancelled.
-		if (!Event.prototype.stopImmediatePropagation) {
-			layer.removeEventListener = function(type, callback, capture) {
-				var rmv = Node.prototype.removeEventListener;
-				if (type === 'click') {
-					rmv.call(layer, type, callback.hijacked || callback, capture);
-				} else {
-					rmv.call(layer, type, callback, capture);
-				}
-			};
-
-			layer.addEventListener = function(type, callback, capture) {
-				var adv = Node.prototype.addEventListener;
-				if (type === 'click') {
-					adv.call(layer, type, callback.hijacked || (callback.hijacked = function(event) {
-						if (!event.propagationStopped) {
-							callback(event);
-						}
-					}), capture);
-				} else {
-					adv.call(layer, type, callback, capture);
-				}
-			};
-		}
-
-		// If a handler is already declared in the element's onclick attribute, it will be fired before
-		// FastClick's onClick handler. Fix this by pulling out the user-defined handler function and
-		// adding it as listener.
-		if (typeof layer.onclick === 'function') {
-
-			// Android browser on at least 3.2 requires a new reference to the function in layer.onclick
-			// - the old one won't work if passed to addEventListener directly.
-			oldOnClick = layer.onclick;
-			layer.addEventListener('click', function(event) {
-				oldOnClick(event);
-			}, false);
-			layer.onclick = null;
-		}
-	}
-
-	/**
-	* Windows Phone 8.1 fakes user agent string to look like Android and iPhone.
-	*
-	* @type boolean
-	*/
-	var deviceIsWindowsPhone = navigator.userAgent.indexOf("Windows Phone") >= 0;
-
-	/**
-	 * Android requires exceptions.
-	 *
-	 * @type boolean
-	 */
-	var deviceIsAndroid = navigator.userAgent.indexOf('Android') > 0 && !deviceIsWindowsPhone;
-
-
-	/**
-	 * iOS requires exceptions.
-	 *
-	 * @type boolean
-	 */
-	var deviceIsIOS = /iP(ad|hone|od)/.test(navigator.userAgent) && !deviceIsWindowsPhone;
-
-
-	/**
-	 * iOS 4 requires an exception for select elements.
-	 *
-	 * @type boolean
-	 */
-	var deviceIsIOS4 = deviceIsIOS && (/OS 4_\d(_\d)?/).test(navigator.userAgent);
-
-
-	/**
-	 * iOS 6.0-7.* requires the target element to be manually derived
-	 *
-	 * @type boolean
-	 */
-	var deviceIsIOSWithBadTarget = deviceIsIOS && (/OS [6-7]_\d/).test(navigator.userAgent);
-
-	/**
-	 * BlackBerry requires exceptions.
-	 *
-	 * @type boolean
-	 */
-	var deviceIsBlackBerry10 = navigator.userAgent.indexOf('BB10') > 0;
-
-	/**
-	 * Determine whether a given element requires a native click.
-	 *
-	 * @param {EventTarget|Element} target Target DOM element
-	 * @returns {boolean} Returns true if the element needs a native click
-	 */
-	FastClick.prototype.needsClick = function(target) {
-		switch (target.nodeName.toLowerCase()) {
-
-		// Don't send a synthetic click to disabled inputs (issue #62)
-		case 'button':
-		case 'select':
-		case 'textarea':
-			if (target.disabled) {
-				return true;
-			}
-
-			break;
-		case 'input':
-
-			// File inputs need real clicks on iOS 6 due to a browser bug (issue #68)
-			if ((deviceIsIOS && target.type === 'file') || target.disabled) {
-				return true;
-			}
-
-			break;
-		case 'label':
-		case 'iframe': // iOS8 homescreen apps can prevent events bubbling into frames
-		case 'video':
-			return true;
-		}
-
-		return (/\bneedsclick\b/).test(target.className);
-	};
-
-
-	/**
-	 * Determine whether a given element requires a call to focus to simulate click into element.
-	 *
-	 * @param {EventTarget|Element} target Target DOM element
-	 * @returns {boolean} Returns true if the element requires a call to focus to simulate native click.
-	 */
-	FastClick.prototype.needsFocus = function(target) {
-		switch (target.nodeName.toLowerCase()) {
-		case 'textarea':
-			return true;
-		case 'select':
-			return !deviceIsAndroid;
-		case 'input':
-			switch (target.type) {
-			case 'button':
-			case 'checkbox':
-			case 'file':
-			case 'image':
-			case 'radio':
-			case 'submit':
-				return false;
-			}
-
-			// No point in attempting to focus disabled inputs
-			return !target.disabled && !target.readOnly;
-		default:
-			return (/\bneedsfocus\b/).test(target.className);
-		}
-	};
-
-
-	/**
-	 * Send a click event to the specified element.
-	 *
-	 * @param {EventTarget|Element} targetElement
-	 * @param {Event} event
-	 */
-	FastClick.prototype.sendClick = function(targetElement, event) {
-		var clickEvent, touch;
-
-		// On some Android devices activeElement needs to be blurred otherwise the synthetic click will have no effect (#24)
-		if (document.activeElement && document.activeElement !== targetElement) {
-			document.activeElement.blur();
-		}
-
-		touch = event.changedTouches[0];
-
-		// Synthesise a click event, with an extra attribute so it can be tracked
-		clickEvent = document.createEvent('MouseEvents');
-		clickEvent.initMouseEvent(this.determineEventType(targetElement), true, true, window, 1, touch.screenX, touch.screenY, touch.clientX, touch.clientY, false, false, false, false, 0, null);
-		clickEvent.forwardedTouchEvent = true;
-		targetElement.dispatchEvent(clickEvent);
-	};
-
-	FastClick.prototype.determineEventType = function(targetElement) {
-
-		//Issue #159: Android Chrome Select Box does not open with a synthetic click event
-		if (deviceIsAndroid && targetElement.tagName.toLowerCase() === 'select') {
-			return 'mousedown';
-		}
-
-		return 'click';
-	};
-
-
-	/**
-	 * @param {EventTarget|Element} targetElement
-	 */
-	FastClick.prototype.focus = function(targetElement) {
-		var length;
-
-		// Issue #160: on iOS 7, some input elements (e.g. date datetime month) throw a vague TypeError on setSelectionRange. These elements don't have an integer value for the selectionStart and selectionEnd properties, but unfortunately that can't be used for detection because accessing the properties also throws a TypeError. Just check the type instead. Filed as Apple bug #15122724.
-		if (deviceIsIOS && targetElement.setSelectionRange && targetElement.type.indexOf('date') !== 0 && targetElement.type !== 'time' && targetElement.type !== 'month') {
-			length = targetElement.value.length;
-			targetElement.setSelectionRange(length, length);
-		} else {
-			targetElement.focus();
-		}
-	};
-
-
-	/**
-	 * Check whether the given target element is a child of a scrollable layer and if so, set a flag on it.
-	 *
-	 * @param {EventTarget|Element} targetElement
-	 */
-	FastClick.prototype.updateScrollParent = function(targetElement) {
-		var scrollParent, parentElement;
-
-		scrollParent = targetElement.fastClickScrollParent;
-
-		// Attempt to discover whether the target element is contained within a scrollable layer. Re-check if the
-		// target element was moved to another parent.
-		if (!scrollParent || !scrollParent.contains(targetElement)) {
-			parentElement = targetElement;
-			do {
-				if (parentElement.scrollHeight > parentElement.offsetHeight) {
-					scrollParent = parentElement;
-					targetElement.fastClickScrollParent = parentElement;
-					break;
-				}
-
-				parentElement = parentElement.parentElement;
-			} while (parentElement);
-		}
-
-		// Always update the scroll top tracker if possible.
-		if (scrollParent) {
-			scrollParent.fastClickLastScrollTop = scrollParent.scrollTop;
-		}
-	};
-
-
-	/**
-	 * @param {EventTarget} targetElement
-	 * @returns {Element|EventTarget}
-	 */
-	FastClick.prototype.getTargetElementFromEventTarget = function(eventTarget) {
-
-		// On some older browsers (notably Safari on iOS 4.1 - see issue #56) the event target may be a text node.
-		if (eventTarget.nodeType === Node.TEXT_NODE) {
-			return eventTarget.parentNode;
-		}
-
-		return eventTarget;
-	};
-
-
-	/**
-	 * On touch start, record the position and scroll offset.
-	 *
-	 * @param {Event} event
-	 * @returns {boolean}
-	 */
-	FastClick.prototype.onTouchStart = function(event) {
-		var targetElement, touch, selection;
-
-		// Ignore multiple touches, otherwise pinch-to-zoom is prevented if both fingers are on the FastClick element (issue #111).
-		if (event.targetTouches.length > 1) {
-			return true;
-		}
-
-		targetElement = this.getTargetElementFromEventTarget(event.target);
-		touch = event.targetTouches[0];
-
-		if (deviceIsIOS) {
-
-			// Only trusted events will deselect text on iOS (issue #49)
-			selection = window.getSelection();
-			if (selection.rangeCount && !selection.isCollapsed) {
-				return true;
-			}
-
-			if (!deviceIsIOS4) {
-
-				// Weird things happen on iOS when an alert or confirm dialog is opened from a click event callback (issue #23):
-				// when the user next taps anywhere else on the page, new touchstart and touchend events are dispatched
-				// with the same identifier as the touch event that previously triggered the click that triggered the alert.
-				// Sadly, there is an issue on iOS 4 that causes some normal touch events to have the same identifier as an
-				// immediately preceeding touch event (issue #52), so this fix is unavailable on that platform.
-				// Issue 120: touch.identifier is 0 when Chrome dev tools 'Emulate touch events' is set with an iOS device UA string,
-				// which causes all touch events to be ignored. As this block only applies to iOS, and iOS identifiers are always long,
-				// random integers, it's safe to to continue if the identifier is 0 here.
-				if (touch.identifier && touch.identifier === this.lastTouchIdentifier) {
-					event.preventDefault();
-					return false;
-				}
-
-				this.lastTouchIdentifier = touch.identifier;
-
-				// If the target element is a child of a scrollable layer (using -webkit-overflow-scrolling: touch) and:
-				// 1) the user does a fling scroll on the scrollable layer
-				// 2) the user stops the fling scroll with another tap
-				// then the event.target of the last 'touchend' event will be the element that was under the user's finger
-				// when the fling scroll was started, causing FastClick to send a click event to that layer - unless a check
-				// is made to ensure that a parent layer was not scrolled before sending a synthetic click (issue #42).
-				this.updateScrollParent(targetElement);
-			}
-		}
-
-		this.trackingClick = true;
-		this.trackingClickStart = event.timeStamp;
-		this.targetElement = targetElement;
-
-		this.touchStartX = touch.pageX;
-		this.touchStartY = touch.pageY;
-
-		// Prevent phantom clicks on fast double-tap (issue #36)
-		if ((event.timeStamp - this.lastClickTime) < this.tapDelay) {
-			event.preventDefault();
-		}
-
-		return true;
-	};
-
-
-	/**
-	 * Based on a touchmove event object, check whether the touch has moved past a boundary since it started.
-	 *
-	 * @param {Event} event
-	 * @returns {boolean}
-	 */
-	FastClick.prototype.touchHasMoved = function(event) {
-		var touch = event.changedTouches[0], boundary = this.touchBoundary;
-
-		if (Math.abs(touch.pageX - this.touchStartX) > boundary || Math.abs(touch.pageY - this.touchStartY) > boundary) {
-			return true;
-		}
-
-		return false;
-	};
-
-
-	/**
-	 * Update the last position.
-	 *
-	 * @param {Event} event
-	 * @returns {boolean}
-	 */
-	FastClick.prototype.onTouchMove = function(event) {
-		if (!this.trackingClick) {
-			return true;
-		}
-
-		// If the touch has moved, cancel the click tracking
-		if (this.targetElement !== this.getTargetElementFromEventTarget(event.target) || this.touchHasMoved(event)) {
-			this.trackingClick = false;
-			this.targetElement = null;
-		}
-
-		return true;
-	};
-
-
-	/**
-	 * Attempt to find the labelled control for the given label element.
-	 *
-	 * @param {EventTarget|HTMLLabelElement} labelElement
-	 * @returns {Element|null}
-	 */
-	FastClick.prototype.findControl = function(labelElement) {
-
-		// Fast path for newer browsers supporting the HTML5 control attribute
-		if (labelElement.control !== undefined) {
-			return labelElement.control;
-		}
-
-		// All browsers under test that support touch events also support the HTML5 htmlFor attribute
-		if (labelElement.htmlFor) {
-			return document.getElementById(labelElement.htmlFor);
-		}
-
-		// If no for attribute exists, attempt to retrieve the first labellable descendant element
-		// the list of which is defined here: http://www.w3.org/TR/html5/forms.html#category-label
-		return labelElement.querySelector('button, input:not([type=hidden]), keygen, meter, output, progress, select, textarea');
-	};
-
-
-	/**
-	 * On touch end, determine whether to send a click event at once.
-	 *
-	 * @param {Event} event
-	 * @returns {boolean}
-	 */
-	FastClick.prototype.onTouchEnd = function(event) {
-		var forElement, trackingClickStart, targetTagName, scrollParent, touch, targetElement = this.targetElement;
-
-		if (!this.trackingClick) {
-			return true;
-		}
-
-		// Prevent phantom clicks on fast double-tap (issue #36)
-		if ((event.timeStamp - this.lastClickTime) < this.tapDelay) {
-			this.cancelNextClick = true;
-			return true;
-		}
-
-		if ((event.timeStamp - this.trackingClickStart) > this.tapTimeout) {
-			return true;
-		}
-
-		// Reset to prevent wrong click cancel on input (issue #156).
-		this.cancelNextClick = false;
-
-		this.lastClickTime = event.timeStamp;
-
-		trackingClickStart = this.trackingClickStart;
-		this.trackingClick = false;
-		this.trackingClickStart = 0;
-
-		// On some iOS devices, the targetElement supplied with the event is invalid if the layer
-		// is performing a transition or scroll, and has to be re-detected manually. Note that
-		// for this to function correctly, it must be called *after* the event target is checked!
-		// See issue #57; also filed as rdar://13048589 .
-		if (deviceIsIOSWithBadTarget) {
-			touch = event.changedTouches[0];
-
-			// In certain cases arguments of elementFromPoint can be negative, so prevent setting targetElement to null
-			targetElement = document.elementFromPoint(touch.pageX - window.pageXOffset, touch.pageY - window.pageYOffset) || targetElement;
-			targetElement.fastClickScrollParent = this.targetElement.fastClickScrollParent;
-		}
-
-		targetTagName = targetElement.tagName.toLowerCase();
-		if (targetTagName === 'label') {
-			forElement = this.findControl(targetElement);
-			if (forElement) {
-				this.focus(targetElement);
-				if (deviceIsAndroid) {
-					return false;
-				}
-
-				targetElement = forElement;
-			}
-		} else if (this.needsFocus(targetElement)) {
-
-			// Case 1: If the touch started a while ago (best guess is 100ms based on tests for issue #36) then focus will be triggered anyway. Return early and unset the target element reference so that the subsequent click will be allowed through.
-			// Case 2: Without this exception for input elements tapped when the document is contained in an iframe, then any inputted text won't be visible even though the value attribute is updated as the user types (issue #37).
-			if ((event.timeStamp - trackingClickStart) > 100 || (deviceIsIOS && window.top !== window && targetTagName === 'input')) {
-				this.targetElement = null;
-				return false;
-			}
-
-			this.focus(targetElement);
-			this.sendClick(targetElement, event);
-
-			// Select elements need the event to go through on iOS 4, otherwise the selector menu won't open.
-			// Also this breaks opening selects when VoiceOver is active on iOS6, iOS7 (and possibly others)
-			if (!deviceIsIOS || targetTagName !== 'select') {
-				this.targetElement = null;
-				event.preventDefault();
-			}
-
-			return false;
-		}
-
-		if (deviceIsIOS && !deviceIsIOS4) {
-
-			// Don't send a synthetic click event if the target element is contained within a parent layer that was scrolled
-			// and this tap is being used to stop the scrolling (usually initiated by a fling - issue #42).
-			scrollParent = targetElement.fastClickScrollParent;
-			if (scrollParent && scrollParent.fastClickLastScrollTop !== scrollParent.scrollTop) {
-				return true;
-			}
-		}
-
-		// Prevent the actual click from going though - unless the target node is marked as requiring
-		// real clicks or if it is in the whitelist in which case only non-programmatic clicks are permitted.
-		if (!this.needsClick(targetElement)) {
-			event.preventDefault();
-			this.sendClick(targetElement, event);
-		}
-
-		return false;
-	};
-
-
-	/**
-	 * On touch cancel, stop tracking the click.
-	 *
-	 * @returns {void}
-	 */
-	FastClick.prototype.onTouchCancel = function() {
-		this.trackingClick = false;
-		this.targetElement = null;
-	};
-
-
-	/**
-	 * Determine mouse events which should be permitted.
-	 *
-	 * @param {Event} event
-	 * @returns {boolean}
-	 */
-	FastClick.prototype.onMouse = function(event) {
-
-		// If a target element was never set (because a touch event was never fired) allow the event
-		if (!this.targetElement) {
-			return true;
-		}
-
-		if (event.forwardedTouchEvent) {
-			return true;
-		}
-
-		// Programmatically generated events targeting a specific element should be permitted
-		if (!event.cancelable) {
-			return true;
-		}
-
-		// Derive and check the target element to see whether the mouse event needs to be permitted;
-		// unless explicitly enabled, prevent non-touch click events from triggering actions,
-		// to prevent ghost/doubleclicks.
-		if (!this.needsClick(this.targetElement) || this.cancelNextClick) {
-
-			// Prevent any user-added listeners declared on FastClick element from being fired.
-			if (event.stopImmediatePropagation) {
-				event.stopImmediatePropagation();
-			} else {
-
-				// Part of the hack for browsers that don't support Event#stopImmediatePropagation (e.g. Android 2)
-				event.propagationStopped = true;
-			}
-
-			// Cancel the event
-			event.stopPropagation();
-			event.preventDefault();
-
-			return false;
-		}
-
-		// If the mouse event is permitted, return true for the action to go through.
-		return true;
-	};
-
-
-	/**
-	 * On actual clicks, determine whether this is a touch-generated click, a click action occurring
-	 * naturally after a delay after a touch (which needs to be cancelled to avoid duplication), or
-	 * an actual click which should be permitted.
-	 *
-	 * @param {Event} event
-	 * @returns {boolean}
-	 */
-	FastClick.prototype.onClick = function(event) {
-		var permitted;
-
-		// It's possible for another FastClick-like library delivered with third-party code to fire a click event before FastClick does (issue #44). In that case, set the click-tracking flag back to false and return early. This will cause onTouchEnd to return early.
-		if (this.trackingClick) {
-			this.targetElement = null;
-			this.trackingClick = false;
-			return true;
-		}
-
-		// Very odd behaviour on iOS (issue #18): if a submit element is present inside a form and the user hits enter in the iOS simulator or clicks the Go button on the pop-up OS keyboard the a kind of 'fake' click event will be triggered with the submit-type input element as the target.
-		if (event.target.type === 'submit' && event.detail === 0) {
-			return true;
-		}
-
-		permitted = this.onMouse(event);
-
-		// Only unset targetElement if the click is not permitted. This will ensure that the check for !targetElement in onMouse fails and the browser's click doesn't go through.
-		if (!permitted) {
-			this.targetElement = null;
-		}
-
-		// If clicks are permitted, return true for the action to go through.
-		return permitted;
-	};
-
-
-	/**
-	 * Remove all FastClick's event listeners.
-	 *
-	 * @returns {void}
-	 */
-	FastClick.prototype.destroy = function() {
-		var layer = this.layer;
-
-		if (deviceIsAndroid) {
-			layer.removeEventListener('mouseover', this.onMouse, true);
-			layer.removeEventListener('mousedown', this.onMouse, true);
-			layer.removeEventListener('mouseup', this.onMouse, true);
-		}
-
-		layer.removeEventListener('click', this.onClick, true);
-		layer.removeEventListener('touchstart', this.onTouchStart, false);
-		layer.removeEventListener('touchmove', this.onTouchMove, false);
-		layer.removeEventListener('touchend', this.onTouchEnd, false);
-		layer.removeEventListener('touchcancel', this.onTouchCancel, false);
-	};
-
-
-	/**
-	 * Check whether FastClick is needed.
-	 *
-	 * @param {Element} layer The layer to listen on
-	 */
-	FastClick.notNeeded = function(layer) {
-		var metaViewport;
-		var chromeVersion;
-		var blackberryVersion;
-		var firefoxVersion;
-
-		// Devices that don't support touch don't need FastClick
-		if (typeof window.ontouchstart === 'undefined') {
-			return true;
-		}
-
-		// Chrome version - zero for other browsers
-		chromeVersion = +(/Chrome\/([0-9]+)/.exec(navigator.userAgent) || [,0])[1];
-
-		if (chromeVersion) {
-
-			if (deviceIsAndroid) {
-				metaViewport = document.querySelector('meta[name=viewport]');
-
-				if (metaViewport) {
-					// Chrome on Android with user-scalable="no" doesn't need FastClick (issue #89)
-					if (metaViewport.content.indexOf('user-scalable=no') !== -1) {
-						return true;
-					}
-					// Chrome 32 and above with width=device-width or less don't need FastClick
-					if (chromeVersion > 31 && document.documentElement.scrollWidth <= window.outerWidth) {
-						return true;
-					}
-				}
-
-			// Chrome desktop doesn't need FastClick (issue #15)
-			} else {
-				return true;
-			}
-		}
-
-		if (deviceIsBlackBerry10) {
-			blackberryVersion = navigator.userAgent.match(/Version\/([0-9]*)\.([0-9]*)/);
-
-			// BlackBerry 10.3+ does not require Fastclick library.
-			// https://github.com/ftlabs/fastclick/issues/251
-			if (blackberryVersion[1] >= 10 && blackberryVersion[2] >= 3) {
-				metaViewport = document.querySelector('meta[name=viewport]');
-
-				if (metaViewport) {
-					// user-scalable=no eliminates click delay.
-					if (metaViewport.content.indexOf('user-scalable=no') !== -1) {
-						return true;
-					}
-					// width=device-width (or less than device-width) eliminates click delay.
-					if (document.documentElement.scrollWidth <= window.outerWidth) {
-						return true;
-					}
-				}
-			}
-		}
-
-		// IE10 with -ms-touch-action: none or manipulation, which disables double-tap-to-zoom (issue #97)
-		if (layer.style.msTouchAction === 'none' || layer.style.touchAction === 'manipulation') {
-			return true;
-		}
-
-		// Firefox version - zero for other browsers
-		firefoxVersion = +(/Firefox\/([0-9]+)/.exec(navigator.userAgent) || [,0])[1];
-
-		if (firefoxVersion >= 27) {
-			// Firefox 27+ does not have tap delay if the content is not zoomable - https://bugzilla.mozilla.org/show_bug.cgi?id=922896
-
-			metaViewport = document.querySelector('meta[name=viewport]');
-			if (metaViewport && (metaViewport.content.indexOf('user-scalable=no') !== -1 || document.documentElement.scrollWidth <= window.outerWidth)) {
-				return true;
-			}
-		}
-
-		// IE11: prefixed -ms-touch-action is no longer supported and it's recomended to use non-prefixed version
-		// http://msdn.microsoft.com/en-us/library/windows/apps/Hh767313.aspx
-		if (layer.style.touchAction === 'none' || layer.style.touchAction === 'manipulation') {
-			return true;
-		}
-
-		return false;
-	};
-
-
-	/**
-	 * Factory method for creating a FastClick object
-	 *
-	 * @param {Element} layer The layer to listen on
-	 * @param {Object} [options={}] The options to override the defaults
-	 */
-	FastClick.attach = function(layer, options) {
-		return new FastClick(layer, options);
-	};
-
-
-	if (typeof define === 'function' && typeof define.amd === 'object' && define.amd) {
-
-		// AMD. Register as an anonymous module.
-		define(function() {
-			return FastClick;
-		});
-	} else if (typeof module !== 'undefined' && module.exports) {
-		module.exports = FastClick.attach;
-		module.exports.FastClick = FastClick;
-	} else {
-		window.FastClick = FastClick;
-	}
-}());
-;
 /*! https://mths.be/punycode v1.4.1 by @mathias */
 ;(function(root) {
 
@@ -21255,10 +20413,10 @@ System.register('flarum/components/DiscussionComposer', ['flarum/components/Comp
 });;
 'use strict';
 
-System.register('flarum/components/DiscussionHero', ['flarum/Component', 'flarum/utils/ItemList', 'flarum/helpers/listItems'], function (_export, _context) {
+System.register('flarum/components/DiscussionHeader', ['flarum/Component', 'flarum/utils/ItemList', 'flarum/helpers/listItems'], function (_export, _context) {
   "use strict";
 
-  var Component, ItemList, listItems, DiscussionHero;
+  var Component, ItemList, listItems, DiscussionHeader;
   return {
     setters: [function (_flarumComponent) {
       Component = _flarumComponent.default;
@@ -21268,28 +20426,24 @@ System.register('flarum/components/DiscussionHero', ['flarum/Component', 'flarum
       listItems = _flarumHelpersListItems.default;
     }],
     execute: function () {
-      DiscussionHero = function (_Component) {
-        babelHelpers.inherits(DiscussionHero, _Component);
+      DiscussionHeader = function (_Component) {
+        babelHelpers.inherits(DiscussionHeader, _Component);
 
-        function DiscussionHero() {
-          babelHelpers.classCallCheck(this, DiscussionHero);
-          return babelHelpers.possibleConstructorReturn(this, (DiscussionHero.__proto__ || Object.getPrototypeOf(DiscussionHero)).apply(this, arguments));
+        function DiscussionHeader() {
+          babelHelpers.classCallCheck(this, DiscussionHeader);
+          return babelHelpers.possibleConstructorReturn(this, (DiscussionHeader.__proto__ || Object.getPrototypeOf(DiscussionHeader)).apply(this, arguments));
         }
 
-        babelHelpers.createClass(DiscussionHero, [{
+        babelHelpers.createClass(DiscussionHeader, [{
           key: 'view',
           value: function view() {
             return m(
               'header',
-              { className: 'Hero DiscussionHero' },
+              { className: 'DiscussionHeader' },
               m(
-                'div',
-                { className: 'container' },
-                m(
-                  'ul',
-                  { className: 'DiscussionHero-items' },
-                  listItems(this.items().toArray())
-                )
+                'ul',
+                { className: 'DiscussionHeader-items' },
+                listItems(this.items().toArray())
               )
             );
           }
@@ -21303,24 +20457,24 @@ System.register('flarum/components/DiscussionHero', ['flarum/Component', 'flarum
             if (badges.length) {
               items.add('badges', m(
                 'ul',
-                { className: 'DiscussionHero-badges badges' },
+                { className: 'DiscussionHeader-badges badges' },
                 listItems(badges)
               ), 10);
             }
 
             items.add('title', m(
               'h2',
-              { className: 'DiscussionHero-title' },
+              { className: 'DiscussionHeader-title' },
               discussion.title()
             ));
 
             return items;
           }
         }]);
-        return DiscussionHero;
+        return DiscussionHeader;
       }(Component);
 
-      _export('default', DiscussionHero);
+      _export('default', DiscussionHeader);
     }
   };
 });;
@@ -21756,17 +20910,17 @@ System.register('flarum/components/DiscussionListItem', ['flarum/Component', 'fl
 });;
 'use strict';
 
-System.register('flarum/components/DiscussionPage', ['flarum/components/Page', 'flarum/utils/ItemList', 'flarum/components/DiscussionHero', 'flarum/components/PostStream', 'flarum/components/PostStreamScrubber', 'flarum/components/LoadingIndicator', 'flarum/components/SplitDropdown', 'flarum/helpers/listItems', 'flarum/utils/DiscussionControls'], function (_export, _context) {
+System.register('flarum/components/DiscussionPage', ['flarum/components/Page', 'flarum/utils/ItemList', 'flarum/components/DiscussionHeader', 'flarum/components/PostStream', 'flarum/components/PostStreamScrubber', 'flarum/components/LoadingIndicator', 'flarum/components/SplitDropdown', 'flarum/helpers/listItems', 'flarum/utils/DiscussionControls', 'flarum/utils/affixSidebar'], function (_export, _context) {
   "use strict";
 
-  var Page, ItemList, DiscussionHero, PostStream, PostStreamScrubber, LoadingIndicator, SplitDropdown, listItems, DiscussionControls, DiscussionPage;
+  var Page, ItemList, DiscussionHeader, PostStream, PostStreamScrubber, LoadingIndicator, SplitDropdown, listItems, DiscussionControls, affixSidebar, DiscussionPage;
   return {
     setters: [function (_flarumComponentsPage) {
       Page = _flarumComponentsPage.default;
     }, function (_flarumUtilsItemList) {
       ItemList = _flarumUtilsItemList.default;
-    }, function (_flarumComponentsDiscussionHero) {
-      DiscussionHero = _flarumComponentsDiscussionHero.default;
+    }, function (_flarumComponentsDiscussionHeader) {
+      DiscussionHeader = _flarumComponentsDiscussionHeader.default;
     }, function (_flarumComponentsPostStream) {
       PostStream = _flarumComponentsPostStream.default;
     }, function (_flarumComponentsPostStreamScrubber) {
@@ -21779,6 +20933,8 @@ System.register('flarum/components/DiscussionPage', ['flarum/components/Page', '
       listItems = _flarumHelpersListItems.default;
     }, function (_flarumUtilsDiscussionControls) {
       DiscussionControls = _flarumUtilsDiscussionControls.default;
+    }, function (_flarumUtilsAffixSidebar) {
+      affixSidebar = _flarumUtilsAffixSidebar.default;
     }],
     execute: function () {
       DiscussionPage = function (_Page) {
@@ -21879,12 +21035,12 @@ System.register('flarum/components/DiscussionPage', ['flarum/components/Page', '
               m(
                 'div',
                 { className: 'DiscussionPage-discussion' },
-                discussion ? [DiscussionHero.component({ discussion: discussion }), m(
+                discussion ? m(
                   'div',
                   { className: 'container' },
                   m(
                     'nav',
-                    { className: 'DiscussionPage-nav' },
+                    { className: 'DiscussionPage-nav', config: affixSidebar },
                     m(
                       'ul',
                       null,
@@ -21894,9 +21050,10 @@ System.register('flarum/components/DiscussionPage', ['flarum/components/Page', '
                   m(
                     'div',
                     { className: 'DiscussionPage-stream' },
+                    DiscussionHeader.component({ discussion: discussion }),
                     this.stream.render()
                   )
-                )] : LoadingIndicator.component({ className: 'LoadingIndicator--block' })
+                ) : LoadingIndicator.component({ className: 'LoadingIndicator--block' })
               )
             );
           }
@@ -29587,11 +28744,7 @@ System.register('flarum/initializers/boot', ['flarum/utils/ScrollListener', 'fla
       $app.toggleClass('affix', top >= offset).toggleClass('scrolled', top > offset);
     }).start();
 
-    // Initialize FastClick, which makes links and buttons much more responsive on
-    // touch devices.
     $(function () {
-      FastClick.attach(document.body);
-
       $('body').addClass('ontouchstart' in window ? 'touch' : 'no-touch');
     });
 

From abda11c6c51386e9bdd298d1150f7f62077721cf Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 5 Nov 2017 17:57:56 +1030
Subject: [PATCH 42/72] Oops, recompile JS properly

---
 js/forum/dist/app.js | 53 ++++++++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index c0f196994..60e3bd907 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -20413,10 +20413,10 @@ System.register('flarum/components/DiscussionComposer', ['flarum/components/Comp
 });;
 'use strict';
 
-System.register('flarum/components/DiscussionHeader', ['flarum/Component', 'flarum/utils/ItemList', 'flarum/helpers/listItems'], function (_export, _context) {
+System.register('flarum/components/DiscussionHero', ['flarum/Component', 'flarum/utils/ItemList', 'flarum/helpers/listItems'], function (_export, _context) {
   "use strict";
 
-  var Component, ItemList, listItems, DiscussionHeader;
+  var Component, ItemList, listItems, DiscussionHero;
   return {
     setters: [function (_flarumComponent) {
       Component = _flarumComponent.default;
@@ -20426,24 +20426,28 @@ System.register('flarum/components/DiscussionHeader', ['flarum/Component', 'flar
       listItems = _flarumHelpersListItems.default;
     }],
     execute: function () {
-      DiscussionHeader = function (_Component) {
-        babelHelpers.inherits(DiscussionHeader, _Component);
+      DiscussionHero = function (_Component) {
+        babelHelpers.inherits(DiscussionHero, _Component);
 
-        function DiscussionHeader() {
-          babelHelpers.classCallCheck(this, DiscussionHeader);
-          return babelHelpers.possibleConstructorReturn(this, (DiscussionHeader.__proto__ || Object.getPrototypeOf(DiscussionHeader)).apply(this, arguments));
+        function DiscussionHero() {
+          babelHelpers.classCallCheck(this, DiscussionHero);
+          return babelHelpers.possibleConstructorReturn(this, (DiscussionHero.__proto__ || Object.getPrototypeOf(DiscussionHero)).apply(this, arguments));
         }
 
-        babelHelpers.createClass(DiscussionHeader, [{
+        babelHelpers.createClass(DiscussionHero, [{
           key: 'view',
           value: function view() {
             return m(
               'header',
-              { className: 'DiscussionHeader' },
+              { className: 'Hero DiscussionHero' },
               m(
-                'ul',
-                { className: 'DiscussionHeader-items' },
-                listItems(this.items().toArray())
+                'div',
+                { className: 'container' },
+                m(
+                  'ul',
+                  { className: 'DiscussionHero-items' },
+                  listItems(this.items().toArray())
+                )
               )
             );
           }
@@ -20457,24 +20461,24 @@ System.register('flarum/components/DiscussionHeader', ['flarum/Component', 'flar
             if (badges.length) {
               items.add('badges', m(
                 'ul',
-                { className: 'DiscussionHeader-badges badges' },
+                { className: 'DiscussionHero-badges badges' },
                 listItems(badges)
               ), 10);
             }
 
             items.add('title', m(
               'h2',
-              { className: 'DiscussionHeader-title' },
+              { className: 'DiscussionHero-title' },
               discussion.title()
             ));
 
             return items;
           }
         }]);
-        return DiscussionHeader;
+        return DiscussionHero;
       }(Component);
 
-      _export('default', DiscussionHeader);
+      _export('default', DiscussionHero);
     }
   };
 });;
@@ -20910,17 +20914,17 @@ System.register('flarum/components/DiscussionListItem', ['flarum/Component', 'fl
 });;
 'use strict';
 
-System.register('flarum/components/DiscussionPage', ['flarum/components/Page', 'flarum/utils/ItemList', 'flarum/components/DiscussionHeader', 'flarum/components/PostStream', 'flarum/components/PostStreamScrubber', 'flarum/components/LoadingIndicator', 'flarum/components/SplitDropdown', 'flarum/helpers/listItems', 'flarum/utils/DiscussionControls', 'flarum/utils/affixSidebar'], function (_export, _context) {
+System.register('flarum/components/DiscussionPage', ['flarum/components/Page', 'flarum/utils/ItemList', 'flarum/components/DiscussionHero', 'flarum/components/PostStream', 'flarum/components/PostStreamScrubber', 'flarum/components/LoadingIndicator', 'flarum/components/SplitDropdown', 'flarum/helpers/listItems', 'flarum/utils/DiscussionControls'], function (_export, _context) {
   "use strict";
 
-  var Page, ItemList, DiscussionHeader, PostStream, PostStreamScrubber, LoadingIndicator, SplitDropdown, listItems, DiscussionControls, affixSidebar, DiscussionPage;
+  var Page, ItemList, DiscussionHero, PostStream, PostStreamScrubber, LoadingIndicator, SplitDropdown, listItems, DiscussionControls, DiscussionPage;
   return {
     setters: [function (_flarumComponentsPage) {
       Page = _flarumComponentsPage.default;
     }, function (_flarumUtilsItemList) {
       ItemList = _flarumUtilsItemList.default;
-    }, function (_flarumComponentsDiscussionHeader) {
-      DiscussionHeader = _flarumComponentsDiscussionHeader.default;
+    }, function (_flarumComponentsDiscussionHero) {
+      DiscussionHero = _flarumComponentsDiscussionHero.default;
     }, function (_flarumComponentsPostStream) {
       PostStream = _flarumComponentsPostStream.default;
     }, function (_flarumComponentsPostStreamScrubber) {
@@ -20933,8 +20937,6 @@ System.register('flarum/components/DiscussionPage', ['flarum/components/Page', '
       listItems = _flarumHelpersListItems.default;
     }, function (_flarumUtilsDiscussionControls) {
       DiscussionControls = _flarumUtilsDiscussionControls.default;
-    }, function (_flarumUtilsAffixSidebar) {
-      affixSidebar = _flarumUtilsAffixSidebar.default;
     }],
     execute: function () {
       DiscussionPage = function (_Page) {
@@ -21035,12 +21037,12 @@ System.register('flarum/components/DiscussionPage', ['flarum/components/Page', '
               m(
                 'div',
                 { className: 'DiscussionPage-discussion' },
-                discussion ? m(
+                discussion ? [DiscussionHero.component({ discussion: discussion }), m(
                   'div',
                   { className: 'container' },
                   m(
                     'nav',
-                    { className: 'DiscussionPage-nav', config: affixSidebar },
+                    { className: 'DiscussionPage-nav' },
                     m(
                       'ul',
                       null,
@@ -21050,10 +21052,9 @@ System.register('flarum/components/DiscussionPage', ['flarum/components/Page', '
                   m(
                     'div',
                     { className: 'DiscussionPage-stream' },
-                    DiscussionHeader.component({ discussion: discussion }),
                     this.stream.render()
                   )
-                ) : LoadingIndicator.component({ className: 'LoadingIndicator--block' })
+                )] : LoadingIndicator.component({ className: 'LoadingIndicator--block' })
               )
             );
           }

From 1a102766a9c9570b92621a9d7d3c9e011bc6bfbe Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Tue, 7 Nov 2017 21:12:03 +1030
Subject: [PATCH 43/72] Fix Composer textarea losing its height across route
 changes

There is a Mithril bug which causes context.retain to be ineffective for
children nodes. https://github.com/MithrilJS/mithril.js/issues/1300

Thus, we have to assume that the children nodes (like the textarea)
may be recreated and thus we need to update its height on each redraw.

fixes #948
---
 js/forum/dist/app.js                | 4 ++++
 js/forum/src/components/Composer.js | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index 60e3bd907..21e7cf8ef 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -19820,6 +19820,10 @@ System.register('flarum/components/Composer', ['flarum/Component', 'flarum/utils
               defaultHeight = this.$().height();
             }
 
+            // Set the height of the Composer element and its contents on each redraw,
+            // so that they do not lose it if their DOM elements are recreated.
+            this.updateHeight();
+
             if (isInitialized) return;
 
             // Since this component is a part of the global UI that persists between
diff --git a/js/forum/src/components/Composer.js b/js/forum/src/components/Composer.js
index f498333e6..93532d700 100644
--- a/js/forum/src/components/Composer.js
+++ b/js/forum/src/components/Composer.js
@@ -91,6 +91,10 @@ class Composer extends Component {
       defaultHeight = this.$().height();
     }
 
+    // Set the height of the Composer element and its contents on each redraw,
+    // so that they do not lose it if their DOM elements are recreated.
+    this.updateHeight();
+
     if (isInitialized) return;
 
     // Since this component is a part of the global UI that persists between

From 5f7060fb4ad2d5b6c40c9286c9e3075f8b569e11 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 11 Nov 2017 22:44:45 +1030
Subject: [PATCH 44/72] Performance: Assign parent discussion to posts so it
 doesn't have to be reloaded

---
 src/Api/Controller/ListDiscussionsController.php | 14 +++++++++++++-
 src/Api/Controller/ShowDiscussionController.php  |  8 +++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/Api/Controller/ListDiscussionsController.php b/src/Api/Controller/ListDiscussionsController.php
index ab8b21283..04db95c3a 100644
--- a/src/Api/Controller/ListDiscussionsController.php
+++ b/src/Api/Controller/ListDiscussionsController.php
@@ -93,6 +93,18 @@ class ListDiscussionsController extends AbstractCollectionController
             $results->areMoreResults() ? null : 0
         );
 
-        return $results->getResults();
+        $results = $results->getResults();
+
+        if ($relations = array_intersect($load, ['startPost', 'lastPost'])) {
+            foreach ($results as $discussion) {
+                foreach ($relations as $relation) {
+                    if ($discussion->$relation) {
+                        $discussion->$relation->discussion = $discussion;
+                    }
+                }
+            }
+        }
+
+        return $results;
     }
 }
diff --git a/src/Api/Controller/ShowDiscussionController.php b/src/Api/Controller/ShowDiscussionController.php
index 7f04ca167..e99ec54b0 100644
--- a/src/Api/Controller/ShowDiscussionController.php
+++ b/src/Api/Controller/ShowDiscussionController.php
@@ -173,6 +173,12 @@ class ShowDiscussionController extends AbstractResourceController
 
         $query->orderBy('time')->skip($offset)->take($limit)->with($include);
 
-        return $query->get()->all();
+        $posts = $query->get()->all();
+
+        foreach ($posts as $post) {
+            $post->discussion = $discussion;
+        }
+
+        return $posts;
     }
 }

From 9cc67fe312fbd8ae4dbde98dd09ffbf16ef8737f Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 11 Nov 2017 22:45:38 +1030
Subject: [PATCH 45/72] Performance: Cache translation catalogue to avoid
 reparsing YAML

---
 composer.json                           |  1 +
 src/Debug/Console/CacheClearCommand.php | 20 ++++++++++++++++----
 src/Locale/LocaleServiceProvider.php    |  2 +-
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/composer.json b/composer.json
index 1ee4195f0..5bfcb2a57 100644
--- a/composer.json
+++ b/composer.json
@@ -46,6 +46,7 @@
         "nikic/fast-route": "^0.6",
         "oyejorge/less.php": "~1.5",
         "psr/http-message": "^1.0",
+        "symfony/config": "^2.7",
         "symfony/console": "^2.7",
         "symfony/http-foundation": "^2.7",
         "symfony/translation": "^2.7",
diff --git a/src/Debug/Console/CacheClearCommand.php b/src/Debug/Console/CacheClearCommand.php
index cf8e4b466..97142ad6e 100644
--- a/src/Debug/Console/CacheClearCommand.php
+++ b/src/Debug/Console/CacheClearCommand.php
@@ -14,35 +14,43 @@ namespace Flarum\Debug\Console;
 use Flarum\Admin\WebApp as AdminWebApp;
 use Flarum\Console\Command\AbstractCommand;
 use Flarum\Forum\WebApp as ForumWebApp;
+use Flarum\Foundation\Application;
 use Illuminate\Contracts\Cache\Store;
 
 class CacheClearCommand extends AbstractCommand
 {
     /**
-     * @var \Illuminate\Contracts\Cache\Store
+     * @var Store
      */
     protected $cache;
 
     /**
-     * @var \Flarum\Forum\WebApp
+     * @var ForumWebApp
      */
     protected $forum;
 
     /**
-     * @var \Flarum\Admin\WebApp
+     * @var AdminWebApp
      */
     protected $admin;
 
+    /**
+     * @var Application
+     */
+    protected $app;
+
     /**
      * @param Store $cache
      * @param ForumWebApp $forum
      * @param AdminWebApp $admin
+     * @param Application $app
      */
-    public function __construct(Store $cache, ForumWebApp $forum, AdminWebApp $admin)
+    public function __construct(Store $cache, ForumWebApp $forum, AdminWebApp $admin, Application $app)
     {
         $this->cache = $cache;
         $this->forum = $forum;
         $this->admin = $admin;
+        $this->app = $app;
 
         parent::__construct();
     }
@@ -68,5 +76,9 @@ class CacheClearCommand extends AbstractCommand
         $this->admin->getAssets()->flush();
 
         $this->cache->flush();
+
+        $storagePath = $this->app->storagePath();
+        array_map('unlink', glob($storagePath.'/formatter/*'));
+        array_map('unlink', glob($storagePath.'/locale/*'));
     }
 }
diff --git a/src/Locale/LocaleServiceProvider.php b/src/Locale/LocaleServiceProvider.php
index 034e21a1c..3e038950b 100644
--- a/src/Locale/LocaleServiceProvider.php
+++ b/src/Locale/LocaleServiceProvider.php
@@ -41,7 +41,7 @@ class LocaleServiceProvider extends AbstractServiceProvider
         $this->app->singleton('translator', function () {
             $defaultLocale = $this->getDefaultLocale();
 
-            $translator = new Translator($defaultLocale, new MessageSelector());
+            $translator = new Translator($defaultLocale, null, $this->app->storagePath().'/locale', $this->app->inDebugMode());
             $translator->setFallbackLocales([$defaultLocale, 'en']);
             $translator->addLoader('prefixed_yaml', new PrefixedYamlFileLoader());
 

From dedcbae359db4a4ab219c3492254f7a14bb6fa8a Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 11 Nov 2017 22:57:41 +1030
Subject: [PATCH 46/72] Performance: Load only basic information about
 terminal/relevant posts

---
 src/Api/Serializer/DiscussionBasicSerializer.php | 14 +++++++++++---
 src/Api/Serializer/DiscussionSerializer.php      |  8 --------
 src/Api/Serializer/PostBasicSerializer.php       |  7 +++++++
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/Api/Serializer/DiscussionBasicSerializer.php b/src/Api/Serializer/DiscussionBasicSerializer.php
index 99416b10e..ec5040f9d 100644
--- a/src/Api/Serializer/DiscussionBasicSerializer.php
+++ b/src/Api/Serializer/DiscussionBasicSerializer.php
@@ -54,7 +54,7 @@ class DiscussionBasicSerializer extends AbstractSerializer
      */
     protected function startPost($discussion)
     {
-        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostSerializer');
+        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostBasicSerializer');
     }
 
     /**
@@ -70,7 +70,7 @@ class DiscussionBasicSerializer extends AbstractSerializer
      */
     protected function lastPost($discussion)
     {
-        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostSerializer');
+        return $this->hasOne($discussion, 'Flarum\Api\Serializer\PostBasicSerializer');
     }
 
     /**
@@ -86,6 +86,14 @@ class DiscussionBasicSerializer extends AbstractSerializer
      */
     protected function relevantPosts($discussion)
     {
-        return $this->hasMany($discussion, 'Flarum\Api\Serializer\PostSerializer');
+        return $this->hasMany($discussion, 'Flarum\Api\Serializer\PostBasicSerializer');
+    }
+
+    /**
+     * @return \Tobscure\JsonApi\Relationship
+     */
+    protected function hideUser($discussion)
+    {
+        return $this->hasOne($discussion, 'Flarum\Api\Serializer\UserBasicSerializer');
     }
 }
diff --git a/src/Api/Serializer/DiscussionSerializer.php b/src/Api/Serializer/DiscussionSerializer.php
index 47ef8c0ea..eee9c38a0 100644
--- a/src/Api/Serializer/DiscussionSerializer.php
+++ b/src/Api/Serializer/DiscussionSerializer.php
@@ -64,12 +64,4 @@ class DiscussionSerializer extends DiscussionBasicSerializer
 
         return $attributes;
     }
-
-    /**
-     * @return \Tobscure\JsonApi\Relationship
-     */
-    protected function hideUser($discussion)
-    {
-        return $this->hasOne($discussion, 'Flarum\Api\Serializer\UserSerializer');
-    }
 }
diff --git a/src/Api/Serializer/PostBasicSerializer.php b/src/Api/Serializer/PostBasicSerializer.php
index 3a79eed84..962a7b28b 100644
--- a/src/Api/Serializer/PostBasicSerializer.php
+++ b/src/Api/Serializer/PostBasicSerializer.php
@@ -12,6 +12,7 @@
 namespace Flarum\Api\Serializer;
 
 use Flarum\Core\Post;
+use Flarum\Core\Post\CommentPost;
 use InvalidArgumentException;
 
 class PostBasicSerializer extends AbstractSerializer
@@ -42,6 +43,12 @@ class PostBasicSerializer extends AbstractSerializer
             'contentType' => $post->type
         ];
 
+        if ($post instanceof CommentPost) {
+            $attributes['contentHtml'] = $post->content_html;
+        } else {
+            $attributes['content'] = $post->content;
+        }
+
         return $attributes;
     }
 

From 3c80612d805e86bc3ee350198446fbe60bb0b464 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sat, 11 Nov 2017 23:15:36 +1030
Subject: [PATCH 47/72] Performance: Load only basic information about post
 discussion/users

---
 src/Api/Serializer/PostSerializer.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Api/Serializer/PostSerializer.php b/src/Api/Serializer/PostSerializer.php
index cb6a40457..4290c5b03 100644
--- a/src/Api/Serializer/PostSerializer.php
+++ b/src/Api/Serializer/PostSerializer.php
@@ -85,7 +85,7 @@ class PostSerializer extends PostBasicSerializer
      */
     protected function discussion($post)
     {
-        return $this->hasOne($post, 'Flarum\Api\Serializer\DiscussionSerializer');
+        return $this->hasOne($post, 'Flarum\Api\Serializer\DiscussionBasicSerializer');
     }
 
     /**
@@ -93,7 +93,7 @@ class PostSerializer extends PostBasicSerializer
      */
     protected function editUser($post)
     {
-        return $this->hasOne($post, 'Flarum\Api\Serializer\UserSerializer');
+        return $this->hasOne($post, 'Flarum\Api\Serializer\UserBasicSerializer');
     }
 
     /**
@@ -101,6 +101,6 @@ class PostSerializer extends PostBasicSerializer
      */
     protected function hideUser($post)
     {
-        return $this->hasOne($post, 'Flarum\Api\Serializer\UserSerializer');
+        return $this->hasOne($post, 'Flarum\Api\Serializer\UserBasicSerializer');
     }
 }

From a28dbccf1acfdc998dcc31fd0efafd09b4476ec2 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 12 Nov 2017 21:14:19 +1030
Subject: [PATCH 48/72] Performance: Assign parent discussions to posts so they
 don't have to be reloaded

---
 src/Core/Repository/PostRepository.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Core/Repository/PostRepository.php b/src/Core/Repository/PostRepository.php
index 7ce6b0906..93f74a7ce 100644
--- a/src/Core/Repository/PostRepository.php
+++ b/src/Core/Repository/PostRepository.php
@@ -153,7 +153,7 @@ class PostRepository
     {
         $discussions = $this->getDiscussionsForPosts($ids, $actor);
 
-        return Post::whereIn('id', $ids)
+        $posts = Post::whereIn('id', $ids)
             ->where(function ($query) use ($discussions, $actor) {
                 foreach ($discussions as $discussion) {
                     $query->orWhere(function ($query) use ($discussion, $actor) {
@@ -165,6 +165,12 @@ class PostRepository
 
                 $query->orWhereRaw('FALSE');
             });
+
+        foreach ($posts as $post) {
+            $post->discussion = $discussions->find($post->discussion_id);
+        }
+
+        return $posts;
     }
 
     /**

From 0aa74c987ccba232f48a0ca29023dc6a20d045e3 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Mon, 20 Nov 2017 09:17:44 +1030
Subject: [PATCH 49/72] Fix email gambit

---
 src/Core/Search/User/Gambit/EmailGambit.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Core/Search/User/Gambit/EmailGambit.php b/src/Core/Search/User/Gambit/EmailGambit.php
index 8d14fd921..b175b6193 100644
--- a/src/Core/Search/User/Gambit/EmailGambit.php
+++ b/src/Core/Search/User/Gambit/EmailGambit.php
@@ -60,8 +60,6 @@ class EmailGambit extends AbstractRegexGambit
 
         $email = trim($matches[1], '"');
 
-        $user = $this->users->findByEmail($email);
-
-        $search->getQuery()->where('id', $negate ? '!=' : '=', $user->id);
+        $search->getQuery()->where('email', $negate ? '!=' : '=', $email);
     }
 }

From 7796580210b9b6b9188e4f7f0cdc86d4d75c5c82 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Mon, 20 Nov 2017 10:37:21 +1030
Subject: [PATCH 50/72] Actually list users returned from the API when
 searching

---
 js/forum/dist/app.js                         | 95 +++++++++++++++-----
 js/forum/src/components/UsersSearchSource.js | 13 ++-
 2 files changed, 85 insertions(+), 23 deletions(-)

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index 21e7cf8ef..9ae4848fa 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -18948,6 +18948,13 @@ System.register('flarum/components/AvatarEditor', ['flarum/Component', 'flarum/h
              * @type {Boolean}
              */
             this.loading = false;
+
+            /**
+             * Whether or not an image has been dragged over the dropzone.
+             *
+             * @type {Boolean}
+             */
+            this.isDraggedOver = false;
           }
         }, {
           key: 'view',
@@ -18956,14 +18963,19 @@ System.register('flarum/components/AvatarEditor', ['flarum/Component', 'flarum/h
 
             return m(
               'div',
-              { className: 'AvatarEditor Dropdown ' + this.props.className + (this.loading ? ' loading' : '') },
+              { className: 'AvatarEditor Dropdown ' + this.props.className + (this.loading ? ' loading' : '') + (this.isDraggedOver ? ' dragover' : '') },
               avatar(user),
               m(
                 'a',
                 { className: user.avatarUrl() ? "Dropdown-toggle" : "Dropdown-toggle AvatarEditor--noAvatar",
                   title: app.translator.trans('core.forum.user.avatar_upload_tooltip'),
                   'data-toggle': 'dropdown',
-                  onclick: this.quickUpload.bind(this) },
+                  onclick: this.quickUpload.bind(this),
+                  ondragover: this.enableDragover.bind(this),
+                  ondragenter: this.enableDragover.bind(this),
+                  ondragleave: this.disableDragover.bind(this),
+                  ondragend: this.disableDragover.bind(this),
+                  ondrop: this.dropUpload.bind(this) },
                 this.loading ? LoadingIndicator.component() : user.avatarUrl() ? icon('pencil') : icon('plus-circle')
               ),
               m(
@@ -18981,7 +18993,7 @@ System.register('flarum/components/AvatarEditor', ['flarum/Component', 'flarum/h
             items.add('upload', Button.component({
               icon: 'upload',
               children: app.translator.trans('core.forum.user.avatar_upload_button'),
-              onclick: this.upload.bind(this)
+              onclick: this.openPicker.bind(this)
             }));
 
             items.add('remove', Button.component({
@@ -18992,18 +19004,40 @@ System.register('flarum/components/AvatarEditor', ['flarum/Component', 'flarum/h
 
             return items;
           }
+        }, {
+          key: 'enableDragover',
+          value: function enableDragover(e) {
+            e.preventDefault();
+            e.stopPropagation();
+            this.isDraggedOver = true;
+          }
+        }, {
+          key: 'disableDragover',
+          value: function disableDragover(e) {
+            e.preventDefault();
+            e.stopPropagation();
+            this.isDraggedOver = false;
+          }
+        }, {
+          key: 'dropUpload',
+          value: function dropUpload(e) {
+            e.preventDefault();
+            e.stopPropagation();
+            this.isDraggedOver = false;
+            this.upload(e.dataTransfer.files[0]);
+          }
         }, {
           key: 'quickUpload',
           value: function quickUpload(e) {
             if (!this.props.user.avatarUrl()) {
               e.preventDefault();
               e.stopPropagation();
-              this.upload();
+              this.openPicker();
             }
           }
         }, {
-          key: 'upload',
-          value: function upload() {
+          key: 'openPicker',
+          value: function openPicker() {
             var _this2 = this;
 
             if (this.loading) return;
@@ -19014,22 +19048,30 @@ System.register('flarum/components/AvatarEditor', ['flarum/Component', 'flarum/h
             var $input = $('<input type="file">');
 
             $input.appendTo('body').hide().click().on('change', function (e) {
-              var data = new FormData();
-              data.append('avatar', $(e.target)[0].files[0]);
-
-              _this2.loading = true;
-              m.redraw();
-
-              app.request({
-                method: 'POST',
-                url: app.forum.attribute('apiUrl') + '/users/' + user.id() + '/avatar',
-                serialize: function serialize(raw) {
-                  return raw;
-                },
-                data: data
-              }).then(_this2.success.bind(_this2), _this2.failure.bind(_this2));
+              _this2.upload($(e.target)[0].files[0]);
             });
           }
+        }, {
+          key: 'upload',
+          value: function upload(file) {
+            if (this.loading) return;
+
+            var user = this.props.user;
+            var data = new FormData();
+            data.append('avatar', file);
+
+            this.loading = true;
+            m.redraw();
+
+            app.request({
+              method: 'POST',
+              url: app.forum.attribute('apiUrl') + '/users/' + user.id() + '/avatar',
+              serialize: function serialize(raw) {
+                return raw;
+              },
+              data: data
+            }).then(this.success.bind(this), this.failure.bind(this));
+          }
         }, {
           key: 'remove',
           value: function remove() {
@@ -27955,14 +27997,21 @@ System.register('flarum/components/UsersSearchSource', ['flarum/helpers/highligh
       UsersSearchResults = function () {
         function UsersSearchResults() {
           babelHelpers.classCallCheck(this, UsersSearchResults);
+
+          this.results = {};
         }
 
         babelHelpers.createClass(UsersSearchResults, [{
           key: 'search',
           value: function search(query) {
+            var _this = this;
+
             return app.store.find('users', {
               filter: { q: query },
               page: { limit: 5 }
+            }).then(function (results) {
+              _this.results[query] = results;
+              m.redraw();
             });
           }
         }, {
@@ -27970,10 +28019,14 @@ System.register('flarum/components/UsersSearchSource', ['flarum/helpers/highligh
           value: function view(query) {
             query = query.toLowerCase();
 
-            var results = app.store.all('users').filter(function (user) {
+            var results = (this.results[query] || []).concat(app.store.all('users').filter(function (user) {
               return [user.username(), user.displayName()].some(function (value) {
                 return value.toLowerCase().substr(0, query.length) === query;
               });
+            })).filter(function (e, i, arr) {
+              return arr.lastIndexOf(e) === i;
+            }).sort(function (a, b) {
+              return a.displayName().localeCompare(b.displayName());
             });
 
             if (!results.length) return '';
diff --git a/js/forum/src/components/UsersSearchSource.js b/js/forum/src/components/UsersSearchSource.js
index 7f687b811..69cc98a6f 100644
--- a/js/forum/src/components/UsersSearchSource.js
+++ b/js/forum/src/components/UsersSearchSource.js
@@ -9,18 +9,27 @@ import username from 'flarum/helpers/username';
  * @implements SearchSource
  */
 export default class UsersSearchResults {
+  constructor() {
+    this.results = {};
+  }
+
   search(query) {
     return app.store.find('users', {
       filter: {q: query},
       page: {limit: 5}
+    }).then(results => {
+      this.results[query] = results;
+      m.redraw();
     });
   }
 
   view(query) {
     query = query.toLowerCase();
 
-    const results = app.store.all('users')
-      .filter(user => [user.username(), user.displayName()].some(value => value.toLowerCase().substr(0, query.length) === query));
+    const results = (this.results[query] || [])
+      .concat(app.store.all('users').filter(user => [user.username(), user.displayName()].some(value => value.toLowerCase().substr(0, query.length) === query)))
+      .filter((e, i, arr) => arr.lastIndexOf(e) === i)
+      .sort((a, b) => a.displayName().localeCompare(b.displayName()));
 
     if (!results.length) return '';
 

From 479e44dd04128b9972e7002156b69bcb152943a7 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 12:49:09 +1030
Subject: [PATCH 51/72] Restructure views

- Use Laravel's view namespacing rather than the full file path
- Organise views into directories
---
 src/Forum/Controller/DiscussionController.php     | 2 +-
 src/Forum/Controller/IndexController.php          | 2 +-
 src/Http/WebApp/AbstractWebApp.php                | 2 +-
 src/Http/WebApp/WebAppView.php                    | 6 +++---
 views/{ => frontend}/admin.blade.php              | 0
 views/{ => frontend}/app.blade.php                | 0
 views/{ => frontend}/content.blade.php            | 0
 views/{ => frontend/content}/discussion.blade.php | 0
 views/{ => frontend/content}/index.blade.php      | 0
 views/{ => frontend}/forum.blade.php              | 0
 10 files changed, 6 insertions(+), 6 deletions(-)
 rename views/{ => frontend}/admin.blade.php (100%)
 rename views/{ => frontend}/app.blade.php (100%)
 rename views/{ => frontend}/content.blade.php (100%)
 rename views/{ => frontend/content}/discussion.blade.php (100%)
 rename views/{ => frontend/content}/index.blade.php (100%)
 rename views/{ => frontend}/forum.blade.php (100%)

diff --git a/src/Forum/Controller/DiscussionController.php b/src/Forum/Controller/DiscussionController.php
index ebc7ab0de..c7bb5dcd9 100644
--- a/src/Forum/Controller/DiscussionController.php
+++ b/src/Forum/Controller/DiscussionController.php
@@ -87,7 +87,7 @@ class DiscussionController extends WebAppController
 
         $view->title = $document->data->attributes->title;
         $view->document = $document;
-        $view->content = app('view')->make('flarum.forum::discussion', compact('document', 'page', 'getResource', 'posts', 'url'));
+        $view->content = app('view')->make('flarum::frontend.content.discussion', compact('document', 'page', 'getResource', 'posts', 'url'));
 
         return $view;
     }
diff --git a/src/Forum/Controller/IndexController.php b/src/Forum/Controller/IndexController.php
index a4c059f34..0a52ed7cd 100644
--- a/src/Forum/Controller/IndexController.php
+++ b/src/Forum/Controller/IndexController.php
@@ -68,7 +68,7 @@ class IndexController extends WebAppController
         $document = $this->getDocument($request->getAttribute('actor'), $params);
 
         $view->document = $document;
-        $view->content = app('view')->make('flarum.forum::index', compact('document', 'page', 'forum'));
+        $view->content = app('view')->make('flarum::frontend.content.index', compact('document', 'page', 'forum'));
 
         return $view;
     }
diff --git a/src/Http/WebApp/AbstractWebApp.php b/src/Http/WebApp/AbstractWebApp.php
index e20ec3cac..68f9b80f5 100644
--- a/src/Http/WebApp/AbstractWebApp.php
+++ b/src/Http/WebApp/AbstractWebApp.php
@@ -86,7 +86,7 @@ abstract class AbstractWebApp
      */
     protected function getLayout()
     {
-        return __DIR__.'/../../../views/'.$this->getName().'.blade.php';
+        return 'flarum::frontend.'.$this->getName();
     }
 
     /**
diff --git a/src/Http/WebApp/WebAppView.php b/src/Http/WebApp/WebAppView.php
index d38e95839..78af25540 100644
--- a/src/Http/WebApp/WebAppView.php
+++ b/src/Http/WebApp/WebAppView.php
@@ -287,7 +287,7 @@ class WebAppView
         $this->view->share('forum', array_get($forum, 'data'));
         $this->view->share('debug', $this->app->inDebugMode());
 
-        $view = $this->view->file(__DIR__.'/../../../views/app.blade.php');
+        $view = $this->view->make('flarum::frontend.app');
 
         $view->title = $this->buildTitle(array_get($forum, 'data.attributes.title'));
         $view->description = $this->description ?: array_get($forum, 'data.attributes.description');
@@ -336,7 +336,7 @@ class WebAppView
 
     protected function buildLayout()
     {
-        $view = $this->view->file($this->layout);
+        $view = $this->view->make($this->layout);
 
         $view->content = $this->buildContent();
 
@@ -345,7 +345,7 @@ class WebAppView
 
     protected function buildContent()
     {
-        $view = $this->view->file(__DIR__.'/../../../views/content.blade.php');
+        $view = $this->view->make('flarum::frontend.content');
 
         $view->content = $this->content;
 
diff --git a/views/admin.blade.php b/views/frontend/admin.blade.php
similarity index 100%
rename from views/admin.blade.php
rename to views/frontend/admin.blade.php
diff --git a/views/app.blade.php b/views/frontend/app.blade.php
similarity index 100%
rename from views/app.blade.php
rename to views/frontend/app.blade.php
diff --git a/views/content.blade.php b/views/frontend/content.blade.php
similarity index 100%
rename from views/content.blade.php
rename to views/frontend/content.blade.php
diff --git a/views/discussion.blade.php b/views/frontend/content/discussion.blade.php
similarity index 100%
rename from views/discussion.blade.php
rename to views/frontend/content/discussion.blade.php
diff --git a/views/index.blade.php b/views/frontend/content/index.blade.php
similarity index 100%
rename from views/index.blade.php
rename to views/frontend/content/index.blade.php
diff --git a/views/forum.blade.php b/views/frontend/forum.blade.php
similarity index 100%
rename from views/forum.blade.php
rename to views/frontend/forum.blade.php

From 9392e1bec3fd1fa967e1c59dc23890631aaa997d Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 12:52:49 +1030
Subject: [PATCH 52/72] New design for reset password view

---
 .../Controller/ResetPasswordController.php    |  14 +--
 .../Controller/SavePasswordController.php     |   3 +-
 src/Forum/ForumServiceProvider.php            |   7 ++
 .../Middleware/ShareErrorsFromSession.php     |  62 ++++++++++
 views/layouts/basic.blade.php                 | 106 ++++++++++++++++++
 views/reset-password.blade.php                |  33 ++++++
 views/reset.blade.php                         |  37 ------
 7 files changed, 213 insertions(+), 49 deletions(-)
 create mode 100644 src/Http/Middleware/ShareErrorsFromSession.php
 create mode 100644 views/layouts/basic.blade.php
 create mode 100644 views/reset-password.blade.php
 delete mode 100644 views/reset.blade.php

diff --git a/src/Forum/Controller/ResetPasswordController.php b/src/Forum/Controller/ResetPasswordController.php
index 42a47b288..1e87fdf0c 100644
--- a/src/Forum/Controller/ResetPasswordController.php
+++ b/src/Forum/Controller/ResetPasswordController.php
@@ -26,18 +26,12 @@ class ResetPasswordController extends AbstractHtmlController
      */
     protected $view;
 
-    /**
-     * @var TranslatorInterface
-     */
-    protected $translator;
-
     /**
      * @param Factory $view
      */
-    public function __construct(Factory $view, TranslatorInterface $translator)
+    public function __construct(Factory $view)
     {
         $this->view = $view;
-        $this->translator = $translator;
     }
 
     /**
@@ -55,10 +49,8 @@ class ResetPasswordController extends AbstractHtmlController
             throw new InvalidConfirmationTokenException;
         }
 
-        return $this->view->make('flarum::reset')
-            ->with('translator', $this->translator)
+        return $this->view->make('flarum.forum::reset-password')
             ->with('passwordToken', $token->id)
-            ->with('csrfToken', $request->getAttribute('session')->get('csrf_token'))
-            ->with('error', $request->getAttribute('session')->get('error'));
+            ->with('csrfToken', $request->getAttribute('session')->get('csrf_token'));
     }
 }
diff --git a/src/Forum/Controller/SavePasswordController.php b/src/Forum/Controller/SavePasswordController.php
index 0b36f9779..3a9fc4605 100644
--- a/src/Forum/Controller/SavePasswordController.php
+++ b/src/Forum/Controller/SavePasswordController.php
@@ -75,11 +75,12 @@ class SavePasswordController implements ControllerInterface
             $this->validator->assertValid(compact('password'));
 
             $validator = $this->validatorFactory->make($input, ['password' => 'required|confirmed']);
+
             if ($validator->fails()) {
                 throw new ValidationException($validator);
             }
         } catch (ValidationException $e) {
-            $request->getAttribute('session')->set('error', $e->errors()->first());
+            $request->getAttribute('session')->set('errors', $e->errors());
 
             return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id]));
         }
diff --git a/src/Forum/ForumServiceProvider.php b/src/Forum/ForumServiceProvider.php
index 43f4c2bed..766cdc618 100644
--- a/src/Forum/ForumServiceProvider.php
+++ b/src/Forum/ForumServiceProvider.php
@@ -18,6 +18,8 @@ use Flarum\Event\SettingWasSet;
 use Flarum\Foundation\AbstractServiceProvider;
 use Flarum\Http\Handler\RouteHandlerFactory;
 use Flarum\Http\RouteCollection;
+use Flarum\Settings\SettingsRepositoryInterface;
+use Symfony\Component\Translation\TranslatorInterface;
 
 class ForumServiceProvider extends AbstractServiceProvider
 {
@@ -44,6 +46,11 @@ class ForumServiceProvider extends AbstractServiceProvider
 
         $this->loadViewsFrom(__DIR__.'/../../views', 'flarum.forum');
 
+        $this->app->make('view')->share([
+            'translator' => $this->app->make(TranslatorInterface::class),
+            'settings' => $this->app->make(SettingsRepositoryInterface::class)
+        ]);
+
         $this->flushWebAppAssetsWhenThemeChanged();
 
         $this->flushWebAppAssetsWhenExtensionsChanged();
diff --git a/src/Http/Middleware/ShareErrorsFromSession.php b/src/Http/Middleware/ShareErrorsFromSession.php
new file mode 100644
index 000000000..4ab83d2f8
--- /dev/null
+++ b/src/Http/Middleware/ShareErrorsFromSession.php
@@ -0,0 +1,62 @@
+<?php
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Http\Middleware;
+
+use Illuminate\Support\ViewErrorBag;
+use Illuminate\Contracts\View\Factory as ViewFactory;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Zend\Stratigility\MiddlewareInterface;
+
+/**
+ * Inspired by Illuminate\View\Middleware\ShareErrorsFromSession
+ *
+ * @author Taylor Otwell
+ */
+class ShareErrorsFromSession implements MiddlewareInterface
+{
+    /**
+     * @var ViewFactory
+     */
+    protected $view;
+
+    /**
+     * @param ViewFactory $view
+     */
+    public function __construct(ViewFactory $view)
+    {
+        $this->view = $view;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __invoke(Request $request, Response $response, callable $out = null)
+    {
+        $session = $request->getAttribute('session');
+
+        // If the current session has an "errors" variable bound to it, we will share
+        // its value with all view instances so the views can easily access errors
+        // without having to bind. An empty bag is set when there aren't errors.
+        $this->view->share(
+            'errors', $session->get('errors', new ViewErrorBag)
+        );
+
+        // Putting the errors in the view for every view allows the developer to just
+        // assume that some errors are always available, which is convenient since
+        // they don't have to continually run checks for the presence of errors.
+
+        $session->remove('errors');
+
+        return $out ? $out($request, $response) : $response;
+    }
+}
+
diff --git a/views/layouts/basic.blade.php b/views/layouts/basic.blade.php
new file mode 100644
index 000000000..7143e24c9
--- /dev/null
+++ b/views/layouts/basic.blade.php
@@ -0,0 +1,106 @@
+{{-- TODO: Change below to @php when Laravel is upgraded --}}
+<?php
+  $primaryColor = $settings->get('theme_primary_color', '#000');
+?>
+
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    {{-- TODO: Change below to @hasSection when Laravel is upgraded --}}
+    <title>@if ($__env->hasSection('title')) @yield('title') - @endif{{ $settings->get('forum_title') }}</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1">
+
+    <style>
+      * {
+       box-sizing: border-box;
+      }
+      body {
+        font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+        font-size: 18px;
+        text-align: center;
+        line-height: 1.5;
+        color: #333;
+      }
+      input,
+      button,
+      select,
+      textarea {
+        font-family: inherit;
+        font-size: inherit;
+        line-height: inherit;
+      }
+      a {
+        cursor: pointer;
+        color: {{ $primaryColor }};
+        text-decoration: none;
+      }
+      a:hover {
+        text-decoration: underline;
+      }
+      .container {
+        margin: 100px auto;
+        max-width: 450px;
+        padding: 0 15px;
+      }
+      .button {
+        display: inline-block;
+        padding: 15px 25px;
+        background: {{ $primaryColor }};
+        color: #fff;
+        text-decoration: none;
+        text-align: center;
+        vertical-align: middle;
+        border-radius: 4px;
+        cursor: pointer;
+        white-space: nowrap;
+        font-weight: bold;
+        border: 0;
+      }
+      .button:hover {
+        text-decoration: none;
+      }
+      .button:active,
+      .button.active {
+        box-shadow: inset 0 3px 5px rgba(0, 0, 0, .125);
+      }
+      .form {
+        max-width: 300px;
+        margin: 0 auto;
+      }
+      .form .button {
+        display: block;
+        width: 100%;
+      }
+      .form-control {
+        display: block;
+        width: 100%;
+        text-align: center;
+        padding: 15px 20px;
+        background-color: #fff;
+        border: 2px solid #eee;
+        border-radius: 4px;
+        transition: border-color .15s;
+      }
+      .form-control:focus,
+      .form-control.focus {
+         border-color: {{ $primaryColor }};
+         outline: none;
+      }
+      .errors {
+        color: #d83e3e;
+      }
+      .errors ul {
+        list-style-type: none;
+        margin: 0;
+        padding: 0;
+      }
+    </style>
+  </head>
+
+  <body>
+    <div class="container">
+      @yield('content')
+    </div>
+  </body>
+</html>
diff --git a/views/reset-password.blade.php b/views/reset-password.blade.php
new file mode 100644
index 000000000..11ac7020e
--- /dev/null
+++ b/views/reset-password.blade.php
@@ -0,0 +1,33 @@
+@extends('flarum.forum::layouts.basic')
+@inject('url', 'Flarum\Forum\UrlGenerator')
+
+@section('title', $translator->trans('core.views.reset_password.title'))
+
+@section('content')
+  @if ($errors->any())
+    <div class="errors">
+      <ul>
+        @foreach ($errors->all() as $error)
+          <li>{{ $error }}</li>
+        @endforeach
+      </ul>
+    </div>
+  @endif
+
+  <form class="form" method="POST" action="{{ $url->toRoute('savePassword') }}">
+    <input type="hidden" name="csrfToken" value="{{ $csrfToken }}">
+    <input type="hidden" name="passwordToken" value="{{ $passwordToken }}">
+
+    <p class="form-group">
+      <input type="password" class="form-control" name="password" placeholder="{{ $translator->trans('core.views.reset_password.new_password_label') }}">
+    </p>
+
+    <p class="form-group">
+      <input type="password" class="form-control" name="password_confirmation" placeholder="{{ $translator->trans('core.views.reset_password.confirm_password_label') }}">
+    </p>
+
+    <p class="form-group">
+      <button type="submit" class="button">{{ $translator->trans('core.views.reset_password.submit_button') }}</button>
+    </p>
+  </form>
+@endsection
diff --git a/views/reset.blade.php b/views/reset.blade.php
deleted file mode 100644
index 671157b38..000000000
--- a/views/reset.blade.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta charset="utf-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <title>Reset Your Password</title>
-    <meta name="description" content="">
-    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1">
-  </head>
-
-  <body>
-    <h2>{{ $translator->trans('core.views.reset.title') }}</h2>
-
-    @if (! empty($error))
-      <p style="color:red">{{ $error }}</p>
-    @endif
-
-    <form class="form-horizontal" role="form" method="POST" action="{{ app('Flarum\Forum\UrlGenerator')->toRoute('savePassword') }}">
-      <input type="hidden" name="csrfToken" value="{{ $csrfToken }}">
-      <input type="hidden" name="passwordToken" value="{{ $passwordToken }}">
-
-      <p class="form-group">
-        <label class="control-label">{{ $translator->trans('core.views.reset.password_label') }}</label><br>
-        <input type="password" class="form-control" name="password">
-      </p>
-
-      <p class="form-group">
-        <label class="control-label">{{ $translator->trans('core.views.reset.confirm_password_label') }}</label><br>
-        <input type="password" class="form-control" name="password_confirmation">
-      </p>
-
-      <p class="form-group">
-        <button type="submit" class="btn btn-primary">{{ $translator->trans('core.views.reset.submit_button') }}</button>
-      </p>
-    </form>
-  </body>
-</html>

From a065c8e6f58cca6f6fb1df7c01f3ea30a491b7dd Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 12:53:39 +1030
Subject: [PATCH 53/72] Make URLs more verbose

---
 src/Forum/ForumServiceProvider.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Forum/ForumServiceProvider.php b/src/Forum/ForumServiceProvider.php
index 766cdc618..30741572d 100644
--- a/src/Forum/ForumServiceProvider.php
+++ b/src/Forum/ForumServiceProvider.php
@@ -114,19 +114,19 @@ class ForumServiceProvider extends AbstractServiceProvider
         );
 
         $routes->get(
-            '/confirm/{token}',
+            '/confirm-email/{token}',
             'confirmEmail',
             $route->toController(Controller\ConfirmEmailController::class)
         );
 
         $routes->get(
-            '/reset/{token}',
+            '/reset-password/{token}',
             'resetPassword',
             $route->toController(Controller\ResetPasswordController::class)
         );
 
         $routes->post(
-            '/reset',
+            '/reset-password',
             'savePassword',
             $route->toController(Controller\SavePasswordController::class)
         );

From 295193eb3cd770b7162bf5279b846b799c8ad75e Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 12:54:11 +1030
Subject: [PATCH 54/72] Use HtmlResponse in AbstractHtmlController

---
 src/Http/Controller/AbstractHtmlController.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/Http/Controller/AbstractHtmlController.php b/src/Http/Controller/AbstractHtmlController.php
index 1bbb7463d..2f56ed7ef 100644
--- a/src/Http/Controller/AbstractHtmlController.php
+++ b/src/Http/Controller/AbstractHtmlController.php
@@ -11,28 +11,30 @@
 
 namespace Flarum\Http\Controller;
 
+use Illuminate\Contracts\Support\Renderable;
 use Psr\Http\Message\ServerRequestInterface as Request;
-use Zend\Diactoros\Response;
+use Zend\Diactoros\Response\HtmlResponse;
 
 abstract class AbstractHtmlController implements ControllerInterface
 {
     /**
      * @param Request $request
-     * @return \Zend\Diactoros\Response
+     * @return HtmlResponse
      */
     public function handle(Request $request)
     {
         $view = $this->render($request);
 
-        $response = new Response;
-        $response->getBody()->write($view);
+        if ($view instanceof Renderable) {
+            $view = $view->render();
+        }
 
-        return $response;
+        return new HtmlResponse($view);
     }
 
     /**
      * @param Request $request
-     * @return \Illuminate\Contracts\Support\Renderable
+     * @return string|Renderable
      */
     abstract protected function render(Request $request);
 }

From e8a4e5e0ef91ae906698f8ac086eb473a0259c69 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 13:03:16 +1030
Subject: [PATCH 55/72] Add log out confirmation if CSRF token is invalid.
 fixes #1282

---
 src/Forum/Controller/LogOutController.php | 51 +++++++++++++++++++----
 views/log-out.blade.php                   | 14 +++++++
 2 files changed, 56 insertions(+), 9 deletions(-)
 create mode 100644 views/log-out.blade.php

diff --git a/src/Forum/Controller/LogOutController.php b/src/Forum/Controller/LogOutController.php
index 1aef40efb..4dbb891cf 100644
--- a/src/Forum/Controller/LogOutController.php
+++ b/src/Forum/Controller/LogOutController.php
@@ -18,8 +18,11 @@ use Flarum\Http\Controller\ControllerInterface;
 use Flarum\Http\Exception\TokenMismatchException;
 use Flarum\Http\Rememberer;
 use Flarum\Http\SessionAuthenticator;
+use Flarum\Settings\SettingsRepositoryInterface;
 use Illuminate\Contracts\Events\Dispatcher;
+use Illuminate\Contracts\View\Factory;
 use Psr\Http\Message\ServerRequestInterface as Request;
+use Zend\Diactoros\Response\HtmlResponse;
 use Zend\Diactoros\Response\RedirectResponse;
 
 class LogOutController implements ControllerInterface
@@ -46,18 +49,38 @@ class LogOutController implements ControllerInterface
      */
     protected $rememberer;
 
+    /**
+     * @var Factory
+     */
+    protected $view;
+
+    /**
+     * @var SettingsRepositoryInterface
+     */
+    protected $settings;
+
     /**
      * @param Application $app
      * @param Dispatcher $events
      * @param SessionAuthenticator $authenticator
      * @param Rememberer $rememberer
+     * @param Factory $view
+     * @param SettingsRepositoryInterface $settings
      */
-    public function __construct(Application $app, Dispatcher $events, SessionAuthenticator $authenticator, Rememberer $rememberer)
-    {
+    public function __construct(
+        Application $app,
+        Dispatcher $events,
+        SessionAuthenticator $authenticator,
+        Rememberer $rememberer,
+        Factory $view,
+        SettingsRepositoryInterface $settings
+    ) {
         $this->app = $app;
         $this->events = $events;
         $this->authenticator = $authenticator;
         $this->rememberer = $rememberer;
+        $this->view = $view;
+        $this->settings = $settings;
     }
 
     /**
@@ -68,17 +91,27 @@ class LogOutController implements ControllerInterface
     public function handle(Request $request)
     {
         $session = $request->getAttribute('session');
-
-        if (array_get($request->getQueryParams(), 'token') !== $session->get('csrf_token')) {
-            throw new TokenMismatchException;
-        }
-
         $actor = $request->getAttribute('actor');
 
-        $this->assertRegistered($actor);
-
         $url = array_get($request->getQueryParams(), 'return', $this->app->url());
 
+        // If there is no user logged in, return to the index.
+        if ($actor->isGuest()) {
+            return new RedirectResponse($url);
+        }
+
+        // If a valid CSRF token hasn't been provided, show a view which will
+        // allow the user to press a button to complete the log out process.
+        $csrfToken = $session->get('csrf_token');
+
+        if (array_get($request->getQueryParams(), 'token') !== $csrfToken) {
+            $view = $this->view->make('flarum.forum::log-out')
+                ->with('csrfToken', $csrfToken)
+                ->with('forumTitle', $this->settings->get('forum_title'));
+
+            return new HtmlResponse($view->render());
+        }
+
         $response = new RedirectResponse($url);
 
         $this->authenticator->logOut($session);
diff --git a/views/log-out.blade.php b/views/log-out.blade.php
new file mode 100644
index 000000000..5f777dda3
--- /dev/null
+++ b/views/log-out.blade.php
@@ -0,0 +1,14 @@
+@extends('flarum.forum::layouts.basic')
+@inject('url', 'Flarum\Forum\UrlGenerator')
+
+@section('title', $translator->trans('core.views.log_out.title'))
+
+@section('content')
+  <p>{{ $translator->trans('core.views.log_out.log_out_confirmation', ['{forum}' => $forumTitle]) }}</p>
+
+  <p>
+    <a href="{{ $url->toRoute('logout') }}?token={{ $csrfToken }}" class="button">
+      {{ $translator->trans('core.views.log_out.log_out_button') }}
+    </a>
+  </p>
+@endsection

From b7c1cc5ceffb36bc990919bd749050f49f39554b Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 13:03:55 +1030
Subject: [PATCH 56/72] New design for error pages. closes #252

---
 error/403.html                       | 13 ------------
 error/404.html                       | 13 ------------
 error/500.html                       | 13 ------------
 error/503.html                       | 13 ------------
 src/Forum/Server.php                 | 18 +++++++----------
 src/Http/Middleware/HandleErrors.php | 30 +++++++++-------------------
 views/error.blade.php                | 22 ++++++++++++++++++++
 7 files changed, 38 insertions(+), 84 deletions(-)
 delete mode 100644 error/403.html
 delete mode 100644 error/404.html
 delete mode 100644 error/500.html
 delete mode 100644 error/503.html
 create mode 100644 views/error.blade.php

diff --git a/error/403.html b/error/403.html
deleted file mode 100644
index 1ed30a168..000000000
--- a/error/403.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head lang="en">
-    <meta charset="UTF-8">
-    <title></title>
-</head>
-<body>
-
-<h1>403 Forbidden</h1>
-<p>You do not have permissions to access this page.</p>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/error/404.html b/error/404.html
deleted file mode 100644
index 262b80985..000000000
--- a/error/404.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head lang="en">
-  <meta charset="UTF-8">
-  <title></title>
-</head>
-<body>
-
-<h1>404 Not Found</h1>
-<p>Looks like this page could not be found.</p>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/error/500.html b/error/500.html
deleted file mode 100644
index f9af9e116..000000000
--- a/error/500.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head lang="en">
-  <meta charset="UTF-8">
-  <title></title>
-</head>
-<body>
-
-<h1>500 Internal Server Error</h1>
-<p>Something went wrong on our server.</p>
-
-</body>
-</html>
diff --git a/error/503.html b/error/503.html
deleted file mode 100644
index 46243a1c5..000000000
--- a/error/503.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head lang="en">
-  <meta charset="UTF-8">
-  <title></title>
-</head>
-<body>
-
-<h1>503 Service Unavailable</h1>
-<p>This forum is down for maintenance.</p>
-
-</body>
-</html>
diff --git a/src/Forum/Server.php b/src/Forum/Server.php
index 893ddc52c..81072e964 100644
--- a/src/Forum/Server.php
+++ b/src/Forum/Server.php
@@ -11,11 +11,10 @@
 
 namespace Flarum\Forum;
 
+use Exception;
 use Flarum\Event\ConfigureMiddleware;
 use Flarum\Foundation\Application;
 use Flarum\Http\AbstractServer;
-use Flarum\Http\Middleware\HandleErrors;
-use Zend\Diactoros\Response\HtmlResponse;
 use Zend\Stratigility\MiddlewarePipe;
 
 class Server extends AbstractServer
@@ -29,30 +28,27 @@ class Server extends AbstractServer
         $pipe->raiseThrowables();
 
         $path = parse_url($app->url(), PHP_URL_PATH);
-        $errorDir = __DIR__.'/../../error';
+
+        $pipe->pipe($path, $app->make('Flarum\Http\Middleware\HandleErrors', ['debug' => $app->inDebugMode() || ! $app->isInstalled()]));
+        $pipe->pipe($path, $app->make('Flarum\Http\Middleware\StartSession'));
 
         if (! $app->isInstalled()) {
             $app->register('Flarum\Install\InstallServiceProvider');
 
-            $pipe->pipe($path, new HandleErrors($errorDir, $app->make('log'), true));
-
-            $pipe->pipe($path, $app->make('Flarum\Http\Middleware\StartSession'));
             $pipe->pipe($path, $app->make('Flarum\Http\Middleware\DispatchRoute', ['routes' => $app->make('flarum.install.routes')]));
         } elseif ($app->isUpToDate() && ! $app->isDownForMaintenance()) {
-            $pipe->pipe($path, new HandleErrors($errorDir, $app->make('log'), $app->inDebugMode()));
-
             $pipe->pipe($path, $app->make('Flarum\Http\Middleware\ParseJsonBody'));
-            $pipe->pipe($path, $app->make('Flarum\Http\Middleware\StartSession'));
             $pipe->pipe($path, $app->make('Flarum\Http\Middleware\RememberFromCookie'));
             $pipe->pipe($path, $app->make('Flarum\Http\Middleware\AuthenticateWithSession'));
             $pipe->pipe($path, $app->make('Flarum\Http\Middleware\SetLocale'));
+            $pipe->pipe($path, $app->make('Flarum\Http\Middleware\ShareErrorsFromSession'));
 
             event(new ConfigureMiddleware($pipe, $path, $this));
 
             $pipe->pipe($path, $app->make('Flarum\Http\Middleware\DispatchRoute', ['routes' => $app->make('flarum.forum.routes')]));
         } else {
-            $pipe->pipe($path, function () use ($errorDir) {
-                return new HtmlResponse(file_get_contents($errorDir.'/503.html', 503));
+            $pipe->pipe($path, function () {
+                throw new Exception('', 503);
             });
         }
 
diff --git a/src/Http/Middleware/HandleErrors.php b/src/Http/Middleware/HandleErrors.php
index 2790584a8..d7302332c 100644
--- a/src/Http/Middleware/HandleErrors.php
+++ b/src/Http/Middleware/HandleErrors.php
@@ -13,6 +13,7 @@ namespace Flarum\Http\Middleware;
 
 use Exception;
 use Franzl\Middleware\Whoops\ErrorMiddleware as WhoopsMiddleware;
+use Illuminate\Contracts\View\Factory as ViewFactory;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Log\LoggerInterface;
@@ -21,9 +22,9 @@ use Zend\Diactoros\Response\HtmlResponse;
 class HandleErrors
 {
     /**
-     * @var string
+     * @var ViewFactory
      */
-    protected $templateDir;
+    protected $view;
 
     /**
      * @var LoggerInterface
@@ -36,13 +37,13 @@ class HandleErrors
     protected $debug;
 
     /**
-     * @param string $templateDir
+     * @param ViewFactory $view
      * @param LoggerInterface $logger
      * @param bool $debug
      */
-    public function __construct($templateDir, LoggerInterface $logger, $debug = false)
+    public function __construct(ViewFactory $view, LoggerInterface $logger, $debug = false)
     {
-        $this->templateDir = $templateDir;
+        $this->view = $view;
         $this->logger = $logger;
         $this->debug = $debug;
     }
@@ -75,7 +76,7 @@ class HandleErrors
             $status = $errorCode;
         }
 
-        if ($this->debug && ! in_array($errorCode, [403, 404])) {
+        if ($this->debug) {
             $whoops = new WhoopsMiddleware;
 
             return $whoops($error, $request, $response, $out);
@@ -84,21 +85,8 @@ class HandleErrors
         // Log the exception (with trace)
         $this->logger->debug($error);
 
-        $errorPage = $this->getErrorPage($status);
+        $view = $this->view->make('flarum::error')->with('error', $error);
 
-        return new HtmlResponse($errorPage, $status);
-    }
-
-    /**
-     * @param string $status
-     * @return string
-     */
-    protected function getErrorPage($status)
-    {
-        if (! file_exists($errorPage = $this->templateDir."/$status.html")) {
-            $errorPage = $this->templateDir.'/500.html';
-        }
-
-        return file_get_contents($errorPage);
+        return new HtmlResponse($view->render(), $status);
     }
 }
diff --git a/views/error.blade.php b/views/error.blade.php
new file mode 100644
index 000000000..c7fca235c
--- /dev/null
+++ b/views/error.blade.php
@@ -0,0 +1,22 @@
+@extends('flarum.forum::layouts.basic')
+
+@section('content')
+  <p>
+    {{-- TODO: Change below to @php when Laravel is upgraded --}}
+    <?php
+      $getTranslationIfExists = function ($code) use ($translator, $settings) {
+          $key = 'core.views.error.'.$code.'_message';
+          $translation = $translator->trans($key, ['{forum}' => $settings->get('forum_title')]);
+
+          return $translation === $key ? false : $translation;
+      };
+
+      if (! $translation = $getTranslationIfExists($error->getCode())) {
+          if (! $translation = $getTranslationIfExists(500)) {
+              $translation = 'An error occurred while trying to load this page.';
+          }
+      }
+    ?>
+    {{ $translation }}
+  </p>
+@endsection

From ea2fc1ff8a7972fd809c9b45b552bda3138ed55e Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 13:23:25 +1030
Subject: [PATCH 57/72] Add a "return home" link to 404 errors

---
 src/Http/Middleware/HandleErrors.php               |  6 +++++-
 views/error/404.blade.php                          | 12 ++++++++++++
 views/{error.blade.php => error/default.blade.php} |  0
 views/layouts/basic.blade.php                      |  1 +
 4 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 views/error/404.blade.php
 rename views/{error.blade.php => error/default.blade.php} (100%)

diff --git a/src/Http/Middleware/HandleErrors.php b/src/Http/Middleware/HandleErrors.php
index d7302332c..45b087b03 100644
--- a/src/Http/Middleware/HandleErrors.php
+++ b/src/Http/Middleware/HandleErrors.php
@@ -85,7 +85,11 @@ class HandleErrors
         // Log the exception (with trace)
         $this->logger->debug($error);
 
-        $view = $this->view->make('flarum::error')->with('error', $error);
+        if (! $this->view->exists($name = 'flarum::error.'.$status)) {
+            $name = 'flarum::error.default';
+        }
+
+        $view = $this->view->make($name)->with('error', $error);
 
         return new HtmlResponse($view->render(), $status);
     }
diff --git a/views/error/404.blade.php b/views/error/404.blade.php
new file mode 100644
index 000000000..e54955574
--- /dev/null
+++ b/views/error/404.blade.php
@@ -0,0 +1,12 @@
+@extends('flarum.forum::layouts.basic')
+
+@section('content')
+  <p>
+    {{ $translator->trans('core.views.error.404_message') }}
+  </p>
+  <p>
+    <a href="{{ $app->url() }}">
+      {{ $translator->trans('core.views.error.404_return_link', ['{forum}' => $settings->get('forum_title')]) }}
+    </a>
+  </p>
+@endsection
diff --git a/views/error.blade.php b/views/error/default.blade.php
similarity index 100%
rename from views/error.blade.php
rename to views/error/default.blade.php
diff --git a/views/layouts/basic.blade.php b/views/layouts/basic.blade.php
index 7143e24c9..dcaa72d16 100644
--- a/views/layouts/basic.blade.php
+++ b/views/layouts/basic.blade.php
@@ -34,6 +34,7 @@
         cursor: pointer;
         color: {{ $primaryColor }};
         text-decoration: none;
+        font-weight: bold;
       }
       a:hover {
         text-decoration: underline;

From ba769e0c7eba0bd064afe728354aadab54dd7dfa Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 13:47:00 +1030
Subject: [PATCH 58/72] Preserve return URL when confirming logout

---
 src/Forum/Controller/LogOutController.php | 3 ++-
 views/log-out.blade.php                   | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Forum/Controller/LogOutController.php b/src/Forum/Controller/LogOutController.php
index 4dbb891cf..35bd09af3 100644
--- a/src/Forum/Controller/LogOutController.php
+++ b/src/Forum/Controller/LogOutController.php
@@ -107,7 +107,8 @@ class LogOutController implements ControllerInterface
         if (array_get($request->getQueryParams(), 'token') !== $csrfToken) {
             $view = $this->view->make('flarum.forum::log-out')
                 ->with('csrfToken', $csrfToken)
-                ->with('forumTitle', $this->settings->get('forum_title'));
+                ->with('forumTitle', $this->settings->get('forum_title'))
+                ->with('return', array_get($request->getQueryParams(), 'return'));
 
             return new HtmlResponse($view->render());
         }
diff --git a/views/log-out.blade.php b/views/log-out.blade.php
index 5f777dda3..988beeeef 100644
--- a/views/log-out.blade.php
+++ b/views/log-out.blade.php
@@ -7,7 +7,7 @@
   <p>{{ $translator->trans('core.views.log_out.log_out_confirmation', ['{forum}' => $forumTitle]) }}</p>
 
   <p>
-    <a href="{{ $url->toRoute('logout') }}?token={{ $csrfToken }}" class="button">
+    <a href="{{ $url->toRoute('logout') }}?token={{ $csrfToken }}@if ($return)&return={{ urlencode($return) }}@endif" class="button">
       {{ $translator->trans('core.views.log_out.log_out_button') }}
     </a>
   </p>

From 8edc8223e557fdc9f95605a45e3946752f3d3859 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 16:10:22 +1030
Subject: [PATCH 59/72] Fix admin error handling

---
 src/Admin/Server.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/Admin/Server.php b/src/Admin/Server.php
index 43aa38116..00b3e686e 100644
--- a/src/Admin/Server.php
+++ b/src/Admin/Server.php
@@ -29,11 +29,8 @@ class Server extends AbstractServer
 
         if ($app->isInstalled()) {
             $path = parse_url($app->url('admin'), PHP_URL_PATH);
-            $errorDir = __DIR__.'/../../error';
 
-            // All requests should first be piped through our global error handler
-            $debugMode = ! $app->isUpToDate() || $app->inDebugMode();
-            $pipe->pipe($path, new HandleErrors($errorDir, $app->make('log'), $debugMode));
+            $pipe->pipe($path, $app->make('Flarum\Http\Middleware\HandleErrors', ['debug' => $app->inDebugMode() || ! $app->isUpToDate()]));
 
             if ($app->isUpToDate()) {
                 $pipe->pipe($path, $app->make('Flarum\Http\Middleware\ParseJsonBody'));

From 79fee3686f41d337136ebbd9f10346fa17ef2a15 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 17:02:49 +1030
Subject: [PATCH 60/72] More precise permission check for email gambit

---
 src/Core/Search/User/Gambit/EmailGambit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Core/Search/User/Gambit/EmailGambit.php b/src/Core/Search/User/Gambit/EmailGambit.php
index b175b6193..4f8d1254d 100644
--- a/src/Core/Search/User/Gambit/EmailGambit.php
+++ b/src/Core/Search/User/Gambit/EmailGambit.php
@@ -42,7 +42,7 @@ class EmailGambit extends AbstractRegexGambit
      */
     public function apply(AbstractSearch $search, $bit)
     {
-        if (! $search->getActor()->isAdmin()) {
+        if (! $search->getActor()->hasPermission('user.edit')) {
             return false;
         }
 

From 1ef9217f4d52526f18e311a4770df3e97a9d5496 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 17:19:20 +1030
Subject: [PATCH 61/72] Basic implementation of dashboard widgets, statistics

Currently not user-customizable. Just needed to display statistics for a
client, so figured I'd make a start at this. Nothing too fancy for now,
but I'm sure some people will be happy to have this information at their
fingertips.
---
 js/admin/dist/app.js                        | 412 +++++++++++++++++---
 js/admin/src/components/DashboardPage.js    |  14 +-
 js/admin/src/components/DashboardWidget.js  |  38 ++
 js/admin/src/components/StatisticsWidget.js |  60 +++
 js/admin/src/components/StatusWidget.js     |  41 ++
 js/admin/src/components/Widget.js           |  38 ++
 less/admin/DashboardPage.less               |  75 +++-
 src/Admin/Controller/WebAppController.php   |  43 +-
 8 files changed, 646 insertions(+), 75 deletions(-)
 create mode 100644 js/admin/src/components/DashboardWidget.js
 create mode 100644 js/admin/src/components/StatisticsWidget.js
 create mode 100644 js/admin/src/components/StatusWidget.js
 create mode 100644 js/admin/src/components/Widget.js

diff --git a/js/admin/dist/app.js b/js/admin/dist/app.js
index bacc3fc03..7d1a68eb7 100644
--- a/js/admin/dist/app.js
+++ b/js/admin/dist/app.js
@@ -18358,15 +18358,19 @@ System.register('flarum/components/Checkbox', ['flarum/Component', 'flarum/compo
     }
   };
 });;
-"use strict";
+'use strict';
 
-System.register("flarum/components/DashboardPage", ["flarum/components/Page"], function (_export, _context) {
+System.register('flarum/components/DashboardPage', ['flarum/components/Page', 'flarum/components/StatusWidget', 'flarum/components/StatisticsWidget'], function (_export, _context) {
   "use strict";
 
-  var Page, DashboardPage;
+  var Page, StatusWidget, StatisticsWidget, DashboardPage;
   return {
     setters: [function (_flarumComponentsPage) {
       Page = _flarumComponentsPage.default;
+    }, function (_flarumComponentsStatusWidget) {
+      StatusWidget = _flarumComponentsStatusWidget.default;
+    }, function (_flarumComponentsStatisticsWidget) {
+      StatisticsWidget = _flarumComponentsStatisticsWidget.default;
     }],
     execute: function () {
       DashboardPage = function (_Page) {
@@ -18378,62 +18382,16 @@ System.register("flarum/components/DashboardPage", ["flarum/components/Page"], f
         }
 
         babelHelpers.createClass(DashboardPage, [{
-          key: "view",
+          key: 'view',
           value: function view() {
             return m(
-              "div",
-              { className: "DashboardPage" },
+              'div',
+              { className: 'DashboardPage' },
               m(
-                "div",
-                { className: "container" },
-                m(
-                  "h2",
-                  null,
-                  app.translator.trans('core.admin.dashboard.welcome_text')
-                ),
-                m(
-                  "p",
-                  null,
-                  app.translator.trans('core.admin.dashboard.version_text', { version: m(
-                      "strong",
-                      null,
-                      app.forum.attribute('version')
-                    ) })
-                ),
-                m(
-                  "p",
-                  null,
-                  app.translator.trans('core.admin.dashboard.beta_warning_text', { strong: m("strong", null) })
-                ),
-                m(
-                  "ul",
-                  null,
-                  m(
-                    "li",
-                    null,
-                    app.translator.trans('core.admin.dashboard.contributing_text', { a: m("a", { href: "http://flarum.org/docs/contributing", target: "_blank" }) })
-                  ),
-                  m(
-                    "li",
-                    null,
-                    app.translator.trans('core.admin.dashboard.troubleshooting_text', { a: m("a", { href: "http://flarum.org/docs/troubleshooting", target: "_blank" }) })
-                  ),
-                  m(
-                    "li",
-                    null,
-                    app.translator.trans('core.admin.dashboard.support_text', { a: m("a", { href: "http://discuss.flarum.org/t/support", target: "_blank" }) })
-                  ),
-                  m(
-                    "li",
-                    null,
-                    app.translator.trans('core.admin.dashboard.features_text', { a: m("a", { href: "http://discuss.flarum.org/t/features", target: "_blank" }) })
-                  ),
-                  m(
-                    "li",
-                    null,
-                    app.translator.trans('core.admin.dashboard.extension_text', { a: m("a", { href: "http://flarum.org/docs/extend", target: "_blank" }) })
-                  )
-                )
+                'div',
+                { className: 'container' },
+                m(StatusWidget, null),
+                m(StatisticsWidget, null)
               )
             );
           }
@@ -18441,7 +18399,53 @@ System.register("flarum/components/DashboardPage", ["flarum/components/Page"], f
         return DashboardPage;
       }(Page);
 
-      _export("default", DashboardPage);
+      _export('default', DashboardPage);
+    }
+  };
+});;
+'use strict';
+
+System.register('flarum/components/DashboardWidget', ['flarum/Component'], function (_export, _context) {
+  "use strict";
+
+  var Component, Widget;
+  return {
+    setters: [function (_flarumComponent) {
+      Component = _flarumComponent.default;
+    }],
+    execute: function () {
+      Widget = function (_Component) {
+        babelHelpers.inherits(Widget, _Component);
+
+        function Widget() {
+          babelHelpers.classCallCheck(this, Widget);
+          return babelHelpers.possibleConstructorReturn(this, (Widget.__proto__ || Object.getPrototypeOf(Widget)).apply(this, arguments));
+        }
+
+        babelHelpers.createClass(Widget, [{
+          key: 'view',
+          value: function view() {
+            return m(
+              'div',
+              { className: "Widget " + this.className() },
+              this.content()
+            );
+          }
+        }, {
+          key: 'className',
+          value: function className() {
+            return '';
+          }
+        }, {
+          key: 'content',
+          value: function content() {
+            return [];
+          }
+        }]);
+        return Widget;
+      }(Component);
+
+      _export('default', Widget);
     }
   };
 });;
@@ -21108,6 +21112,254 @@ System.register('flarum/components/SplitDropdown', ['flarum/components/Dropdown'
 });;
 'use strict';
 
+System.register('flarum/components/StatisticsWidget', ['flarum/components/DashboardWidget', 'flarum/helpers/icon', 'flarum/helpers/listItems', 'flarum/utils/ItemList'], function (_export, _context) {
+  "use strict";
+
+  var DashboardWidget, icon, listItems, ItemList, StatisticsWidget;
+  return {
+    setters: [function (_flarumComponentsDashboardWidget) {
+      DashboardWidget = _flarumComponentsDashboardWidget.default;
+    }, function (_flarumHelpersIcon) {
+      icon = _flarumHelpersIcon.default;
+    }, function (_flarumHelpersListItems) {
+      listItems = _flarumHelpersListItems.default;
+    }, function (_flarumUtilsItemList) {
+      ItemList = _flarumUtilsItemList.default;
+    }],
+    execute: function () {
+      StatisticsWidget = function (_DashboardWidget) {
+        babelHelpers.inherits(StatisticsWidget, _DashboardWidget);
+
+        function StatisticsWidget() {
+          babelHelpers.classCallCheck(this, StatisticsWidget);
+          return babelHelpers.possibleConstructorReturn(this, (StatisticsWidget.__proto__ || Object.getPrototypeOf(StatisticsWidget)).apply(this, arguments));
+        }
+
+        babelHelpers.createClass(StatisticsWidget, [{
+          key: 'className',
+          value: function className() {
+            return 'StatisticsWidget';
+          }
+        }, {
+          key: 'content',
+          value: function content() {
+            return m(
+              'table',
+              null,
+              m(
+                'thead',
+                null,
+                m(
+                  'tr',
+                  null,
+                  m('th', null),
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.users_heading')
+                  ),
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.discussions_heading')
+                  ),
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.posts_heading')
+                  )
+                )
+              ),
+              m(
+                'tbody',
+                null,
+                m(
+                  'tr',
+                  { className: 'StatisticsWidget-total' },
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.total_label')
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.total.users
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.total.discussions
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.total.posts
+                  )
+                ),
+                m(
+                  'tr',
+                  null,
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.last_28_days_label')
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.month.users
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.month.discussions
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.month.posts
+                  )
+                ),
+                m(
+                  'tr',
+                  null,
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.last_7_days_label')
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.week.users
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.week.discussions
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.week.posts
+                  )
+                ),
+                m(
+                  'tr',
+                  null,
+                  m(
+                    'th',
+                    null,
+                    app.translator.trans('core.admin.statistics.today_label')
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.today.users
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.today.discussions
+                  ),
+                  m(
+                    'td',
+                    null,
+                    app.data.statistics.today.posts
+                  )
+                )
+              )
+            );
+          }
+        }]);
+        return StatisticsWidget;
+      }(DashboardWidget);
+
+      _export('default', StatisticsWidget);
+    }
+  };
+});;
+'use strict';
+
+System.register('flarum/components/StatusWidget', ['flarum/components/DashboardWidget', 'flarum/helpers/icon', 'flarum/helpers/listItems', 'flarum/utils/ItemList'], function (_export, _context) {
+  "use strict";
+
+  var DashboardWidget, icon, listItems, ItemList, StatusWidget;
+  return {
+    setters: [function (_flarumComponentsDashboardWidget) {
+      DashboardWidget = _flarumComponentsDashboardWidget.default;
+    }, function (_flarumHelpersIcon) {
+      icon = _flarumHelpersIcon.default;
+    }, function (_flarumHelpersListItems) {
+      listItems = _flarumHelpersListItems.default;
+    }, function (_flarumUtilsItemList) {
+      ItemList = _flarumUtilsItemList.default;
+    }],
+    execute: function () {
+      StatusWidget = function (_DashboardWidget) {
+        babelHelpers.inherits(StatusWidget, _DashboardWidget);
+
+        function StatusWidget() {
+          babelHelpers.classCallCheck(this, StatusWidget);
+          return babelHelpers.possibleConstructorReturn(this, (StatusWidget.__proto__ || Object.getPrototypeOf(StatusWidget)).apply(this, arguments));
+        }
+
+        babelHelpers.createClass(StatusWidget, [{
+          key: 'className',
+          value: function className() {
+            return 'StatusWidget';
+          }
+        }, {
+          key: 'content',
+          value: function content() {
+            return m(
+              'ul',
+              null,
+              listItems(this.items().toArray())
+            );
+          }
+        }, {
+          key: 'items',
+          value: function items() {
+            var items = new ItemList();
+
+            items.add('help', m(
+              'a',
+              { href: 'http://flarum.org/docs/troubleshooting', target: '_blank' },
+              icon('question-circle'),
+              ' ',
+              app.translator.trans('core.admin.dashboard.help_link')
+            ));
+
+            items.add('version-flarum', [m(
+              'strong',
+              null,
+              'Flarum'
+            ), m('br', null), app.forum.attribute('version')]);
+            items.add('version-php', [m(
+              'strong',
+              null,
+              'PHP'
+            ), m('br', null), app.data.phpVersion]);
+            items.add('version-mysql', [m(
+              'strong',
+              null,
+              'MySQL'
+            ), m('br', null), app.data.mysqlVersion]);
+
+            return items;
+          }
+        }]);
+        return StatusWidget;
+      }(DashboardWidget);
+
+      _export('default', StatusWidget);
+    }
+  };
+});;
+'use strict';
+
 System.register('flarum/components/Switch', ['flarum/components/Checkbox'], function (_export, _context) {
   "use strict";
 
@@ -21261,6 +21513,52 @@ System.register('flarum/components/UploadImageButton', ['flarum/components/Butto
     }
   };
 });;
+'use strict';
+
+System.register('flarum/components/Widget', ['flarum/Component'], function (_export, _context) {
+  "use strict";
+
+  var Component, DashboardWidget;
+  return {
+    setters: [function (_flarumComponent) {
+      Component = _flarumComponent.default;
+    }],
+    execute: function () {
+      DashboardWidget = function (_Component) {
+        babelHelpers.inherits(DashboardWidget, _Component);
+
+        function DashboardWidget() {
+          babelHelpers.classCallCheck(this, DashboardWidget);
+          return babelHelpers.possibleConstructorReturn(this, (DashboardWidget.__proto__ || Object.getPrototypeOf(DashboardWidget)).apply(this, arguments));
+        }
+
+        babelHelpers.createClass(DashboardWidget, [{
+          key: 'view',
+          value: function view() {
+            return m(
+              'div',
+              { className: "DashboardWidget " + this.className() },
+              this.content()
+            );
+          }
+        }, {
+          key: 'className',
+          value: function className() {
+            return '';
+          }
+        }, {
+          key: 'content',
+          value: function content() {
+            return [];
+          }
+        }]);
+        return DashboardWidget;
+      }(Component);
+
+      _export('default', DashboardWidget);
+    }
+  };
+});;
 "use strict";
 
 System.register("flarum/extend", [], function (_export, _context) {
diff --git a/js/admin/src/components/DashboardPage.js b/js/admin/src/components/DashboardPage.js
index 0c7207d26..c1a7bd888 100644
--- a/js/admin/src/components/DashboardPage.js
+++ b/js/admin/src/components/DashboardPage.js
@@ -1,20 +1,14 @@
 import Page from 'flarum/components/Page';
+import StatusWidget from 'flarum/components/StatusWidget';
+import StatisticsWidget from 'flarum/components/StatisticsWidget';
 
 export default class DashboardPage extends Page {
   view() {
     return (
       <div className="DashboardPage">
         <div className="container">
-          <h2>{app.translator.trans('core.admin.dashboard.welcome_text')}</h2>
-          <p>{app.translator.trans('core.admin.dashboard.version_text', {version: <strong>{app.forum.attribute('version')}</strong>})}</p>
-          <p>{app.translator.trans('core.admin.dashboard.beta_warning_text', {strong: <strong/>})}</p>
-          <ul>
-            <li>{app.translator.trans('core.admin.dashboard.contributing_text', {a: <a href="http://flarum.org/docs/contributing" target="_blank"/>})}</li>
-            <li>{app.translator.trans('core.admin.dashboard.troubleshooting_text', {a: <a href="http://flarum.org/docs/troubleshooting" target="_blank"/>})}</li>
-            <li>{app.translator.trans('core.admin.dashboard.support_text', {a: <a href="http://discuss.flarum.org/t/support" target="_blank"/>})}</li>
-            <li>{app.translator.trans('core.admin.dashboard.features_text', {a: <a href="http://discuss.flarum.org/t/features" target="_blank"/>})}</li>
-            <li>{app.translator.trans('core.admin.dashboard.extension_text', {a: <a href="http://flarum.org/docs/extend" target="_blank"/>})}</li>
-          </ul>
+          <StatusWidget/>
+          <StatisticsWidget/>
         </div>
       </div>
     );
diff --git a/js/admin/src/components/DashboardWidget.js b/js/admin/src/components/DashboardWidget.js
new file mode 100644
index 000000000..4e0b0ea96
--- /dev/null
+++ b/js/admin/src/components/DashboardWidget.js
@@ -0,0 +1,38 @@
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+import Component from 'flarum/Component';
+
+export default class Widget extends Component {
+  view() {
+    return (
+      <div className={"Widget "+this.className()}>
+        {this.content()}
+      </div>
+    );
+  }
+
+  /**
+   * Get the class name to apply to the widget.
+   *
+   * @return {String}
+   */
+  className() {
+    return '';
+  }
+
+  /**
+   * Get the content of the widget.
+   *
+   * @return {VirtualElement}
+   */
+  content() {
+    return [];
+  }
+}
diff --git a/js/admin/src/components/StatisticsWidget.js b/js/admin/src/components/StatisticsWidget.js
new file mode 100644
index 000000000..a653a3c0c
--- /dev/null
+++ b/js/admin/src/components/StatisticsWidget.js
@@ -0,0 +1,60 @@
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+import DashboardWidget from 'flarum/components/DashboardWidget';
+import icon from 'flarum/helpers/icon';
+import listItems from 'flarum/helpers/listItems';
+import ItemList from 'flarum/utils/ItemList';
+
+export default class StatisticsWidget extends DashboardWidget {
+  className() {
+    return 'StatisticsWidget';
+  }
+
+  content() {
+    return (
+      <table>
+        <thead>
+          <tr>
+            <th></th>
+            <th>{app.translator.trans('core.admin.statistics.users_heading')}</th>
+            <th>{app.translator.trans('core.admin.statistics.discussions_heading')}</th>
+            <th>{app.translator.trans('core.admin.statistics.posts_heading')}</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr className="StatisticsWidget-total">
+            <th>{app.translator.trans('core.admin.statistics.total_label')}</th>
+            <td>{app.data.statistics.total.users}</td>
+            <td>{app.data.statistics.total.discussions}</td>
+            <td>{app.data.statistics.total.posts}</td>
+          </tr>
+          <tr>
+            <th>{app.translator.trans('core.admin.statistics.last_28_days_label')}</th>
+            <td>{app.data.statistics.month.users}</td>
+            <td>{app.data.statistics.month.discussions}</td>
+            <td>{app.data.statistics.month.posts}</td>
+          </tr>
+          <tr>
+            <th>{app.translator.trans('core.admin.statistics.last_7_days_label')}</th>
+            <td>{app.data.statistics.week.users}</td>
+            <td>{app.data.statistics.week.discussions}</td>
+            <td>{app.data.statistics.week.posts}</td>
+          </tr>
+          <tr>
+            <th>{app.translator.trans('core.admin.statistics.today_label')}</th>
+            <td>{app.data.statistics.today.users}</td>
+            <td>{app.data.statistics.today.discussions}</td>
+            <td>{app.data.statistics.today.posts}</td>
+          </tr>
+        </tbody>
+      </table>
+    );
+  }
+}
diff --git a/js/admin/src/components/StatusWidget.js b/js/admin/src/components/StatusWidget.js
new file mode 100644
index 000000000..429b7a504
--- /dev/null
+++ b/js/admin/src/components/StatusWidget.js
@@ -0,0 +1,41 @@
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+import DashboardWidget from 'flarum/components/DashboardWidget';
+import icon from 'flarum/helpers/icon';
+import listItems from 'flarum/helpers/listItems';
+import ItemList from 'flarum/utils/ItemList';
+
+export default class StatusWidget extends DashboardWidget {
+  className() {
+    return 'StatusWidget';
+  }
+
+  content() {
+    return (
+      <ul>{listItems(this.items().toArray())}</ul>
+    );
+  }
+
+  items() {
+    const items = new ItemList();
+
+    items.add('help', (
+      <a href="http://flarum.org/docs/troubleshooting" target="_blank">
+        {icon('question-circle')} {app.translator.trans('core.admin.dashboard.help_link')}
+      </a>
+    ));
+
+    items.add('version-flarum', [<strong>Flarum</strong>, <br/>, app.forum.attribute('version')]);
+    items.add('version-php', [<strong>PHP</strong>, <br/>, app.data.phpVersion]);
+    items.add('version-mysql', [<strong>MySQL</strong>, <br/>, app.data.mysqlVersion]);
+
+    return items;
+  }
+}
diff --git a/js/admin/src/components/Widget.js b/js/admin/src/components/Widget.js
new file mode 100644
index 000000000..df0b2f999
--- /dev/null
+++ b/js/admin/src/components/Widget.js
@@ -0,0 +1,38 @@
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+import Component from 'flarum/Component';
+
+export default class DashboardWidget extends Component {
+  view() {
+    return (
+      <div className={"DashboardWidget "+this.className()}>
+        {this.content()}
+      </div>
+    );
+  }
+
+  /**
+   * Get the class name to apply to the widget.
+   *
+   * @return {String}
+   */
+  className() {
+    return '';
+  }
+
+  /**
+   * Get the content of the widget.
+   *
+   * @return {VirtualElement}
+   */
+  content() {
+    return [];
+  }
+}
diff --git a/less/admin/DashboardPage.less b/less/admin/DashboardPage.less
index fceee2a30..3c97eedc3 100644
--- a/less/admin/DashboardPage.less
+++ b/less/admin/DashboardPage.less
@@ -2,20 +2,81 @@
   background: @control-bg;
   color: @control-color;
   min-height: 100vh;
-  font-size: 14px;
-  line-height: 1.7;
 
   @media @desktop-up {
     .container {
-      max-width: 600px;
       padding: 30px;
       margin: 0;
     }
   }
+}
 
-  h2 {
-    font-size: 26px;
-    font-weight: 300;
-    margin-top: 0;
+.Widget {
+  background: @body-bg;
+  color: @text-color;
+  border-radius: @border-radius;
+  padding: 20px;
+  margin-bottom: 20px;
+}
+
+.StatusWidget {
+  color: @muted-color;
+
+  > ul {
+    margin: 0;
+    padding: 0;
+    list-style-type: none;
+
+    > li {
+      display: inline-block;
+      margin-right: 30px;
+      vertical-align: middle;
+
+      &[class^="item-version-"] {
+        max-width: 100px;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+      }
+      &.item-help {
+        float: right;
+        margin-right: 0;
+      }
+    }
+  }
+}
+
+.StatisticsWidget {
+  td {
+    font-size: 14px;
+  }
+  td, th {
+    padding: 5px 20px 5px 0;
+    text-align: left;
+    font-weight: normal;
+    border-bottom: 1px solid @control-bg;
+  }
+  tbody tr:last-child {
+    td, th {
+      border-bottom: 0;
+    }
+  }
+  th {
+    color: @muted-color;
+  }
+  thead th {
+    font-weight: bold;
+  }
+}
+.StatisticsWidget-total {
+  td, th {
+    font-weight: bold;
+  }
+}
+@media @tablet-up {
+  .StatisticsWidget {
+    td, th {
+      min-width: 120px;
+    }
   }
 }
diff --git a/src/Admin/Controller/WebAppController.php b/src/Admin/Controller/WebAppController.php
index d0870900a..30c660ff3 100644
--- a/src/Admin/Controller/WebAppController.php
+++ b/src/Admin/Controller/WebAppController.php
@@ -11,13 +11,18 @@
 
 namespace Flarum\Admin\Controller;
 
+use DateTime;
 use Flarum\Admin\WebApp;
+use Flarum\Core\Discussion;
 use Flarum\Core\Permission;
+use Flarum\Core\Post;
+use Flarum\Core\User;
 use Flarum\Event\PrepareUnserializedSettings;
 use Flarum\Extension\ExtensionManager;
 use Flarum\Http\Controller\AbstractWebAppController;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Illuminate\Contracts\Events\Dispatcher;
+use Illuminate\Database\ConnectionInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
 class WebAppController extends AbstractWebAppController
@@ -37,13 +42,15 @@ class WebAppController extends AbstractWebAppController
      * @param Dispatcher $events
      * @param SettingsRepositoryInterface $settings
      * @param ExtensionManager $extensions
+     * @param ConnectionInterface $db
      */
-    public function __construct(WebApp $webApp, Dispatcher $events, SettingsRepositoryInterface $settings, ExtensionManager $extensions)
+    public function __construct(WebApp $webApp, Dispatcher $events, SettingsRepositoryInterface $settings, ExtensionManager $extensions, ConnectionInterface $db)
     {
         $this->webApp = $webApp;
         $this->events = $events;
         $this->settings = $settings;
         $this->extensions = $extensions;
+        $this->db = $db;
     }
 
     /**
@@ -63,6 +70,40 @@ class WebAppController extends AbstractWebAppController
         $view->setVariable('permissions', Permission::map());
         $view->setVariable('extensions', $this->extensions->getExtensions()->toArray());
 
+        $view->setVariable('phpVersion', PHP_VERSION);
+        $view->setVariable('mysqlVersion', $this->db->selectOne('select version() as version')->version);
+
+        $view->setVariable('statistics', $this->getStatistics());
+
         return $view;
     }
+
+    private function getStatistics()
+    {
+        return [
+            'total' => $this->getEntityCounts(),
+            'month' => $this->getEntityCounts(new DateTime('-28 days')),
+            'week' => $this->getEntityCounts(new DateTime('-7 days')),
+            'today' => $this->getEntityCounts(new DateTime('-1 day'))
+        ];
+    }
+
+    private function getEntityCounts($since = null)
+    {
+        $queries = [
+            'users' => User::query(),
+            'discussions' => Discussion::query(),
+            'posts' => Post::where('type', 'comment')
+        ];
+
+        if ($since) {
+            $queries['users']->where('join_time', '>', $since);
+            $queries['discussions']->where('start_time', '>', $since);
+            $queries['posts']->where('time', '>', $since);
+        }
+
+        return array_map(function ($query) {
+            return $query->count();
+        }, $queries);
+    }
 }

From 5b46ec801d246afcbc4d1f32895e613fbdf308bf Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 22:20:06 +1030
Subject: [PATCH 62/72] Generate URL in the controller instead of the view

---
 src/Forum/Controller/LogOutController.php | 14 ++++++--------
 views/log-out.blade.php                   |  5 ++---
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/Forum/Controller/LogOutController.php b/src/Forum/Controller/LogOutController.php
index 35bd09af3..ce5517469 100644
--- a/src/Forum/Controller/LogOutController.php
+++ b/src/Forum/Controller/LogOutController.php
@@ -13,6 +13,7 @@ namespace Flarum\Forum\Controller;
 
 use Flarum\Core\Access\AssertPermissionTrait;
 use Flarum\Event\UserLoggedOut;
+use Flarum\Forum\UrlGenerator;
 use Flarum\Foundation\Application;
 use Flarum\Http\Controller\ControllerInterface;
 use Flarum\Http\Exception\TokenMismatchException;
@@ -55,9 +56,9 @@ class LogOutController implements ControllerInterface
     protected $view;
 
     /**
-     * @var SettingsRepositoryInterface
+     * @var UrlGenerator
      */
-    protected $settings;
+    protected $url;
 
     /**
      * @param Application $app
@@ -65,7 +66,6 @@ class LogOutController implements ControllerInterface
      * @param SessionAuthenticator $authenticator
      * @param Rememberer $rememberer
      * @param Factory $view
-     * @param SettingsRepositoryInterface $settings
      */
     public function __construct(
         Application $app,
@@ -73,14 +73,14 @@ class LogOutController implements ControllerInterface
         SessionAuthenticator $authenticator,
         Rememberer $rememberer,
         Factory $view,
-        SettingsRepositoryInterface $settings
+        UrlGenerator $url
     ) {
         $this->app = $app;
         $this->events = $events;
         $this->authenticator = $authenticator;
         $this->rememberer = $rememberer;
         $this->view = $view;
-        $this->settings = $settings;
+        $this->url = $url;
     }
 
     /**
@@ -106,9 +106,7 @@ class LogOutController implements ControllerInterface
 
         if (array_get($request->getQueryParams(), 'token') !== $csrfToken) {
             $view = $this->view->make('flarum.forum::log-out')
-                ->with('csrfToken', $csrfToken)
-                ->with('forumTitle', $this->settings->get('forum_title'))
-                ->with('return', array_get($request->getQueryParams(), 'return'));
+                ->with('url', $this->url->toRoute('logout').'?token='.$csrfToken.($return ? '&return='.urlencode($return) : ''));
 
             return new HtmlResponse($view->render());
         }
diff --git a/views/log-out.blade.php b/views/log-out.blade.php
index 988beeeef..e8eb7fea7 100644
--- a/views/log-out.blade.php
+++ b/views/log-out.blade.php
@@ -1,13 +1,12 @@
 @extends('flarum.forum::layouts.basic')
-@inject('url', 'Flarum\Forum\UrlGenerator')
 
 @section('title', $translator->trans('core.views.log_out.title'))
 
 @section('content')
-  <p>{{ $translator->trans('core.views.log_out.log_out_confirmation', ['{forum}' => $forumTitle]) }}</p>
+  <p>{{ $translator->trans('core.views.log_out.log_out_confirmation', ['{forum}' => $settings->get('forum_title')]) }}</p>
 
   <p>
-    <a href="{{ $url->toRoute('logout') }}?token={{ $csrfToken }}@if ($return)&return={{ urlencode($return) }}@endif" class="button">
+    <a href="{{ $url }}" class="button">
       {{ $translator->trans('core.views.log_out.log_out_button') }}
     </a>
   </p>

From 92de751154e737db6c1defdf99efb39f9b7945e4 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 22:22:14 +1030
Subject: [PATCH 63/72] Fix last commit

---
 src/Forum/Controller/LogOutController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Forum/Controller/LogOutController.php b/src/Forum/Controller/LogOutController.php
index ce5517469..0d15c3340 100644
--- a/src/Forum/Controller/LogOutController.php
+++ b/src/Forum/Controller/LogOutController.php
@@ -105,6 +105,8 @@ class LogOutController implements ControllerInterface
         $csrfToken = $session->get('csrf_token');
 
         if (array_get($request->getQueryParams(), 'token') !== $csrfToken) {
+            $return = array_get($request->getQueryParams(), 'return');
+
             $view = $this->view->make('flarum.forum::log-out')
                 ->with('url', $this->url->toRoute('logout').'?token='.$csrfToken.($return ? '&return='.urlencode($return) : ''));
 

From b806dc3db2b7e41f2c1335caf9a62c9ca2bcd474 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 29 Nov 2017 22:25:57 +1030
Subject: [PATCH 64/72] Move view logic into middleware

---
 src/Http/Middleware/HandleErrors.php | 39 ++++++++++++++++++++++++++--
 views/error/404.blade.php            |  2 +-
 views/error/default.blade.php        | 17 +-----------
 3 files changed, 39 insertions(+), 19 deletions(-)

diff --git a/src/Http/Middleware/HandleErrors.php b/src/Http/Middleware/HandleErrors.php
index 45b087b03..d72b6ed81 100644
--- a/src/Http/Middleware/HandleErrors.php
+++ b/src/Http/Middleware/HandleErrors.php
@@ -12,11 +12,13 @@
 namespace Flarum\Http\Middleware;
 
 use Exception;
+use Flarum\Settings\SettingsRepositoryInterface;
 use Franzl\Middleware\Whoops\ErrorMiddleware as WhoopsMiddleware;
 use Illuminate\Contracts\View\Factory as ViewFactory;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Log\LoggerInterface;
+use Symfony\Component\Translation\TranslatorInterface;
 use Zend\Diactoros\Response\HtmlResponse;
 
 class HandleErrors
@@ -31,6 +33,16 @@ class HandleErrors
      */
     protected $logger;
 
+    /**
+     * @var TranslatorInterface
+     */
+    protected $translator;
+
+    /**
+     * @var SettingsRepositoryInterface
+     */
+    protected $settings;
+
     /**
      * @var bool
      */
@@ -41,10 +53,12 @@ class HandleErrors
      * @param LoggerInterface $logger
      * @param bool $debug
      */
-    public function __construct(ViewFactory $view, LoggerInterface $logger, $debug = false)
+    public function __construct(ViewFactory $view, LoggerInterface $logger, TranslatorInterface $translator, SettingsRepositoryInterface $settings, $debug = false)
     {
         $this->view = $view;
         $this->logger = $logger;
+        $this->translator = $translator;
+        $this->settings = $settings;
         $this->debug = $debug;
     }
 
@@ -89,8 +103,29 @@ class HandleErrors
             $name = 'flarum::error.default';
         }
 
-        $view = $this->view->make($name)->with('error', $error);
+        $view = $this->view->make($name)
+            ->with('error', $error)
+            ->with('message', $this->getMessage($status));
 
         return new HtmlResponse($view->render(), $status);
     }
+
+    private function getMessage($status)
+    {
+        if (! $translation = $this->getTranslationIfExists($status)) {
+            if (! $translation = $this->getTranslationIfExists(500)) {
+                $translation = 'An error occurred while trying to load this page.';
+            }
+        }
+
+        return $translation;
+    }
+
+    private function getTranslationIfExists($status)
+    {
+        $key = 'core.views.error.'.$status.'_message';
+        $translation = $this->translator->trans($key, ['{forum}' => $this->settings->get('forum_title')]);
+
+        return $translation === $key ? false : $translation;
+    }
 }
diff --git a/views/error/404.blade.php b/views/error/404.blade.php
index e54955574..928b4a8a3 100644
--- a/views/error/404.blade.php
+++ b/views/error/404.blade.php
@@ -2,7 +2,7 @@
 
 @section('content')
   <p>
-    {{ $translator->trans('core.views.error.404_message') }}
+    {{ $message }}
   </p>
   <p>
     <a href="{{ $app->url() }}">
diff --git a/views/error/default.blade.php b/views/error/default.blade.php
index c7fca235c..a5fbc351e 100644
--- a/views/error/default.blade.php
+++ b/views/error/default.blade.php
@@ -2,21 +2,6 @@
 
 @section('content')
   <p>
-    {{-- TODO: Change below to @php when Laravel is upgraded --}}
-    <?php
-      $getTranslationIfExists = function ($code) use ($translator, $settings) {
-          $key = 'core.views.error.'.$code.'_message';
-          $translation = $translator->trans($key, ['{forum}' => $settings->get('forum_title')]);
-
-          return $translation === $key ? false : $translation;
-      };
-
-      if (! $translation = $getTranslationIfExists($error->getCode())) {
-          if (! $translation = $getTranslationIfExists(500)) {
-              $translation = 'An error occurred while trying to load this page.';
-          }
-      }
-    ?>
-    {{ $translation }}
+    {{ $message }}
   </p>
 @endsection

From 0a654d1f31dae58691c27dad3999db2255055b6f Mon Sep 17 00:00:00 2001
From: Sajjad Hashemian <wolaws@gmail.com>
Date: Thu, 30 Nov 2017 13:38:12 +0330
Subject: [PATCH 65/72] remove autolink #1214

---
 js/bower.json        | 1 -
 js/forum/Gulpfile.js | 1 -
 js/forum/dist/app.js | 3 ---
 3 files changed, 5 deletions(-)

diff --git a/js/bower.json b/js/bower.json
index d4d647f54..a72c86f2a 100644
--- a/js/bower.json
+++ b/js/bower.json
@@ -9,7 +9,6 @@
     "color-thief": "v2.0",
     "mithril": "lhorie/mithril.js#v0.2.5",
     "es6-micro-loader": "caridy/es6-micro-loader#v0.2.1",
-    "autolink": "~1.0.0",
     "m.attrs.bidi": "tobscure/m.attrs.bidi",
     "punycode": "http://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/punycode.js"
   }
diff --git a/js/forum/Gulpfile.js b/js/forum/Gulpfile.js
index 491fcde63..4899090d3 100644
--- a/js/forum/Gulpfile.js
+++ b/js/forum/Gulpfile.js
@@ -13,7 +13,6 @@ gulp({
     bowerDir + '/jquery.hotkeys/jquery.hotkeys.js',
     bowerDir + '/color-thief/src/color-thief.js',
     bowerDir + '/moment/moment.js',
-    bowerDir + '/autolink/autolink-min.js',
 
     bowerDir + '/bootstrap/js/affix.js',
     bowerDir + '/bootstrap/js/dropdown.js',
diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index 9ae4848fa..c19f8ae36 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -16000,9 +16000,6 @@ var MMCQ = (function() {
     }
 }).call(this);
 ;
-(function(){var h=[].slice;String.prototype.autoLink=function(){var b,f,d,a,e,g;a=1<=arguments.length?h.call(arguments,0):[];e=/(^|[\s\n]|<[A-Za-z]*\/?>)((?:https?|ftp):\/\/[\-A-Z0-9+\u0026\u2019@#\/%?=()~_|!:,.;]*[\-A-Z0-9+\u0026@#\/%=~()_|])/gi;if(!(0<a.length))return this.replace(e,"$1<a href='$2'>$2</a>");d=a[0];f=function(){var c;c=[];for(b in d)g=d[b],"callback"!==b&&c.push(" "+b+"='"+g+"'");return c}().join("");return this.replace(e,function(c,b,a){c=("function"===typeof d.callback?d.callback(a):
-void 0)||"<a href='"+a+"'"+f+">"+a+"</a>";return""+b+c})}}).call(this);
-;
 /* ========================================================================
  * Bootstrap: affix.js v3.3.7
  * http://getbootstrap.com/javascript/#affix

From 1a239ee93aabb0cdc02afa52ad1b3c7eb0115a77 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 10 Dec 2017 21:02:35 +1030
Subject: [PATCH 66/72] Fix crash when post's user has been deleted

---
 views/frontend/content/discussion.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/frontend/content/discussion.blade.php b/views/frontend/content/discussion.blade.php
index d66aae568..3a0aaa2e3 100644
--- a/views/frontend/content/discussion.blade.php
+++ b/views/frontend/content/discussion.blade.php
@@ -8,7 +8,7 @@ $postsCount = count($discussion->relationships->posts->data);
     <div>
         @foreach ($posts as $post)
             <div>
-                <?php $user = $getResource($post->relationships->user->data); ?>
+                <?php $user = ! empty($post->relationships->user->data) ? $getResource($post->relationships->user->data) : null; ?>
                 <h3>{{ $user ? $user->attributes->username : $translator->trans('core.lib.username.deleted_text') }}</h3>
                 <div class="Post-body">
                     {!! $post->attributes->contentHtml !!}

From 617a76dda85f20f4a65841303e74a1fc3fde906d Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 10 Dec 2017 21:02:47 +1030
Subject: [PATCH 67/72] Fix PHP 7.2 warning

---
 src/Core/Post/RegisteredTypesScope.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Core/Post/RegisteredTypesScope.php b/src/Core/Post/RegisteredTypesScope.php
index 35dd977e8..e0cf51707 100644
--- a/src/Core/Post/RegisteredTypesScope.php
+++ b/src/Core/Post/RegisteredTypesScope.php
@@ -49,7 +49,7 @@ class RegisteredTypesScope implements ScopeInterface
     {
         $query = $builder->getQuery();
 
-        $this->whereIndex = count($query->wheres);
+        $this->whereIndex = count($query->wheres ?: []);
         $this->bindingIndex = count($query->getRawBindings()['where']);
 
         $types = array_keys($post::getModels());

From 3dcfe32b27f27f896b3aa22ec4085b6fcac005b9 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Sun, 10 Dec 2017 21:03:48 +1030
Subject: [PATCH 68/72] Extract admin dashboard statistics from core into an
 extension

---
 js/admin/dist/app.js                        | 184 +-------------------
 js/admin/src/components/DashboardPage.js    |   8 +-
 js/admin/src/components/StatisticsWidget.js |  60 -------
 less/admin/DashboardPage.less               |  35 ----
 src/Admin/Controller/WebAppController.php   |  35 ----
 5 files changed, 13 insertions(+), 309 deletions(-)
 delete mode 100644 js/admin/src/components/StatisticsWidget.js

diff --git a/js/admin/dist/app.js b/js/admin/dist/app.js
index 7d1a68eb7..64c0aa374 100644
--- a/js/admin/dist/app.js
+++ b/js/admin/dist/app.js
@@ -18360,17 +18360,15 @@ System.register('flarum/components/Checkbox', ['flarum/Component', 'flarum/compo
 });;
 'use strict';
 
-System.register('flarum/components/DashboardPage', ['flarum/components/Page', 'flarum/components/StatusWidget', 'flarum/components/StatisticsWidget'], function (_export, _context) {
+System.register('flarum/components/DashboardPage', ['flarum/components/Page', 'flarum/components/StatusWidget'], function (_export, _context) {
   "use strict";
 
-  var Page, StatusWidget, StatisticsWidget, DashboardPage;
+  var Page, StatusWidget, DashboardPage;
   return {
     setters: [function (_flarumComponentsPage) {
       Page = _flarumComponentsPage.default;
     }, function (_flarumComponentsStatusWidget) {
       StatusWidget = _flarumComponentsStatusWidget.default;
-    }, function (_flarumComponentsStatisticsWidget) {
-      StatisticsWidget = _flarumComponentsStatisticsWidget.default;
     }],
     execute: function () {
       DashboardPage = function (_Page) {
@@ -18390,11 +18388,15 @@ System.register('flarum/components/DashboardPage', ['flarum/components/Page', 'f
               m(
                 'div',
                 { className: 'container' },
-                m(StatusWidget, null),
-                m(StatisticsWidget, null)
+                this.availableWidgets()
               )
             );
           }
+        }, {
+          key: 'availableWidgets',
+          value: function availableWidgets() {
+            return [m(StatusWidget, null)];
+          }
         }]);
         return DashboardPage;
       }(Page);
@@ -21112,176 +21114,6 @@ System.register('flarum/components/SplitDropdown', ['flarum/components/Dropdown'
 });;
 'use strict';
 
-System.register('flarum/components/StatisticsWidget', ['flarum/components/DashboardWidget', 'flarum/helpers/icon', 'flarum/helpers/listItems', 'flarum/utils/ItemList'], function (_export, _context) {
-  "use strict";
-
-  var DashboardWidget, icon, listItems, ItemList, StatisticsWidget;
-  return {
-    setters: [function (_flarumComponentsDashboardWidget) {
-      DashboardWidget = _flarumComponentsDashboardWidget.default;
-    }, function (_flarumHelpersIcon) {
-      icon = _flarumHelpersIcon.default;
-    }, function (_flarumHelpersListItems) {
-      listItems = _flarumHelpersListItems.default;
-    }, function (_flarumUtilsItemList) {
-      ItemList = _flarumUtilsItemList.default;
-    }],
-    execute: function () {
-      StatisticsWidget = function (_DashboardWidget) {
-        babelHelpers.inherits(StatisticsWidget, _DashboardWidget);
-
-        function StatisticsWidget() {
-          babelHelpers.classCallCheck(this, StatisticsWidget);
-          return babelHelpers.possibleConstructorReturn(this, (StatisticsWidget.__proto__ || Object.getPrototypeOf(StatisticsWidget)).apply(this, arguments));
-        }
-
-        babelHelpers.createClass(StatisticsWidget, [{
-          key: 'className',
-          value: function className() {
-            return 'StatisticsWidget';
-          }
-        }, {
-          key: 'content',
-          value: function content() {
-            return m(
-              'table',
-              null,
-              m(
-                'thead',
-                null,
-                m(
-                  'tr',
-                  null,
-                  m('th', null),
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.users_heading')
-                  ),
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.discussions_heading')
-                  ),
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.posts_heading')
-                  )
-                )
-              ),
-              m(
-                'tbody',
-                null,
-                m(
-                  'tr',
-                  { className: 'StatisticsWidget-total' },
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.total_label')
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.total.users
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.total.discussions
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.total.posts
-                  )
-                ),
-                m(
-                  'tr',
-                  null,
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.last_28_days_label')
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.month.users
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.month.discussions
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.month.posts
-                  )
-                ),
-                m(
-                  'tr',
-                  null,
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.last_7_days_label')
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.week.users
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.week.discussions
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.week.posts
-                  )
-                ),
-                m(
-                  'tr',
-                  null,
-                  m(
-                    'th',
-                    null,
-                    app.translator.trans('core.admin.statistics.today_label')
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.today.users
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.today.discussions
-                  ),
-                  m(
-                    'td',
-                    null,
-                    app.data.statistics.today.posts
-                  )
-                )
-              )
-            );
-          }
-        }]);
-        return StatisticsWidget;
-      }(DashboardWidget);
-
-      _export('default', StatisticsWidget);
-    }
-  };
-});;
-'use strict';
-
 System.register('flarum/components/StatusWidget', ['flarum/components/DashboardWidget', 'flarum/helpers/icon', 'flarum/helpers/listItems', 'flarum/utils/ItemList'], function (_export, _context) {
   "use strict";
 
diff --git a/js/admin/src/components/DashboardPage.js b/js/admin/src/components/DashboardPage.js
index c1a7bd888..30e0fb589 100644
--- a/js/admin/src/components/DashboardPage.js
+++ b/js/admin/src/components/DashboardPage.js
@@ -1,16 +1,18 @@
 import Page from 'flarum/components/Page';
 import StatusWidget from 'flarum/components/StatusWidget';
-import StatisticsWidget from 'flarum/components/StatisticsWidget';
 
 export default class DashboardPage extends Page {
   view() {
     return (
       <div className="DashboardPage">
         <div className="container">
-          <StatusWidget/>
-          <StatisticsWidget/>
+          {this.availableWidgets()}
         </div>
       </div>
     );
   }
+
+  availableWidgets() {
+    return [<StatusWidget/>];
+  }
 }
diff --git a/js/admin/src/components/StatisticsWidget.js b/js/admin/src/components/StatisticsWidget.js
deleted file mode 100644
index a653a3c0c..000000000
--- a/js/admin/src/components/StatisticsWidget.js
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-import DashboardWidget from 'flarum/components/DashboardWidget';
-import icon from 'flarum/helpers/icon';
-import listItems from 'flarum/helpers/listItems';
-import ItemList from 'flarum/utils/ItemList';
-
-export default class StatisticsWidget extends DashboardWidget {
-  className() {
-    return 'StatisticsWidget';
-  }
-
-  content() {
-    return (
-      <table>
-        <thead>
-          <tr>
-            <th></th>
-            <th>{app.translator.trans('core.admin.statistics.users_heading')}</th>
-            <th>{app.translator.trans('core.admin.statistics.discussions_heading')}</th>
-            <th>{app.translator.trans('core.admin.statistics.posts_heading')}</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr className="StatisticsWidget-total">
-            <th>{app.translator.trans('core.admin.statistics.total_label')}</th>
-            <td>{app.data.statistics.total.users}</td>
-            <td>{app.data.statistics.total.discussions}</td>
-            <td>{app.data.statistics.total.posts}</td>
-          </tr>
-          <tr>
-            <th>{app.translator.trans('core.admin.statistics.last_28_days_label')}</th>
-            <td>{app.data.statistics.month.users}</td>
-            <td>{app.data.statistics.month.discussions}</td>
-            <td>{app.data.statistics.month.posts}</td>
-          </tr>
-          <tr>
-            <th>{app.translator.trans('core.admin.statistics.last_7_days_label')}</th>
-            <td>{app.data.statistics.week.users}</td>
-            <td>{app.data.statistics.week.discussions}</td>
-            <td>{app.data.statistics.week.posts}</td>
-          </tr>
-          <tr>
-            <th>{app.translator.trans('core.admin.statistics.today_label')}</th>
-            <td>{app.data.statistics.today.users}</td>
-            <td>{app.data.statistics.today.discussions}</td>
-            <td>{app.data.statistics.today.posts}</td>
-          </tr>
-        </tbody>
-      </table>
-    );
-  }
-}
diff --git a/less/admin/DashboardPage.less b/less/admin/DashboardPage.less
index 3c97eedc3..0ec7f6534 100644
--- a/less/admin/DashboardPage.less
+++ b/less/admin/DashboardPage.less
@@ -45,38 +45,3 @@
     }
   }
 }
-
-.StatisticsWidget {
-  td {
-    font-size: 14px;
-  }
-  td, th {
-    padding: 5px 20px 5px 0;
-    text-align: left;
-    font-weight: normal;
-    border-bottom: 1px solid @control-bg;
-  }
-  tbody tr:last-child {
-    td, th {
-      border-bottom: 0;
-    }
-  }
-  th {
-    color: @muted-color;
-  }
-  thead th {
-    font-weight: bold;
-  }
-}
-.StatisticsWidget-total {
-  td, th {
-    font-weight: bold;
-  }
-}
-@media @tablet-up {
-  .StatisticsWidget {
-    td, th {
-      min-width: 120px;
-    }
-  }
-}
diff --git a/src/Admin/Controller/WebAppController.php b/src/Admin/Controller/WebAppController.php
index 30c660ff3..a3d5a8100 100644
--- a/src/Admin/Controller/WebAppController.php
+++ b/src/Admin/Controller/WebAppController.php
@@ -11,12 +11,8 @@
 
 namespace Flarum\Admin\Controller;
 
-use DateTime;
 use Flarum\Admin\WebApp;
-use Flarum\Core\Discussion;
 use Flarum\Core\Permission;
-use Flarum\Core\Post;
-use Flarum\Core\User;
 use Flarum\Event\PrepareUnserializedSettings;
 use Flarum\Extension\ExtensionManager;
 use Flarum\Http\Controller\AbstractWebAppController;
@@ -73,37 +69,6 @@ class WebAppController extends AbstractWebAppController
         $view->setVariable('phpVersion', PHP_VERSION);
         $view->setVariable('mysqlVersion', $this->db->selectOne('select version() as version')->version);
 
-        $view->setVariable('statistics', $this->getStatistics());
-
         return $view;
     }
-
-    private function getStatistics()
-    {
-        return [
-            'total' => $this->getEntityCounts(),
-            'month' => $this->getEntityCounts(new DateTime('-28 days')),
-            'week' => $this->getEntityCounts(new DateTime('-7 days')),
-            'today' => $this->getEntityCounts(new DateTime('-1 day'))
-        ];
-    }
-
-    private function getEntityCounts($since = null)
-    {
-        $queries = [
-            'users' => User::query(),
-            'discussions' => Discussion::query(),
-            'posts' => Post::where('type', 'comment')
-        ];
-
-        if ($since) {
-            $queries['users']->where('join_time', '>', $since);
-            $queries['discussions']->where('start_time', '>', $since);
-            $queries['posts']->where('time', '>', $since);
-        }
-
-        return array_map(function ($query) {
-            return $query->count();
-        }, $queries);
-    }
 }

From 77c25ab7252b82012c77117ccfdd899bd823d65e Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 13 Dec 2017 15:28:54 +1030
Subject: [PATCH 69/72] Add infinite scrolling in the notifications list

---
 js/forum/dist/app.js                          | 206 +++++++++++-------
 js/forum/src/components/NotificationList.js   | 146 +++++++++----
 less/forum/NotificationsDropdown.less         |   1 -
 .../ListNotificationsController.php           |  31 ++-
 4 files changed, 260 insertions(+), 124 deletions(-)

diff --git a/js/forum/dist/app.js b/js/forum/dist/app.js
index c19f8ae36..f3bccdee2 100644
--- a/js/forum/dist/app.js
+++ b/js/forum/dist/app.js
@@ -23964,39 +23964,18 @@ System.register('flarum/components/NotificationList', ['flarum/Component', 'flar
              * @type {Boolean}
              */
             this.loading = false;
+
+            /**
+             * Whether or not there are more results that can be loaded.
+             *
+             * @type {Boolean}
+             */
+            this.moreResults = false;
           }
         }, {
           key: 'view',
           value: function view() {
-            var groups = [];
-
-            if (app.cache.notifications) {
-              var discussions = {};
-
-              // Build an array of discussions which the notifications are related to,
-              // and add the notifications as children.
-              app.cache.notifications.forEach(function (notification) {
-                var subject = notification.subject();
-
-                if (typeof subject === 'undefined') return;
-
-                // Get the discussion that this notification is related to. If it's not
-                // directly related to a discussion, it may be related to a post or
-                // other entity which is related to a discussion.
-                var discussion = false;
-                if (subject instanceof Discussion) discussion = subject;else if (subject && subject.discussion) discussion = subject.discussion();
-
-                // If the notification is not related to a discussion directly or
-                // indirectly, then we will assign it to a neutral group.
-                var key = discussion ? discussion.id() : 0;
-                discussions[key] = discussions[key] || { discussion: discussion, notifications: [] };
-                discussions[key].notifications.push(notification);
-
-                if (groups.indexOf(discussions[key]) === -1) {
-                  groups.push(discussions[key]);
-                }
-              });
-            }
+            var pages = app.cache.notifications || [];
 
             return m(
               'div',
@@ -24023,71 +24002,144 @@ System.register('flarum/components/NotificationList', ['flarum/Component', 'flar
               m(
                 'div',
                 { className: 'NotificationList-content' },
-                groups.length ? groups.map(function (group) {
-                  var badges = group.discussion && group.discussion.badges().toArray();
+                pages.length ? pages.map(function (notifications) {
+                  var groups = [];
+                  var discussions = {};
 
-                  return m(
-                    'div',
-                    { className: 'NotificationGroup' },
-                    group.discussion ? m(
-                      'a',
-                      { className: 'NotificationGroup-header',
-                        href: app.route.discussion(group.discussion),
-                        config: m.route },
-                      badges && badges.length ? m(
-                        'ul',
-                        { className: 'NotificationGroup-badges badges' },
-                        listItems(badges)
-                      ) : '',
-                      group.discussion.title()
-                    ) : m(
+                  notifications.forEach(function (notification) {
+                    var subject = notification.subject();
+
+                    if (typeof subject === 'undefined') return;
+
+                    // Get the discussion that this notification is related to. If it's not
+                    // directly related to a discussion, it may be related to a post or
+                    // other entity which is related to a discussion.
+                    var discussion = false;
+                    if (subject instanceof Discussion) discussion = subject;else if (subject && subject.discussion) discussion = subject.discussion();
+
+                    // If the notification is not related to a discussion directly or
+                    // indirectly, then we will assign it to a neutral group.
+                    var key = discussion ? discussion.id() : 0;
+                    discussions[key] = discussions[key] || { discussion: discussion, notifications: [] };
+                    discussions[key].notifications.push(notification);
+
+                    if (groups.indexOf(discussions[key]) === -1) {
+                      groups.push(discussions[key]);
+                    }
+                  });
+
+                  return groups.map(function (group) {
+                    var badges = group.discussion && group.discussion.badges().toArray();
+
+                    return m(
                       'div',
-                      { className: 'NotificationGroup-header' },
-                      app.forum.attribute('title')
-                    ),
-                    m(
-                      'ul',
-                      { className: 'NotificationGroup-content' },
-                      group.notifications.map(function (notification) {
-                        var NotificationComponent = app.notificationComponents[notification.contentType()];
-                        return NotificationComponent ? m(
-                          'li',
-                          null,
-                          NotificationComponent.component({ notification: notification })
-                        ) : '';
-                      })
-                    )
-                  );
-                }) : !this.loading ? m(
+                      { className: 'NotificationGroup' },
+                      group.discussion ? m(
+                        'a',
+                        { className: 'NotificationGroup-header',
+                          href: app.route.discussion(group.discussion),
+                          config: m.route },
+                        badges && badges.length ? m(
+                          'ul',
+                          { className: 'NotificationGroup-badges badges' },
+                          listItems(badges)
+                        ) : '',
+                        group.discussion.title()
+                      ) : m(
+                        'div',
+                        { className: 'NotificationGroup-header' },
+                        app.forum.attribute('title')
+                      ),
+                      m(
+                        'ul',
+                        { className: 'NotificationGroup-content' },
+                        group.notifications.map(function (notification) {
+                          var NotificationComponent = app.notificationComponents[notification.contentType()];
+                          return NotificationComponent ? m(
+                            'li',
+                            null,
+                            NotificationComponent.component({ notification: notification })
+                          ) : '';
+                        })
+                      )
+                    );
+                  });
+                }) : '',
+                this.loading ? m(LoadingIndicator, { className: 'LoadingIndicator--block' }) : pages.length ? '' : m(
                   'div',
                   { className: 'NotificationList-empty' },
                   app.translator.trans('core.forum.notifications.empty_text')
-                ) : LoadingIndicator.component({ className: 'LoadingIndicator--block' })
+                )
               )
             );
           }
         }, {
-          key: 'load',
-          value: function load() {
+          key: 'config',
+          value: function config(isInitialized, context) {
             var _this2 = this;
 
-            if (app.cache.notifications && !app.session.user.newNotificationsCount()) {
+            if (isInitialized) return;
+
+            var $notifications = this.$('.NotificationList-content');
+            var $scrollParent = $notifications.css('overflow') === 'auto' ? $notifications : $(window);
+
+            var scrollHandler = function scrollHandler() {
+              var scrollTop = $scrollParent.scrollTop();
+              var viewportHeight = $scrollParent.height();
+              var contentTop = $scrollParent === $notifications ? 0 : $notifications.offset().top;
+              var contentHeight = $notifications[0].scrollHeight;
+
+              if (_this2.moreResults && !_this2.loading && scrollTop + viewportHeight >= contentTop + contentHeight) {
+                _this2.loadMore();
+              }
+            };
+
+            $scrollParent.on('scroll', scrollHandler);
+
+            context.onunload = function () {
+              $scrollParent.off('scroll', scrollHandler);
+            };
+          }
+        }, {
+          key: 'load',
+          value: function load() {
+            if (app.session.user.newNotificationsCount()) {
+              delete app.cache.notifications;
+            }
+
+            if (app.cache.notifications) {
               return;
             }
 
+            app.session.user.pushAttributes({ newNotificationsCount: 0 });
+
+            this.loadMore();
+          }
+        }, {
+          key: 'loadMore',
+          value: function loadMore() {
+            var _this3 = this;
+
             this.loading = true;
             m.redraw();
 
-            app.store.find('notifications').then(function (notifications) {
-              app.session.user.pushAttributes({ newNotificationsCount: 0 });
-              app.cache.notifications = notifications.sort(function (a, b) {
-                return b.time() - a.time();
-              });
-            }).catch(function () {}).then(function () {
-              _this2.loading = false;
+            var params = app.cache.notifications ? { page: { offset: app.cache.notifications.length * 10 } } : null;
+
+            return app.store.find('notifications', params).then(this.parseResults.bind(this)).catch(function () {}).then(function () {
+              _this3.loading = false;
               m.redraw();
             });
           }
+        }, {
+          key: 'parseResults',
+          value: function parseResults(results) {
+            app.cache.notifications = app.cache.notifications || [];
+            app.cache.notifications.push(results);
+
+            this.moreResults = !!results.payload.links.next;
+
+            return results;
+          }
         }, {
           key: 'markAllAsRead',
           value: function markAllAsRead() {
@@ -24095,8 +24147,10 @@ System.register('flarum/components/NotificationList', ['flarum/Component', 'flar
 
             app.session.user.pushAttributes({ unreadNotificationsCount: 0 });
 
-            app.cache.notifications.forEach(function (notification) {
-              return notification.pushAttributes({ isRead: true });
+            app.cache.notifications.forEach(function (notifications) {
+              notifications.forEach(function (notification) {
+                return notification.pushAttributes({ isRead: true });
+              });
             });
 
             app.request({
diff --git a/js/forum/src/components/NotificationList.js b/js/forum/src/components/NotificationList.js
index 23b644344..7032b339b 100644
--- a/js/forum/src/components/NotificationList.js
+++ b/js/forum/src/components/NotificationList.js
@@ -16,39 +16,17 @@ export default class NotificationList extends Component {
      * @type {Boolean}
      */
     this.loading = false;
+
+    /**
+     * Whether or not there are more results that can be loaded.
+     *
+     * @type {Boolean}
+     */
+    this.moreResults = false;
   }
 
   view() {
-    const groups = [];
-
-    if (app.cache.notifications) {
-      const discussions = {};
-
-      // Build an array of discussions which the notifications are related to,
-      // and add the notifications as children.
-      app.cache.notifications.forEach(notification => {
-        const subject = notification.subject();
-
-        if (typeof subject === 'undefined') return;
-
-        // Get the discussion that this notification is related to. If it's not
-        // directly related to a discussion, it may be related to a post or
-        // other entity which is related to a discussion.
-        let discussion = false;
-        if (subject instanceof Discussion) discussion = subject;
-        else if (subject && subject.discussion) discussion = subject.discussion();
-
-        // If the notification is not related to a discussion directly or
-        // indirectly, then we will assign it to a neutral group.
-        const key = discussion ? discussion.id() : 0;
-        discussions[key] = discussions[key] || {discussion: discussion, notifications: []};
-        discussions[key].notifications.push(notification);
-
-        if (groups.indexOf(discussions[key]) === -1) {
-          groups.push(discussions[key]);
-        }
-      });
-    }
+    const pages = app.cache.notifications || [];
 
     return (
       <div className="NotificationList">
@@ -66,8 +44,34 @@ export default class NotificationList extends Component {
         </div>
 
         <div className="NotificationList-content">
-          {groups.length
-            ? groups.map(group => {
+          {pages.length ? pages.map(notifications => {
+            const groups = [];
+            const discussions = {};
+
+            notifications.forEach(notification => {
+              const subject = notification.subject();
+
+              if (typeof subject === 'undefined') return;
+
+              // Get the discussion that this notification is related to. If it's not
+              // directly related to a discussion, it may be related to a post or
+              // other entity which is related to a discussion.
+              let discussion = false;
+              if (subject instanceof Discussion) discussion = subject;
+              else if (subject && subject.discussion) discussion = subject.discussion();
+
+              // If the notification is not related to a discussion directly or
+              // indirectly, then we will assign it to a neutral group.
+              const key = discussion ? discussion.id() : 0;
+              discussions[key] = discussions[key] || {discussion: discussion, notifications: []};
+              discussions[key].notifications.push(notification);
+
+              if (groups.indexOf(discussions[key]) === -1) {
+                groups.push(discussions[key]);
+              }
+            });
+
+            return groups.map(group => {
               const badges = group.discussion && group.discussion.badges().toArray();
 
               return (
@@ -94,32 +98,71 @@ export default class NotificationList extends Component {
                   </ul>
                 </div>
               );
-            })
-            : !this.loading
-              ? <div className="NotificationList-empty">{app.translator.trans('core.forum.notifications.empty_text')}</div>
-              : LoadingIndicator.component({className: 'LoadingIndicator--block'})}
+            });
+          }) : ''}
+          {this.loading
+            ? <LoadingIndicator className="LoadingIndicator--block" />
+            : (pages.length ? '' : <div className="NotificationList-empty">{app.translator.trans('core.forum.notifications.empty_text')}</div>)}
         </div>
       </div>
     );
   }
 
+  config(isInitialized, context) {
+    if (isInitialized) return;
+
+    const $notifications = this.$('.NotificationList-content');
+    const $scrollParent = $notifications.css('overflow') === 'auto' ? $notifications : $(window);
+
+    const scrollHandler = () => {
+      const scrollTop = $scrollParent.scrollTop();
+      const viewportHeight = $scrollParent.height();
+      const contentTop = $scrollParent === $notifications ? 0 : $notifications.offset().top;
+      const contentHeight = $notifications[0].scrollHeight;
+
+      if (this.moreResults && !this.loading && scrollTop + viewportHeight >= contentTop + contentHeight) {
+        this.loadMore();
+      }
+    };
+
+    $scrollParent.on('scroll', scrollHandler);
+
+    context.onunload = () => {
+      $scrollParent.off('scroll', scrollHandler);
+    };
+  }
+
   /**
    * Load notifications into the application's cache if they haven't already
    * been loaded.
    */
   load() {
-    if (app.cache.notifications && !app.session.user.newNotificationsCount()) {
+    if (app.session.user.newNotificationsCount()) {
+      delete app.cache.notifications;
+    }
+
+    if (app.cache.notifications) {
       return;
     }
 
+    app.session.user.pushAttributes({newNotificationsCount: 0});
+
+    this.loadMore();
+  }
+
+  /**
+   * Load the next page of notification results.
+   *
+   * @public
+   */
+  loadMore() {
     this.loading = true;
     m.redraw();
 
-    app.store.find('notifications')
-      .then(notifications => {
-        app.session.user.pushAttributes({newNotificationsCount: 0});
-        app.cache.notifications = notifications.sort((a, b) => b.time() - a.time());
-      })
+    const params = app.cache.notifications ? {page: {offset: app.cache.notifications.length * 10}} : null;
+
+    return app.store.find('notifications', params)
+      .then(this.parseResults.bind(this))
       .catch(() => {})
       .then(() => {
         this.loading = false;
@@ -127,6 +170,21 @@ export default class NotificationList extends Component {
       });
   }
 
+  /**
+   * Parse results and append them to the notification list.
+   *
+   * @param {Notification[]} results
+   * @return {Notification[]}
+   */
+  parseResults(results) {
+    app.cache.notifications = app.cache.notifications || [];
+    app.cache.notifications.push(results);
+
+    this.moreResults = !!results.payload.links.next;
+
+    return results;
+  }
+
   /**
    * Mark all of the notifications as read.
    */
@@ -135,7 +193,9 @@ export default class NotificationList extends Component {
 
     app.session.user.pushAttributes({unreadNotificationsCount: 0});
 
-    app.cache.notifications.forEach(notification => notification.pushAttributes({isRead: true}));
+    app.cache.notifications.forEach(notifications => {
+      notifications.forEach(notification => notification.pushAttributes({isRead: true}))
+    });
 
     app.request({
       url: app.forum.attribute('apiUrl') + '/notifications/read',
diff --git a/less/forum/NotificationsDropdown.less b/less/forum/NotificationsDropdown.less
index 7ce7bfb1d..a36c635ee 100644
--- a/less/forum/NotificationsDropdown.less
+++ b/less/forum/NotificationsDropdown.less
@@ -6,7 +6,6 @@
     .NotificationList-content {
       max-height: 70vh;
       overflow: auto;
-      padding-bottom: 10px;
     }
   }
   & .Dropdown-toggle .Button-label {
diff --git a/src/Api/Controller/ListNotificationsController.php b/src/Api/Controller/ListNotificationsController.php
index 7af1cd561..284f103b3 100644
--- a/src/Api/Controller/ListNotificationsController.php
+++ b/src/Api/Controller/ListNotificationsController.php
@@ -11,6 +11,7 @@
 
 namespace Flarum\Api\Controller;
 
+use Flarum\Api\UrlGenerator;
 use Flarum\Core\Discussion;
 use Flarum\Core\Exception\PermissionDeniedException;
 use Flarum\Core\Repository\NotificationRepository;
@@ -39,16 +40,23 @@ class ListNotificationsController extends AbstractCollectionController
     public $limit = 10;
 
     /**
-     * @var \Flarum\Core\Repository\NotificationRepository
+     * @var NotificationRepository
      */
     protected $notifications;
 
     /**
-     * @param \Flarum\Core\Repository\NotificationRepository $notifications
+     * @var UrlGenerator
      */
-    public function __construct(NotificationRepository $notifications)
+    protected $url;
+
+    /**
+     * @param NotificationRepository $notifications
+     * @param UrlGenerator $url
+     */
+    public function __construct(NotificationRepository $notifications, UrlGenerator $url)
     {
         $this->notifications = $notifications;
+        $this->url = $url;
     }
 
     /**
@@ -68,10 +76,25 @@ class ListNotificationsController extends AbstractCollectionController
         $offset = $this->extractOffset($request);
         $include = $this->extractInclude($request);
 
-        $notifications = $this->notifications->findByUser($actor, $limit, $offset)
+        $notifications = $this->notifications->findByUser($actor, $limit + 1, $offset)
             ->load(array_diff($include, ['subject.discussion']))
             ->all();
 
+        $areMoreResults = false;
+
+        if (count($notifications) > $limit) {
+            array_pop($notifications);
+            $areMoreResults = true;
+        }
+
+        $document->addPaginationLinks(
+            $this->url->toRoute('notifications.index'),
+            $request->getQueryParams(),
+            $offset,
+            $limit,
+            $areMoreResults ? null : 0
+        );
+
         if (in_array('subject.discussion', $include)) {
             $this->loadSubjectDiscussions($notifications);
         }

From a0c95e6705fdebc6a87c030bcb830511e02dc9ae Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Wed, 13 Dec 2017 15:54:16 +1030
Subject: [PATCH 70/72] Filter out notifications with non-existent subjects

ref #1025 #1238. This should prevent the frontend from crashing when
opening the notifications menu, but we still need to make sure
notifications are deleted properly when subjects are deleted.
---
 src/Api/Controller/ListNotificationsController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Api/Controller/ListNotificationsController.php b/src/Api/Controller/ListNotificationsController.php
index 284f103b3..f53f3be60 100644
--- a/src/Api/Controller/ListNotificationsController.php
+++ b/src/Api/Controller/ListNotificationsController.php
@@ -76,6 +76,10 @@ class ListNotificationsController extends AbstractCollectionController
         $offset = $this->extractOffset($request);
         $include = $this->extractInclude($request);
 
+        if (! in_array('subject', $include)) {
+            $include[] = 'subject';
+        }
+
         $notifications = $this->notifications->findByUser($actor, $limit + 1, $offset)
             ->load(array_diff($include, ['subject.discussion']))
             ->all();
@@ -95,6 +99,10 @@ class ListNotificationsController extends AbstractCollectionController
             $areMoreResults ? null : 0
         );
 
+        $notifications = array_filter($notifications, function ($notification) {
+            return ! $notification->subjectModel || $notification->subject;
+        });
+
         if (in_array('subject.discussion', $include)) {
             $this->loadSubjectDiscussions($notifications);
         }

From d2f187716e0e7ed5fe6e2266dd0680f96ba31db2 Mon Sep 17 00:00:00 2001
From: Clark Winkelmann <clark.winkelmann@gmail.com>
Date: Wed, 13 Dec 2017 22:39:09 +0100
Subject: [PATCH 71/72] Prevent saving invalid custom less (#1273)

* Prevent saving invalid custom less

* Fix formatting

* Fix formatting again

* Move custom less format check to its own listener

* Move listener to AdminServiceProvider

* Rename listener method
---
 src/Admin/AdminServiceProvider.php          | 10 +++++
 src/Core/Listener/CheckCustomLessFormat.php | 43 +++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 src/Core/Listener/CheckCustomLessFormat.php

diff --git a/src/Admin/AdminServiceProvider.php b/src/Admin/AdminServiceProvider.php
index 576f0e7bd..2dfc9f53f 100644
--- a/src/Admin/AdminServiceProvider.php
+++ b/src/Admin/AdminServiceProvider.php
@@ -11,6 +11,7 @@
 
 namespace Flarum\Admin;
 
+use Flarum\Core\Listener\CheckCustomLessFormat;
 use Flarum\Event\ExtensionWasDisabled;
 use Flarum\Event\ExtensionWasEnabled;
 use Flarum\Event\SettingWasSet;
@@ -46,6 +47,8 @@ class AdminServiceProvider extends AbstractServiceProvider
         $this->flushWebAppAssetsWhenThemeChanged();
 
         $this->flushWebAppAssetsWhenExtensionsChanged();
+
+        $this->checkCustomLessFormat();
     }
 
     /**
@@ -93,4 +96,11 @@ class AdminServiceProvider extends AbstractServiceProvider
     {
         return $this->app->make(WebApp::class)->getAssets();
     }
+
+    protected function checkCustomLessFormat()
+    {
+        $events = $this->app->make('events');
+
+        $events->subscribe(CheckCustomLessFormat::class);
+    }
 }
diff --git a/src/Core/Listener/CheckCustomLessFormat.php b/src/Core/Listener/CheckCustomLessFormat.php
new file mode 100644
index 000000000..324b62bae
--- /dev/null
+++ b/src/Core/Listener/CheckCustomLessFormat.php
@@ -0,0 +1,43 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Core\Listener;
+
+use Flarum\Core\Exception\ValidationException;
+use Flarum\Event\PrepareSerializedSetting;
+use Illuminate\Contracts\Events\Dispatcher;
+use Less_Exception_Parser;
+use Less_Parser;
+
+class CheckCustomLessFormat
+{
+    public function subscribe(Dispatcher $events)
+    {
+        $events->listen(PrepareSerializedSetting::class, [$this, 'check']);
+    }
+
+    public function check(PrepareSerializedSetting $event)
+    {
+        if ($event->key === 'custom_less') {
+            $parser = new Less_Parser();
+
+            try {
+                // Check the custom less format before saving
+                // Variables names are not checked, we would have to set them and call getCss() to check them
+                $parser->parse($event->value);
+            } catch (Less_Exception_Parser $e) {
+                throw new ValidationException([
+                    'custom_less' => $e->getMessage(),
+                ]);
+            }
+        }
+    }
+}

From c6ce172caabd9c8a88c07d39a785ca78075dc53f Mon Sep 17 00:00:00 2001
From: Franz Liedke <franz@develophp.org>
Date: Wed, 13 Dec 2017 23:08:35 +0100
Subject: [PATCH 72/72] Apply suggestions from StyleCI

---
 src/Admin/Server.php                             | 1 -
 src/Forum/Controller/LogOutController.php        | 1 -
 src/Forum/Controller/ResetPasswordController.php | 1 -
 src/Http/Middleware/ShareErrorsFromSession.php   | 4 ++--
 src/Locale/LocaleServiceProvider.php             | 1 -
 5 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/Admin/Server.php b/src/Admin/Server.php
index 00b3e686e..73002a1bb 100644
--- a/src/Admin/Server.php
+++ b/src/Admin/Server.php
@@ -14,7 +14,6 @@ namespace Flarum\Admin;
 use Flarum\Event\ConfigureMiddleware;
 use Flarum\Foundation\Application;
 use Flarum\Http\AbstractServer;
-use Flarum\Http\Middleware\HandleErrors;
 use Zend\Stratigility\MiddlewarePipe;
 
 class Server extends AbstractServer
diff --git a/src/Forum/Controller/LogOutController.php b/src/Forum/Controller/LogOutController.php
index 0d15c3340..f19b7ea9c 100644
--- a/src/Forum/Controller/LogOutController.php
+++ b/src/Forum/Controller/LogOutController.php
@@ -19,7 +19,6 @@ use Flarum\Http\Controller\ControllerInterface;
 use Flarum\Http\Exception\TokenMismatchException;
 use Flarum\Http\Rememberer;
 use Flarum\Http\SessionAuthenticator;
-use Flarum\Settings\SettingsRepositoryInterface;
 use Illuminate\Contracts\Events\Dispatcher;
 use Illuminate\Contracts\View\Factory;
 use Psr\Http\Message\ServerRequestInterface as Request;
diff --git a/src/Forum/Controller/ResetPasswordController.php b/src/Forum/Controller/ResetPasswordController.php
index 1e87fdf0c..278dc897e 100644
--- a/src/Forum/Controller/ResetPasswordController.php
+++ b/src/Forum/Controller/ResetPasswordController.php
@@ -17,7 +17,6 @@ use Flarum\Core\PasswordToken;
 use Flarum\Http\Controller\AbstractHtmlController;
 use Illuminate\Contracts\View\Factory;
 use Psr\Http\Message\ServerRequestInterface as Request;
-use Symfony\Component\Translation\TranslatorInterface;
 
 class ResetPasswordController extends AbstractHtmlController
 {
diff --git a/src/Http/Middleware/ShareErrorsFromSession.php b/src/Http/Middleware/ShareErrorsFromSession.php
index 4ab83d2f8..5d0a5ed9b 100644
--- a/src/Http/Middleware/ShareErrorsFromSession.php
+++ b/src/Http/Middleware/ShareErrorsFromSession.php
@@ -10,14 +10,14 @@
 
 namespace Flarum\Http\Middleware;
 
-use Illuminate\Support\ViewErrorBag;
 use Illuminate\Contracts\View\Factory as ViewFactory;
+use Illuminate\Support\ViewErrorBag;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Zend\Stratigility\MiddlewareInterface;
 
 /**
- * Inspired by Illuminate\View\Middleware\ShareErrorsFromSession
+ * Inspired by Illuminate\View\Middleware\ShareErrorsFromSession.
  *
  * @author Taylor Otwell
  */
diff --git a/src/Locale/LocaleServiceProvider.php b/src/Locale/LocaleServiceProvider.php
index 3e038950b..d9b75383c 100644
--- a/src/Locale/LocaleServiceProvider.php
+++ b/src/Locale/LocaleServiceProvider.php
@@ -14,7 +14,6 @@ namespace Flarum\Locale;
 use Flarum\Event\ConfigureLocales;
 use Flarum\Foundation\AbstractServiceProvider;
 use Illuminate\Contracts\Events\Dispatcher;
-use Symfony\Component\Translation\MessageSelector;
 
 class LocaleServiceProvider extends AbstractServiceProvider
 {