Packages/TYPO3.CMS.git
9 months ago[DOCS] Correct page TSconfig example when using types for presets 45/66945/3
Stefan Frömken [Mon, 30 Nov 2020 11:37:21 +0000 (11:37 +0000)]
[DOCS] Correct page TSconfig example when using types for presets

Releases: master, 10.4, 9.5
Resolves: #92954
Change-Id: Ibbe19a88a603ac1390601c8e23eae566b44ebc92
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66945
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[FEATURE] Introduce API for the configuration module 99/66899/15
Sebastian Michaelsen [Wed, 25 Nov 2020 14:32:30 +0000 (15:32 +0100)]
[FEATURE] Introduce API for the configuration module

Instead of having a hardcoded list of "trees" available
in the configuration module a new API is introduced and
all existing tree functionalities are moved into separate
provider classes to use the new API.

Extension authors are now able to add their own providers
to expose their custom configuration in the module. It's
even possible now to disable existing providers shipped
by core or any third-party extension.

Each provider is therefore registered in the `Services.yaml`
of the specific extension by defining the provider class
to be used and adding the `lowlevel.configuration.module.provider`
tag with at least the unique `identifier` attribute.

All providers must then implement the new `ProviderInterface`
to ensure the module can acquire the necessary data to
display the tree and the module menu.

The registration also provides a ordering / sorting
functionality using the DependencyOrderingService.

Resolves: #92929
Releases: master
Change-Id: I94e81e4b68ff9402444dca9449d251302380fd9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66899
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Use default from address in scheduler's test task 52/66952/3
Georg Ringer [Mon, 30 Nov 2020 18:57:02 +0000 (19:57 +0100)]
[TASK] Use default from address in scheduler's test task

Change the from address used in the test task of the scheduler
by using the default address configured in
`$GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress']`.

Resolves: #92961
Releases: master, 10.4
Change-Id: Ib4bf998c3180fa1bd2baa5591c340f04198aa026
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66952
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Stefan Froemken <froemken@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Froemken <froemken@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Execute frontend functional tests in sub request 14/65514/25
Christian Kuhn [Tue, 1 Sep 2020 14:10:16 +0000 (16:10 +0200)]
[TASK] Execute frontend functional tests in sub request

Constants TYPO3_MODE and TYPO3_REQUESTTYPE are unused
in core, and we have a new helper method in
typo3/testing-framework to execute sub requests.

The patch switches all functional tests that execute
frontend requests to use a sub request instead of
handling standalone PHP processes.

This patch is quite a milestone: It is the proof that
TYPO3 framework state can be managed well enough to
execute multiple TYPO3 application requests in one process.

As a happy little side effect, the overall performance
of the functional tests is increased by roughly 20
percent. This is quite a bit when considering the fact
that most execution time is consumed by setting up
all the database tables.

Releases: master
Resolves: #92966
Related: #92965
Related: #92947
Change-Id: I390baed39502ad3d30c881d6061f8ea0fad3c76c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65514
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Raise typo3/testing-framework to ^6.5.0 60/66960/4
Christian Kuhn [Tue, 1 Dec 2020 12:06:20 +0000 (13:06 +0100)]
[TASK] Raise typo3/testing-framework to ^6.5.0

Brings an acceptance test stabilization fix and a
functional test API method to execute frontend
requests as sub request with core v11 / master.

composer require --dev typo3/testing-framework ^6.5.0

Resolves: #92965
Releases: master, 10.4
Change-Id: Ic8600d369f436569658e7cc593c428e6eb70db0a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66960
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Deprecate constants TYPO3_MODE and TYPO3_REQUESTTYPE 48/66948/10
Christian Kuhn [Mon, 30 Nov 2020 16:58:36 +0000 (17:58 +0100)]
[TASK] Deprecate constants TYPO3_MODE and TYPO3_REQUESTTYPE

Final patch to deprecate TYPO3_MODE and TYPO3_REQUESTTYPE
with an excessive changelog file to explain details and
migration for extension developers.

Resolves: #92947
Related: #92948
Related: #92951
Related: #92949
Related: #92952
Related: #92953
Releases: master
Change-Id: Id0570582aa08dd34faea3506d5ef8bc85afdda33
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66948
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Drop usages of TYPO3_MODE and TYPO3_REQUESTTYPE 95/66895/20
Christian Kuhn [Tue, 24 Nov 2020 17:35:12 +0000 (18:35 +0100)]
[TASK] Drop usages of TYPO3_MODE and TYPO3_REQUESTTYPE

Drop all usages of TYPO3_MODE and TYPO3_REQUESTTYPE by
using the ApplicationType helper class when frontend
or backend is detected, and by directly using the
applicationType attribute of the request object in a
couple of special cases that check for backend ajax
or install tool.

Resolves: #92953
Related: #92951
Related: #92947
Releases: master
Change-Id: I98c9d5ef0e7a6409b01188ddd0bbcf94f159cbcd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66895
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
9 months ago[TASK] Extbase controller actions must return ResponseInterface 53/66553/8
Alexander Schnitzler [Fri, 6 Nov 2020 12:58:05 +0000 (13:58 +0100)]
[TASK] Extbase controller actions must return ResponseInterface

In the past, Extbase controller actions could return either void,
null, a string, or an object that implemented the __toString()
method. All those return types are now deprecated in favor of
an instance of \Psr\Http\Message\ResponseInterface (PSR-7).

Response objects can be created in the controller by using the
response factory which is injected into all action controllers.

Alternatively, custom response objects can be declared and used
as long as they implement the interface and are therefore PSR-7
compatible.

Releases: master
Resolves: #92784
Change-Id: If1e778c29f870fd0e78d253f0cfcff359a0babae
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66553
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
9 months ago[TASK] Drop TYPO3_MODE usage in ext:adminpanel ext_localconf.php 43/66943/2
Christian Kuhn [Sun, 29 Nov 2020 13:44:44 +0000 (14:44 +0100)]
[TASK] Drop TYPO3_MODE usage in ext:adminpanel ext_localconf.php

Code in ext_localconf.php must not create different
framework state depending on the (frontend or backend)
application type. The ApplicationType helper class does
not work at this point in bootstrap, since the PSR-7
request object has not been created, yet.

Solution is to always register the admin panel logger,
and to decide within the logger instance if an incoming
log record should be handled.

Resolves: #92952
Related: #92951
Related: #92947
Releases: master
Change-Id: If0834abff33d5ed1fa4f0e18c0f76c252db4013c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66943
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Add application type to request 42/66942/3
Christian Kuhn [Sun, 29 Nov 2020 10:29:07 +0000 (11:29 +0100)]
[TASK] Add application type to request

The cardinal issue with constant 'TYPO3_MODE' is that it's
value is NOT constant: It is defined early during bootstrap and
derived from information that is hand over from entry point
index.php's. Depending on this, value is either 'FE' or 'BE'.

Using that constant or the related constant 'TYPO3_REQUESTTYPE'
makes it impossible to change scope from backend to frontend
in one PHP call. This actively blocks executing sub requests,
use cases are for instance executing a frontend request within
a running backend call (eg. view module), or executing frontend
requests from cli (eg. some indexer).

Dropping 'TYPO3_MODE' and its friends is thus a requirement to
finally allow such scenarios. We can't get rid of the distinction
between 'frontend' and 'backend' altogether since some legit use
cases like different paths or security settings depend on it.

Looking at TYPO3 bootstrap, the only class that 'knows' if it's
frontend or backend are the Application classes of ext:frontend
and ext:backend. They are the PSR-15 entry points, they create a
first PSR-7 request object if it has not been given, and then
call the PSR-15 middleware stack dispatcher to create a PSR-7
response, starting with this first request object.

The solution to get rid of 'TYPO3_MODE' is to add the information
'I am a frontend or backend request' as attribute to the request
object in the Application classes. To simplify things, the helper
class ApplicationType is introduced that answers isFrontend() and
isBackend() for a given request object.

Documentation changelog files with full details on the impact of
this change will be added with an upcoming patch that deprecates
the constants in master.

This patch targets master and v10: 'TYPO3_MODE' is used in
extensions quite often. Having the API in both v10 and v11 helps
extension developers to deliver deprecation free extensions that
are compatible with both v10 and v11 in one version. Codewise,
neither the 'applicationType' attribute nor the helper class
harm in v10.

Resolves: #92951
Related: #92947
Releases: master, 10.4
Change-Id: Ia4ea637b252b774cf72492402e6be52ee4695242
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66942
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Use constant 'TYPO3' in global script files 38/66938/2
Christian Kuhn [Tue, 24 Nov 2020 17:35:12 +0000 (18:35 +0100)]
[TASK] Use constant 'TYPO3' in global script files

Avoid usage of constant 'TYPO3_MODE' as security gate
in script files that don't run in class or callable context.
Use new constant 'TYPO3' instead.

Resolves: #92949
Related: #92947
Related: #92948
Releases: master
Change-Id: I95618793ed29b4b71e9e97ea8da124924d6753fc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66938
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
9 months ago[TASK] Introduce constant 'TYPO3' 37/66937/2
Christian Kuhn [Sat, 28 Nov 2020 16:03:33 +0000 (17:03 +0100)]
[TASK] Introduce constant 'TYPO3'

TYPO3 still has some script files that run in global scope
without class or callable encapsulation. Those are especially
ext_localconf.php, ext_tables.php and Configuration/TCA/Overrides/*
script files.

When those files are located within document root, they can be
called directly via HTTP and may output something, which can be
a security risk. To prevent this, they have a call at the very
start: 'defined('TYPO3_MODE') or die();'.

Unfortunately, constant 'TYPO3_MODE' is a technical debt, core
tries to phase it out in v11. We thus need something equivalent
for these calls.

Since that test for existance of a constant is so simple and
straight forward, the solution is to define a new constant to
true, simply named 'TYPO3', to substitute 'TYPO3_MODE'. The
call is very similar: 'defined('TYPO3') or die();'.

The patch targets core master and v10: Having that constant in
v10 simplifies life of extension developers who want to deliver
extensions compatible with v10 and v11 in the same version, when
'TYPO3_MODE' constant is deprecated in v11 with upcoming patches.

Resolves: #92948
Related: #92947
Releases: master, 10.4
Change-Id: Ib7b438422a41e242cf49cd4f87a6f8c50a9907d3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66937
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Increase z-index of flatpickr 32/66932/2
Andreas Fernandez [Fri, 27 Nov 2020 10:49:14 +0000 (11:49 +0100)]
[BUGFIX] Increase z-index of flatpickr

If may happen that the flatpickr is rendered behind a checkbox of
nullable values in FormEngine due to conflicts in z-index. This patch
increases the z-index of flatpickr.

Resolves: #92912
Releases: master
Change-Id: I632b424e6d00c48b5aef48ec1a15fdb7149f509a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66932
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: okmiim <okmiim@live.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: okmiim <okmiim@live.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
10 months ago[BUGFIX] Do not hand invalid input to ResourceFactory 52/66852/4
Daniel Goerz [Mon, 23 Nov 2020 16:02:32 +0000 (17:02 +0100)]
[BUGFIX] Do not hand invalid input to ResourceFactory

A phpstan related patch revealed a flaw in EXT:form
PropertyMappingConfiguration when an "EXT:" path was
passed to the FAL ResourceFactory.

Instead of relying on the InvalidArgumentException
this patch now prevents the invalid argument from being
passed in the first place.

Resolves: #92908
Related: #92264
Releases: master, 10.4
Change-Id: I09ff5e28c28e8bbc2de954c1b9077969befb3646
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66852
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Alexander Schnitzler <git@alexanderschnitzler.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Alexander Schnitzler <git@alexanderschnitzler.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Deprecate calling AbstractTreeView::getIcon() with records uid 92/66892/4
Oliver Bartsch [Tue, 24 Nov 2020 15:18:09 +0000 (16:18 +0100)]
[TASK] Deprecate calling AbstractTreeView::getIcon() with records uid

Calling `AbstractTreeView::getIcon()` with the records uid as
first argument is deprecated. This helps to increase type safety
through the core and also properly reflects the expected value
for the parameter, as its name is `$row`.

Side note: There was no benefit in providing just the records uid
since the full record was fetched in that case anyways internally,
but without adding any restrictions or respecting any overlays.

Because the method returns a string in any case, the return type
is furthermore added to the method signature.

Resolves: #92922
Releases: master
Change-Id: I60ccaf17d8244a2a86fb3b9bc377ce19a6a58e69
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66892
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
10 months ago[BUGFIX] Allow removal of RegularExpression validator 77/66877/2
Oliver Bartsch [Tue, 24 Nov 2020 10:59:52 +0000 (11:59 +0100)]
[BUGFIX] Allow removal of RegularExpression validator

Add the missing "delete" button to the RegularExpression
validator for form elements "Telephone" and "Url", allowing
to remove a previously manually added validator again.

Note: The "Email" and "Number" form elements do both also
include validators which are missing the "delete" button. But
since this validators (email validator respectively number
validator) are added automatically on form element creation,
it's considered intended behaviour. Only validators which were
added manually must provide the option to delete them again.

Resolves: #92916
Releases: master, 10.4
Change-Id: I56969395ccb8237af6b48ed1793e1af9afc21423
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66877
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
10 months ago[!!!][TASK] Remove lockToIP UserTsConfig flag 40/66640/4
Benni Mack [Mon, 16 Nov 2020 10:20:50 +0000 (11:20 +0100)]
[!!!][TASK] Remove lockToIP UserTsConfig flag

The UserTsConfig setting `options.lockToIP` is
removed, which was only active the global setting
$GLOBALS['TYPO3_CONF_VARS']['BE']['enabledBeUserIPLock']
was active.

Happy Eyeballs makes this feature very useless, but if
this is still needed, it should be rather implemented
as an individual AuthenticationService or PSR-15 middleware
than evaluated separately.

Resolves: #92941
Releases: master
Change-Id: I1e2be7784a3c4b54573b3c3118db1fb3109b0ddc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66640
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[!!!][TASK] Remove global option "lockBeUserToDBmounts" 08/66908/6
Benni Mack [Thu, 26 Nov 2020 12:48:44 +0000 (13:48 +0100)]
[!!!][TASK] Remove global option "lockBeUserToDBmounts"

The global configuration option, which is always active by
default, restricts ALL non-administrators to be locked in to
their webroots (DB mounts).

Disabling this option would allow any editor to see the whole
page tree, overriding most of the concepts used in TYPO3
Backend and permission handling.

As stated in the description of the option, it is highly
recommended for security reasons to leave this option enabled.

This option is removed to streamline TYPO3's permission handling.

Resolves: #92940
Releases: master
Change-Id: I15f6538bdb34077a99cb8d2db7a21e60492bb923
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66908
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[DOCS] Fix hook registration example in changelog 07/66907/4
Remo Schneider [Thu, 26 Nov 2020 10:13:15 +0000 (10:13 +0000)]
[DOCS] Fix hook registration example in changelog

The `makeSearchStringConstraints` hook in DatabaseRecordList
expects a class name to be given as value. The method to
be called on the instantiated hook object is fix and can
not be provided in the hook registration.

Releases: master, 10.4, 9.5
Resolves: #92938
Change-Id: I43b0b553901019fa299bb4c9632722cf2beb759f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66907
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Fix performance issue with mail spools 02/66902/3
Markus Gerdes [Wed, 25 Nov 2020 16:51:05 +0000 (17:51 +0100)]
[BUGFIX] Fix performance issue with mail spools

This patch removes the concatenation of the queued messages of the
spools in the __toString() methods which is needed for newer Symfony
releases.

Instead a simple identifier for representing the spool is returned.

Resolves: #92934
Releases: master, 10.4
Change-Id: I8b8559dcb8235ec14951c7233fa49f736bdc4860
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66902
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[DOCS] Add missing descriptions to ViewHelper arguments 97/66897/2
Oliver Bartsch [Tue, 24 Nov 2020 19:57:00 +0000 (20:57 +0100)]
[DOCS] Add missing descriptions to ViewHelper arguments

Add missing descriptions to ViewHelpers, improving the
usability within the IDE as also on the ViewHelpers docs,
since these values are rendered there automatically.

Resolves: #92927
Releases: master, 10.4
Change-Id: I9b5506c39f92a65840da0d187f1c7cc7f4a1810b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66897
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Sybille Peters <sypets@gmx.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Update sessions in RedisBackend correctly 96/66696/3
Markus Klein [Wed, 18 Nov 2020 15:32:34 +0000 (16:32 +0100)]
[BUGFIX] Update sessions in RedisBackend correctly

On updating an existing session we must use the un-hashed
sessionId to query the existing session.

Resolves: #92869
Releases: master, 10.4, 9.5
Change-Id: I4eecb8eaf84342261ba7d9b5a7a6dab619dad481
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66696
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[DOCS] Fix formatting in master changelogs 27/66827/3
Oliver Bartsch [Mon, 23 Nov 2020 11:09:43 +0000 (12:09 +0100)]
[DOCS] Fix formatting in master changelogs

Resolves: #92905
Releases: master
Change-Id: Id42f4f97bd43c78a326be0bb6d9248ba8f9a4b03
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66827
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Raise Doctrine dependencies to be PHP 8 compatible 33/66733/3
Benni Mack [Tue, 24 Nov 2020 16:18:30 +0000 (17:18 +0100)]
[TASK] Raise Doctrine dependencies to be PHP 8 compatible

used composer commands
* composer req "doctrine/annotations:^1.11.0"
* composer req "doctrine/instantiator:^1.4.0"
* composer req "doctrine/lexer:^1.2.1"

Doctrine DBAL will be handled separately

Resolves: #92924
Releases: master
Change-Id: I6c0da8e427724938519c70185004b61fbbe343fb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66733
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Always use fluid based page module 98/66698/5
Georg Ringer [Wed, 18 Nov 2020 15:55:57 +0000 (16:55 +0100)]
[TASK] Always use fluid based page module

The feature toggle for `fluidBasedPageModule` is removed
to enforce the use of the new fluid based page module.

The already deprecated `PageLayoutView` will finally
be removed in a separate patch.

Resolves: #92870
Releases: master
Change-Id: I974a1b010cb14a545e80b7486f5f7c1f0083788e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66698
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Fix translation wizard when there are elements with language "All" 57/66557/2
Dmitry Dulepov [Fri, 6 Nov 2020 15:21:29 +0000 (18:21 +0300)]
[BUGFIX] Fix translation wizard when there are elements with language "All"

Translation wizard will hang if there are new content elements to
translate and there is an element with language "All". This change
fixes the problem by disallowing to fetch elements with this
language.

The fix is contributed by the University of Basel.

Resolves: #92751
Releases: master, 10.4, 9.5
Change-Id: Ib018e04f6e95a1dc1a1d1f57631a31b986a10cd5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66557
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Add focus to user confirmation password field 73/66773/2
Oliver Bartsch [Fri, 20 Nov 2020 20:18:43 +0000 (21:18 +0100)]
[BUGFIX] Add focus to user confirmation password field

Since #92836 backend users have to confirm their
password on accessing the install tool in the backend.

The corresponding password field now properly gets
the focus assigned. This improves the accessibility,
especially for keyboard users who otherwise had to
tab through the whole module menu first.

Resolves: #92895
Releases: master, 10.4, 9.5
Change-Id: I001f851b3730a864923c73a766026ed18d9c5466
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66773
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Frank Nägler <frank.naegler@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Frank Nägler <frank.naegler@typo3.org>
10 months ago[TASK] Cleanup unused variables and functions in linkvalidator 72/66772/2
Sybille Peters [Fri, 20 Nov 2020 19:17:08 +0000 (20:17 +0100)]
[TASK] Cleanup unused variables and functions in linkvalidator

Resolves: #92894
Releases: master
Change-Id: I21ab03f80924f27af267c9e4a401b53358ea6327
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66772
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Require PHP 7.4 for "composer min" stages 93/66793/2
Andreas Fernandez [Sat, 21 Nov 2020 07:41:15 +0000 (08:41 +0100)]
[BUGFIX] Require PHP 7.4 for "composer min" stages

Resolves: #92896
Related: #92888
Releases: master
Change-Id: Icda106771196a1bcabd10651170f553bb56a7ffa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66793
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
10 months ago[FEATURE] Add button to create sys_note records directly in modules 73/66373/4
Oliver Bartsch [Mon, 2 Nov 2020 12:16:23 +0000 (13:16 +0100)]
[FEATURE] Add button to create sys_note records directly in modules

System notes are being displayed in various modules.
Previously one however had to always switch to the list
module to add such note.

Therefore, a new button is added to the button bar of the
page, list and info module which allows to directly create
a new sys_note record for the current page. The new button
can be disabled via page TSconfig.

Resolves: #83814
Releases: master
Change-Id: Id7ab3b7a25d14c67a2a1b41753e1eae34eecd69e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66373
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[!!!][TASK] Remove method canProcessRequest 44/66644/5
Alexander Schnitzler [Mon, 16 Nov 2020 13:49:31 +0000 (14:49 +0100)]
[!!!][TASK] Remove method canProcessRequest

With this patch method canProcessRequest() of class
\TYPO3\CMS\Extbase\Mvc\Controller\ActionController has
been removed because it could never fulfill its claim,
enabling users to simply register custom request types
and then have custom controllers be built and dispatched
depending on the request type.

Besides that, dispatching another controller than the one
configured and requested is unwanted behaviour.

Furthermore, the corresponding protected property
$supportedRequestTypes and the UnsupportedRequestTypeException
have also been removed.

Releases: master
Resolves: #92853
Change-Id: I2d7ae9fea86f5161e67e0f17a11f563b037cc412
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66644
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[TASK] Provide label for email field in forget password form 73/66273/3
Matthias Weber [Fri, 23 Oct 2020 16:23:53 +0000 (18:23 +0200)]
[TASK] Provide label for email field in forget password form

Add a visible label for the email input field in the
forget password form.

Releases: master
Resolves: #92627
Change-Id: I8114b47e83320fdc730b4a0d4f6bf71761199226
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66273
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Use a HTML button for the collapsable IRRE header 71/66271/4
Olaf Schmidt-Wischhöfer [Fri, 23 Oct 2020 10:31:43 +0000 (12:31 +0200)]
[BUGFIX] Use a HTML button for the collapsable IRRE header

Also add aria-expanded and aria-controls arguments for screen readers

Resolves: #92682
Releases: master, 10.4
Change-Id: I48d0edcbea4d185d11216048d7847ad3574d704d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66271
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Make sure external link checks time out 41/66241/8
Sybille Peters [Wed, 21 Oct 2020 17:25:22 +0000 (19:25 +0200)]
[BUGFIX] Make sure external link checks time out

The HTTP requests for checking external links did not have a
timeout. The timeout from Global Configuration was used
which is set to 0 (not timeout) by default.

This could cause the link checking to run
indefinitely and scheduler tasks to never terminate.

Usually, there is a connect timeout, a read timeout
and a total timeout. We set the total timeout and make
this configurable via page TSconfig.

If this is not set via TSconfig, it will default to the
value set in $GLOBALS['TYPO3_CONF_VARS']['HTTP']['timeout'].

Resolves: #92655
Releases: master, 10.4
Change-Id: Ib4727a665e41be247a7391c9ae814917df39df6e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66241
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Sybille Peters <sypets@gmx.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Allow keyboard navigation for form duplication wizard 05/66605/2
Elias Häußler [Wed, 11 Nov 2020 13:28:00 +0000 (14:28 +0100)]
[BUGFIX] Allow keyboard navigation for form duplication wizard

This patch adds keyboard navigation for the multi-step wizard handling
duplication of existing forms in backend and improves accessibility.

Resolves: #92819
Related: #90132
Releases: master, 10.4
Change-Id: Iea487044557dba0caf33f83e47b8c87a7d603040
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66605
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[!!!][BUGFIX] Fix behaviour of inverted TCA checkboxes 82/66282/9
Martin Kutschker [Thu, 22 Oct 2020 14:02:46 +0000 (16:02 +0200)]
[!!!][BUGFIX] Fix behaviour of inverted TCA checkboxes

States of checkboxes defined in the TCA with "invertStateDisplay" enabled
are announced in the same way as the visual representation. The
underlaying checkbox value is inverted instead of just inverting the
corresponding visual representation.

The CSS class "checkbox-invert" used for styling these checkboxes has
been removed.

Resolves: #92678
Releases: master
Change-Id: Id35d0cc3b3872a8176f30eee6abdf49287a2c44a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66282
Tested-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Use button tag for modal buttons in InlineControlContainer 33/66233/12
Olaf Schmidt-Wischhöfer [Wed, 21 Oct 2020 12:41:03 +0000 (14:41 +0200)]
[BUGFIX] Use button tag for modal buttons in InlineControlContainer

Instead of <a href="#" ...> or <span ...>, a <button> tag is used for
inline relations to enable proper keyboard navigation.

* rename variable and protected method names from "link" to "button"
* remove unsed $objectPrefix argument from getLevelInteractionLink
  (now ...Button)

Resolves: #91595
Releases: master, 10.4
Change-Id: I167c175fe9e0fa211e637936e9d777459f892e79
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66233
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Tested-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Raise PHP requirements to PHP 7.4 17/66717/3
Benni Mack [Fri, 20 Nov 2020 11:37:03 +0000 (12:37 +0100)]
[TASK] Raise PHP requirements to PHP 7.4

The PHP version that is required now, is PHP 7.4,
more specifically PHP 7.4.1, which fixed a
hard issue on the JIT compiler.

Used composer commands:
composer config platform.php 7.4.1
composer req php:^7.4
composer req php:^7.4 -d typo3/sysext/core --no-lock

Releases: master
Resolves: #92890
Change-Id: Iaf090b34b1f825adcdb5d42e8a4df20673677a6f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66717
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Set the correct PageUid in the MountpointInfos 52/64952/13
Devid Messner [Tue, 30 Jun 2020 11:35:56 +0000 (13:35 +0200)]
[BUGFIX] Set the correct PageUid in the MountpointInfos

Replace the uid of the translated page with
the uid of the original page in the mountpoint parameter.

Resolves: #91328
Releases: master, 10.4
Change-Id: I6eeceff8b191cd76e134fda59e67550b58dfa985
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64952
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[!!!][TASK] Remove LinkHandler class in linkvalidator 65/66265/8
Sybille Peters [Fri, 23 Oct 2020 14:02:10 +0000 (16:02 +0200)]
[!!!][TASK] Remove LinkHandler class in linkvalidator

Linkvalidator ships with several Linktype classes that are
used to check specific links such as ExternalLinktype,
Filelinktype etc.

The Linktype LinkHandler is not used by default (see
Page TSconfig mod.linkvalidator.linktypes).

It was used to check links of the extension "linkhandler"
which is now outdated. The latest version supports TYPO3
4.1.0. Functionality from the extension linkhandler has
been migrated to the core in TYPO3 8, but in any case
the LinkHandler link type supports outdated link syntax
starting with "record:".

Resolves: #92693
Releases: master
Change-Id: Ie0736720ce975b8ccf8e8323660e18d0c772b251
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66265
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[BUGFIX] Fix removal of broken link from list 87/66287/4
Sybille Peters [Mon, 26 Oct 2020 18:28:15 +0000 (19:28 +0100)]
[BUGFIX] Fix removal of broken link from list

When a broken link is fixed by using the pencil icon
in list of broken links, the broken link should get
removed from the list.

Resolves: #92710
Releases: master, 10.4
Change-Id: I56e620313491414916f81cb32419348b7dab00d3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66287
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Respect CGL for TsConfig 06/66606/3
Eric Chavaillaz [Wed, 11 Nov 2020 15:20:41 +0000 (16:20 +0100)]
[TASK] Respect CGL for TsConfig

The TsConfig CGL are described:
https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/CodingGuidelines/CglTsConfig.html

This patch ensure that those rules are now respected everywhere in the core.

Resolves: #92820
Releases: master
Change-Id: I7eef518c1aad5758a5d39d469ea16d5bbb97653b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66606
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Apply button style to edit record icon in linkvalidator report 09/66609/3
Sybille Peters [Wed, 11 Nov 2020 18:13:42 +0000 (19:13 +0100)]
[TASK] Apply button style to edit record icon in linkvalidator report

The edit record icon now has a proper button style to unify the
appearance between the modules (e.g. redirect module).

Resolves: #92823
Releases: master
Change-Id: I899007222068fba39ff6672433908e04db31804e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66609
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Chris Müller <typo3@krue.ml>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Chris Müller <typo3@krue.ml>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Wrap for {searchWord.sword} in EXT:indexed_search 95/66695/3
Joachim Eckerlin [Wed, 18 Nov 2020 10:59:30 +0000 (11:59 +0100)]
[TASK] Wrap for {searchWord.sword} in EXT:indexed_search

Additional wrapper around the sword in the search result template.
Allowing CSS Styling to the word, but not the label.

Resolves: #92786
Releases: master
Change-Id: Iff9cab894883ed1cefe0769d40cad2f50ecf9102
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66695
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[TASK] Output test run overview at end of local test run 71/66571/7
Anja Leichsenring [Sun, 8 Nov 2020 12:05:45 +0000 (13:05 +0100)]
[TASK] Output test run overview at end of local test run

In order to improve quick result accessment, a summary
is now outputted at the very end of the local test run.
Details about test suite, php version and DBMS version
are given, together with a clear message whether the test run was
successful or not.

Resolves: #92796
Releases: master, 10.4, 9.5
Change-Id: I0470a5e811088a5b56174ff66eaff1fd8387264e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66571
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Jonas Eberle <flightvision@googlemail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Make non-visible l10n_parent fields of type group 71/66671/3
Markus Klein [Tue, 17 Nov 2020 19:30:23 +0000 (20:30 +0100)]
[BUGFIX] Make non-visible l10n_parent fields of type group

The l10n_parent fields of sys_file_metadata and sys_file_reference are
never shown anywhere. Having them as type 'select' in the TCA causes the
FormEngine to try loading all possible parent value, which can be
thousands or more. This degrades backend performance towards unusable.

Changing the TCA definition to 'group' mitigates the issue easily as no
lookup list has to be created/loaded.

Resolves: #92863
Releases: master, 10.4
Change-Id: Ibf76ac51f6d79a69fdc19bfe1993bcb6c97de233
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66671
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[TASK] Increase input placeholder contrast ratio 62/66262/4
Matthias Weber [Fri, 23 Oct 2020 10:20:31 +0000 (12:20 +0200)]
[TASK] Increase input placeholder contrast ratio

Set the color of placeholders to #767676 to meet WCAG AA
conformance for background-color #fefefe.

Resolves: #92621
Releases: master
Change-Id: I573876390cc628793817a5498479b0389afd05cc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66262
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Variable type hints for makeInstance(self::class) 99/66699/2
Christian Kuhn [Thu, 19 Nov 2020 13:39:06 +0000 (14:39 +0100)]
[TASK] Variable type hints for makeInstance(self::class)

It seems the DynamicReturnTypePlugin for PhpStorm does
not deal with 'self::class'. Change a couple of
makeInstance() calls to hint for the returned object.

Resolves: #92876
Releases: master
Change-Id: I2cd2ad28dcd4e3baba641bdbc0dbdbc50d6bde9d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66699
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[BUGFIX] Register icons not being part of TYPO3.Icons again 93/66693/3
Andreas Fernandez [Wed, 18 Nov 2020 07:26:01 +0000 (08:26 +0100)]
[BUGFIX] Register icons not being part of TYPO3.Icons again

Since #92689 the IconRegistry is fed by a JSON file taken from the
TYPO3.Icons repository and does not grab all PNG and SVG files from the
filesystem and auto-registers these files anymore.

It turned out that some icons (all of them being PNG files) are not part
of the TYPO3.Icons repository and thus haven't been registered anymore.

This patch now registers icons of EXT:backend and EXT:impexp explicitly
which are not part of the beforehand mentioned repository.

Resolves: #92860
Related: #92689
Releases: master, 10.4
Change-Id: I0baab2b00be100ad768b4a67bf678e71e11f70bb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66693
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Guido Schmechel <guido.schmechel@brandung.de>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[TASK] Remove PHP < 7.4 from build plans 14/66714/4
Andreas Fernandez [Fri, 20 Nov 2020 10:45:00 +0000 (11:45 +0100)]
[TASK] Remove PHP < 7.4 from build plans

With upcoming TYPO3 v11, support for PHP versions older than 7.4 is
cancelled. Due to this, we don't have to check these versions anymore in
Bamboo and thus remove them from the build plans.

Resolves: #92888
Releases: master
Change-Id: Iae261d4f4bc8ec205a583f685fda2ef183f32767
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66714
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[DOCS] Switch extensionname and pluginname in ext:form 12/66712/4
Charanth [Fri, 20 Nov 2020 10:05:22 +0000 (10:05 +0000)]
[DOCS] Switch extensionname and pluginname in ext:form

These two parameters are switched.

Releases: master, 10.4, 9.5
Resolves: #92887
Change-Id: I7a896a167f39b8a68664ef6f37b3b1be447825c9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66712
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[BUGFIX] Release locks in middleware to prevent locking deadlock 07/66707/3
Christian Kuhn [Thu, 19 Nov 2020 16:17:07 +0000 (17:17 +0100)]
[BUGFIX] Release locks in middleware to prevent locking deadlock

In the frontend middleware chain PrepareTypoScriptFrontendRendering
interacts with TSFE and calls getFromCache() which acquires frontend
rendering locks. Locks are usually released after TSFE rendering in
the final middleware, the HTTP/RequestHandler.

Middleware ShortcutAndMountPointRedirect however, wich is called
after PrepareTypoScriptFrontendRendering, can return early without
calling below middlewares. In this case, locks need to be explicitly
released to prevent a deadlock.

This is not an issue in normal frontend calls since acquired locks
are always released in __destruct() of the locking API.

But, if the frontend is called as sub request, for instance from
within another frontend call, from cli or testing, the lock API
destructors may or may not be called. If not, this leads to dangling
locks after the FE sub request, which then may block a following sub
request executed in the same process.

Resolves: #92882
Releases: master, 10.4
Change-Id: I231e56fb04ffa899c6e1b4d7e1a9e4a971f632db
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66707
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Ignore deleted form elements for form's reference count 09/66709/2
Georg Ringer [Thu, 19 Nov 2020 18:13:19 +0000 (19:13 +0100)]
[BUGFIX] Ignore deleted form elements for form's reference count

The usage count of forms in the form module must not count deleted
elements.

Resolves: #92880
Releases: master, 10.4
Change-Id: Ia58c4e28e03ea1caa3b22ba1188d039fcdea69ea
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66709
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Rudy Gnodde <rudy@famouswolf.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Rudy Gnodde <rudy@famouswolf.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Public method to retrieve class loader 08/66708/2
Christian Kuhn [Thu, 19 Nov 2020 16:52:13 +0000 (17:52 +0100)]
[TASK] Public method to retrieve class loader

To bootstrap TYPO3 sub requests, the testing framework needs an
instance of the class loader. There is no good way to retrieve
this object that is immutable for the entire process.

During casual bootstrap, an instance of the class loader is parked
in object ClassLoadingInformation. The patch makes getClassLoader()
public to allow retrieval.

This solution is kinda ugly and should probably change later. The
public method is for now marked @internal and should not be used
by third party code to allow structural changes later.

Resolves: #92883
Releases: master
Change-Id: Ic819e1a5989a74ebf634e1b1090058b7fe93af9e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66708
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[FEATURE] AbstractApplication implements PSR-15 RequestHandlerInterface 10/66710/2
Christian Kuhn [Thu, 19 Nov 2020 17:31:19 +0000 (18:31 +0100)]
[FEATURE] AbstractApplication implements PSR-15 RequestHandlerInterface

Frontend, backend and install tool application classes are the
main entry points to create a response from a request object.

From within a HTTP index.php, run() is called, which creates the
request object from globals and feeds that to handle().

But, to retrieve a TYPO3 response from within a different PHP
application, or from within TYPO3 itself (eg. a backend calls a
frontend), the leading application would want to hand over a
given or specially crafted PSR-7 ServerRequest directly.

This is exactly what PSR-15 RequestHandlerInterface is for.

By implementing this inteface in the application classes, the
core increases interoperability significantly and allows to
be easily called by a third party PHP application.

Resolves: #92884
Releases: master
Change-Id: I3047c92de06668db4dd5ef224bafde23f4b8ebd5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66710
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Correct uri in functional test 00/66700/2
Christian Kuhn [Thu, 19 Nov 2020 13:49:11 +0000 (14:49 +0100)]
[BUGFIX] Correct uri in functional test

Handing over '/' as $uri to InternalRequest() in functional
tests triggers an ugly fallback mechanism that changes this to
'http://localhost/' within the FE call.
Not handing over any $uri string at all defaults to
'http://localhost/' too, but at an much earlier and more
transparent point.
The patch streamlines two places that used the above method.

Resolves: #92877
Releases: master, 10.4
Change-Id: Ic8e8e58315efeaf49298737f549bb5955520f7f8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66700
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Do not change TCA in ext_tables in test_datahandler 05/66705/2
Christian Kuhn [Thu, 19 Nov 2020 14:09:03 +0000 (15:09 +0100)]
[BUGFIX] Do not change TCA in ext_tables in test_datahandler

Test related fixture extension 'test_datahandler' still has calls
in ext_tables.php that changes $GLOBALS['TCA']. This is forbidden
for a while. Move those calls to Configuration/TCA/Overrides.

Resolves: #92879
Releases: master, 10.4
Change-Id: I4cc66ca41caf52d872b0ff1a06a90d180a739ddb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66705
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Do not change TCA in ext_tables in irre_tutorial 03/66703/2
Christian Kuhn [Thu, 19 Nov 2020 14:00:30 +0000 (15:00 +0100)]
[BUGFIX] Do not change TCA in ext_tables in irre_tutorial

Test related fixture extension 'irre_tutorial' still has calls
in ext_tables.php that changes $GLOBALS['TCA']. This is forbidden
for a while. Move those calls to Configuration/TCA/Overrides.

Resolves: #92878
Releases: master, 10.4
Change-Id: I56c652e5073ef26c46335e05213363007d4450e5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66703
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Use hashed sessionId to find existing session 97/66697/2
Markus Klein [Wed, 18 Nov 2020 15:53:00 +0000 (16:53 +0100)]
[BUGFIX] Use hashed sessionId to find existing session

The backend module for backend users needs to use the hashed sessionId
to check the online status if the session backend allows hashed ids.

Resolves: #92871
Releases: master, 10.4, 9.5
Change-Id: Ifb5c2f48c751a52233888b293347425afd3092ae
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66697
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Assume image dimension of SVGs with no dimension 63/65963/3
Helmut Hummel [Wed, 30 Sep 2020 10:59:02 +0000 (12:59 +0200)]
[BUGFIX] Assume image dimension of SVGs with no dimension

Extracting SVG processing to its own processor did not
respect that previously SVG files without dimensions were
handled as a side effect of undefined behaviour without
causing hard errors. The new processor however throws
an exception instead of accepting undefined behaviour, which
causes old installations with such SVG files to break.

As a mitigation (as long as no other correct behaviour is defined),
some default image dimensions are assumed for SVG files where
none can be properly determined.

This does not make SVG files without defined dimensions properly work,
but at least restores the previous behaviour of not throwing
an exception.

Additionally extracting SVG processing uncovered another bug
that existed, but never fully surfaced before.

Processed files that were updated, but in fact were using the
original file (like SVGs typically do) accessed the wrong storage
to fetch file infos, when the processed files were configured to
remain of a different storage. This is now properly checked as well.

Resolves: #92444
Resolves: #92449
Related: #92014
Releases: master, 10.4
Change-Id: Ide10af8105c5fb6a5257aa7a16e48a02a925a8fe
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65963
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Timo Poppinga <timo.poppinga@zdrei.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Timo Poppinga <timo.poppinga@zdrei.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[BUGFIX] Reimplement mod.defLangBinding for fluid-based page module 12/66412/12
Georg Ringer [Tue, 3 Nov 2020 21:47:32 +0000 (22:47 +0100)]
[BUGFIX] Reimplement mod.defLangBinding for fluid-based page module

If the TSconfig setting is turned on, translations of content elements
are bound to the default record in the display. This means that within
each column with content elements any translation found for exactly
the shown default content element will be shown in the language
column next to the translation.

This feature has been forgotten during the rewrite and is now readded.

Resolves: #92482
Releases: master, 10.4
Change-Id: I408343d3b9a33b3239d1f341f3df36b65d2cd9c8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66412
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[BUGFIX] Process cropped images only once 87/65187/13
Helmut Hummel [Wed, 5 Aug 2020 11:23:05 +0000 (13:23 +0200)]
[BUGFIX] Process cropped images only once

To avoid loss of quality and spawning unnecessary imagemagick
processes, cropping and scaling of images is now done
with a single imagemagick process.

By doing so, the code for SVG processing is streamlined.
SVG processing code can further be improved later,
by putting it into a dedicated file processing task processor.

Releases: master, 10.4
Resolves: #91855
Change-Id: I3bf735e74dd46dec73431405f37616506747ccdf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65187
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[SECURITY] Disallow XXE in RSS dashboard widget 65/66665/2
Oliver Hader [Tue, 17 Nov 2020 08:52:06 +0000 (09:52 +0100)]
[SECURITY] Disallow XXE in RSS dashboard widget

Processing XML external entities is explicitly disallowed when retrieving
RSS/XML data from a remote service. Code-wise it is handled as security
issue - however it was not possible to actually exploit the code with
current system distributions. Default processing of external entities
has been disabled in libxml2 since verion 2.9 - thus, most systems are
not affected by this issue.

Resolves: #92329
Releases: master, 10.4
Change-Id: Ia00e98ea8e54472ad09fbf4beaf1481eaa5fd7a2
Security-Bulletin: TYPO3-CORE-SA-2020-012
Security-References: CVE-2020-26229
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66665
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[SECURITY] Protect persisted session IDs from being used directly 64/66664/2
Oliver Hader [Tue, 17 Nov 2020 08:51:51 +0000 (09:51 +0100)]
[SECURITY] Protect persisted session IDs from being used directly

Instead of storing session IDs with their corresponding storage
backends in plain text, their HMAC-SHA256 (Redis) or HMAC-MD5 (DB)
is being used. HMAC-MD5 had to be chosen to avoid breaking changes
for limited field size in database fields (32 characters currently).

This change also allows a fallback to non-hashed-session values,
meaning that
* set() and update() will create new session records with the hashed
  identifier
* get() contains a fallback to the non-hashed-version when no session
  with a hashed identifier is found

Resolves: #91854
Releases: master, 10.4, 9.5
Change-Id: Ia57acc5e0d0cf71088af1aaff1ab894bd1d4e3dd
Security-Bulletin: TYPO3-CORE-SA-2020-011
Security-References: CVE-2020-26228
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66664
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[SECURITY] Encode passed arguments in Fluid view helpers 63/66663/2
Oliver Hader [Tue, 17 Nov 2020 08:51:38 +0000 (09:51 +0100)]
[SECURITY] Encode passed arguments in Fluid view helpers

* XSS in `f:be.labels.csh` in argument `label`
* XSS in `f:be.menus.actionMenu` in argument `label`
* XSS in `f:form` in argument `fieldNamePrefix`

Resolves: #92602
Releases: master, 10.4, 9.5
Change-Id: I7574bfb60eb2e11ecfb98d187f2edd580f43cd93
Security-Bulletin: TYPO3-CORE-SA-2020-010
Security-References: CVE-2020-26227
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66663
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[SECURITY] Upgrade typo3fluid/fluid to v2.6.10 62/66662/2
Oliver Hader [Tue, 17 Nov 2020 08:51:28 +0000 (09:51 +0100)]
[SECURITY] Upgrade typo3fluid/fluid to v2.6.10

Change-Id: Ie2adfafff4ab57cac9426d9a5784b794f459ea7c
Resolves: #92829
Releases: master
Security-Bulletin: TYPO3-CORE-SA-2020-009
Security-References: CVE-2020-26216
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66662
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[BUGFIX] Do not try to evaluate fe_groups for page overlays 30/66330/4
Markus Klein [Wed, 28 Oct 2020 15:47:18 +0000 (16:47 +0100)]
[BUGFIX] Do not try to evaluate fe_groups for page overlays

The access settings is an exclude field and hence
the value is synchronized to the translation.
Fetching the translation overlay therefore does
not need to evaluate the fe_groups again.

Resolves: #91725
Releases: master, 10.4, 9.5
Change-Id: Ie6ec2208d15f67eafb6a48627c5f1b76ffdc5725
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66330
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Make ActionController abstract 42/66642/2
Alexander Schnitzler [Mon, 16 Nov 2020 13:08:19 +0000 (14:08 +0100)]
[TASK] Make ActionController abstract

Since there is no dedicated AbstractController any more and
ActionController cannot be dispatched without being extended
the class is finally marked abstract.

Releases: master
Resolves: #92850
Change-Id: I910765ded482a59789dc3830701e497b4b8b45b8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66642
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Introduce resource Content-Security-Policy check 27/66627/8
Oliver Hader [Fri, 13 Nov 2020 16:25:30 +0000 (17:25 +0100)]
[TASK] Introduce resource Content-Security-Policy check

Introduces Content-Security-Policy HTTP header check on
fileadmin/ resources.

This can be seen as follow-up up to TYPO3-CORE-SA-2020-006
and TYPO3-PSA-2019-010 now actively analyzing this HTTP
header and letting users know in reports module and
system environment check of the Install Tool.

Resolves: #92835
Releases: master, 10.4, 9.5
Change-Id: I53028ae36c9195082993ee89d630efa7b555c547
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66627
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[TASK] Introduce sudo mode for install tool accessed via backend 30/66630/17
Oliver Hader [Fri, 6 Nov 2020 08:43:09 +0000 (09:43 +0100)]
[TASK] Introduce sudo mode for install tool accessed via backend

The session expiration time for the install tool is reduced from
60 to 15 minutes. When accessing the install tool via backend user
interface, currently logged in backend users have to confirm their
user password again in order to get access to the install tool.
This process is known as "sudo mode".

Standalone install tool is not affected by sudo mode confirmation.
This change enforces mitigation as mentioned in TYPO3-CORE-SA-2020-006,
see https://typo3.org/security/advisory/typo3-core-sa-2020-006.

Resolves: #92836
Releases: master, 10.4, 9.5
Change-Id: Ib4f0e92346610879347a48587ffd575429b98650
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66630
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[TASK] Use PageRenderer hooks in t3editor and rte_ckeditor 41/66641/5
Christian Kuhn [Tue, 1 Sep 2020 14:10:16 +0000 (16:10 +0200)]
[TASK] Use PageRenderer hooks in t3editor and rte_ckeditor

Instead of instantiating PageRenderer early in
ext_localconf, the additional require js for
t3editor and rte_ckeditor is now injected by a
PageRenderer hook when needed.

Releases: master
Resolves: #92848
Change-Id: I070d75482deb0b4c7a301719440ae18d28f0a57a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66641
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Correct formatting of example in deprecation rst 45/66645/2
Chris Müller [Mon, 16 Nov 2020 14:47:19 +0000 (15:47 +0100)]
[TASK] Correct formatting of example in deprecation rst

Resolves: #92854
Related: #92062
Releases: master
Change-Id: I416d747877aa3d7f56e8ddbd3438db27576c0ce4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66645
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Correct role in feature rst 43/66643/3
Chris Müller [Mon, 16 Nov 2020 13:23:59 +0000 (14:23 +0100)]
[TASK] Correct role in feature rst

Resolves: #92851
Releases: master
Change-Id: If7249e411165e1050b55d1d7aa9da6896fe3d9ba
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66643
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Do not use AdminPanel reference in EXT:frontend code 72/66372/5
Benni Mack [Mon, 2 Nov 2020 11:48:58 +0000 (12:48 +0100)]
[BUGFIX] Do not use AdminPanel reference in EXT:frontend code

With this change an undefined symbol is included when not having
AdminPanel loaded: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66218

This change aims to change the logic for checking if the preview
flag is enabled.

Resolves: #92746
Reverts: #92242
Releases: master, 10.4, 9.5
Change-Id: I1005424a86f1ced595b23938bd6dcc70ff2f00c9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66372
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[TASK] Drop deprecated testing-framework method usages 35/66635/5
Christian Kuhn [Sat, 14 Nov 2020 14:00:04 +0000 (15:00 +0100)]
[TASK] Drop deprecated testing-framework method usages

Functional test case methods getFrontendResponse() and
getFrontendResult() have been deprecated a while ago
but their core usages have not been adapted. Do this
now by switching to their younger counterparts.

Change-Id: Ica1a6625a29b9d35189f2c9fce29da52f121d280
Resolves: #92845
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66635
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Split up BackendUserAuthentication webmount check 98/66598/6
Benni Mack [Tue, 10 Nov 2020 11:27:03 +0000 (12:27 +0100)]
[TASK] Split up BackendUserAuthentication webmount check

In order to build the group resolving more flexible, the major method
"fetchGroupData()" is now separated into a smaller chunk
as a pre-patch.

Resolves: #92814
Releases: master
Change-Id: Id688355a869948e1b4eb57f06ed23cee0e2d513c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66598
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Make login loading text always readable 54/66554/10
Eric Chavaillaz [Fri, 6 Nov 2020 13:41:46 +0000 (14:41 +0100)]
[BUGFIX] Make login loading text always readable

If the loading text of the login box is too large, the text exceeds the size
of the login button.

This patch allow the button to grow vertically.

Resolves: #92622
Releases: master, 10.4
Change-Id: I9aa7858fd23c5f5848657c6c029769e9fa8de179
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66554
Tested-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
10 months ago[BUGFIX] Implement deferred BE image processing consistently 37/65237/29
Helmut Hummel [Wed, 29 Jul 2020 11:05:31 +0000 (13:05 +0200)]
[BUGFIX] Implement deferred BE image processing consistently

Change the implementation of backend deferred image processing
to use a file processor, which is only but always used in the backend.

By doing so all limitations of the current implementation are resolved,
which means, width and height of the image can be set in HTML, to avoid
layout shifts and once the images are processed, they will simply
be delivered by the web server.

Inconsistencies with thumbnail ratio (depending on crop being defined
or not) are also tackled on the go.

While this changes processing configuration for some files,
which triggers a re-generation, it should not matter, as image
processing will be done in parallel on request, making such changes
viable in a bugfix release.

The introduced database field is neither used nor required for the
current implementation, but is introduced to provide a possibility for
third party processors to replace the current implementation with simple
(and persisted) URLs to third party SaaS image processing services.

Resolves: #92188
Releases: master, 10.4
Change-Id: I8d1e14324085c5b6ba646475206c8cb10a1fc10d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65237
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[!!!][TASK] Drop workspace additional services 32/66632/2
Christian Kuhn [Sat, 14 Nov 2020 10:36:42 +0000 (11:36 +0100)]
[!!!][TASK] Drop workspace additional services

Back in 6.2 at ExtJS times, a feature has been introduced
to the workspace module to extend the shown 'data grid'
with custom columns. This implementation has been done for
one specific customer who nowadays does not use the feature
anymore.
The feature broke when the transition to a native JavaScript
implementation has been done in v8. There is not a single bug
report this feature broke in forge, and it is hard to resurrect
it with the new client side implementation.
The patch drops related code from the extension. This gives
core development more freedom to improve the workspace module
with other patches.

Change-Id: Ie66b172484cdd08de06e019aa004055975948e85
Resolves: #92838
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66632
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[!!!][TASK] Remove setting mod.web_layout.disableAdvanced 31/66631/4
Georg Ringer [Fri, 13 Nov 2020 18:41:48 +0000 (19:41 +0100)]
[!!!][TASK] Remove setting mod.web_layout.disableAdvanced

The TSconfig setting `mod.web_layout.disableAdvanced` has been used to disable
the "clear cache"-button in the page module.

Since this behaviour can be triggered through various other ways, like the
context menu or by just saving the page record, this feature is removed completely.

Resolves: #92837
Releases: master
Change-Id: Ie4c563d89280bc494265611924e2b02727aed644
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66631
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[BUGFIX] Install tool database row updater works with mssql 22/66622/2
Christian Kuhn [Fri, 13 Nov 2020 13:12:10 +0000 (14:12 +0100)]
[BUGFIX] Install tool database row updater works with mssql

SqlServer can not handle a transaction for a table, if the
same table is queried currently. The install tool database
row updater does this. Solution is to skip the transaction
on this platform. Additionally, an update query is fixed
to hint for proper field types.

Resolves: #92832
Releases: master, 10.4
Change-Id: I5fc76705088a727dc1ff41410d6e2cd02b3d9655
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66622
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Streamline server response check 24/66624/4
Oliver Hader [Fri, 13 Nov 2020 16:22:21 +0000 (17:22 +0100)]
[TASK] Streamline server response check

* replace string states with specific StatusMessage models
* combine file path and base URL in new FileLocation model
* streamline responsibilities of classes

Resolves: #92834
Releases: master, 10.4, 9.5
Change-Id: Ib1a24fb00d4362062e88f93f236b3fd385015c3c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66624
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[TASK] Update @typo3/icons to 2.0.4 23/66623/2
Andreas Fernandez [Fri, 13 Nov 2020 14:20:45 +0000 (15:20 +0100)]
[TASK] Update @typo3/icons to 2.0.4

The package @typo3/icons can be updated to version 2.0.4 which adds some
new icons and reverts the icons "actions-edit-hide" and
"actions-edit-unhide" to their v1 variants.

Executed commands:

  cd Build
  yarn add "@typo3/icons@^2.0.4"
  yarn build

Resolves: #92833
Releases: master, 10.4
Change-Id: I78933010cb2d36b0d412b20c5e0d63976cc77035
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66623
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
10 months ago[TASK] Avoid using ControllerContext, and use Extbase Request instead 23/66323/12
Benni Mack [Tue, 27 Oct 2020 16:32:24 +0000 (17:32 +0100)]
[TASK] Avoid using ControllerContext, and use Extbase Request instead

This change adds the methods
* setRequest()
* getRequest()
* getUriBuilder()

to the RenderingContext of EXT:Fluid.

The main goal is to reduce the usages of
the ControllerContext as much as possible to
decouple Extbase from Fluid.

When the "setRequest" method is used in the renderingContext,
the controllerContext is filled as well, in order to be
backwards-compatible.

Resolves: #92826
Releases: master
Change-Id: I41b8741e947c78895317ef2235959ceb251e103c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66323
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[DOCS] Improve documentation for Fluid f:translate viewhelper 17/66617/2
Peter Kraume [Thu, 12 Nov 2020 16:15:47 +0000 (17:15 +0100)]
[DOCS] Improve documentation for Fluid f:translate viewhelper

Resolves: #92821
Releases: master, 10.4, 9.5
Change-Id: Ife0999560d3da75051b663b55d46e0f6a5e03dfb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66617
Tested-by: Peter Kraume <peter.kraume@gmx.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Peter Kraume <peter.kraume@gmx.de>
Reviewed-by: Chris Müller <typo3@krue.ml>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[!!!][TASK] Do not create new version placeholders in workspaces anymore 87/65587/69
Benni Mack [Sat, 5 Sep 2020 11:41:27 +0000 (13:41 +0200)]
[!!!][TASK] Do not create new version placeholders in workspaces anymore

Creating a new record in a workspace adds two database rows.

One that is the "placeholder", which - since v10.4 - contains
the same metadata as the other record:

* t3ver_wsid = workspaceID
* t3ver_oid = 0 (simulating behavior of an "online pendant record")
* t3ver_state = 1

And the "versionized" record, identified by:

* t3ver_wsid = workspaceID
* t3ver_oid = uid of the new placeholder record
* t3ver_state = -1

As of TYPO3 v10, the first record is not needed anymore,
the versioned record can be queried directly, however, since
the relations (except MM) point to the placeholder record,
this one is kept.

As result, only one record is created from now on:

* t3ver_wsid = workspaceID
* t3ver_oid = 0 (no online counterpart)
* t3ver_state = 1

On reading, the record is queried directly (no overlay needed anymore!)
with the existing Database Doctrine Restrictions. On publishing, the
record just gets the state/stage/wsid set and is "live".

This brings fundamental benefits:

* No overlays needed when querying
* Fewer database records (placeholders are not helpful)
* Conceptual problems with placeholder and shadowed fields are removed

Resolves: #92791
Releases: master
Change-Id: I0288cc63fe72d8442d586f309bd4054ac44e829b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65587
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
10 months ago[DOCS] Improve documentation about change of tt_content fields configuration 11/66611/3
Oliver Bartsch [Wed, 11 Nov 2020 21:46:56 +0000 (22:46 +0100)]
[DOCS] Improve documentation about change of tt_content fields configuration

In #92659 the tt_content fields `imagewidth` and `imageheight` have
been adjusted to not limit user input per default.

This improves the corresponding rst to properly describe the changes made.

Resolves: #92825
Relates: #92659
Releases: master
Change-Id: I61b1ee1fed95251d1a3be4dc9e3c996fb033aa04
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66611
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Josef Glatz <josefglatz@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Use current mime types for fonts 13/66513/4
Guido Schmechel [Thu, 5 Nov 2020 22:06:29 +0000 (23:06 +0100)]
[TASK] Use current mime types for fonts

Use the current W3C recommended mime types for
fonts in htaccess base file, see

https://www.iana.org/assignments/media-types/media-types.xhtml#font

Releases: master, 10.4
Resolves: #92743
Change-Id: I8abc5abe703ef02ed678e8f7b7b28a3544ce239e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66513
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[TASK] Streamline usage of contrib packages in TypeScript 93/65693/5
Benjamin Franzke [Thu, 3 Sep 2020 17:03:58 +0000 (19:03 +0200)]
[TASK] Streamline usage of contrib packages in TypeScript

No need to use a fully qualified namespace for
3rd party modules that are placed in TYPO3/CMS/Core/Contrib.
There are usually aliases configured in the requirejs configuration,
and if they are missing, we add them now.

This change additionally drops an unneded module declaration
for "TYPO3/CMS/Core/Contrib/imagesloaded.pkgd.min" which is
not needed when simply using "imagesloaded" as module name.

Commands used:

  grunt build

Releases: master, 10.4
Resolves: #92725
Change-Id: I6e7c02104050202d5c1a8bd0d7546a1496f5636c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65693
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[TASK] Enable EXT:impexp to include presets in export 70/65770/12
Alexander Nitsche [Thu, 17 Sep 2020 16:37:31 +0000 (18:37 +0200)]
[TASK] Enable EXT:impexp to include presets in export

Only tables with TCA configurations are available for the export of a
TYPO3 instance. The stored export configurations - so called presets -
were missing the TCA configuration and thus had to be exported and
imported separately in a database client.

This patch adds a TCA configuration for the export configurations and
thus makes them exportable and importable along with the main dump.
The presets are saved on PID=0 and hidden from record lists to
force the user to continue managing them with the export module.

Resolves: #92346
Releases: master, 10.4
Change-Id: Ic5a9babc91a93f8bf1561b697c4fca0ad548f734
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65770
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Rémy DANIEL <dogawaf@no-log.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[BUGFIX] Reintroduce the check on options.saveDocNew 59/66559/2
Xavier Perseguers [Sat, 7 Nov 2020 09:07:10 +0000 (10:07 +0100)]
[BUGFIX] Reintroduce the check on options.saveDocNew

Due to a refactoring and "unrolling" of buttons in TYPO3 v9, the TSconfig
options.saveDocNew has been forgotten when adding a button to create a
new record right while editing another one.

Even if the new button nowadays is physically not a "Save and create new"
action in the label, the behaviour is strictly the same as any unchanged
edit will trigger a modal asking whether the changes should be persisted.

Releases: master, 10.4, 9.5
Resolves: #87321
Resolves: #92788
Change-Id: Ic79f7ff06afef0cf9423780eef2d5324e5613664
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66559
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Eric Chavaillaz <eric@hemmer.ch>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Eric Chavaillaz <eric@hemmer.ch>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[FEATURE] Add options to locally test on composer min and max stages 70/66570/5
Anja Leichsenring [Sun, 8 Nov 2020 10:14:11 +0000 (11:14 +0100)]
[FEATURE] Add options to locally test on composer min and max stages

Two new options for the famous Build/Scripts/runTests.sh script
have been added, that allow to quickly set up local environment
for composer min and max testing.

There is now

- Build/Scripts/runTests.sh -s composerInstallMax for no platform.php
setting and `composer update` preset and
- Build/Scripts/runTests.sh -s composerInstallMin for platform.php set
to current PHP version bugfix version 0 (like 7.2.0 or 8.0.0) and
`composer update --prefer-lowest` preset

Resolves: #92795
Releases: master, 10.4, 9.5
Change-Id: I13f782f2e73bb89404fcd2e18d507e2c39e4eba3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66570
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[TASK] Raise typo3/testing-framework to 6.4.7 04/66604/2
Christian Kuhn [Wed, 11 Nov 2020 11:51:34 +0000 (12:51 +0100)]
[TASK] Raise typo3/testing-framework to 6.4.7

Contains a change for an upcoming workspace related
core patch.

composer require --dev typo3/testing-framework ^6.4.7

Change-Id: I11980b635e3a2b00de481a8d73b69368554c08d3
Releases: master, 10.4
Resolves: #92818
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66604
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[DOCS] Remove Developer page from Linkvalidator docs 74/66274/4
Sybille Peters [Fri, 23 Oct 2020 16:38:34 +0000 (18:38 +0200)]
[DOCS] Remove Developer page from Linkvalidator docs

The Developer page explained how link handling is done
in the RTE. This is not specific to linkvalidator and
may change in the future.

Understanding how the existing events work can be
better done by looking in the core.

Resolves: #92720
Releases: master
Change-Id: I88bdf27c2045c29c0f93bcc3f394cb21471e0b73
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66274
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Björn Jacob <bjoern.jacob@tritum.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Josef Glatz <josefglatz@gmail.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Björn Jacob <bjoern.jacob@tritum.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
10 months ago[BUGFIX] Better handling of "too many redirects" in linkvalidator 63/66363/3
Sybille Peters [Sat, 31 Oct 2020 13:11:49 +0000 (14:11 +0100)]
[BUGFIX] Better handling of "too many redirects" in linkvalidator

Previously, if there were too many redirects, an error message
"A redirect loop occurred" was displayed. This was misleading.

A redirect loop is different from "too many redirects". "Too
many redirects simply means that the maximum number of redirects
used by the underlying HTTP request library (Guzzle) is reached
before reaching the destination. This happens by default after
5 redirects.

Therefore, the "too many redirects" error is now being displayed
with its own message.

Resolves: #92741
Releases: master
Change-Id: I69e191e1f2c771eb83b8c82b2be12dd58730d8e3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66363
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Guido Schmechel <guido.schmechel@brandung.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[FEATURE] Add `expandAll` option for renderType=selectCheckBox 81/65081/6
spthiel [Fri, 24 Jul 2020 07:50:59 +0000 (07:50 +0000)]
[FEATURE] Add `expandAll` option for renderType=selectCheckBox

The renderType `selectCheckbox` allows for grouping of items,
which are rendered as collapsed per default.

A new TCA setting now allows to define this behavior for all
groups at once. By adding the new setting `expandAll=true`,
all groups are initially expanded. If not set or set to FALSE
the current behvahiour remains and all groups are collapsed.

Releases: master
Resolves: #91859
Change-Id: I9db196a7bfa6b1399358afdc785814425a764e80
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65081
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
10 months ago[BUGFIX] Add focus style to button on login form 59/66259/4
Torben Hansen [Fri, 23 Oct 2020 10:17:05 +0000 (12:17 +0200)]
[BUGFIX] Add focus style to button on login form

Adds a focus style to the button on the login form
so it is visible that the button has the focus.

Resolves: #92620
Releases: master, 10.4
Change-Id: I1e98ed780cfbf2744cbf3646317f74911a8deeb2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66259
Tested-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Reviewed-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[TASK] Removed unknown aria attribute from modules menu 61/66261/3
Torben Hansen [Fri, 23 Oct 2020 10:29:36 +0000 (12:29 +0200)]
[TASK] Removed unknown aria attribute from modules menu

Removed an unknown aria attribute from the modules menu
and added an `aria-controls` attribute to 1st level menu
items.

Resolves: #92634
Releases: master, 10.4
Change-Id: Id15f902053e091add3e1321dbf6e6d23d9a0805d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66261
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Tested-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Michael Telgkamp <michael.telgkamp@mindscreen.de>
Reviewed-by: Martin Kutschker <mkutschker-typo3@yahoo.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
10 months ago[!!!][BUGFIX] Do not render type attribute for style and link tags 48/65548/9
Benni Mack [Thu, 3 Sep 2020 14:39:43 +0000 (16:39 +0200)]
[!!!][BUGFIX] Do not render type attribute for style and link tags

It is recommended for <style> and <link> HTML tags
to not use the "type" attribute anymore.

Details:
* https://developer.mozilla.org/en-US/docs/Web/HTML/Element/link
* https://developer.mozilla.org/en-US/docs/Web/HTML/Element/style

The patch drops the attribute from rendering. The patch is
marked as a breaking since it changes frontend output.

Resolves: #45512
Releases: master
Change-Id: I073d7ef6c40a824755768d33fcc71c9f26090801
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65548
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[!!!][TASK] Remove feature security.frontend.keepSessionDataOnLogout 96/66596/2
Benni Mack [Mon, 9 Nov 2020 19:51:33 +0000 (20:51 +0100)]
[!!!][TASK] Remove feature security.frontend.keepSessionDataOnLogout

The feature flag "security.frontend.keepSessionDataOnLogout"
was introduced as part of a security bugfix to still enable frontend
users to keep their session data even if they have logged out,
where the session data was transferred and migrated to an
anonymous session.

Since this feature in general is insecure, as people who log off
from a public computer would keep session data on that machine,
the functionality is fully removed.

Resolves: #92807
Releases: master
Change-Id: Ieaebcc33e85e1df6e359a7eae318712896800bca
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66596
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>