Packages/TYPO3.CMS.git
6 years ago[BUGFIX] Fix case of tests folder
Xavier Perseguers [Fri, 19 Oct 2012 12:53:10 +0000 (14:53 +0200)]
[BUGFIX] Fix case of tests folder

Change-Id: I7f6f41e1fb39d4e984883544befbd04610188702
Relates: #41828
Reviewed-on: http://review.typo3.org/15819
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Unit test for saltedpasswords fail
Xavier Perseguers [Tue, 16 Oct 2012 12:38:36 +0000 (14:38 +0200)]
[BUGFIX] Unit test for saltedpasswords fail

Change-Id: I858fdf23a71e739c68b757bf486038b6c57d2675
Relates: #41828
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/15771
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does
Stanislas Rolland [Tue, 16 Oct 2012 14:45:24 +0000 (10:45 -0400)]
[BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does

Problem: When linking from a piece of content in the RTE to a disabled
page in the tree, the link isn't shown in the final frontend rendering.
However, the small arrow icon that you can have in front of the link to
denote its type, does get shown.
Solution: Remove the icon if no link is generated

Change-Id: I5199d90aaf4f2b3103ff1f8680376b82173e9723
Resolves: #36087
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15797
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] RTE: Words containing umlauts not added to personal dictionary
Stanislas Rolland [Thu, 18 Oct 2012 12:34:52 +0000 (08:34 -0400)]
[BUGFIX] RTE: Words containing umlauts not added to personal dictionary

Problem: The spell checker must analyze the dictionary file and may
have to update the charset of the personal dictionary. In doing so,
it is looking for the wrong file when the dictionary in use is a
regional/variety dictionary.

Change-Id: Ibb6214be3b8cb4aeb2eb179e4a221b62c1e6f50e
Resolves: #29685
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15786
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] Extension Import not working with postgresql and DBAL
Ernesto Baschny [Wed, 18 Jul 2012 19:15:06 +0000 (21:15 +0200)]
[BUGFIX] Extension Import not working with postgresql and DBAL

Change-Id: I496e3729b3c98c85a07e75539de9464f272837e6
Fixes: #38406
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15776
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[TASK] Set TYPO3 version to 4.5.21-dev
TYPO3 Release Team [Tue, 16 Oct 2012 13:50:03 +0000 (15:50 +0200)]
[TASK] Set TYPO3 version to 4.5.21-dev

Change-Id: Ib967c36f2e3c2f1db4bd4842d3d5b9421580ca66
Reviewed-on: http://review.typo3.org/15735
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[RELEASE] Release of TYPO3 4.5.20
TYPO3 Release Team [Tue, 16 Oct 2012 13:49:54 +0000 (15:49 +0200)]
[RELEASE] Release of TYPO3 4.5.20

Change-Id: I6532876ec0bb9093316a08997d049258611fa0fb
Reviewed-on: http://review.typo3.org/15734
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Tue, 16 Oct 2012 13:14:21 +0000 (15:14 +0200)]
[TASK] Raise submodule pointer

Change-Id: If0126092e366e6b9ce712a383e45a6fd4aca75ca
Reviewed-on: http://review.typo3.org/15726
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[TASK] Update md5 sums for 4.5.20
Steffen Ritter [Tue, 16 Oct 2012 11:43:14 +0000 (13:43 +0200)]
[TASK] Update md5 sums for 4.5.20

Change-Id: I100d66ab6dd7b491850f52dee2b3e278a166b3e7
Reviewed-on: http://review.typo3.org/15720
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[TASK] Update backend sprites according to rebranding
Steffen Ritter [Tue, 16 Oct 2012 13:05:42 +0000 (15:05 +0200)]
[TASK] Update backend sprites according to rebranding

Change-Id: Ic992a7bff08e6acd30ce6577f4a1d83b9c2ae8ef
Reviewed-on: http://review.typo3.org/15725
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[TASK] Introduce "TYPO3 CMS" in EXT: about
Felix Kopp [Mon, 15 Oct 2012 18:52:37 +0000 (20:52 +0200)]
[TASK] Introduce "TYPO3 CMS" in EXT: about

Changed terminology to "TYPO3 CMS" where applicable in
backend module About.

Change-Id: I064607c3d45dc3a138df21db91d45964c14d0e2c
Resolves: #41823
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15698
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[TASK] Adjust Logos to new style-guide
Felix Kopp [Mon, 8 Oct 2012 09:48:55 +0000 (11:48 +0200)]
[TASK] Adjust Logos to new style-guide

TYPO3 is changing and so is the logo.
Secondary color green is dropped and replaced by orange.
Also the signet moves to the left.

Adjusts logos/images/icons/files in backend to new brand definition.

Fixes: #41704
Releases: 4.5, 4.6, 4.7, 6.0
Change-Id: I34c80b085ef6b6efaffe2de4b67bb47c79b570ec
Reviewed-on: http://review.typo3.org/15707
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Prevent saltedpasswords destroying the password
Xavier Perseguers [Tue, 16 Oct 2012 07:09:59 +0000 (09:09 +0200)]
[BUGFIX] Prevent saltedpasswords destroying the password

When a record is using a plain MD5 password, EXT:saltedpasswords will
destroy the password after the second successive edit.

Add check for already temporarily hashed passwords to prevent that.

Change-Id: I487cbb335616c1d378a704845d5cc96e4ad6cb62
Fixes: #41828
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15674
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
7 years ago[BUGFIX] RTE: Paste as plain text doesn't work in Safari (Mac only)
Stanislas Rolland [Wed, 10 Oct 2012 16:42:15 +0000 (12:42 -0400)]
[BUGFIX] RTE: Paste as plain text doesn't work in Safari (Mac only)

Problem: Access to clipboard is denied.
Solution: Redirect paste to hidden section.

Change-Id: Ic5e6f65cdd0e2a45da4786f388b2bf6a78c9d8b7
Resolves: #35356
Releases: 4.5, 4.6
Reviewed-on: http://review.typo3.org/15498
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] CE with "All languages" doesn't show with every lang
Marcus Schwemer [Tue, 19 Jun 2012 06:55:48 +0000 (08:55 +0200)]
[BUGFIX] CE with "All languages" doesn't show with every lang

The page module should also list the content elements
with language set to "All". Now elements set to "All" are displayed
in all languages, not only with the default language.

Change-Id: I2b0875e1993b3af29fbdec4f700b16a7c56696d8
Fixes: #24087
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15615
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
7 years ago[BUGFIX] CE with "All languages" isn't shown in Page module
Georg Ringer [Fri, 23 Mar 2012 11:12:57 +0000 (12:12 +0100)]
[BUGFIX] CE with "All languages" isn't shown in Page module

The page module should also list the content elements
with language set to "All"

Change-Id: I6d8aaf4829a70b3945508884d9a09cf23d1e4842
Resolves: #24087
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12079
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
7 years ago[BUGFIX] Proper cursor icon in access module
Georg Ringer [Mon, 16 Jan 2012 18:32:52 +0000 (19:32 +0100)]
[BUGFIX] Proper cursor icon in access module

The access module got those nice red/green icons but many
people don't know that those are clickable because the cursor
icon is wrong.

Change-Id: I8a16a1efff47007740b8dbfee77121d9a69ea3a7
Fixes: #33230
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12795
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
7 years ago[BUGFIX] Fix the additional icon check
Wouter Wolters [Sat, 13 Oct 2012 15:29:42 +0000 (17:29 +0200)]
[BUGFIX] Fix the additional icon check

When looking for additional icons the class AbstractSpriteHandler
a missing check if array on configuration.
Makes the whole TYPO3 installation to crash.

Change-Id: Ib70957da3947f52db220cc42ce311a0771e464f7
Resolves: #41463
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15569
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
7 years ago[BUGFIX] Fix translation moving in workspaces
Tolleiv Nietsch [Sun, 12 Feb 2012 05:01:55 +0000 (06:01 +0100)]
[BUGFIX] Fix translation moving in workspaces

Seems that the API changes introduced with changeset 89bd701c
haven't been made everywhere. This caused some issue when
translated records are move in a workspace.

Goes together with a fix in EXT:version which can be found under
https://review.typo3.org/8997

Change-Id: Id5d03fbeb42a6aa147f40629f368621417ccd59c
Fixes: #33592
Releases: 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/13009
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[BUGFIX] strftime expects parameter 2 to be long, string given
Simon Schaufelberger [Tue, 18 Sep 2012 19:44:50 +0000 (21:44 +0200)]
[BUGFIX] strftime expects parameter 2 to be long, string given

Any zero length string value is replaced with the current timestamp.
(Just like the default value for the second parameter of
strtime/gmstrftime.)

Change-Id: I58225b1604607685a3fd4ac4ee50b806c552d326
Fixes: #38717
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/14717
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
7 years ago[BUGFIX] RTE: array_flip warning on array of languages
Stanislas Rolland [Wed, 10 Oct 2012 18:30:44 +0000 (14:30 -0400)]
[BUGFIX] RTE: array_flip warning on array of languages

Make sure the array is not corrupted.

Change-Id: Iea86ade77ecffb6e4b720749fc7d47548b0b1552
Resolves: #35147
Releases: 4.5, 4.6
Reviewed-on: http://review.typo3.org/15502
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] Words with special characters not added to personal dictionary
Stanislas Rolland [Fri, 6 Jul 2012 21:02:07 +0000 (17:02 -0400)]
[BUGFIX] Words with special characters not added to personal dictionary

Problem: Words containing special characters (f. e. German umlauts)
can´t be added to the user´s personal dictionary.
Solution: Work around Aspell issue.

Change-Id: I23a8a36d56b12cc14f32b0a30443c62d6e11bd5a
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #38653
Reviewed-on: http://review.typo3.org/12680
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] htmlArea RTE: Cursor jumps to first letter with Chrome 22
Stanislas Rolland [Thu, 4 Oct 2012 17:42:00 +0000 (13:42 -0400)]
[BUGFIX] htmlArea RTE: Cursor jumps to first letter with Chrome 22

Selection gets broken when bookmarks are inserted by undo/redo
mechanism in Google Chrome 22.

Change-Id: Ic5ba765925611c7b83a67786f64a292908ea5076
Resolves: #41411
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15335
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] Do not save expand state for root node in TCA tree
Christoph Gerold [Sun, 2 Sep 2012 10:46:06 +0000 (12:46 +0200)]
[BUGFIX] Do not save expand state for root node in TCA tree

To avoid a PHP warning: Missing argument for
BackendUserSettings::addToList() the expanded state must
not be saved for the tree root node which does not
have a uid property.

Change-Id: Id6d16525cd68e4ec13f36c8d95d2ecc0cc1bc794
Resolves: #31978
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15171
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
7 years ago[BUGFIX] File upload button is collapsed in Chrome 21
Steffen Gebert [Wed, 15 Aug 2012 11:57:43 +0000 (13:57 +0200)]
[BUGFIX] File upload button is collapsed in Chrome 21

In Chrome 21, the FlashUploader button is collapsed to a few pixels of
height. So it is nearly impossible to hit the button.

Change-Id: Ide661abf98af8edc1f0c5e75df01840c9d230d40
Releases: 6.0, 4.7, 4.6, 4.5
Resolves: #39659
Reviewed-on: http://review.typo3.org/14479
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
7 years ago[BUGFIX] Switch to List module on root page leads to blank page
Thomas Löffler [Wed, 12 Sep 2012 06:41:50 +0000 (08:41 +0200)]
[BUGFIX] Switch to List module on root page leads to blank page

Reproducable only with admin account. Switch to Page module, go to root
page (id = 0), switch to List module => blank page. Works only on
root page.

Change-Id: Ic3b8f84a4ab3c3245605c6d527651cce18360558
Releases: 6.0, 4.7, 4.6, 4.5
Resolves: #40781
Reviewed-on: http://review.typo3.org/14799
Reviewed-by: Thomas Loeffler
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
7 years ago[BUGFIX] Error handler registration accepts way too much PHP error types
Marcus Krause [Sat, 22 Sep 2012 12:21:58 +0000 (14:21 +0200)]
[BUGFIX] Error handler registration accepts way too much PHP error types

Taken from http://php.net/manual/en/function.set-error-handler.php
set_error_handler has limitations for error types to process.

In detail E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING,
E_COMPILE_ERROR, E_COMPILE_WARNING cannot handled by an user defined
function.

This issue is about reflecting this in config_default settings and
in t3lib_error_ErrorHandler to make sure to process only error types
we can handle.

Change-Id: I908aa33c07a7de69095dce3e0d74d19134733231
Fixes: #31827
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14935
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Tree view in admin panel is broken with PHP 5.4
Philipp Gampe [Sat, 22 Sep 2012 16:15:59 +0000 (18:15 +0200)]
[BUGFIX] Tree view in admin panel is broken with PHP 5.4

The double ['0.'] in $arr['0.']['0.'] is wrong.
Fun fact: This is "broken" since the initial commit.

Fixes: #41213
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ibb066611b2f419f0e7c085bb413bb3685eb4bfb4
Reviewed-on: http://review.typo3.org/14924
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
7 years ago[BUGFIX] Error handler callback causes fatal error for parse time errors
Marcus Krause [Sat, 22 Sep 2012 12:09:36 +0000 (14:09 +0200)]
[BUGFIX] Error handler callback causes fatal error for parse time errors

TYPO3's error handler callback t3lib_error_ErrorHandler::handleError()
causes a fatal error for PHP parse time errors.

If an error occurs during parse time (like E_DEPRECATED due to
deprecated $foo =& stdClass() code), autoloading is not available
and such PHP standard class 'Exception' (extended by t3lib_exception)
is not resolvable.
This results in a fatal and misleading error
'Class "Exception" not found'
together with a not useful backtrace. Additionally this behaviour
hides the original causing error (deprecated code).

Change-Id: I4ab97c1bf2d888022369f2095285cecc5a4c54a4
Fixes: #31834
Related: #31827
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14927
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Error messages are not shown in 123 installation process
Nicole Cordes [Fri, 21 Sep 2012 10:03:49 +0000 (12:03 +0200)]
[BUGFIX] Error messages are not shown in 123 installation process

Because of a missing ERRORMESSAGES subpart in the 123 install template,
error messages collected while processing are not shown in the frontend.
This patch adds the subpart to the template to show more error information
in the frontend.

Change-Id: I9ee57317958b4505565161c1679d1549c6b89c2c
Fixes: #41158
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14902
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
7 years ago[TASK] Database creating fails due to not allowed characters
Jigal van Hemert [Sat, 22 Sep 2012 05:08:57 +0000 (07:08 +0200)]
[TASK] Database creating fails due to not allowed characters

Due to compatibility the CREATE DATABASE statement is used without quotes.
At least for MySQL databases there are limited characters allowed to use
in unquoted database names (0-9,a-z,A-Z$_). At the moment the database
name is parsed with enabled hyphen but this is obviously not allowed. The
parsing has to be changed to meet the MySQL limitation as well.

Change-Id: Id8e025e6c681487818973a595652dd29cb86c4b8
Resolves: #41151
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14899
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
7 years ago[BUGFIX] Set charset property after cloning t3lib_PageRenderer
Laurent Cherpit [Mon, 26 Mar 2012 13:37:05 +0000 (15:37 +0200)]
[BUGFIX] Set charset property after cloning t3lib_PageRenderer

TCA tree causes fatal error when using in (IRRE)
1284906026: Language and character encoding are not set.

Change-Id: I6e859cb31edd4280d39e0f1ff268b865ac233fca
Fixes: #27957
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14247
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
7 years ago[BUGFIX] PHP warning when no language pack is available
Xavier Perseguers [Fri, 24 Aug 2012 08:51:07 +0000 (10:51 +0200)]
[BUGFIX] PHP warning when no language pack is available

Make sure to return either an array or a boolean and not a
string when retrieving the status of an translation pack.

Change-Id: Ic837026f387e370cf28a5c65866954898dc8a37c
Fixes: #40108
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/14026
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
7 years ago[TASK] Set TYPO3 version to 4.5.20-dev
TYPO3 Release Team [Wed, 15 Aug 2012 10:26:15 +0000 (12:26 +0200)]
[TASK] Set TYPO3 version to 4.5.20-dev

Change-Id: I712fe72e2638caf8a3dbee37ac493d3410dce8da
Reviewed-on: http://review.typo3.org/13776
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[RELEASE] Release of TYPO3 4.5.19
TYPO3 Release Team [Wed, 15 Aug 2012 10:26:05 +0000 (12:26 +0200)]
[RELEASE] Release of TYPO3 4.5.19

Change-Id: I6497d5ff720b47abd594e1e5b9ea11f17a3c254c
Reviewed-on: http://review.typo3.org/13775
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[SECURITY] XSS in install tool
Mario Rimann [Wed, 15 Aug 2012 10:18:08 +0000 (12:18 +0200)]
[SECURITY] XSS in install tool

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: Iba8a37ad24557f1af6772af8596660cab8d4bf7f
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 835221d1b9b4f50a0769a5ed1f0116993b87da9c
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13744
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] Page Link Target vulnerable to XSS
Markus Bucher [Wed, 15 Aug 2012 10:18:01 +0000 (12:18 +0200)]
[SECURITY] Page Link Target vulnerable to XSS

This patch adds htmlspecialchars to page link target to prevent
XSS.

Change-Id: Ib8f812f89f892f580fc70300a4e4fa2287559dba
Fixes: #32653
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: f9987febc23355d9a4996eba7ac0039bfe801607
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13743
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] XSS in validateForm
Markus Bucher [Wed, 15 Aug 2012 10:17:55 +0000 (12:17 +0200)]
[SECURITY] XSS in validateForm

Properly quote the form name and field list
for the JavaScript validation

Fixes: #25052
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I01527117c20e25963951502c2277b853f683fe04
Security-Commit: 20a6486d3027f474fb2352668cdb0fbee5f251f3
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13742
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] XSS in TCE forms
Christian Kuhn [Wed, 15 Aug 2012 10:17:48 +0000 (12:17 +0200)]
[SECURITY] XSS in TCE forms

Properly encode field labels that are set via TSConfig.

Fixes: #25356
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ic41ce41cf8babd27867e71764173cf4e6524843e
Security-Commit: efdf638fa6f2971d62195aa40137e19a89884a2b
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13741
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] XSS in Scheduler Example Task
Mario Rimann [Wed, 15 Aug 2012 10:17:42 +0000 (12:17 +0200)]
[SECURITY] XSS in Scheduler Example Task

The scheduler test-task that sends an email does not properly
sanitize the input of the email field when rendering the editing
form of that task.

Change-Id: I82f63ff7267e4ba8da2e31a2659b0bca4cf83ed2
Fixes: #30967
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 7f96ebdff7db327825dbb8f835b1e6f8aee39ce1
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13740
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] HTML5 support in RemoveXSS
Franz G. Jahn [Wed, 15 Aug 2012 10:17:36 +0000 (12:17 +0200)]
[SECURITY] HTML5 support in RemoveXSS

Add support for HTML5 tags and attributes in RemoveXSS.

Change-Id: I4487386f8c62d6ec32d9f66215ebd45e3ebf9cb0
Fixes: #37127
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 4868b1a837cc7263cb2a92e2007ce253f0303a7e
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13739
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] Information Disclosure in the Configuration Module
Mario Rimann [Wed, 15 Aug 2012 10:17:29 +0000 (12:17 +0200)]
[SECURITY] Information Disclosure in the Configuration Module

The configuration module showed the encryption key as plaintext.
For this view, the encryption key is masked and it's length is
shown instead, e.g. "***** (length: 96 characters)"

Change-Id: Id9561ca6c5812fb9bd6c177896a27854e8f0cdb4
Fixes: #39345
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 0e61891d3f872437729d2d5a2d976669e38bd938
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13738
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] Untrusted GP data is unserialized in old CSH handling
Helmut Hummel [Wed, 15 Aug 2012 10:17:23 +0000 (12:17 +0200)]
[SECURITY] Untrusted GP data is unserialized in old CSH handling

Using the old and already deprecated CSH handling in TYPO3 backend,
untrusted GP data is unserialized. Validate the submitted data with
an hmac.

Change-Id: I0a6961b7db3e4b80270745421c82122deb4f6874
Fixes: #33520
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13737
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] XSS in Indexed Search statistics
Steffen Gebert [Wed, 15 Aug 2012 10:17:18 +0000 (12:17 +0200)]
[SECURITY] XSS in Indexed Search statistics

Indexed Search statistics module is vulnerable to
persistent XSS attack injected by arbitrary frontend users.

Change-Id: I9298b5d1808cef9d123d4b9c3867f1f55dfe4efe
Fixes: #31927
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: f16df3528cb66183fd7371cf6a64f7f7da98dd74
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13736
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[SECURITY] t3lib_div::quoteJSvalue allows XSS
Helmut Hummel [Wed, 15 Aug 2012 10:17:12 +0000 (12:17 +0200)]
[SECURITY] t3lib_div::quoteJSvalue allows XSS

When t3lib_div::quoteJSvalue() was used with second
parameter set to TRUE closing HTML script tags were
not escaped correctly.

Now every character except harmless ones is encoded
to a hex representation.

Change-Id: Iab6793a3028976c4283cda466a2d3c6799b2554e
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #23226
Security-Commit: 70901d7dab2ba8cd314e931e98c3ec84b08fd0fb
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13735
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[TASK] Set TYPO3 version to 4.5.19-dev stephenking/rootline-cache-45-2
TYPO3 Release Team [Wed, 8 Aug 2012 12:44:52 +0000 (14:44 +0200)]
[TASK] Set TYPO3 version to 4.5.19-dev

Change-Id: I413424ca74693a7bd4bacb44bf3724f457a0963e
Reviewed-on: http://review.typo3.org/13524
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[RELEASE] Release of TYPO3 4.5.18
TYPO3 Release Team [Wed, 8 Aug 2012 12:44:43 +0000 (14:44 +0200)]
[RELEASE] Release of TYPO3 4.5.18

Change-Id: Ibf85379e48a59fdfabdad4edaf25c978dcd596b4
Reviewed-on: http://review.typo3.org/13523
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData
Claus Due [Sat, 4 Aug 2012 15:57:52 +0000 (17:57 +0200)]
[BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData

This change simply adds $fieldName to the "real" call to process
the FlexForm's DS. The argument is already supported on the target
class and the value of the argument for the dispatching method in
t3lib_transferData already is properly filled with the correct name.

Change-Id: Ief2f07bca064ae4eed248bb058b4884bcdc7ed96
Releases: 4.5, 4.6, 4.7, 6.0
Fixes: #39527
Reviewed-on: http://review.typo3.org/13473
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
7 years ago[BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given
Michael Klapper [Fri, 3 Aug 2012 10:23:35 +0000 (12:23 +0200)]
[BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given

The method t3lib_db::debug_check_recordset should use
"is_resource" to be sure we have a proper database resource object.

Change-Id: I18f25760d53d3bd3d8e396b40dbf3727b3bf33c8
Fixes: #39509
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13441
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Suggest Wizard crashes in Frontend Editing
Dennis Ahrens [Tue, 20 Dec 2011 14:52:23 +0000 (15:52 +0100)]
[BUGFIX] Suggest Wizard crashes in Frontend Editing

As the backpath cannot be resolved, the JS dies.

Change-Id: I614fba37f9010ed92a43f04b3e9d564f49fe50a6
Fixes: #25079
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12836
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Oliver Klee
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] unlink issues warnings for lock files
Markus Klein [Sat, 3 Dec 2011 20:08:54 +0000 (14:08 -0600)]
[BUGFIX] unlink issues warnings for lock files

t3lib_lock issues warnings for non-existent lock files.

Change-Id: I55df9938cf56825cd808195f74f10582d2ecedad
Fixes: #32282
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/12831
Reviewed-by: Marcus Schwemer
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] IRRE childs don't expand in Internet Explorer
Stefan Aebischer [Thu, 12 Jul 2012 17:30:26 +0000 (18:30 +0100)]
[BUGFIX] IRRE childs don't expand in Internet Explorer

document.getElementsByName doesn't always extend the returned DOM
Elements with prototype.js specific methods in Internet Explorer.
This patch uses the $$() selector to retrieve the needed DOM
Elements, as it always extends the returned Elements with
prototype.js specific methods (e.g. remove())

Change-Id: I083ca8b55a3b95757408a159f39f7b22cacf9c8f
Fixes: #38849
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13412
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] t3lib_db::exec_SELECTgetRows method annotation
Nicole Cordes [Tue, 31 Jul 2012 14:48:20 +0000 (16:48 +0200)]
[BUGFIX] t3lib_db::exec_SELECTgetRows method annotation

The function returns a NULL value if a sql error occurs.

Change-Id: Ic508aa5ba2034c0a230f5fad56690979ed576bf4
Fixes: #39417
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13408
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Properly check disabled versioning within tcemain
Tolleiv Nietsch [Sat, 4 Feb 2012 08:53:31 +0000 (09:53 +0100)]
[BUGFIX] Properly check disabled versioning within tcemain

Setting $GLOBALS['TCA'][$table]['ctrl']['versioningWS'] = FALSE; isn't
fully working within tcemain because some isset() checks don't
look at the value atm.

Change-Id: I75a994c5eb09c4cc5b4c68e986f42b4592fd1043
Fixes: #33625
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12834
Reviewed-by: Tymoteusz Motylewski
Reviewed-by: Marcus Schwemer
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
7 years ago[BUGFIX] PHP warnings may show up in the List module
Dmitry Dulepov [Thu, 24 Nov 2011 15:19:02 +0000 (17:19 +0200)]
[BUGFIX] PHP warnings may show up in the List module

If the table is defined in $TCA but it misses "columns" array,
there will be a warning in the List module when searching for
any phrase. Implement a check that "columns" entry exists and
write a log message if it does not.

Change-Id: I0cba20e3b45ef78eb926042cc8ff09ea255c33ec
Resolves: #22152
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12824
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Shell command arguments are not escaped
Mario Rimann [Tue, 17 Jul 2012 20:11:45 +0000 (22:11 +0200)]
[BUGFIX] Shell command arguments are not escaped

Shell command arguments should be escaped with
escapeshellarg() PHP function, which adds single quotes
around the argument and escapes all single quotes inside the
argument.

Change-Id: If6f0dd507828510893d11ebea5da88748dc7cd0c
Resolves: #31278
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12855
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
7 years ago[BUGFIX] RTE transformation transforms LF/CR between div and hr into space
Stanislas Rolland [Fri, 29 Jul 2011 15:49:50 +0000 (11:49 -0400)]
[BUGFIX] RTE transformation transforms LF/CR between div and hr into space

Fix the issue and add test cases.

Change-Id: I3bf677985d5599fd8dae41101519779deb3b3359
Resolves: #26815
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/13018
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] Exclude E_STRICT on PHP 5.4 and unify error reporting
Philipp Gampe [Fri, 6 Jul 2012 07:36:47 +0000 (09:36 +0200)]
[BUGFIX] Exclude E_STRICT on PHP 5.4 and unify error reporting

Since #38645 most error_reporting defintions are excluding E_STRICT on
newer PHP versions, but some places have been forgotten to be adapted.

Change-Id: I84a97b5124b8c69297086fc293290e12456d8cf1
Fixes: #38691
Relates: #38645
Releases: 4.5
Reviewed-on: http://review.typo3.org/12656
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
7 years ago[TASK] Always return a boolean in t3lib_div::validPathStr
Andy Grunwald [Fri, 6 Jul 2012 10:56:46 +0000 (12:56 +0200)]
[TASK] Always return a boolean in t3lib_div::validPathStr

In t3lib_div::validPathStr() a boolean (TRUE) is returned,
if this is a valid path string. If it is NOT a valid path string,
then nothing will be returned. In the doc comment,
there is a return type "boolean" mentioned.

Just return a boolean, if it is not a valid path string.

Change-Id: Ie153a6df39f639895264dafbbd1adc76d96ae124
Fixes: #38604
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12667
Reviewed-by: Andy Grunwald
Reviewed-by: Oliver Klee
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
7 years ago[TASK] Improve error message of "broken rootline"
Georg Ringer [Fri, 13 Jan 2012 11:29:53 +0000 (12:29 +0100)]
[TASK] Improve error message of "broken rootline"

Currently it is hard to get the reason why the error
"broken rootline" appears. Therefore the error msg can be
improved by adding the ID and fields which are queried.

Change-Id: I0d47ba944a96b29b220e590c24ead8c75c0a5fb6
Resolves: #33082
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13007
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
7 years ago[BUGFIX] Formmail doesn't always use correct character set
Jigal van Hemert [Sat, 19 Nov 2011 08:32:09 +0000 (09:32 +0100)]
[BUGFIX] Formmail doesn't always use correct character set

To work around a bug in SwitfMailer the character set of a message part
should always be set. When no character set is explicitly defined use
the renderCharset instead.

Change-Id: Ie1a9600bfe95c94e4250a6888cb29ee0f3b42d11
Fixes: #28684
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13006
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
7 years ago[BUGFIX] $_EXTCONF was not filled in ext_tables.php
Ernesto Baschny [Wed, 18 Jul 2012 16:54:15 +0000 (18:54 +0200)]
[BUGFIX] $_EXTCONF was not filled in ext_tables.php

Change-Id: I097ec87bbc2b8be5387fa7e9ca87d62bbd3560b1
Fixes: #38927
Releases: 4.5
Reviewed-on: http://review.typo3.org/12891
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] stdWrap numRows fails due to wrong SELECT clause
Ernesto Baschny [Tue, 17 Jul 2012 16:03:03 +0000 (18:03 +0200)]
[BUGFIX] stdWrap numRows fails due to wrong SELECT clause

Exclude aggregate functions count(), sum(), max(),
min(), avg() in if statement inside
tslib_cObj::sanitizeSelectPart().

Change-Id: I1fc1360ffc239695f0c04ca2322870a2129133ec
Fixes: #34152
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/12999
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
7 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Sat, 21 Jul 2012 15:54:33 +0000 (17:54 +0200)]
[TASK] Raise submodule pointer

Change-Id: Ia7af2bf45b3a447641cb4a2e845b416d65e499db
Reviewed-on: http://review.typo3.org/12977
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[BUGFIX] QT movies prefixed abusively in Media CE
Francois Suter [Tue, 17 Jul 2012 13:38:50 +0000 (15:38 +0200)]
[BUGFIX] QT movies prefixed abusively in Media CE

If some prefixes are defined (either base URL or absRefPrefix),
the Media CE will apply such prefix to any Quicktime movie
even if said movie is referenced by an absolute URL.

Change-Id: Ib176225e95472c7f5877b00f9c1bb2fe8041b773
Fixes: #39026
Releases: 6.0,4.7,4.6,4.5
Reviewed-on: http://review.typo3.org/12929
Reviewed-by: Francois Suter
Tested-by: Francois Suter
7 years ago[BUGFIX] Send sane HTTP response in showpic on error
Christian Kuhn [Wed, 18 Jul 2012 09:37:29 +0000 (11:37 +0200)]
[BUGFIX] Send sane HTTP response in showpic on error

Currently, if showpic.php requests fail, exceptions are thrown. Those are
usually converted to a HTTP response 500 (internal server error) by the
production exception handler. Crawlers react on 500 by trying to index
the resource again later.

This is changed to now set specific response codes. If the paramters are
incorrect or broken, an 410 (Gone) will be sent, informing users and
crawlers that the resource is not available under this URL. Crawlers
like googleBot will then stop requesting the resource.

In case all parameters are ok, but the image itself is not found, a 404
will be sent to the client. Crawlers will try to index the resource
again only if there are still links pointing to the resource.

Change-Id: I606937fa9953b88be5edf940201e0153223ae0e6
Fixes: #39052
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12919
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Unnecessary warning in css_styled_content (division by zero)
Thomas Layh [Wed, 2 May 2012 14:10:06 +0000 (16:10 +0200)]
[BUGFIX] Unnecessary warning in css_styled_content (division by zero)

If tt_content.image.20.maxW is not set, PHP throws a warning about
division by zero. This is not necessary. After that the variable
$scale is not set. This patch checks if $netW is greater zero and
otherwise the else condition will set $scale to 1.

Change-Id: Icd876b33d543080e486e0184c8af34c9a3831738
Fixes: #36777
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12865
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
7 years ago[BUGFIX] datepicker does not set current time as default
Simon Schaufelberger [Thu, 24 May 2012 08:43:53 +0000 (10:43 +0200)]
[BUGFIX] datepicker does not set current time as default

Changeing the time manually and picking another day overwrites the time
and sets it again to 0:00.

Change-Id: Iae80b9519df2a49b8d1ed1e5d5f1082243ca4fe6
Fixes: #33629
Releases: 4.5
Reviewed-on: http://review.typo3.org/11568
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
7 years ago[BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible
Stefan Galinski [Thu, 28 Jun 2012 08:25:05 +0000 (10:25 +0200)]
[BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible

In case there is no page (except the root page) within TYPO3, you can't
use the drag and drop functionality in the page tree to create the first
page.

Change-Id: I4f4aed78916f1ab0ebf9bbc1baad2b2743e9d1b2
Fixes: #24626
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12437
Reviewed-by: Christian Kuhn
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
7 years ago[BUGFIX] Check if user is allowed to paste page to pagetree
Max Roesch [Sat, 14 Apr 2012 17:41:48 +0000 (19:41 +0200)]
[BUGFIX] Check if user is allowed to paste page to pagetree

The user rights have checks for new / edit / delete, but paste was missing
leading to an error. Page actions 'paste into' and 'page after' now checks
if the user has rights for adding new pages to the current page.

Change-Id: I24b61c37ae76a4411ddb0b35feed46ab1f02f486
Fixes: #33546
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/11067
Reviewed-by: Wouter Wolters
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
7 years ago[BUGFIX] Add rootline workspace overlay for backend_layouts.
Timo Webler [Thu, 19 Apr 2012 06:56:21 +0000 (08:56 +0200)]
[BUGFIX] Add rootline workspace overlay for backend_layouts.

When fetching the rootline inside a workspace
make sure to fetch the correct overlay.

Change-Id: I15ef4202d34c62f7aab598f7173530976233eb45
Fixes: #36313
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/10629
Reviewed-by: Stefan Neufeind
Reviewed-by: Philipp Gampe
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
7 years ago[BUGFIX] accessibilityWrap ignores simple value
Jigal van Hemert [Mon, 9 Jul 2012 21:13:56 +0000 (23:13 +0200)]
[BUGFIX] accessibilityWrap ignores simple value

Radio buttons with accessibilityWrap must use simple value
if no complex configuration is supplied. An extra dot prevented
this.

Change-Id: I0e2273ccac18ee37a1ffc2de602617e5d3764ac8
Fixes: #38791
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/12731
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
7 years ago[BUG] t3lib_div::getFilesInDir order differs from order in File list
Benjamin Mack [Fri, 6 Jul 2012 08:58:54 +0000 (10:58 +0200)]
[BUG] t3lib_div::getFilesInDir order differs from order in File list

Files with uppercase letters are sorted before all lowercase file
names due to a bug in getFilesInDir(). This behavior is seen in
the browse_links function, but not in the general file list module.
The fix does the sorting independently from the uppercase
characters.

Change-Id: I4bdacfe1644f2ac32b5b9173fa63ab6a11c78c07
Resolves: #18771
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/12685
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
7 years ago[BUGFIX] RTE: Importing google webfonts breaks style sheet parsing
Stanislas Rolland [Thu, 5 Jul 2012 16:37:07 +0000 (12:37 -0400)]
[BUGFIX] RTE: Importing google webfonts breaks style sheet parsing

Problem: The imported css file does not contain any css rule.
Solution: Check for the presence of css rules in the imported file.
Note: Thanks to Robert Volk.

Change-Id: I735bafba8a16a958746cba126c450cc97f6ad569
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #36316
Reviewed-on: http://review.typo3.org/12681
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] E_DEPRECATED does not exist in PHP 5.2
Ivan Kartolo [Wed, 4 Jul 2012 14:36:45 +0000 (16:36 +0200)]
[BUGFIX] E_DEPRECATED does not exist in PHP 5.2

Because TYPO3 4.5.x should also work on PHP 5.2, the E_DEPRECATED constant
must be removed, since it produces notices.

Change-Id: Idb0e7ffb327a44088b966e04008d8efb03555b3b
Fixes: #38645
Releases: 4.5
Reviewed-on: http://review.typo3.org/12612
Reviewed-by: Philipp Gampe
Reviewed-by: Markus Klein
Reviewed-by: Ivan Dharma Kartolo
Tested-by: Ivan Dharma Kartolo
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[BUGFIX] RTE spellcheck issue on Windows server
Stanislas Rolland [Thu, 28 Jun 2012 21:52:35 +0000 (17:52 -0400)]
[BUGFIX] RTE spellcheck issue on Windows server

Problem: There is no command "cat" on windows systems. The equivalent
for these systems would be "type".
Solution: Use "type" when OS is Windows.

Change-Id: Ifc0043c0c1da31572169e7bcbffa21cce33afc4a
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #36438
Reviewed-on: http://review.typo3.org/12431
Reviewed-by: Wouter Wolters
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[TASK] Set TYPO3 version to 4.5.18-dev
TYPO3 Release Team [Wed, 4 Jul 2012 09:16:27 +0000 (11:16 +0200)]
[TASK] Set TYPO3 version to 4.5.18-dev

Change-Id: I2df83ecb7a5d86fe27690bc79179c2b34da5886e
Reviewed-on: http://review.typo3.org/12596
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[RELEASE] Release of TYPO3 4.5.17
TYPO3 Release Team [Wed, 4 Jul 2012 09:16:15 +0000 (11:16 +0200)]
[RELEASE] Release of TYPO3 4.5.17

Change-Id: I02c06f79d488b928b0b20a5a8bd2b560d142078b
Reviewed-on: http://review.typo3.org/12595
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[SECURITY] XSS in swfupload
Oliver Hader [Wed, 4 Jul 2012 08:30:40 +0000 (10:30 +0200)]
[SECURITY] XSS in swfupload

There is a known XSS vulnerability in swfupload which isn't
fixed yet. Thanks to the Wordpress project for providing a
fix - we just borrowed that code.

Change-Id: I67a669d1a9898ae52d1430ccb5e455041ea1c733
Fixes: #38578
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-003
Reviewed-on: http://review.typo3.org/12591
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[BUGFIX] Exclude E_STRICT from exceptionalErrors
Mario Rimann [Mon, 2 Jul 2012 20:37:00 +0000 (22:37 +0200)]
[BUGFIX] Exclude E_STRICT from exceptionalErrors

From PHP 5.4, E_STRICT became part of E_ALL. This leads to lots of runtime
notice exceptions when using PHP 5.4. To avoid that, E_STRICT needs to be
excluded from error reporting.

Change-Id: I7ccd81a936384bc9417fcba79a59b9a0d255d229
Fixes: #35154
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12528
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[BUGFIX] IRRE records can't be expanded without an hidden field
Oliver Hader [Fri, 29 Jun 2012 16:52:52 +0000 (18:52 +0200)]
[BUGFIX] IRRE records can't be expanded without an hidden field

If no hidden field in TCA for IRRE child records, this will
lead to JavaScript errors on expanding the accordant child
record in the TCEforms view.

This regression has been introduced in issue #34303

Change-Id: Id980c001d9b33894e24581d6c89a20d3c795b34d
Fixes: #37615
Related: #34303
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12577
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[BUGFIX] TSFE->additionalFooterData for USER_INT
Oliver Hader [Thu, 7 Jun 2012 09:13:24 +0000 (11:13 +0200)]
[BUGFIX] TSFE->additionalFooterData for USER_INT

TSFE->additionalFooterData was introduced with TYPO3 4.3, but
only for the purpose of t3lib_PageRenderer. The definition of
this property is e.g. missing at all in tslib_fe and besides
that, the handling for USER_INT/COA_INT objects is not there
at all.

Change-Id: I728dfd43d0c72138b18dc87b81c4d4be4491177b
Fixes: #29254
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/11860
Reviewed-on: http://review.typo3.org/12570
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
7 years ago[BUGFIX] In IE9, RTE does not work correctly in compat modes IE8/IE7
Stanislas Rolland [Tue, 3 Jul 2012 16:18:56 +0000 (12:18 -0400)]
[BUGFIX] In IE9, RTE does not work correctly in compat modes IE8/IE7

Problem: When using IE9, the RTE does not work correctly when using
compatibility modes IE8 or IE7. In particular, the style sheets are not
parsed, because they are not loaded in the same order as with the
specified compatibility version.
Solution: Check whether compatibility mode is activated and avoid
reliance on order.

Change-Id: Ie97df28e5add40f547a1952fcfd6ab30a5ab20b6
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #38574
Reviewed-on: http://review.typo3.org/12546
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] Custom HTML tags no longer malformed in IE
Bart Dubelaar [Mon, 19 Mar 2012 14:44:34 +0000 (15:44 +0100)]
[BUGFIX] Custom HTML tags no longer malformed in IE

Custom HTML tags would get malformed while editing in IE.
If a tag is not present in HTML4 and the document mode
of IE is lower than IE9 Standards, then the tag is not
present in the DOM and not parsed correctly.
This is fixed by specifying possible custom tags in TSconfig
and creating dummy instances of the tags before loading
the contents in the DOM, also known as the Shiv trick.

Change-Id: I4b4f449007d4130418734769b511d0e397aeff01
Fixes: #34786
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/12513
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] Remove a rather dubious unit test for Redis cache backend
Christian Kuhn [Sun, 1 Jul 2012 09:51:22 +0000 (11:51 +0200)]
[BUGFIX] Remove a rather dubious unit test for Redis cache backend

The password test is not very useful and fails with younger redis
versions. It was already removed in TYPO3.FLOW3 with commit
e06bd9bb0a3e602a6b067d91b94e88cd78d96135

Change-Id: Iae7372c54c3c8befd08cbdccfb578f6986e1d588
Resolves: #38511
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12491
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Fix unit test failure if gif compress is disabled
Susanne Moog [Sat, 30 Jun 2012 13:45:00 +0000 (15:45 +0200)]
[BUGFIX]  Fix unit test failure if gif compress is disabled

If gif_compress is disabled in the install tool, the
test gifCompressFixesPermissionOfConvertedFileIfUsingGd
fails, as the method it tests only does things if
gif_compress is enabled.

Change-Id: I91603452e43188cd38afeb3ca8b38e2913848e66
Fixes: #38501
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12476
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] VariableFrontend initializeObject not called
Daniel Pötzinger [Thu, 12 Apr 2012 17:59:38 +0000 (19:59 +0200)]
[BUGFIX] VariableFrontend initializeObject not called

The method is protected and is not called in the container then

Change-Id: I03ab47aa1030e782d14304d9371fc62b9c5aed18
Fixes: #35915
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12472
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Remove class of td if "No CSS styles for this table" is set
Juergen Furrer [Tue, 5 Jun 2012 18:05:14 +0000 (20:05 +0200)]
[BUGFIX] Remove class of td if "No CSS styles for this table" is set

Change-Id: I75f1a27b4ef1a94831d6d80f8d0d8d649fc8d1ca
Fixes: #37618
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12469
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Markers (%s) are not replaced in TCEmain error messages
Bart Dubelaar [Fri, 20 Apr 2012 19:17:57 +0000 (21:17 +0200)]
[BUGFIX] Markers (%s) are not replaced in TCEmain error messages

Change-Id: I33d8840390deba3e8a2ac5a188fd6fb089b91b5f
Fixes: #36290
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12466
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[TASK] Add travis configuration file
Helmut Hummel [Fri, 29 Jun 2012 21:35:53 +0000 (23:35 +0200)]
[TASK] Add travis configuration file

For details read the ticket description.

Change-Id: Ibc22c62e7bb490e1871db92bbc09cd7e56581fa3
Resolves: #38357
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12459
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
7 years ago[BUGFIX] Reports: Wrong indication for saltedpasswords
Markus Klein [Sun, 15 Apr 2012 08:55:23 +0000 (10:55 +0200)]
[BUGFIX] Reports: Wrong indication for saltedpasswords

The reports module shows a wrong status indication for saltedpasswords
if it is configured to forceSalted.

Change-Id: I4621065e8a62a570ba162e340b4e90ea15222423
Fixes: #36093
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/10548
Reviewed-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski
7 years ago[BUGFIX] Declaration of tx_rtehtmlarea_base::drawRTE() not compatible
Stanislas Rolland [Thu, 28 Jun 2012 19:49:14 +0000 (15:49 -0400)]
[BUGFIX] Declaration of tx_rtehtmlarea_base::drawRTE() not compatible

Solution: First parameter should be defined as reference so as to be
compatible with the definition of t3lib_rteapi::drawRTE().

Change-Id: Id1617a2345a6c6f564a9f8a7d6b0ac7f0cc34be8
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #37541
Reviewed-on: http://review.typo3.org/12430
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
7 years ago[BUGFIX] IRRE hide/unhide broken
dkd-egerer Sascha Egerer [Sun, 15 Apr 2012 14:36:14 +0000 (16:36 +0200)]
[BUGFIX] IRRE hide/unhide broken

hide/unhide is broken when inline record is not opened before

Change-Id: I45d09705d4f11b7f4d829f33913b57b85e42fd3d
Resolves: #34303
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/10696
Reviewed-by: Stefan Neufeind
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[TASK] PHP 5.4 adjustments
Markus Klein [Tue, 6 Mar 2012 10:42:54 +0000 (11:42 +0100)]
[TASK] PHP 5.4 adjustments

Small adjustments for PHP 5.4 compatibility.

Change-Id: I5c551f3f66fe9f68dd4f1a16790dcf00e300c72a
Resolves: #34685
Releases: 4.8, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/11504
Reviewed-by: Oliver Klee
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Marcus Schwemer
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Ensure $output is used as string
Peter Niederlag [Tue, 17 Apr 2012 07:26:22 +0000 (09:26 +0200)]
[BUGFIX] Ensure $output is used as string

Problem was introduced by new API t3lib_befunc::helpTextArray()
which changed ::helpText()

Change-Id: Idc055446333bfaec008944e41b434e844fcbd241
Fixes: #36194
Relates: #23798
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/12082
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] fe_adminLib.inc uses undefined function
Sven Burkert [Thu, 22 Dec 2011 08:50:41 +0000 (02:50 -0600)]
[BUGFIX] fe_adminLib.inc uses undefined function

fe_adminLib.inc calls preg_spliti() which does not exist.

Change-Id: I7c16c2590ddc193fcad99e970ab8c6975e369261
Fixes: #32773
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/12083
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Wed, 27 Jun 2012 15:43:37 +0000 (17:43 +0200)]
[TASK] Raise submodule pointer

Change-Id: Icf9ef39c313863879539b2a1e384ba2e61d5e6ed
Reviewed-on: http://review.typo3.org/12406
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
7 years ago[BUGFIX] Properly load existing usergroups in task
Bart Dubelaar [Mon, 23 Apr 2012 09:13:30 +0000 (11:13 +0200)]
[BUGFIX] Properly load existing usergroups in task

The create backend user task did not properly load
the usergroups of an existing user, because it wrongly
assumes that the groups are provided as array.
Actually the groups are provided as raw DB field,
thus no conversion is needed.

Change-Id: Ia704e071f6565f1a892e5f5c8d4c2b83a106f32f
Fixes: #36300
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12263
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
7 years ago[BUGFIX] Hide the field "Selected Pages" for menu type "Sitemap"
Marco Huber [Fri, 13 Apr 2012 14:35:47 +0000 (16:35 +0200)]
[BUGFIX] Hide the field "Selected Pages" for menu type "Sitemap"

The field "Selected Pages" is never used in the content element
"Menu/Sitemap" with menu type "Sitemap". So it should not be
shown in the backend.

Change-Id: I9464ff29fc9fd9864a404cfb14f0545b3e186366
Fixes: #35944
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12016
Reviewed-by: Markus Klein
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski
7 years ago[BUGFIX] redirect to referrer when changing password
Jigal van Hemert [Sun, 1 Jan 2012 22:05:47 +0000 (23:05 +0100)]
[BUGFIX] redirect to referrer when changing password

The referrer and referrerDomains redirect options must be ignored after
changing the password, otherwise you would end up on the page where the
change password form was displayed (which shows an error message now).
An extra option to ignore the referrer redirects is introduced for this.

Change-Id: I6daeb685f0656f56797a2cb2decc5982a5cf525c
Fixes: #21943
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/11754
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert