Packages/TYPO3.CMS.git
5 years ago[BUGFIX] Only variables should be passed by reference 79/26779/3
Xavier Perseguers [Mon, 13 Jan 2014 09:59:24 +0000 (10:59 +0100)]
[BUGFIX] Only variables should be passed by reference

array_shift() takes argument by reference.

Releases: 6.2
Fixes: #54933
Change-Id: I94c16bc739f36d669640701561ff94aebd63b1f5
Reviewed-on: https://review.typo3.org/26779
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix PHP warnings in PackageManager 89/26789/4
Markus Klein [Mon, 13 Jan 2014 19:49:40 +0000 (20:49 +0100)]
[BUGFIX] Fix PHP warnings in PackageManager

Resolves: #54963
Releases: 6.2
Change-Id: I58b1f6109872d6eb8059fceb1bec1af7134e84e2
Reviewed-on: https://review.typo3.org/26789
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Thomas Maroschik
Tested-by: Thomas Maroschik
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] Check for libxml bug in install tool 89/25089/11
Tomita Militaru [Thu, 31 Oct 2013 10:44:17 +0000 (12:44 +0200)]
[TASK] Check for libxml bug in install tool

Add check for libxml bug when saving special characters ">><<"
in a flexform

Resolves: #51271
Releases: 6.2
Change-Id: I5d120cdfeb9538209273c8761d017cb67256617b
Reviewed-on: https://review.typo3.org/25089
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] Calculated hash of File object is never used 89/26689/5
Steffen Ritter [Wed, 8 Jan 2014 08:51:28 +0000 (09:51 +0100)]
[TASK] Calculated hash of File object is never used

The indexing pre-calculates the file hash and stores it in
the sys_file table. Sadly the getter of file objects never looks
at this again and always recalculates the hash via the driver,
which is very slow.

Resolves: #54235
Releases: 6.2, 6.1, 6.0
Change-Id: I16bfa2126031f26b8e31da8d8c0b3fc07d0217dc
Reviewed-on: https://review.typo3.org/26689
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Oliver Klee
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
5 years ago[BUGFIX] Ignore dependencies of inactive packages 19/26719/5
Helmut Hummel [Thu, 9 Jan 2014 12:25:23 +0000 (13:25 +0100)]
[BUGFIX] Ignore dependencies of inactive packages

It might happen that activating or deactivating
a package throws an exception because other inactive
packages are available on the system with broken or
not fulfilled dependencies.

To solve this issue, only active packages
are regarded when resolving dependencies.

To remove a side effect from this change,
cache clearing in extension manager is
moved to a later point (see #54951).

This needs a proper fix in another change,
but makes this fix work for now.

Resolves: #54879
Releases: 6.2
Change-Id: Id81b66b2d2b6f4ba7d1c6ea2d001c271982539b3
Reviewed-on: https://review.typo3.org/26719
Reviewed-by: Thomas Maroschik
Reviewed-by: Markus Klein
Tested-by: Kasper Ligaard
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[TASK] Add index to sys_file_metadata 74/26774/6
Ingo Schmitt [Mon, 13 Jan 2014 09:08:13 +0000 (10:08 +0100)]
[TASK] Add index to sys_file_metadata

Since sys_file_metadata records are enabled to be
translated the file list module is capable of metadata
translations, too. In order to directly link to edit
or create a new translation depending on wether this
language already has been translated for each file the
metadata translations are fetched from the database.

In order to improve that query this patch adds an index
including l10n_parent and sys_language_uid.

Resolves: #54927
Releases: 6.2
Change-Id: I6cc5c74505e96647c5ddd7e7ee77518176d2ba0b
Reviewed-on: https://review.typo3.org/26774
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
5 years ago[TASK] Update SQL definition for sys_file_storage 68/26768/8
Ingo Schmitt [Mon, 13 Jan 2014 08:18:41 +0000 (09:18 +0100)]
[TASK] Update SQL definition for sys_file_storage

There are missing indexes as well as a mismatch between the
TCA definition (and therefore actual usage) and the SQL
definition at database level.

This change
* adds combined index to deleted / hidden to speedup the
  query initializing storages in Be_UserAuth

* changes SQL definition for field "name" to match their
  usage in TCA

Resolves: #54923
Releases: 6.2
Change-Id: I86f345a941802304ed7fbe29d00ae38130f8e5d2
Reviewed-on: https://review.typo3.org/26768
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Oliver Klee
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
5 years ago[TASK] Add index to sys_category 75/26775/3
Ingo Schmitt [Mon, 13 Jan 2014 09:28:37 +0000 (10:28 +0100)]
[TASK] Add index to sys_category

All page, content and file-records TCEforms render a category
tree in order to assign these. The tree building executes the
same queries quite often. In order to optimize these queries
this change adds
* an index "category_parent" to sys_category.parent in order
  to for the parent category while index "parent" currently
  indexes the pid the record is stored.

* a combined index "category_list" to columns pid, deleted
  and sys_language_uid.

Resolves: #54929
Releases: 6.2
Change-Id: I1d42ba7171dc1213d5d5559ae190092acaa57464
Reviewed-on: https://review.typo3.org/26775
Reviewed-by: Oliver Klee
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
5 years ago[BUGFIX] Indexer tries to insert NULL into DB 57/26757/2
Markus Klein [Sun, 12 Jan 2014 15:57:41 +0000 (16:57 +0100)]
[BUGFIX] Indexer tries to insert NULL into DB

The Indexer of indexed_search tries to insert NULL values
into NOT NULL columns of the database.

Since #53662 NULL values are passed to the database,
hence these insert statements now fail.

Resolves: #54917
Releases: 6.2
Change-Id: Ia935abe14b9c3be2062f1b38ec98fb63921a1c2f
Reviewed-on: https://review.typo3.org/26757
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
5 years ago[BUGFIX] Skip validation of uninitialized collections 49/25549/8
Nico de Haen [Thu, 14 Nov 2013 10:39:29 +0000 (11:39 +0100)]
[BUGFIX] Skip validation of uninitialized collections

Elements in LazyObjectStorages should not be validated,
since the values would be reconstituted from persistence anyway.
This patch adds the same behaviour as implemented in Flow and
adds the tests found in Flow (and one additional test).

Resolves: #53816
Releases: 6.2
Change-Id: I65f62a4ef6777e3678b2fdd06fc58d828bb8cb87
Reviewed-on: https://review.typo3.org/25549
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Müller
Tested-by: Steffen Müller
5 years ago[BUGIFX] Drop usage of addTofeInterface parameter 45/26745/2
Francois Suter [Fri, 10 Jan 2014 16:05:24 +0000 (17:05 +0100)]
[BUGIFX] Drop usage of addTofeInterface parameter

In #54613, usage of parameter $addTofeInterface in method
ExtensionManagementUtility::addTCAcolumns() was deprecated.
However it is used in a few places of the Core.
Those calls must be modified too.

Resolves: #54899
Releases: 6.2
Change-Id: I22696cb4655578dc583edcb9cfa4693b69e228c8
Reviewed-on: https://review.typo3.org/26745
Reviewed-by: Oliver Klee
Reviewed-by: Eric Chavaillaz
Tested-by: Eric Chavaillaz
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Add missing logger names 54/26754/3
Steffen Müller [Sat, 11 Jan 2014 11:14:41 +0000 (12:14 +0100)]
[BUGFIX] Add missing logger names

A logger name is mandatory to configure a particular logger.
The convention is use __CLASS__ as the logger name when
instanciating a new logger using LogManager->getLogger().

Resolves: #54909
Releases: 6.2, 6.1
Change-Id: I5dbda770ec92fd75c3aff9ed89c68c5666669b07
Reviewed-on: https://review.typo3.org/26754
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Allow empty values in start/stop filter of belog 23/26723/3
Steffen Müller [Thu, 9 Jan 2014 14:48:28 +0000 (15:48 +0100)]
[BUGFIX] Allow empty values in start/stop filter of belog

One can limit records in the backend log module to a custom period
of time using the "User defined" mode and a start and stop field.

Leaving these fields empty is now supported in the corresponding
domain model setters by adding default values to the DateTime
arguments.

Resolves: #53975
Releases: 6.1, 6.2
Change-Id: I944322bb3747a29fab33c3d32e17dd070c7cb6db
Reviewed-on: https://review.typo3.org/26723
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Assume pid 0 for global backend context 75/26675/3
Felix Oertel [Tue, 7 Jan 2014 17:03:56 +0000 (18:03 +0100)]
[BUGFIX] Assume pid 0 for global backend context

If outside from "Web", extbase modules try to figure out some pid,
while in reality there is just none. The core takes "0" in this
situations, for looking for typoscript templates and tagging
cf_cache_pagesection entries.

To enable extbase to use the core's cache entries, we should streamline
this.

* Return 0, if no pid is set
* Remove needless unit-tests

Resolves: #54813
Releases: 6.2
Change-Id: I58cbaac0b40323e1766229488973b775accd1b97
Reviewed-on: https://review.typo3.org/26675
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Froemken
Tested-by: Stefan Froemken
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[TASK] Improve feedit 59/21859/9
Georg Ringer [Wed, 3 Jul 2013 14:48:24 +0000 (16:48 +0200)]
[TASK] Improve feedit

The frontend editing + admin panel needs some polishing.
Following changes are included:

General
=======
- Reformat code
- Use Sprite API which means using the correct icons

Admin Panel
==============
- Add missing translations
- Show "Simulate usergroup" only if usergroups are available
- Remove "Total page count" in Info Tab as information is wrong
  (counting images + document is not the total page size)

Frontend Editing
=================
- Remove "edit_editNoPopup", "forceNoPopup", "editFormsOnPage"
  for direct inline editing
- Remove setting "previewBorder" which is not needed and looks just ugly

Releases: 6.2
Resolves: #49640
Change-Id: I35f88bc4e8c138fc21b74c0448b2f3892ab61918
Reviewed-on: https://review.typo3.org/21859
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years agoRevert "[BUGFIX] IRRE creates new records when using foreign_selector" 26/26726/2
Markus Klein [Thu, 9 Jan 2014 17:33:10 +0000 (18:33 +0100)]
Revert "[BUGFIX] IRRE creates new records when using foreign_selector"

This reverts commit 692bd22c0875fd37e876c79cb4a1738c67873c11

The patch breaks IRRE. It is impossible to add images.

Change-Id: Iac9f0a7af3cc8532a953ac1947f6877ded4f915f
Resolves: #43239
Releases: 6.2
Reviewed-on: https://review.typo3.org/26726
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] IRRE creates new records when using foreign_selector 90/16690/4
Kai Vogel [Thu, 22 Nov 2012 23:27:56 +0000 (00:27 +0100)]
[BUGFIX] IRRE creates new records when using foreign_selector

This patch links existing child records correctly to the parent IRRE
field when selecting it in the generated dropdown.

Scenario:

Parent table configuration:
====================================================
[...]['columns']['irreField']['config'] = array(
  'type' => 'inline',
  'foreign_table' => 'childTable',
  'foreign_selector' => 'childSelector',
);

Child table configuration:
====================================================
[...]['columns'][childSelector']['config'] = array(
  'type' => 'select',
  'foreign_table' => 'childTable',
);

What happens?
====================================================
1. The parent IRRE field renders a dropdown field
   before the child records
2. Selecting one of the items in the dropdown should
   link this child record to current IRRE field
3. Without patch, it will only create a blank child
   record
4. Using the patch, it will link the existing child
   to the parent IRRE field

Resolves: #43239
Releases: 6.2, 6.1
Change-Id: I2a308cb050962b71e9ba28b64a44962c91bde440
Reviewed-on: https://review.typo3.org/16690
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Replace all strcmp() calls with === 43/25843/30
Jo Hasenau [Sun, 1 Dec 2013 13:34:14 +0000 (14:34 +0100)]
[TASK] Replace all strcmp() calls with ===

This patch replaces about 300 places using strcmp()
in the whole core. There are different contexts for strcmp()
within this set, i.e. checking for strings being '0',
'', not '' and the like.

strcmp() has to stay when it comes to real sorting of strings,
which is a rather rare case, otherwise it can be replaced with
faster alternatives.

The following 'rules' were used for the replacement:

* Use a type cast if you can't be sure about the incoming values.
  We do not need type casts if the types are implicitly defined
  before by another function. i.e. intval(), trim(), substr()
* Use int-cast whenever the values to be compared are numbers only.
* Use string-cast for any other combination. i.e
  (string)$len === '0' when $len can be NULL, which is different
  to (int)$len === 0

Resolves: #54085
Releases: 6.2
Change-Id: I88fb294ae20d8c23ff58d8296fbb37925d5213c8
Reviewed-on: https://review.typo3.org/25843
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Add functional tests from irre_tutorial to the core 74/26674/9
Tymoteusz Motylewski [Wed, 8 Jan 2014 12:38:07 +0000 (13:38 +0100)]
[TASK] Add functional tests from irre_tutorial to the core

Add irre_tutorial extension as mock extension for functional tests.
Port functional tests from IRRE tutorial to the functional testing
framework and include them in the core and workspaces extensions.
Some tests are skipped for now, because the core is buggy.

Releases: 6.2
Resolves: #54812
Change-Id: I691dd97e7649c8239b6e96ce6f9a9d59e9b124c4
Reviewed-on: https://review.typo3.org/26674
Tested-by: Markus Klein
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Test extensions not considered in functional tests 05/26705/4
Oliver Hader [Wed, 8 Jan 2014 23:16:05 +0000 (00:16 +0100)]
[BUGFIX] Test extensions not considered in functional tests

The functional testing framework offers the possibility to define
custom extension to be installed for each test scenario. However,
this does not work at all, only extensions that are available in
the original base installation can be used.

This change cleans and adds the package state definition for any
extension to be used during a functional test execution.

Fixes: #54857
Releases: 6.2
Change-Id: I91b1cd1bc5d147287a154283e94d03d1392ac92d
Reviewed-on: https://review.typo3.org/26705
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Thomas Maroschik
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] File browser fails on inexistent expandFolder 66/26466/4
Mario Rimann [Wed, 18 Dec 2013 09:17:30 +0000 (10:17 +0100)]
[BUGFIX] File browser fails on inexistent expandFolder

If a user browsed to a directory "foo" and re-opens the file-
browser later, the same directory is shown expanded.

In case the directory has been moved/renamed/deleted in the
meantime, the user gets an exception due to the inexistent
directory.

This change just adds a try/catch block around to handle that
situation.

Change-Id: I39aab6be46aec1d3f1f365e5d5f5455aca9b3aa2
Resolves: #50266
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/26466
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Pascal Maechler
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[TASK] Adopt order of cols in ext:documentation 12/26712/3
Georg Ringer [Thu, 9 Jan 2014 05:27:16 +0000 (06:27 +0100)]
[TASK] Adopt order of cols in ext:documentation

Each of the actions 'show' and 'download' got a different sorting of the
columns. Change the order of the download action so that the action links
are placed at the end.

Change-Id: Ifa8aa7ed2eb9bee1ebbc086607ce1261fe1a3c95
Resolves: #54840
Releases: 6.2
Reviewed-on: https://review.typo3.org/26712
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
5 years ago[BUGFIX] Properly escape the ImageMagick frame selector 62/6662/7
Georg Ringer [Wed, 18 Dec 2013 13:15:27 +0000 (14:15 +0100)]
[BUGFIX] Properly escape the ImageMagick frame selector

The frame selector looks like a glob pattern and gets interpreted as
such by the shell. Currently the generated shell argument is, for
example, 'image.png'[0] which matches a file called image.png0.
Thus, if such a file exists, the wrong argument would be passed to
ImageMagick.

Only if there is no filename that matches the pattern, the string is
correctly passed to ImageMagick (i.e. as-is). But even in that case
there is a performance penalty, because the shell has to scan the whole
directory to check if the file exists. This becomes especially bad if
you're not dealing with a local file system.

By properly escaping the frame selector we stop the shell from
interpreting the glob pattern and both problems get fixed.

Resolves: #31797
Releases: 6.2, 6.1
Change-Id: Ib6dc6556bb9f1d64a0154b0cbe9e253b185c74c2
Reviewed-on: https://review.typo3.org/6662
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Only create one keypair in rsaauth 85/10485/10
Tom Ruether [Fri, 22 Nov 2013 10:47:37 +0000 (11:47 +0100)]
[BUGFIX] Only create one keypair in rsaauth

If there are two login forms on one page the second form's private
key overwrites the first form's private key so the first form doesn't
work. With this patch only one keypair gets created and it doesn't
matter how many login forms you have one one page.

Change-Id: I42660140aea72d1888cc73d56e83b823206a0797
Fixes: #24877
Fixes: #6708
Releases: 6.2, 6.1, 6.0, 4.5
Reviewed-on: https://review.typo3.org/10485
Reviewed-by: Stefan Neufeind
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
Reviewed-by: Daniel Gorges
Tested-by: Daniel Gorges
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] use search word(s) for ordering search results (again) 94/20294/3
Ralf Hettinger [Mon, 29 Apr 2013 10:31:06 +0000 (12:31 +0200)]
[BUGFIX] use search word(s) for ordering search results (again)

There has been a regression in http://review.typo3.org/6657 which
removes correlation between searched words and ordering of search
results. Therefore the ordering of search results had nothing to do
with the search term anymore. This is fixed hereby by using the code
parts from prior versions.

Resolves: #38767
Releases: 6.2, 6.1, 6.0, 4.7
Change-Id: I9cfaceaeede38456dd7622085879c1bd0648be85
Reviewed-on: https://review.typo3.org/20294
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Fix wording of encryption key in Installer 11/26611/4
Markus Klein [Wed, 1 Jan 2014 20:28:19 +0000 (21:28 +0100)]
[BUGFIX] Fix wording of encryption key in Installer

The description of the encryption key uses the irregular verb
'output' in the wrong way.

Resolves: #54677
Releases: 6.2
Change-Id: Iad5cf8fea6e57cd8449da6d93edd7d05b3b52bf8
Reviewed-on: https://review.typo3.org/26611
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Installer fails when no database is selected 44/26544/4
Philipp Gampe [Sun, 22 Dec 2013 15:02:12 +0000 (16:02 +0100)]
[BUGFIX] Installer fails when no database is selected

Display an error message, if the selected database name is empty.

Resolves: #54569
Releases: 6.2
Change-Id: Idbf768d7edc0e5d5e1d0faf87d62e1060c70b1e9
Reviewed-on: https://review.typo3.org/26544
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Functional tests cannot write to backend log 97/26697/2
Oliver Hader [Wed, 8 Jan 2014 19:23:17 +0000 (20:23 +0100)]
[BUGFIX] Functional tests cannot write to backend log

Functional test cases cannot write to the backend log. The
log entry also has an information about the currently used
IP address, which is taken from the environment variable
REMOTE_ADDR. In a CLI disposal this value is NULL and cannot
be stored in the database, since the accordant sys_log.IP
field does not support NULL values.

Fixes: #54849
Releases: 6.2
Change-Id: If6c572c62ab7022a4cab596fa4660dec754aee3c
Reviewed-on: https://review.typo3.org/26697
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Cleanup ContentObject\ContentObjectRenderer 87/26687/3
Michiel Roos [Wed, 8 Jan 2014 00:31:13 +0000 (01:31 +0100)]
[TASK] Cleanup ContentObject\ContentObjectRenderer

Implement early return for many methods.

Change-Id: I7e0c8549037f4ab15ee8653d124891bad655db83
Resolves: #54823
Releases: 6.2
Reviewed-on: https://review.typo3.org/26687
Reviewed-by: Oliver Klee
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Render ext icon in EM only if available 93/26693/3
Georg Ringer [Wed, 8 Jan 2014 14:22:26 +0000 (15:22 +0100)]
[BUGFIX] Render ext icon in EM only if available

Even if the ext icon is required, it can happen that it is still not
there. Currently this leads to an ugly output which can be easily
fixed by just checking if the icon is there.

Change-Id: I207a93bb796510fba6096085a86f1dd832100e06
Resolves: #54838
Releases: 6.2
Reviewed-on: https://review.typo3.org/26693
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Use arrays in str_replace() calls 81/26481/8
Michiel Roos [Wed, 18 Dec 2013 21:46:49 +0000 (22:46 +0100)]
[TASK] Use arrays in str_replace() calls

Multiple consecutive calls to str_replace can be replaced with a single
call if the subject is the same.

This will speed up the replacement and in some cases has the benefit of
being able to return or use the result of the str_replace directly without
creating an intermediate variable.

Bad:
$lala = 'something';
$lala = str_replace('so', 'the', $lala);
$lala = str_replace('me', ' ', $lala);
$lala = str_replace('thing', 'other', $lala);

Good:
$lala = str_replace(
  array('so', 'me', 'thing'),
  array('the', ' ', 'other'),
  'something'
);

Change-Id: I1a2b99cce1444d3d2191eba8674f74aa2f74f0e8
Resolves: #54500
Releases: 6.2
Reviewed-on: https://review.typo3.org/26481
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Improve performance of array_merge_recursive_overrule 86/25986/11
Markus Klein [Fri, 6 Dec 2013 12:50:07 +0000 (13:50 +0100)]
[TASK] Improve performance of array_merge_recursive_overrule

The method GeneralUtility::array_merge_recursive_overrule()
always works on a copy of the given array(s). This is highly
inefficient when it comes to really big arrays and recursion.

This patches moves the functionality into the class ArrayUtility
and changes the behaviour to use a reference to the
original array.
All calls in the core are adjusted accordingly.

Furthermore we deprecate the method in GeneralUtility and
preserve backward compatibility.

Resolves: #54251
Releases: 6.2
Change-Id: I5499905593c2124897de5998be985e546a3d05ee
Reviewed-on: https://review.typo3.org/25986
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[TASK] Optimize columns in sys_file_reference 25/26625/5
Ingo Schmitt [Fri, 3 Jan 2014 14:52:46 +0000 (15:52 +0100)]
[TASK] Optimize columns in sys_file_reference

MySQL up to version 5.5 allows at maximum 64 characters for table-
and fieldnames. Other DBMS allow less. Since MySQL is our primary
database and DBAL could handle specialties.

This patch changes the fields tablenames, fieldname and table_local
to varchar(64) which currently is considered save.

Resolves: #54726
Releases: 6.2
Change-Id: Ic67450a9326dceb413fe694a6233b8c092f70c79
Reviewed-on: https://review.typo3.org/26625
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[TASK] Adapt indexes of sys_file_reference 26/26626/7
Ingo Schmitt [Fri, 3 Jan 2014 15:18:43 +0000 (16:18 +0100)]
[TASK] Adapt indexes of sys_file_reference

The backend and frontend fire several queries for referenced
files - files with metadata overlay as used in tt_content for
images and media field as well as in pages:media.
Analysing the queries for that some indexed should be added
to improve the query speed on large installations.

This patch adds indexed for the table/fieldname combination
as well es the uid of the record the file is attached to.

Resolves: #54725
Releases: 6.2
Change-Id: I229e27e382e8d0fdaf9bbc0b6729f90dac019e19
Reviewed-on: https://review.typo3.org/26626
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[TASK] Superfluous comparison in indexed_search 40/25740/2
Wouter Wolters [Thu, 28 Nov 2013 20:57:33 +0000 (21:57 +0100)]
[TASK] Superfluous comparison in indexed_search

Change-Id: I1934a6201876290b706078519e934e05c28352ab
Resolves: #54053
Releases: 6.2
Reviewed-on: https://review.typo3.org/25740
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Jo Hasenau
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Superfluous comparison in DatabaseRecordList 36/25736/3
Wouter Wolters [Thu, 28 Nov 2013 20:37:54 +0000 (21:37 +0100)]
[TASK] Superfluous comparison in DatabaseRecordList

Fix superfluous comparison against boolean in
DatabaseRecordList::getTable

Change-Id: Icdbf78935da4135a7c6b4902b97c87e7ce658eb8
Resolves: #54049
Releases: 6.2
Reviewed-on: https://review.typo3.org/25736
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Clean up uses of fe_adminLib properties 67/26567/3
Francois Suter [Fri, 27 Dec 2013 16:28:56 +0000 (17:28 +0100)]
[TASK] Clean up uses of fe_adminLib properties

Two Core tables (fe_users and index_config) still use the
"fe_admin_fieldList" property, which has no effect on the
Core since the fe_adminLib.inc was moved out of it
(into the statictemplates extension).

Additionally a deprecation message is logged in method
ExtensionManagementUtility::addTCAcolumns() when the $addTofeInterface
argument is set to TRUE.

Resolves: #54613
Releases: 6.2
Change-Id: I7c9961c5e92411a78bd355519a0493eb695177e7
Reviewed-on: https://review.typo3.org/26567
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Francois Suter
Tested-by: Francois Suter
5 years ago[BUGFIX] Repository uses wrong property to calc current result page 77/26677/3
Benjamin Rau [Tue, 7 Jan 2014 17:07:34 +0000 (18:07 +0100)]
[BUGFIX] Repository uses wrong property to calc current result page

In the IndexedSearchRepository on line 157 an undefined/unused
property $this->resultsPerPage is used for the calculation
of the current page the visitor is showing on search results.

Instead of using $this->resultsPerPage we have to use
$this->numberOfResults which is defined and contains the expected setting.

Change-Id: I37c3a08c1049eb6166704b2b98ba071f03aad243
Resolves: #54808
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/26677
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] PageBrowsing ViewHelper defines unused method argument 76/26676/4
Benjamin Rau [Tue, 7 Jan 2014 17:08:37 +0000 (18:08 +0100)]
[BUGFIX] PageBrowsing ViewHelper defines unused method argument

The PHP-Doc comments for the render-method in PageBrowsing
Viewhelper on Indexed Search define a $details argument
for that method with is then not part of the method arguments
itself.

As it seems to be unused the argument definition should simply
be removed from doc comments to dont mess up the defintions
of the other arguments.

Right now this results in maximumNumberOfResultPages be defined
as array and causes a fatal error like:
The argument "maximumNumberOfResultPages" was registered with
type "array", but is of type "string" in view helper
"TYPO3\CMS\IndexedSearch\ViewHelpers\PageBrowsingViewHelper"

Resolves: #54807
Releases: 6.2, 6.1
Change-Id: I58376880ef64a1e1088561fbdb3ff25f9c1fbdc2
Reviewed-on: https://review.typo3.org/26676
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Fix dependencies for non-composer extensions 19/26619/3
Thomas Maroschik [Thu, 2 Jan 2014 11:01:07 +0000 (12:01 +0100)]
[BUGFIX] Fix dependencies for non-composer extensions

The method packageRequirementIsComposerPackage of
TYPO3\CMS\Core\Package ignores all non composer package
names and thus dependency resolving of non composer packages
doesn't work.

This patch adapts the behavior to ignore just the platform
package links described here
http://getcomposer.org/doc/02-libraries.md#platform-packages

Fixes: #54142
Releases: 6.2
Change-Id: Idb6a837eebf792c6cbf9394885edc17c9d392a9f
Reviewed-on: https://review.typo3.org/26619
Reviewed-by: Stefan Froemken
Tested-by: Stefan Froemken
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Replace reference to Security Cookbook with Security Guide 56/26656/2
Michael Schams [Mon, 6 Jan 2014 09:26:35 +0000 (20:26 +1100)]
[BUGFIX] Replace reference to Security Cookbook with Security Guide

Section "TYPO3 Security" refers to the TYPO3 Security Cookbook, which is
obsolete and has been replaced by the official TYPO3 Security Guide in
December 2011. This patch removes the reference to the Cookbook and
replaces it by a link to the latest version of the Security Guide on
docs.typo3.org.

Resolves: #54756
Releases: 6.2
Change-Id: I4067d40e854e7d4b4f77e2c12239e3e00616f5a7
Reviewed-on: https://review.typo3.org/26656
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Cleanup convertParameterReflectionToArray() 17/25717/3
Michiel Roos [Wed, 27 Nov 2013 20:12:02 +0000 (21:12 +0100)]
[TASK] Cleanup convertParameterReflectionToArray()

ReflectionService::convertParameterReflectionToArray() checks
functions already returning boolean again for boolean value.

Remove this overhead and improve readability.

Change-Id: I113f16cd73c713da5ec75b0e57eeee1d0e17308c
Resolves: #54021
Releases: 6.2
Reviewed-on: https://review.typo3.org/25717
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Set uid of BE_USER mock in functional tests 42/26642/2
Markus Klein [Sat, 4 Jan 2014 15:36:36 +0000 (16:36 +0100)]
[BUGFIX] Set uid of BE_USER mock in functional tests

Datahandler functional tests lack proper initialization of the
BE_USER mock used.

Set a 'uid' for the mock in order to get tests working again.

Resolves: #54741
Releases: 6.2
Change-Id: I20cccf8d3622b2c63d6b7c9f07c0e2d238bea7b9
Reviewed-on: https://review.typo3.org/26642
Reviewed-by: Oliver Hader
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Allow NULL values in INSERT queries 22/25422/2
Alexander Stehlik [Fri, 15 Nov 2013 13:06:13 +0000 (14:06 +0100)]
[BUGFIX] Allow NULL values in INSERT queries

Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To make the behavior of
both methods consistent and to allow NULL values during creation of
new records by TCEmain the $allowNull parameter is also set to TRUE for
INSERT queries.

Resolves: #53662
Releases: 6.2, 6.1, 6.0
Change-Id: I066b9880a557b6c9058fc15f467631f1313300f9
Reviewed-on: https://review.typo3.org/25422
Reviewed-by: Philipp Gampe
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Xavier Perseguers
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] EM does not always show description 15/26615/4
Michiel Roos [Thu, 2 Jan 2014 08:23:17 +0000 (09:23 +0100)]
[BUGFIX] EM does not always show description

When an extension (like rsaauth) has configuration options in the
extension manager, the description is not shown as a tooltip when hovering
over the extension name. Then it will only show 'Configure'. Which is not
so helpful.

The ConfigureExtensionViewHelper can be modified to not add a title
attribute on the link. This will ensure that the title attribute of the td
is shown.

Change-Id: Ie6de8033545856cbe4a3689366e05d5d2ad3dc7b
Resolves: #54689
Releases: 6.2
Reviewed-on: https://review.typo3.org/26615
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
5 years ago[TASK] joinTSarrays() is replaced by array_replace_recursive() 00/26500/3
Michiel Roos [Thu, 19 Dec 2013 19:07:51 +0000 (20:07 +0100)]
[TASK] joinTSarrays() is replaced by array_replace_recursive()

\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::joinTSarrays is
replaced by the PHP native array_replace_recursive() (added in PHP 5.3.0)
which does exactly the same and is twice as fast.

Usage of $cObj->joinTSarrays() is deprecated.

Change-Id: I748270a192bccc89927e0d6b82a1f405959b2209
Resolves: #54520
Releases: 6.2
Reviewed-on: https://review.typo3.org/26500
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[BUGFIX] isValidUrl() idna converts whole URI 36/25636/26
Michiel Roos [Fri, 22 Nov 2013 11:06:14 +0000 (12:06 +0100)]
[BUGFIX] isValidUrl() idna converts whole URI

GeneralUtility::isValidUrl() idna converts whole URI instead of
domain only.

The expensive idna_convert() is called from isValidUrl(). Instead of
feeding it just the domain part, the whole URI is converted.

When supplying just the domain part, a great speed gain can be seen.

On seriously malformed URLs, parse_url() may return FALSE and emits an
E_WARNING. So we check for that first.

PHP no longer supports the flags FILTER_FLAG_HOST_REQUIRED and
FILTER_FLAG_SCHEME_REQUIRED. A scheme is now required by default. [1]
Return FALSE if the URL does not start with a scheme.

A public GeneralUtility::idnaEncode() method uses a static idna_convert
instance and fetches converted strings from a string cache array
to avoid multiple checks on the same domain.

All manual idna_convert instances are replaced with
GeneralUtility::idnaEncode() calls.

Special characters are not allowed in the URL except in the domain
part [2]. So the test with special characters in the path was removed
from the GeneralUtilityTest class.

[1] http://www.php.net/manual/en/filter.filters.flags.php#107382
[2] http://tools.ietf.org/html/rfc3986#appendix-A

Change-Id: I7a0ab0a399d9d6cf68c824f413be6b6d621947c1
Resolves: #53862
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25636
Reviewed-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Tested-by: Markus Klein
Reviewed-by: Andreas Wolf
Reviewed-by: Jo Hasenau
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
5 years ago[BUGFIX] Folder::getFiles directly calls Factory::createFileObject 60/26360/2
Steffen Ritter [Thu, 12 Dec 2013 18:50:26 +0000 (19:50 +0100)]
[BUGFIX] Folder::getFiles directly calls Factory::createFileObject

Folder::getFiles implements the logic of creating file objects
itself, after retrieving the information from the driver.
Besides the fact that this is slow since all information for the
object are received from the filesystem directly instead of the
cache in the sys_file table the uid is not present in these
objects which finally results in the lack of metadata in these
file objects.

In addition to that ommiting the ResourceFactory several objects
for the same file might exists which may lead to inconsistent
behaviour and output on modifying the file.

As the Folder/File Objects only should be a convinience facade
in front of the ResourceStorage this change introduces a new
method their, implementing the new and improved logic.

At the same time the old functionality - which enforces manual
file object creation - has been deprecated and the filelist
module is adapted accordingly.

Releases: 6.2
Resolves: #53688
Change-Id: I3fb97d432d325bd6400c0ae208b90d702c9f528d
Reviewed-on: https://review.typo3.org/26360
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] getFileIndexRecordsForFolder only works for hierarchical path 57/26357/3
Steffen Ritter [Thu, 12 Dec 2013 16:08:21 +0000 (17:08 +0100)]
[BUGFIX] getFileIndexRecordsForFolder only works for hierarchical path

The method FileRepository::getFileIndexRecordsForFolder
retrieves the Index Records for files in a given folder using a
LIKE-query. This basically checks if the identifier of the a
folder is part of the identifier of the file.

This concept has several drawbacks. First not all storages are
hierarchical, second this will fail if there is a different
directory seperator than / and finally this fetches records
for the folder recursively which may result in a huge amount of
data if for example the root folder of an storage is queried.

In addition the method resides in the FileRepository while it
retrieves IndexRecords - which is a different concern.

This change introduces the function within the
FileIndexRepository and uses the folder_hash (introduced in
https://review.typo3.org/23398) to query for the files.

The old method is deprecated now, calls the new method and
all core-usages of the old function have been rewritten to
use the new functionality.

Releases: 6.2
Resolves: #53687
Change-Id: Icabf2350192c93951f2277f3aa7468fe958bfabf
Reviewed-on: https://review.typo3.org/26357
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Fix message for install tool warning 09/26509/4
Cynthia Mattingly [Fri, 20 Dec 2013 10:06:52 +0000 (11:06 +0100)]
[BUGFIX] Fix message for install tool warning

Fix incorrect message for install tool login attempt warning.

Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b85ffc554187baf1f2601c578cbaafc5718
Reviewed-on: https://review.typo3.org/26509
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] UX enhancement for EXT:documentation 75/25975/4
Xavier Perseguers [Fri, 6 Dec 2013 09:21:52 +0000 (10:21 +0100)]
[TASK] UX enhancement for EXT:documentation

Rework the documentation module according to the
discussion with the TYPO3 Usability Team.

Resolves: #54067
Releases: 6.2
Change-Id: Ia59c9a1554080b71412b467f6621bc7270a81c72
Reviewed-on: https://review.typo3.org/25975
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
5 years ago[TASK] Set TYPO3 version to 6.2-dev 93/26493/2
TYPO3 Release Team [Thu, 19 Dec 2013 15:26:52 +0000 (16:26 +0100)]
[TASK] Set TYPO3 version to 6.2-dev

Change-Id: Ia6a172bcc88924db714005165d92added4bb4a1a
Reviewed-on: https://review.typo3.org/26493
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 6.2.0beta3 92/26492/2 TYPO3_6-2-0beta3
TYPO3 Release Team [Thu, 19 Dec 2013 15:26:23 +0000 (16:26 +0100)]
[RELEASE] Release of TYPO3 6.2.0beta3

Change-Id: I59ca5042eda854c6d3daf02b54c23bb3acd615ff
Reviewed-on: https://review.typo3.org/26492
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[TASK] Setup travis notifications 91/26491/2
Helmut Hummel [Thu, 19 Dec 2013 14:12:28 +0000 (15:12 +0100)]
[TASK] Setup travis notifications

Since the travis ci service changed the notification
policy to not notify authors of commits on failed
builds, we need to set up explicit notifications
so that failing builds do not stay undiscovered.

A first step will be to sent a notification to
the irc channel and the core list.

Change-Id: I6f5953f65aab04c526eae8aa34890e39169ab60f
Reviewed-on: https://review.typo3.org/26491
Tested-by: Ernesto Baschny
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[TASK] Update NEWS.md for system categories 62/26362/2
Francois Suter [Thu, 12 Dec 2013 20:50:31 +0000 (21:50 +0100)]
[TASK] Update NEWS.md for system categories

The following changes to system categories should be mentioned
in NEWS.md:

* activation by default on pages and tt_content tables
* new menu types for categories-based menus

Resolves: #54368
Releases: 6.2
Change-Id: I1ca95ea6354f52a68bd31cf284d6a103563190a4
Reviewed-on: https://review.typo3.org/26362
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years agoRevert "[BUGFIX] Replace the table definition manipulation by signals" 88/26488/3
Helmut Hummel [Thu, 19 Dec 2013 13:43:33 +0000 (14:43 +0100)]
Revert "[BUGFIX] Replace the table definition manipulation by signals"

This reverts commit 2d6e8deae30794afb1967c38857f49b10060f38d
This merge broke travis unit and functional tests.
Needs some work on these components to get in again.

[ci skip]

Change-Id: Ifa96df8c60472def99707431793de291043d23e4
Reviewed-on: https://review.typo3.org/26488
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Missing CSH for categories-based menus 61/26361/2
Francois Suter [Thu, 12 Dec 2013 20:32:43 +0000 (21:32 +0100)]
[BUGFIX] Missing CSH for categories-based menus

New fields were added to the tt_content table to be used when creating
categories-based menus (of pages or content elements).
Those fields are currently missing CSH.

Resolves: #54366
Releases: 6.2
Change-Id: I0fea98a7c3ecd29ffca6559314bd3f790845e3e7
Reviewed-on: https://review.typo3.org/26361
Reviewed-by: Francois Suter
Tested-by: Francois Suter
5 years ago[BUGFIX] Replace the table definition manipulation by signals 42/24942/8
Thomas Maroschik [Mon, 21 Oct 2013 17:47:20 +0000 (19:47 +0200)]
[BUGFIX] Replace the table definition manipulation by signals

During installation of extensions the Extension Manager does
not take the Category API into account. The code to do so is
present in the Install Tool in the Database Compare Tool. It is
cumbersome to switch to the install tool to update the database
in order to use the category fields. The install tool and extension
manager currently need to know which components manipulate
the table definitions and this is bad coupling of components
which shouldn't know each other.

This fix replaces the individual calls to the components by two
signals and thus a generic approach.

Fixes: #53016
Releases: 6.2
Change-Id: Ibaea293b96fb1b8df1eacdcdd2f98acf74fb155b
Reviewed-on: https://review.typo3.org/24942
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Fabien Udriot
Tested-by: Fabien Udriot
Reviewed-by: Thomas Maroschik
Tested-by: Thomas Maroschik
5 years ago[TASK] Mark PathUtility::stripPathSitePrefix as internal 86/26486/2
Markus Klein [Thu, 19 Dec 2013 00:16:45 +0000 (01:16 +0100)]
[TASK] Mark PathUtility::stripPathSitePrefix as internal

This is a follow up to 7efcf2a4 which marks the newly
introduced method as internal.
https://review.typo3.org/25851

Resolves: #54126
Releases: 6.2
Change-Id: Iaffa3cf96e7e43487f4249a70460f64fc3a066ea
Reviewed-on: https://review.typo3.org/26486
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] oncontextmenu: Avoid duplicating onclick-functionality 94/26094/2
Stefan Neufeind [Mon, 9 Dec 2013 00:30:06 +0000 (01:30 +0100)]
[TASK] oncontextmenu: Avoid duplicating onclick-functionality

Where onclick and oncontextmenu behave the same avoid duplicating
JavaScript-code and simply call the click()-functionality.

Change-Id: Iaa0b96fd311ea1a8367ef474b483e6c92bb1bcff
Resolves: #54288
Releases: 6.2
Reviewed-on: https://review.typo3.org/26094
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Add tool-function to strip PATH_site-part of paths 51/25851/3
Stefan Neufeind [Sun, 8 Dec 2013 15:42:02 +0000 (16:42 +0100)]
[TASK] Add tool-function to strip PATH_site-part of paths

Avoid having to use the substr/strlen-magic.
Also strlen(PATH_site) can be statically cached.

Change-Id: I0ef942e331e2039e2ece9a55dd740db2a3896e2c
Resolves: #54126
Releases: 6.2
Reviewed-on: https://review.typo3.org/25851
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Follow up: Moving files and folders doesn't update hashes 77/26477/7
Stefan Neufeind [Wed, 18 Dec 2013 20:12:01 +0000 (21:12 +0100)]
[BUGFIX] Follow up: Moving files and folders doesn't update hashes

Since #53655, reviewed at https://review.typo3.org/25481 the indexer
takes care of updating file objects and index records if a file or
folder is moved.

The unit tests have not been adapted to that change accordingly.
This changeset fixes the tests for LocalDriver and ResourceStorage.

Change-Id: Id17b01b8e47dd63750d1c11c2d4e24313b053695
Resolves: #54499
Releases: 6.2
Reviewed-on: https://review.typo3.org/26477
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Optimize Package State Migration 48/25648/5
Thomas Maroschik [Fri, 22 Nov 2013 16:48:22 +0000 (17:48 +0100)]
[TASK] Optimize Package State Migration

Under certain circumstances the Failsafe Package Manager
could interfer with the Update Package Manager in the Install Tool.

In order to reduce this friction the migration logic is integrated
into the migration step.

Resolves: #53886
Releases: 6.2
Change-Id: I0300b9c74736262b03f9f9b59a49576b7edf5b2f
Reviewed-on: https://review.typo3.org/25648
Reviewed-by: Markus Klein
Reviewed-by: Thomas Maroschik
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[FEATURE] Allow the activation of packages during runtime 39/24939/5
Thomas Maroschik [Mon, 21 Oct 2013 17:10:42 +0000 (19:10 +0200)]
[FEATURE] Allow the activation of packages during runtime

Due to the nature of the Flow Package Manager, packages cannot
be activated and directly used during runtime. Before the Package
Manager it was possible to activate/deactivate extensions in
AdditionalConfiguration.php under certain custom conditions.

This patch introduces a new setting in $GLOBALS['TYPO3_CONF_VARS']
['EXT']['runtimeActivatedPackages'] = array('{packageKey}') that
gets initialized right after the package management initialization.

Resolves: #53015
Releases: 6.2
Change-Id: Id3b85a3feb00876d2a04a02e85450a4568eb5bff
Reviewed-on: https://review.typo3.org/24939
Reviewed-by: Thomas Maroschik
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Tested-by: Alexander Stehlik
Tested-by: Frans Saris
Reviewed-by: Stefan Froemken
Tested-by: Stefan Froemken
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Use correct file data variable in Indexer 39/26339/3
Alexander Stehlik [Sat, 14 Dec 2013 18:09:52 +0000 (19:09 +0100)]
[BUGFIX] Use correct file data variable in Indexer

The processChangedAndNewFiles() method in the Indexer class now uses
the $fileIndexEntry variable for retrieving a file object from the
resource factory instead of the invalid $data variable which is NULL.

Resolves: #54312
Releases: 6.2
Change-Id: I3b9c2ce99f7b4b7c575cc4055c02912c306ed789
Reviewed-on: https://review.typo3.org/26339
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Access to sys_files is incompatible to fe_access checks 87/25987/3
Steffen Ritter [Sat, 7 Dec 2013 08:22:59 +0000 (09:22 +0100)]
[BUGFIX] Access to sys_files is incompatible to fe_access checks

The system extension filemetadata adds access restriction fields
for selecting frontend user groups as known from tt_content or
pages. Behind the scenes of the TCEform this relation is stored
in a MM table which is incompatible to the usual access checks.

In addition a opposite relation is added to fe_groups which
queries all files to show in a selector.

This change removes the MM table and reconfigures the fe_groups
field in the same way as it is done for tt_content and pages.

Resolves: #54236
Resolves: #54237
Releases: 6.2
Change-Id: I8a05073dee9e57e48335e1fe2a3917313563ac7d
Reviewed-on: https://review.typo3.org/25987
Reviewed-by: Markus Klein
Reviewed-by: Stefan Froemken
Tested-by: Stefan Froemken
Reviewed-by: Frans Saris
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Moving files and folders doesn't update hashes 81/25481/3
Frans Saris [Mon, 18 Nov 2013 07:47:04 +0000 (08:47 +0100)]
[BUGFIX] Moving files and folders doesn't update hashes

The ResourceStorage does not properly make use of the Indexer.
As result the indexRecord is not properly updated after a
file change.

This patch cleans up the ResourceStorage so it doesn't update
the index properties itself but leaves that to the indexer.

Resolves: #53655
Releases: 6.2
Change-Id: I249505a1bc0b93f8b3ffb0e9cb2b7f10a9a9968e
Reviewed-on: https://review.typo3.org/25481
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] ArrayIterator::seek() warning in ElementBrowser 59/25359/9
Markus Klein [Wed, 13 Nov 2013 03:10:09 +0000 (04:10 +0100)]
[BUGFIX] ArrayIterator::seek() warning in ElementBrowser

ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.

Resolves: #51752
Releases: 6.2, 6.1, 6.0
Change-Id: I56468c79225e2d3baa5e5784571074532e2287ad
Reviewed-on: https://review.typo3.org/25359
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Uncaught exception if editor has no file mount 57/25357/3
Markus Klein [Wed, 13 Nov 2013 01:19:43 +0000 (02:19 +0100)]
[BUGFIX] Uncaught exception if editor has no file mount

If an editor has got no file mounts, an uncaught exception
is shown in the element browser.

Fix this by checking if there is a selected folder at all.

Resolves: #52969
Releases: 6.2
Change-Id: I5f9e8cc7994edd69f6db6ae1cc647ee31e4930c6
Reviewed-on: https://review.typo3.org/25357
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] felogin: Unknown modifier in regular expression 81/23881/6
Wouter Wolters [Tue, 17 Sep 2013 20:47:24 +0000 (22:47 +0200)]
[BUGFIX] felogin: Unknown modifier in regular expression

A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the beginning and the end of the regular
expression.

Change-Id: Id4d3439c1cdbec691d977570bf76ba0c7bad493c
Resolves: #52059
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23881
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Form Wizard saving destroys Radio Buttons 82/25482/5
Markus Klein [Mon, 18 Nov 2013 10:30:18 +0000 (11:30 +0100)]
[BUGFIX] Form Wizard saving destroys Radio Buttons

This fixes a wrong parsing of \r\n characters for radio
button options.

Resolves: #53727
Releases: 6.2, 6.1, 6.0
Change-Id: I9a88be010a7dd982776bee4a98ba99d97fcc406b
Reviewed-on: https://review.typo3.org/25482
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Remove ElementBrowser::isReadOnlyFolder 58/25358/4
Markus Klein [Wed, 27 Nov 2013 22:20:25 +0000 (23:20 +0100)]
[BUGFIX] Remove ElementBrowser::isReadOnlyFolder

ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved to the methods that
create the file upload and folder creation forms.

The method and the parts where it was used were removed.

Additionally the check if the user is allowed to create folders
by TSConfig was moved to the createFolder method to reduce the amount
of duplicate code.

Resolves: #47648
Releases: 6.2, 6.1, 6.0
Change-Id: Ic6504c8def80012cbe420fc83539cfa859a53c0d
Reviewed-on: https://review.typo3.org/25358
Reviewed-by: DANIEL Rémy
Tested-by: DANIEL Rémy
Reviewed-by: Fabien Udriot
Tested-by: Fabien Udriot
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Pagetree pointer cursor broken since ExtJS upgrade 99/26099/3
Stefan Neufeind [Mon, 9 Dec 2013 01:51:44 +0000 (02:51 +0100)]
[BUGFIX] Pagetree pointer cursor broken since ExtJS upgrade

Icons in the pagetree should show cursor:pointer on hover.
This changed with ExtJS-upgrade in #52933 because of
x-unselectable.

Since in the pagetree we need x-unselectable unfortunately
manually bring back the old cursor-behaviour.

Change-Id: If6fa45b0e3491d9180855a4d0a462c5fb559d476
Resolves: #54238
Releases: 6.2
Reviewed-on: https://review.typo3.org/26099
Reviewed-by: Alexander Stehlik
Tested-by: Alexander Stehlik
Reviewed-by: Marcin S?gol
Tested-by: Marcin S?gol
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[TASK] Cleanup usage of getPageRenderer() 44/25844/2
Stefan Neufeind [Sun, 1 Dec 2013 13:42:04 +0000 (14:42 +0100)]
[TASK] Cleanup usage of getPageRenderer()

Change-Id: Id2dc49c9a5e5ca3ede14bc82218dd9ccdc7628ca
Resolves: #54123
Releases: 6.2
Reviewed-on: https://review.typo3.org/25844
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Xavier Perseguers
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] fileadmin is hardcoded in install tool 40/25640/4
Eric Chavaillaz [Fri, 22 Nov 2013 13:29:43 +0000 (14:29 +0100)]
[BUGFIX] fileadmin is hardcoded in install tool

In the class "DefaultFactory", "fileadmin" is hardcoded.
The function "getDefaultStructureDefinition"
must take care of the $GLOBALS['TYPO3_CONF_VARS']
['BE']['fileadminDir'] configuration variable.

Resolves: #53872
Releases: 6.2
Change-Id: I17c836a58ea70d218170a33e28ca578bb50eef0b
Reviewed-on: https://review.typo3.org/25640
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Superfluous comparison in OpendocsController 39/25739/2
Wouter Wolters [Thu, 28 Nov 2013 20:54:05 +0000 (21:54 +0100)]
[TASK] Superfluous comparison in OpendocsController

Fix superfluous comparison against boolean in
OpendocsController::checkAccess

Change-Id: I0682042848f2f25856506d5949fc724853c43948
Resolves: #54052
Releases: 6.2
Reviewed-on: https://review.typo3.org/25739
Reviewed-by: Jo Hasenau
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Superfluous comparison in DataHandler 38/25738/2
Wouter Wolters [Thu, 28 Nov 2013 20:48:34 +0000 (21:48 +0100)]
[TASK] Superfluous comparison in DataHandler

Fix superfluous comparison against boolean in
DataHandler::versionizeRecord

Change-Id: I345917b9eb29f3cbb39a137f624926888dec623a
Resolves: #54051
Releases: 6.2
Reviewed-on: https://review.typo3.org/25738
Reviewed-by: Jo Hasenau
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Superfluous comparison in RelationHandler 35/25735/2
Wouter Wolters [Thu, 28 Nov 2013 20:25:12 +0000 (21:25 +0100)]
[TASK] Superfluous comparison in RelationHandler

Fix superfluous comparison against boolean in
RelationHandler::readForeignField

Change-Id: I77f17dee6a14da7779dfe8e37bc73f33a3d02cb5
Resolves: #54048
Releases: 6.2
Reviewed-on: https://review.typo3.org/25735
Reviewed-by: Jo Hasenau
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Superfluous comparison in Language 41/25741/3
Wouter Wolters [Thu, 28 Nov 2013 21:01:31 +0000 (22:01 +0100)]
[TASK] Superfluous comparison in Language

Fix superfluous comparison against boolean in
Laguage::getLanguages

Change-Id: Idbf4c1f234eb1c60c01ea130095759ef49ce71c0
Resolves: #54054
Releases: 6.2
Reviewed-on: https://review.typo3.org/25741
Reviewed-by: Xavier Perseguers
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Fix side effect for new class instantiation 40/26440/3
Helmut Hummel [Sun, 15 Dec 2013 18:54:46 +0000 (19:54 +0100)]
[BUGFIX] Fix side effect for new class instantiation

With commit 6eb7a54 performance optimized class
instantiation code has been committed. This code
removed the side effect of a reflection exception
being thrown when a not existing class is instantiated.

Code in ContentObjectRenderer relied on this side
effect, so we have to fix that and properly test
if the class exists instead.

Additionally this change adds some more comments
to the new instantiation code that has been forgotten
in the last commit.

Resolves: #54425
Releases: 6.2
Change-Id: I8962434d60f80daf77ccdce7a8148e26f8fee267
Reviewed-on: https://review.typo3.org/26440
Reviewed-by: Marcin S?gol
Tested-by: Marcin S?gol
Reviewed-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Anja Leichsenring
Reviewed-by: Anja Leichsenring
Tested-by: Tobias Liegl
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
5 years ago[TASK] Optimize speed for instantiating class with arguments 63/26363/6
Helmut Hummel [Thu, 12 Dec 2013 21:44:42 +0000 (22:44 +0100)]
[TASK] Optimize speed for instantiating class with arguments

PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate classes with up to 8 arguments without
reflection.

Resolves: #53682
Releases: 6.2, 6.1, 6.0
Change-Id: I82ecf0b1ea9a412a39b4429d7689f2bb6489f3df
Reviewed-on: https://review.typo3.org/26363
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Create valid file reference index data 76/25476/4
Alexander Stehlik [Tue, 10 Dec 2013 12:25:03 +0000 (13:25 +0100)]
[BUGFIX] Create valid file reference index data

This patch prevents the creation of sys_refindex entries that point to no
table and no record.

Additionally it fixes the array structure for the creation of
sys_refindex records for sys_file relations.

For deleted file references no reference will be created between
sys_file and the referenced table.

The configuration for the uid_foreign field was changed from a select
field for tt_content records to a normal input field to prevent the
creation of invalid refindex data. To which table uid_foreign is
pointing depends on the tablenames field.

To make sure both sides of the relation of a sys_file_reference appear
in the refindex table the exclusion of sys_file_reference as
foreign_table is removed.

Resolves: #53712
Releases: 6.2, 6.1, 6.0
Change-Id: Ic864ade10e4e97fbd9017b9c779be68d911dd626
Reviewed-on: https://review.typo3.org/25476
Reviewed-by: Fabien Udriot
Tested-by: Fabien Udriot
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Followup Fluid Template Fallback paths 03/24903/24
Anja Leichsenring [Mon, 25 Nov 2013 23:32:39 +0000 (00:32 +0100)]
[BUGFIX] Followup Fluid Template Fallback paths

In the previously merged patch are some glitches and a regression:
- The usage (and test for existence) of deprecated functions has been
  removed.
- The value passed by the old behaviour is now considered last place
  in the array providing the lookup paths
- The typo preventing usage setLayoutPaths() has been removed.

Intended usage:
plugin.tx_a.view.templateRootPaths {
default = <some default path>
extendedA = <some additional path>
}
The array gets reversed and the first hit will be used as template.
In case only numeric indizes are used, the entries get ordered.
See unit tests for a more specific description.

Change-Id: If4fa75347614cf9b352c6016430a928833cc62cd
Resolves: #52971
Documentation: #52761
Releases: 6.2
Reviewed-on: https://review.typo3.org/24903
Reviewed-by: Alexander Stehlik
Tested-by: Alexander Stehlik
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
5 years ago[BUGFIX] No double htmlspecialchars for filemount select 70/25770/2
Alexander Stehlik [Sat, 30 Nov 2013 00:03:34 +0000 (01:03 +0100)]
[BUGFIX] No double htmlspecialchars for filemount select

Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to use
htmlspecialchars in the renderTceformsSelectDropdown() method which
generates the select items for the filemount Backend form.

The current code will htmlencode the select value twice which results
in a htmlencoded value in the database which causes problems with
directory names that contain special characters.

Resolves: #54027
Releases: 6.2, 6.1, 6.0
Change-Id: I7ec8262f6c3d20879cde0679636a6a8e5c1d19cd
Reviewed-on: https://review.typo3.org/25770
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Oliver Klee
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Fix travis builds 66/26366/2
Georg Ringer [Fri, 13 Dec 2013 05:33:01 +0000 (06:33 +0100)]
[TASK] Fix travis builds

Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is used which doesn't support things like "--single-branch".

To avoid this, git is updated to latest version on the build server before
starting cloning

Change-Id: Ic5f698e84f378b9fed6bd64398b8058a20be860e
Resolves: #54369
Releases: 6.2
Reviewed-on: https://review.typo3.org/26366
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
5 years ago[BUGFIX] Clear statcache after writing file contents 78/26278/3
Alexander Stehlik [Tue, 10 Dec 2013 15:21:20 +0000 (16:21 +0100)]
[BUGFIX] Clear statcache after writing file contents

To make sure calls to filesize() etc. return correct values the PHP
method clearstatcache() is called in the LocalDriver after contents
were written to a file.

Resolves: #54302
Releases: 6.2
Change-Id: Ia30e519d17aa3cf37856096f1cdac567b5729aec
Reviewed-on: https://review.typo3.org/26278
Reviewed-by: Markus Klein
Reviewed-by: Frans Saris
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
5 years ago[SECURITY] XSS in header link of all content elements 25/26225/2
Anja Leichsenring [Tue, 10 Dec 2013 09:55:15 +0000 (10:55 +0100)]
[SECURITY] XSS in header link of all content elements

The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escaping the parameter
with quoteJSvalue solves the problem.

Change-Id: Ie91b022a2ffed039fb365e6b0be2ea39f7096514
Fixes: #31206
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 484cf1aea8d3e66db547325fe4d843d50a668162
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26225
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in colorpicker wizard 24/26224/2
Marcus Krause [Tue, 10 Dec 2013 09:55:10 +0000 (10:55 +0100)]
[SECURITY] XSS in colorpicker wizard

Encode user-input in JavaScript context for colorpicker.

Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: b6fec0611604ccdce95d4d33cd7dcae0911a5d9a
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26224
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Prevent editor controlled hmac content 23/26223/2
Franz G. Jahn [Tue, 10 Dec 2013 09:55:04 +0000 (10:55 +0100)]
[SECURITY] Prevent editor controlled hmac content

An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. To prevent this, we add an
additional secret.

Change-Id: I1551feebd4dd84abeb3fb098175384f425f605a9
Fixes: #45043
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 344975268f4b9eb4ce7c664958647b9268ea03a8
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26223
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in backend user adminstration 22/26222/2
Marc Bastian Heinrichs [Tue, 10 Dec 2013 09:54:58 +0000 (10:54 +0100)]
[SECURITY] XSS in backend user adminstration

Change-Id: I88807af69635d75f1fbefc62b4672e945397fb07
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 715b2c58c53f0109acce8c52df08d5dffea79f49
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26222
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Information Disclosure in Wizards 21/26221/2
Helmut Hummel [Tue, 10 Dec 2013 09:54:53 +0000 (10:54 +0100)]
[SECURITY] Information Disclosure in Wizards

It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA by manipulating
GET parameters of the forms and table wizard.

This change adds a check if the editor has access
to the given record.

Change-Id: I8e27e5ffbccf148d951b50b21d9e15cc8e317442
Fixes: #41714
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 52d4e3eced81639820db6d75f3d65d14c5234072
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26221
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Fix open redirection in openid extension 20/26220/2
Helmut Hummel [Tue, 10 Dec 2013 09:54:48 +0000 (10:54 +0100)]
[SECURITY] Fix open redirection in openid extension

The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulnerability.

Add and verify hmac of the redirect url.

Change-Id: I0d65390b61dd5cf92151d36e490a194624b98b8f
Fixes: #54099
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 5c6a45c0f843a93ab048a3df4bb352b8e02099b2
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26220
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in be_layout wizard 19/26219/2
Anja Leichsenring [Tue, 10 Dec 2013 09:54:39 +0000 (10:54 +0100)]
[SECURITY] XSS in be_layout wizard

Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
The solution is the introduction of a hmac validation of the parameters
used in JavaScript.

Change-Id: I48f89309fc062d132e283d4fd9179ccbfdcfda4c
Fixes: #36768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: a3ac48f5d66c566d241295d87cc8d7eb4d10c274
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26219
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in beuser VH 18/26218/2
Anja Leichsenring [Tue, 10 Dec 2013 09:54:34 +0000 (10:54 +0100)]
[SECURITY] XSS in beuser VH

The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.

Change-Id: I0dadb03105d3eaa520f10f0375a46c83fa56c269
Fixes: #47086
Releases: 6.2, 6.1, 6.0
Security-Commit: 1e0f51f204efd9efacec8aef8ea08e2a8122177b
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26218
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Remove possible XSS from ActionController Error output 17/26217/2
Anja Leichsenring [Tue, 10 Dec 2013 09:54:29 +0000 (10:54 +0100)]
[SECURITY] Remove possible XSS from ActionController Error output

As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::errorAction() method
could lead to a cross side scripting possibility.

The offending output has been removed without substitution.

Change-Id: I01385c54bb384a86fc6428f67171e7010b821cc2
Fixes: #54074
Releases: 6.2, 6.1, 6.0, 4.7. 4,5
Security-Commit: ec947ba22bd673827899c5e82857b293dff8b4b0
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26217
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard 16/26216/2
Steffen Ritter [Tue, 10 Dec 2013 09:54:24 +0000 (10:54 +0100)]
[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard

If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you then add a new
element to be related.

In order to "store" the originating document which has been
edited, the Wizard/AddController and EditDocumentController
exchange state data in an URL-parameter.

This state-array is serialized in the EditDocumentController
and again unserialized in the Wizard/AddController from that
GET parameter. Without any checks, every code can be injected
to be unserialized here - even though we just need an array
with some data.

This patch changes serialize/unserialize to json_encode and
json_decode. Since the GET parameter only is used in
conjunction of these two classes it is save to changes the
format how the URL parameters are serialized.

Change-Id: I3b41bd0a688f067af2ea4a345ce0264f61bdecf7
Fixes: #54073
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 7148349140f9c8ccb6d847ef58cf1e032711315b
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26216
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years agoRevert "[FEATURE] Fallback/default case for SwitchViewhelper" 55/26055/2
Anja Leichsenring [Sun, 8 Dec 2013 15:29:31 +0000 (16:29 +0100)]
Revert "[FEATURE] Fallback/default case for SwitchViewhelper"

This reverts commit 8e022bcbea4f7775ce10fee30b4682a6047c461c

Merged a Feature after Feature Freeze is not acceptable. Sorry. Patch is pushed new but will not be available in 6.2.

Change-Id: I39baa58c70b0e942d01c1c37bbf793b873db385d
Reviewed-on: https://review.typo3.org/26055
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[FEATURE] Fallback/default case for SwitchViewhelper 39/23739/11
Jan Kiesewetter [Sun, 27 Oct 2013 10:22:44 +0000 (11:22 +0100)]
[FEATURE] Fallback/default case for SwitchViewhelper

In order to provide the full functionality known from the
switch/case PHP function, a default case possibility is
introduced. Use it like:
<f:switch expression="{person.gender}">
  <f:case value="female">Mrs.</f:case>
  <f:case value="male">Mr.</f:case>
  <f:case default="TRUE">Mrs. or Mr.</f:case>
</f:switch>

Resolves: #49371
Documentation: #54283
Change-Id: I6b71ec39173ab957aa392bd595a65ceddadc81c9
Releases: 6.2
Reviewed-on: https://review.typo3.org/23739
Reviewed-by: Cedric Ziel
Tested-by: Cedric Ziel
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Allow Editing field creator_tool in sys_file_metadata 93/25993/3
Xavier Perseguers [Sat, 7 Dec 2013 13:54:17 +0000 (14:54 +0100)]
[BUGFIX] Allow Editing field creator_tool in sys_file_metadata

The filemetadata extension adds additional fields to the sys_file_metadata
table. The field creator_tool is defined in SQL and TCA, but not added to
any palette or tab. This patch adds the field to the palette with
related authoring information.

Releases: 6.2
Fixes: #54259
Change-Id: I9e3c3af618b04ddde1c96b3dcb1e4cdf209f6eec
Reviewed-on: https://review.typo3.org/25993
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[TASK] Add editing of file metadata to ClickMenu 11/25811/5
Steffen Ritter [Sat, 30 Nov 2013 18:56:29 +0000 (19:56 +0100)]
[TASK] Add editing of file metadata to ClickMenu

The Context-Menu of files misses the editing pen allowing
to directly edit the metadata of the file. Currently it
only shows the edit-content possibility in case it is a
text file.

This patch adds the missing option.

Resolves: #52835
Releases: 6.2
Change-Id: I869d8a57d2cacc04455df5189b5cc7af02c2e9cf
Reviewed-on: https://review.typo3.org/25811
Reviewed-by: Steffen Müller
Tested-by: Steffen Müller
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter