Packages/TYPO3.CMS.git
6 hours ago[TASK] Raise guzzlehttp/psr7 composer dependency 15/59515/2 TYPO3_8-7
Oliver Hader [Mon, 21 Jan 2019 19:05:36 +0000 (20:05 +0100)]
[TASK] Raise guzzlehttp/psr7 composer dependency

composer update guzzlehttp/psr7

Resolves: #87512
Releases: master, 9.5, 8.7
Change-Id: Ic3dcef632fd1ac65e09f5d8fb6d631ab211e8c3e
Reviewed-on: https://review.typo3.org/59515
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
14 hours ago[BUGFIX] Harden CommandUtility invocations 72/59472/2
Oliver Hader [Mon, 10 Dec 2018 07:51:21 +0000 (08:51 +0100)]
[BUGFIX] Harden CommandUtility invocations

In order to harden CommandUtility API arguments used for invoking
system commands are escaped in addition. Since no insecure usages
have been identified in the TYPO3 core nor in public third party
extensions, this change is handled using a public workflow.

| In order to evaluate whether third party extensions open a
| potential attack vector, usages of CommandUtility::checkCommand(),
| CommandUtility::getCommand() and the registration of custom services
| ($GLOBALS[‘T3_SERVICES’]) concerning their ‘exec’ argument have to
| be checked.

Resolves: #87450
Releases: master, 9.5, 8.7
Security-Advisory: TYPO3-PSA-2019-001
Change-Id: If4f2a63045ac7b2473881992f9731a635a768d37
Reviewed-on: https://review.typo3.org/59472
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 days ago[TASK] Add `.nvmrc` file 79/59479/2
Andreas Fernandez [Wed, 16 Jan 2019 21:37:15 +0000 (22:37 +0100)]
[TASK] Add `.nvmrc` file

nvm (node version manager) is a tool to have multiple node versions
installed. Since TYPO3 relies on an older node version right now, we can
provide support for nvm by adding a .nvmrc file.

This still requires to have nvm installed and configured on the client.

Resolves: #87468
Releases: master, 9.5, 8.7
Change-Id: Ie16827594fbdebeff1004cd178c28c67a61d60d7
Reviewed-on: https://review.typo3.org/59479
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Josef Glatz <josef.glatz@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
10 days ago[BUGFIX] Streamline creating text files in filelist module 10/59410/2
Anja Leichsenring [Fri, 11 Jan 2019 14:01:02 +0000 (15:01 +0100)]
[BUGFIX] Streamline creating text files in filelist module

The filelist module allows to create files and redirects to an
according editing view in case the file extension is configured
in $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext']. However,
any file - except those in file-deny pattern - can be created,
but only text files can be edited directly.

Since this was kind of misleading, creating any file is still
possible, however there's no redirect anymore in case it's not
a text file. Wording in filelist module's view has been adjusted.

Resolves: #72404
Releases: master, 9.5, 8.7
Change-Id: Ibb48769aa571e880d0f5f58cfb650cade3cdb1e0
Reviewed-on: https://review.typo3.org/59410
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Tested-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
11 days ago[TASK] Update copyright year in documentation to 2019 96/59396/2
Stefanos Karasavvidis [Wed, 9 Jan 2019 09:20:56 +0000 (11:20 +0200)]
[TASK] Update copyright year in documentation to 2019

Includes year change in Settings.cfg,  Index.rst files and also
README.md, INSTALL.md and SystemEnvironmentBuilder.php

Resolves: #87313
Releases: master, 9.5, 8.7
Change-Id: Ie056e9b7804af4003c2b67ee5e6d87ffd4eb96ba
Reviewed-on: https://review.typo3.org/59396
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
12 days ago[BUGFIX] Avoid fatal when flushed directory is a symlink 89/59389/2
Helmut Hummel [Tue, 8 Jan 2019 14:33:08 +0000 (15:33 +0100)]
[BUGFIX] Avoid fatal when flushed directory is a symlink

\TYPO3\CMS\Core\Utility\GeneralUtility::flushDirectory tries to
rename the given directory to be able to atomically flush the
contents of the directory. This however fails, when the given
folder is a symlink.

We now catch this case by checking whether the given directory
is a symlink and resolve it with realpath.

While this does not cover all possible cases, it improves the
case where the folder containing the symlink is also writable.

Resolves: #87367
Releases: master, 9.5, 8.7
Change-Id: Ic812a5eaa86cca4d81aee31b4a3fbdce052994a0
Reviewed-on: https://review.typo3.org/59389
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
2 weeks ago[TASK] Stop dangling containers in bamboo 40/59340/2
Christian Kuhn [Sat, 5 Jan 2019 13:51:43 +0000 (14:51 +0100)]
[TASK] Stop dangling containers in bamboo

In rare conditions a bamboo agent does not stop all
created sibling containers at the end of a job. These
dangling containers then make consecutive runs on this
agents fail due to container namespace collisions.
As a self-heal mechanism, all jobs that fiddle with
containers now simply stop any possibly dangling containers
as an early task before starting own ones.

Resolves: #87334
Releases: master, 9.5, 8.7
Change-Id: I80332da8f9b1013dc8d961e7e532faf59b3bd3b8
Reviewed-on: https://review.typo3.org/59340
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 weeks ago[BUGFIX] Sql query export to use search_result_labels setting 39/58839/2
lsascha [Wed, 26 Sep 2018 22:43:34 +0000 (00:43 +0200)]
[BUGFIX] Sql query export to use search_result_labels setting

Releases: master, 8.7
Resolves: #86396
Change-Id: I198fe52a8024dcf392582a78c3fce0f134ed6b7a
Reviewed-on: https://review.typo3.org/58839
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 weeks ago[BUGFIX] Allow to add type=0 to typolink syntax 21/59321/2
Benni Mack [Wed, 26 Dec 2018 23:21:34 +0000 (00:21 +0100)]
[BUGFIX] Allow to add type=0 to typolink syntax

In previous versions, it was possible to link
to type=0 via "4,0,&param=2" where this was
stripped away, as the old syntax with the third
parameter was not supported anymore.

The patch changes the "empty()" to "isset()"
and explicitly sets the type parameter again.

Resolves: #81226
Releases: master, 9.5, 8.7
Change-Id: I5d19c38c90571f6686e7121dac638342783237ec
Reviewed-on: https://review.typo3.org/59321
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
4 weeks ago[BUGFIX] Streamline tree markup 89/59289/2
Andreas Fernandez [Sun, 23 Dec 2018 08:29:30 +0000 (09:29 +0100)]
[BUGFIX] Streamline tree markup

The trees used in TSOB and in the configuration module have a different
markup than the tree of the Link Browser (and the rest), causing the
regression introduced with #86790. The markup of the trees is now changed
to have a consistent structure.

Resolves: #87280
Related: #86790
Releases: master, 9.5, 8.7
Change-Id: I00c6b93c760a725e1ee771651f26c53573e0a6e2
Reviewed-on: https://review.typo3.org/59289
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
4 weeks ago[TASK] Add filter for be_users and be_groups 22/59122/2
Guido Schmechel [Sun, 9 Dec 2018 20:26:34 +0000 (21:26 +0100)]
[TASK] Add filter for be_users and be_groups

Add textfield filter for select fields from type
"selectMultipleSideBySide" for system tables.

Affected system tables: be_groups, be_users

Resolves: #87112
Releases: master, 8.7
Change-Id: Iba8b837a9fc5f2ec64be7e5ad313b454c4373feb
Reviewed-on: https://review.typo3.org/59122
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
4 weeks ago[TASK] Do not show error when copying a record was successful 35/59235/2
Christoph Lehmann [Tue, 18 Dec 2018 22:23:52 +0000 (23:23 +0100)]
[TASK] Do not show error when copying a record was successful

https://review.typo3.org/#/c/32356/ introduced the log message

The change was about skipping the direct copyRecord() call for
records that will be processed inside another copyRecord() call
for the record of the default language

Due to https://review.typo3.org/#/c/51070/ $overrideValues contains

['l10n_source' => 0]

When an element is copied inside an earlier copyRecord() call
the error log message is generated which leads to an error
flash message editors see when copying a page, but everything
(copying the records once) went fine.

A earlier call of copyRecord() can occur when using extension like
gridelements when copying a content element laying inside a
grid container element.

Resolves: #82032
Releases: master, 9.5, 8.7
Change-Id: I0d5be8e8920852a0e0c5a5ee93a67f9a6426e941
Reviewed-on: https://review.typo3.org/59235
Reviewed-by: Christoph Lehmann <christoph.lehmann@networkteam.com>
Tested-by: Christoph Lehmann <christoph.lehmann@networkteam.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
4 weeks ago[TASK] Revert test change and disable unit tests completely on Travis CI 10/59110/3
Markus Klein [Tue, 11 Dec 2018 12:24:13 +0000 (13:24 +0100)]
[TASK] Revert test change and disable unit tests completely on Travis CI

Resolves: #87119
Releases: 8.7
Change-Id: I28f7fb93dfdf8b6759abb4242b7131d4a4b63ccd
Reviewed-on: https://review.typo3.org/59110
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
4 weeks ago[BUGFIX] Disable extension updates in Composer mode 72/59172/3
Nicole Cordes [Tue, 20 Nov 2018 22:17:15 +0000 (23:17 +0100)]
[BUGFIX] Disable extension updates in Composer mode

Resolves: #86958
Releases: master, 8.7
Change-Id: Ib0f51088d42ab3dba014efcbd4c702447d75f984
Reviewed-on: https://review.typo3.org/59172
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Jörg Bösche <typo3@joergboesche.de>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
4 weeks ago[BUGFIX] Do not try to delete already remove file 92/59192/2
Helmut Hummel [Mon, 17 Dec 2018 21:33:23 +0000 (22:33 +0100)]
[BUGFIX] Do not try to delete already remove file

When using the FAL API to add a file to a folder,
the local file is deleted by default already.

Thus the attempt to remove the file again results in a warning.

Therefore remove the obsolete unlink to avoid the warning.

Resolves: #87192
Releases: 8.7, 9.5, master
Change-Id: I23f3192e2760cd705429337464c8a5506cf41205
Reviewed-on: https://review.typo3.org/59192
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[BUGFIX] Mark form as changed after using the image cropper 78/59178/2
Andreas Fernandez [Sun, 16 Dec 2018 11:24:45 +0000 (12:24 +0100)]
[BUGFIX] Mark form as changed after using the image cropper

The image cropper now marks the form as "changed" after saving new
cropping information.

Change-Id: Icc387f0458c0dca9205b87fe58ed66190a4f869c
Resolves: #86998
Releases: master, 9.5, 8.7
Reviewed-on: https://review.typo3.org/59178
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
5 weeks ago[TASK] Declare compatible with PHP 7.3 48/59148/2
Mathias Brodala [Fri, 14 Dec 2018 08:36:36 +0000 (09:36 +0100)]
[TASK] Declare compatible with PHP 7.3

The tests have been running just fine with this PHP version for a
while so it is safe to claim basic compatibility.

Resolves: #87157
Releases: 8.7
Change-Id: I5cc502375a05eb37f9c1af91c65b688f5ac99c47
Reviewed-on: https://review.typo3.org/59148
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Josef Glatz <josef.glatz@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[TASK] Streamline dependencies in package.json 80/59180/2
Benni Mack [Mon, 17 Dec 2018 12:18:14 +0000 (13:18 +0100)]
[TASK] Streamline dependencies in package.json

Several changes to Build/package.json are
adapted:
- define compatible node/yarn versions
- adapt version and URL to typo3.org

Resolves: #87177
Releases: master, 9.5, 8.7
Change-Id: Ie812cd69913e2969dc88db8e8c52edbb6d482243
Reviewed-on: https://review.typo3.org/59180
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[BUGFIX] Fix positioning of arrows in Element Browser 43/59143/5
Andreas Fernandez [Thu, 13 Dec 2018 16:18:09 +0000 (17:18 +0100)]
[BUGFIX] Fix positioning of arrows in Element Browser

The positioning of the collapse/expand arrows is changed to fix the break
in trees with very deep nesting.

Resolves: #86790
Releases: master, 8.7
Change-Id: Ie1a916da8220468c6fbb4034c1668675f379f588
Reviewed-on: https://review.typo3.org/59143
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[TASK] bamboo sends nightly build messages to intercept 70/59170/2
Christian Kuhn [Sun, 16 Dec 2018 14:46:54 +0000 (15:46 +0100)]
[TASK] bamboo sends nightly build messages to intercept

Resolves: #87171
Releases: master, 9.5, 8.7
Change-Id: Ia71eb5ce2824ff3c39dbc526ec3a3d93b4990eca
Reviewed-on: https://review.typo3.org/59170
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
5 weeks ago[BUGFIX] Support DateTimeInterface in DebuggerUtility 19/59019/3
Andreas Wolf [Mon, 26 Nov 2018 08:38:34 +0000 (09:38 +0100)]
[BUGFIX] Support DateTimeInterface in DebuggerUtility

Change-Id: Ib38107456acd0f0535dc51083006ee77c5a81c17
Resolves: #87002
Releases: master, 8.7
Reviewed-on: https://review.typo3.org/59019
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[TASK] Set TYPO3 version to 8.7.23-dev 47/59147/2
Oliver Hader [Fri, 14 Dec 2018 07:45:00 +0000 (08:45 +0100)]
[TASK] Set TYPO3 version to 8.7.23-dev

Change-Id: Ie8c2a514c0832934d589547fad7cb83f987725f6
Reviewed-on: https://review.typo3.org/59147
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[RELEASE] Release of TYPO3 8.7.22 46/59146/2 8.7.22 TYPO3_8-7-22 v8.7.22
Oliver Hader [Fri, 14 Dec 2018 07:43:33 +0000 (08:43 +0100)]
[RELEASE] Release of TYPO3 8.7.22

Change-Id: I7402a9db4d4d0d0ab760107b6df0c4263081ea8c
Reviewed-on: https://review.typo3.org/59146
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[BUGFIX] Properly separate markup for modal windows in extension manager 41/59141/2
Oliver Hader [Thu, 13 Dec 2018 15:41:12 +0000 (16:41 +0100)]
[BUGFIX] Properly separate markup for modal windows in extension manager

Due to recent security releases and fixes against cross-site scripting
in central modal window component, templates are separated in order to
distinguish between (secure) HTML and attribute or text nodes.

Resolves: #87146
Releases: master, 8.7
Change-Id: I1264cbe9005e54d1fe30eaba23efbbad07937cb1
Reviewed-on: https://review.typo3.org/59141
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[BUGFIX] Fix HTML in modal of OnlineMedia.js 40/59140/3
Benni Mack [Thu, 13 Dec 2018 20:57:13 +0000 (21:57 +0100)]
[BUGFIX] Fix HTML in modal of OnlineMedia.js

Allows to call the OnlineMedia modal box again.

This change also adapts the buttons within
a Modal to be text-only.

Resolves: #87144
Releases: master, 8.7
Change-Id: Id08356aad3eb319c59af1411a14131715c8159d0
Reviewed-on: https://review.typo3.org/59140
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[BUGFIX] getTreeList inserts duplicate keys in cache_treelist 39/59139/2
Alexander Schnitzler [Wed, 12 Dec 2018 21:53:07 +0000 (22:53 +0100)]
[BUGFIX] getTreeList inserts duplicate keys in cache_treelist

Unfortunately https://review.typo3.org/58951/ did not actually
solve issues #86028 and #86491 for good.

There are two issues concerning the former approach:

1) The expiration time of all created caches was 0, which resulted
   in a permanent creation and deletion of cache entries. This
   behaviour cannot be called caching.

2) Number 1) increases the chance for race conditions where several
   parallel requests tried to create the same cache entry.

To fix this, the check for an existing cache entry will be reverted
to behave like before the regression, i.e. cache entries with an
expiration timestamp of 0 are considered valid again.

Also, new caches are created within a transaction, which prevents
duplicate key errors.

Releases: master, 8.7
Resolves: #87139
Change-Id: If9470f6e0f875c0ec4fe3c092c9bd0dfc059de2d
Reviewed-on: https://review.typo3.org/59139
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[BUGFIX] Revert bugfix Remove surrounding &nsbp; in the tables with ol or ul in CKEditor 38/59138/2
Benni Mack [Thu, 13 Dec 2018 16:58:39 +0000 (17:58 +0100)]
[BUGFIX] Revert bugfix Remove surrounding &nsbp; in the tables with ol or ul in CKEditor

This reverts commit c23b1e1970d44cb3fc836db697650be568788218
as now frontend rendering is different from 8.7.19 and 8.7.20.

Resolves: #86819
Reverts: #83795
Releases: master, 8.7
Change-Id: Ifd264779f2d0a678781fcf5761a81982023f3056
Reviewed-on: https://review.typo3.org/59138
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 weeks ago[BUGFIX] Do not rewind Generator in DebuggerUtility::var_dump() 34/59134/2
Mathias Brodala [Thu, 13 Dec 2018 14:21:15 +0000 (15:21 +0100)]
[BUGFIX] Do not rewind Generator in DebuggerUtility::var_dump()

Resolves: #87149
Releases: master, 8.7
Change-Id: I8cf2cfab94634276a67fd3d0dd36215c12ae5490
Reviewed-on: https://review.typo3.org/59134
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
5 weeks ago[TASK] Silence composer install progress in bamboo 26/59126/2
Christian Kuhn [Wed, 12 Dec 2018 19:43:07 +0000 (20:43 +0100)]
[TASK] Silence composer install progress in bamboo

Resolves: #87136
Releases: master, 8.7
Change-Id: Idbac64bf44b8f79ccd8a169f4abade462873e17d
Reviewed-on: https://review.typo3.org/59126
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
5 weeks ago[TASK] Set TYPO3 version to 8.7.22-dev 14/59114/2
Oliver Hader [Tue, 11 Dec 2018 12:41:13 +0000 (13:41 +0100)]
[TASK] Set TYPO3 version to 8.7.22-dev

Change-Id: Id49459f0df2d7dbb04e5cfa1fcae595de77cbecc
Reviewed-on: https://review.typo3.org/59114
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[RELEASE] Release of TYPO3 8.7.21 13/59113/2 8.7.21 TYPO3_8-7-21 v8.7.21
Oliver Hader [Tue, 11 Dec 2018 12:39:50 +0000 (13:39 +0100)]
[RELEASE] Release of TYPO3 8.7.21

Change-Id: I1ced38699bc6d545e871a36b76cc2aee0fd4ff7d
Reviewed-on: https://review.typo3.org/59113
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[BUGFIX] Adjust modal window processing 08/59108/4
Oliver Hader [Tue, 11 Dec 2018 11:47:39 +0000 (12:47 +0100)]
[BUGFIX] Adjust modal window processing

Resolves: #87123
Releases: master, 8.7, 7.6
Change-Id: Idceecb174682261b967ea284e12e1836bb7e7bea
Reviewed-on: https://review.typo3.org/59108
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[TASK] Skip IPv6 related dns resolution tests 81/59081/3
Markus Klein [Mon, 10 Dec 2018 19:04:08 +0000 (20:04 +0100)]
[TASK] Skip IPv6 related dns resolution tests

Skip those tests on systems which do not properly resolve ::1 to localhost.
Travis CI is one example.

Resolves: #87119
Releases: 8.7, 7.6
Change-Id: I8d96f8da1c19f3d9924dcc048466b5f88d8f18dd
Reviewed-on: https://review.typo3.org/59081
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Add feature toggle to disable record registration 98/59098/2
Benni Mack [Tue, 11 Dec 2018 09:56:43 +0000 (10:56 +0100)]
[SECURITY] Add feature toggle to disable record registration

The "recs" query parameter allows to write
arbitrary entries into a session, leading
to a possibility to create a reasonable amount
of frontend user sessions.

In order to prevent this situation, a new configuration
option $TYPO3_CONF_VARS[FE][enableRecordRegistration]
is added to disable the functionality completely.

The feature is disabled per default in order to apply
strong security defaults. Installations that rely on this
functionality have to manually enable the feauture and
its vulnerability by changing the according TYPO3_CONF_VARS
setting in the install tool.

A security report is added to display a warning
in the TYPO3 Backend.

Resolves: #80979
Releases: 8.7, 7.6
Security-Commit: 32762f9654fba3e8ddcf1f67d1c0fbf4967b5149
Security-Bulletin: TYPO3-CORE-SA-2018-012
Change-Id: I488bdf412361a0c56290deb842b16a3958501430
Reviewed-on: https://review.typo3.org/59098
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Avoid DoS in Online Media Helper 97/59097/2
Oliver Hader [Tue, 11 Dec 2018 09:56:37 +0000 (10:56 +0100)]
[SECURITY] Avoid DoS in Online Media Helper

Using large media files (*.youtube, *.vimeo in the TYPO3 core)
might lead to denial of service scenarios. In order to avoid
that, media files are limited to have a content size of 2048
bytes as a maximum. Usually these files contain just the remote
identifier - thus, ~20 bytes should have been sufficient already.

Resolves: #85381
Releases: master, 8.7, 7.6
Security-Commit: 38eec2deace776ed34d30b8e1e5e95fffec5db8a
Security-Bulletin: TYPO3-CORE-SA-2018-011
Change-Id: I0af4f27e2de6db43c2801f1f3143c9cdb6e21867
Reviewed-on: https://review.typo3.org/59097
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Remove TYPO3 version from installer 96/59096/2
Benni Mack [Tue, 11 Dec 2018 09:56:30 +0000 (10:56 +0100)]
[SECURITY] Remove TYPO3 version from installer

When installing TYPO3, the current version
is shown without any kind of authentication
provided (no FIRST_INSTALL). This information
disclosure is solved.

Resolves: #86254
Releases: master, 8.7, 7.6
Security-Commit: c7f8829609ac20081500ea486eb74a11428313dd
Security-Bulletin: TYPO3-CORE-SA-2018-010
Change-Id: I7358f181e5b93c596aa460040dee53a1485f3759
Reviewed-on: https://review.typo3.org/59096
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Make InstallTool session cookie HTTP-only 95/59095/2
Oliver Hader [Tue, 11 Dec 2018 09:56:24 +0000 (10:56 +0100)]
[SECURITY] Make InstallTool session cookie HTTP-only

Resolves: #86955
Releases: master, 8.7, 7.6, 6.2
Security-Commit: c7326315b4c80d8563419be040c8a2435ed925ea
Security-Bulletin: TYPO3-CORE-SA-2018-009
Change-Id: I669fdd0de055554511c39de6c0f3f1efd19874b9
Reviewed-on: https://review.typo3.org/59095
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Prevent XSS with fe_users data in felogin/TSFE 94/59094/2
Benni Mack [Tue, 11 Dec 2018 09:56:17 +0000 (10:56 +0100)]
[SECURITY] Prevent XSS with fe_users data in felogin/TSFE

Two occurrences allow to render data of the currently logged in
frontend user that is not sanitized and thus allow XSS attacks
by frontend users.

1. EXT:fe_login adds ###FEUSER_{fieldname}### for each
field that exists in the fe_users DB table, which CAN be processed
by TypoScript but is insecure by default.

2. config.USERNAME_substToken = <!--###USERNAME###-->
sets the username dynamically, which is then insecure.

Adding htmlspecialchars as a default configuration
solves this problem.

Resolves: #87053
Releases: master, 8.7, 7.6
Security-Commit: 3ef6a5c97381742eb6699923e9ed44224ab1e72e
Security-Bulletin: TYPO3-CORE-SA-2018-008
Change-Id: Ic0a48a36d1e5b394b6e829c5e209bdd2321b654e
Reviewed-on: https://review.typo3.org/59094
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Prevent XSS in modal component 93/59093/2
Frank Naegler [Tue, 11 Dec 2018 09:56:10 +0000 (10:56 +0100)]
[SECURITY] Prevent XSS in modal component

Resolves: #84190
Releases: master, 8.7, 7.6
Security-Commit: e991d9ac10b78f360bff386d9a822f0caa7c781d
Security-Bulletin: TYPO3-CORE-SA-2018-007
Change-Id: I41f0d6bdb5e06b6f08b19feaf59ea47e3a197549
Reviewed-on: https://review.typo3.org/59093
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Properly escape videoId for YouTube/Vimeo 92/59092/2
Susanne Moog [Tue, 11 Dec 2018 09:56:04 +0000 (10:56 +0100)]
[SECURITY] Properly escape videoId for YouTube/Vimeo

Resolves: #83184
Releases: master, 8.7, 7.6
Security-Commit: 20b6cff301205505b620bffb5be4807636b014e7
Security-Bulletin: TYPO3-CORE-SA-2018-006
Change-Id: Ifb6b7588c7a06ca29a7c2a6382f95bbfb52f392e
Reviewed-on: https://review.typo3.org/59092
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
5 weeks ago[SECURITY] Update library CKEditor to 4.11.1 91/59091/2
Benni Mack [Tue, 11 Dec 2018 09:55:49 +0000 (10:55 +0100)]
[SECURITY] Update library CKEditor to 4.11.1

CKEditor 4.11 was released including a XSS fix where
an attacker could add invalid HTML markup by switching
to the Source mode of CKEditor and back.

Latest CKEditor version 4.11.1 is used automatically per
default. In TYPO3 v8 it is possible to select previous and
insecure version 4.7.1 due to backaward compatibility reasons.
This can be configured in Extension Manager for cke_editor.

Used commands:
  cp -r typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Contrib/ \
        typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Contrib-47
  cd Build/
  yarn add ckeditor#4.11.1 --dev
  grunt build

Resolves: #84800
Releases: master, 8.7
Security-Commit: 1c44c5ef1753b03ebff2a83b5bf1bc43cf187dff
Security-Bulletin: TYPO3-CORE-SA-2018-005
Change-Id: I1abe5639f82e42b9c12453d1b301e5c4ca1f2aa7
Reviewed-on: https://review.typo3.org/59091
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
6 weeks ago[BUGFIX] Backport essential features into TypoLinkViewHelper classes 33/58933/3
Andreas Fernandez [Thu, 22 Nov 2018 14:48:18 +0000 (15:48 +0100)]
[BUGFIX] Backport essential features into TypoLinkViewHelper classes

This patch backports essential support for `forceAbsoluteUrl` and
`addQueryString` to the TypoLinkViewHelper classes.

Resolves: #86977
Related: #84120
Related: #81358
Releases: 8.7
Change-Id: Iab4d1c49a2be46108d6e7578ba418eb89d24b532
Reviewed-on: https://review.typo3.org/58933
Tested-by: TYPO3com <no-reply@typo3.com>
Tested-by: Jonas Eberle <flightvision@googlemail.com>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
6 weeks ago[TASK] bamboo 8.7 nightly supports paches on-top 67/59067/2
Christian Kuhn [Sat, 8 Dec 2018 17:52:22 +0000 (18:52 +0100)]
[TASK] bamboo 8.7 nightly supports paches on-top

Change-Id: I1830314fa79a218429f6210d7bc12a17a51daa8a
Resolves: #87110
Releases: 8.7
Reviewed-on: https://review.typo3.org/59067
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
6 weeks ago[TASK] Simplify bamboo variable to label handling 64/59064/3
Christian Kuhn [Sat, 8 Dec 2018 13:52:56 +0000 (14:52 +0100)]
[TASK] Simplify bamboo variable to label handling

Intercept has been adapted, the variable to label handing
can be simplified a bit.

Resolves: #87109
Releases: master, 8.7, 7.6
Change-Id: I27255ef9f5eb515c89f5d89e7061fc473e2abec1
Reviewed-on: https://review.typo3.org/59064
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
6 weeks ago[BUGFIX] Simplify test setup to avoid double exception codes 61/59061/5
Anja Leichsenring [Sat, 8 Dec 2018 10:50:46 +0000 (11:50 +0100)]
[BUGFIX] Simplify test setup to avoid double exception codes

The setup just needs to make sure the exception is expected.
More details are not required.

Change-Id: Id9c27078ddeb2817f3d34c4134c0eca4aa20589a
Resolves: #87108
Relates: #87103
Releases: 8.7
Reviewed-on: https://review.typo3.org/59061
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Joerg Kummer <typo3@enobe.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Joerg Kummer <typo3@enobe.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
6 weeks ago[BUGFIX] Prevent double pointer parameter in record list 54/59054/2
Vladimir Falcon Piva [Mon, 26 Nov 2018 14:59:06 +0000 (15:59 +0100)]
[BUGFIX] Prevent double pointer parameter in record list

This fix makes sure that the pointer parameter is added just once into
the record list pagination urls

Resolves: #87007
Releases: master, 8.7
Change-Id: I6db00dd0af0d09277aa9a005e561330acb386809
Reviewed-on: https://review.typo3.org/59054
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
6 weeks ago[BUGFIX] Set FE/loginSecurityLevel to normal for no ext:rsaauth loaded 58/59058/6
Florian Peters [Fri, 7 Dec 2018 19:44:04 +0000 (20:44 +0100)]
[BUGFIX] Set FE/loginSecurityLevel to normal for no ext:rsaauth loaded

Provide a silent upgrader the same way as for BE/loginSecurityLevel
to avoid FE login to fail after upgrade.

Resolves: #87103
Releases: 8.7
Related: #86417
Change-Id: Ie2cc2bfe9b542534de6d04259c1e5fc8bcd84fab
Reviewed-on: https://review.typo3.org/59058
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
6 weeks ago[BUGFIX] Mark changes in `selectMultipleSideBySide` 57/59057/2
Andreas Fernandez [Fri, 7 Dec 2018 18:50:39 +0000 (19:50 +0100)]
[BUGFIX] Mark changes in `selectMultipleSideBySide`

A `selectMultipleSideBySide` field is now marked as "changed" when either
the order of items has changed or when an item has been removed.

Resolves: #87082
Releases: master, 8.7
Change-Id: I9f50576270db667751c14e3513d1a7cd31c1135e
Reviewed-on: https://review.typo3.org/59057
Reviewed-by: Richard Haeser <richard@maxserv.com>
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Tested-by: Richard Haeser <richard@maxserv.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
6 weeks ago[BUGFIX] Send payload of image cropping wizard via POST 86/58786/3
Andreas Fernandez [Mon, 29 Oct 2018 22:17:55 +0000 (23:17 +0100)]
[BUGFIX] Send payload of image cropping wizard via POST

The image cropper wizard configuration can become very large, which
might break the wizard as the configuration is sent via query parameters
and "Request-URI Too Long" might kick in.

The payload is now sent via POST to bypass this issue. As our Modal API
is currently not capable of sending AJAX requests via POST, the logic
regarding the icon spinner is duplicated for the time being.

Resolves: #82225
Releases: master, 8.7
Change-Id: I7106b62fcc09101bc5147277225d1b8e89133d5c
Reviewed-on: https://review.typo3.org/58786
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Jörg Bösche <typo3@joergboesche.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
6 weeks ago[BUGFIX] Add missing translation value for Modals 53/59053/3
Anja Leichsenring [Fri, 7 Dec 2018 14:24:57 +0000 (15:24 +0100)]
[BUGFIX] Add missing translation value for Modals

Changes syntax for translation key and add default language value.

Resolves: #87001
Releases: master, 8.7
Change-Id: I5a634aff013f6d4af68f25b8288ed04bc340e823
Reviewed-on: https://review.typo3.org/59053
Reviewed-by: Richard Haeser <richard@maxserv.com>
Tested-by: Richard Haeser <richard@maxserv.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Joerg Kummer <typo3@enobe.de>
Tested-by: Joerg Kummer <typo3@enobe.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
6 weeks ago[BUGFIX] Fix return type annotation in ResourceStorage::sanitizeFileName() 50/59050/2
Andreas Fernandez [Fri, 7 Dec 2018 10:53:08 +0000 (11:53 +0100)]
[BUGFIX] Fix return type annotation in ResourceStorage::sanitizeFileName()

Resolves: #87096
Releases: master, 8.7
Change-Id: I0a46420cb910d19223a8bb133d9e7457fbd29ee2
Reviewed-on: https://review.typo3.org/59050
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
6 weeks ago[BUGFIX] Upgrade linkhandler syntax to new link syntax 46/59046/2
Johannes Kasberger [Tue, 27 Nov 2018 16:24:56 +0000 (17:24 +0100)]
[BUGFIX] Upgrade linkhandler syntax to new link syntax

The \TYPO3\CMS\Core\LinkHandling\RecordLinkHandler::asString method
expects the parameters to hold the identifier and uid as top-level
array elements.
The legacy syntax converter now ensures that this nesting is correct.

Besides that we now also upgrade the very old linkhandler syntax
with no identifier.

Therefore we accept
 - record:<identifier>:<table>:<uid>
 - record:<table>:<uid>

Resolves: #80806
Releases: master, 8.7
Change-Id: I01c3d525de43a56d610dc882ef406de631a8762e
Reviewed-on: https://review.typo3.org/59046
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
6 weeks ago[BUGFIX] Get only valid template records in backend -> Template -> PID 0 72/58472/5
Ioulia Kondratovitch [Sat, 29 Sep 2018 18:41:01 +0000 (20:41 +0200)]
[BUGFIX] Get only valid template records in backend -> Template -> PID 0

Get only template records, where corresponding parent page really exists
in the database.

Resolves: #86453
Releases: 8.7
Change-Id: Ie9d403fd3979ae76d1192ccd39408310d8938e8d
Reviewed-on: https://review.typo3.org/58472
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Joerg Kummer <typo3@enobe.de>
Tested-by: Joerg Kummer <typo3@enobe.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
6 weeks ago[BUGFIX] Remove expired cache_treelist entries during runtime 31/59031/2
Alexander Schnitzler [Mon, 26 Nov 2018 09:58:48 +0000 (10:58 +0100)]
[BUGFIX] Remove expired cache_treelist entries during runtime

When \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::getTreeList
checked for an existing cache_treelist entry, the given md5hash and the
expiry timestamp had been compared. As caches do not expire at all by
default, there a very few cases when an entry is actually expired.

However, if a cache entry has been expired, the cache entry hasn't been
removed and therefore the creation of a new cache entry with the same
md5hash identifier resulted in a duplicate entry exception.

To solve this, the affected, expired entry will be removed during runtime.

Releases: master, 8.7
Resolves: #86028
Resolves: #86491
Change-Id: If1a907607db29f7edd0fa77a8bb47a69bdfc0df9
Reviewed-on: https://review.typo3.org/59031
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
6 weeks ago[BUGFIX] Add getter for tsfe->pageCacheTags 28/59028/2
Benni Mack [Tue, 4 Dec 2018 16:03:08 +0000 (17:03 +0100)]
[BUGFIX] Add getter for tsfe->pageCacheTags

Resolves: #87066
Releases: master, 8.7
Change-Id: I9ed1d82d03f3518018699402d5b3a93930e49457
Reviewed-on: https://review.typo3.org/59028
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
6 weeks ago[TASK] Log a warning if fluid-based preview template couldn't be rendered 66/58966/3
Josef Glatz [Wed, 28 Nov 2018 04:41:50 +0000 (05:41 +0100)]
[TASK] Log a warning if fluid-based preview template couldn't be rendered

A warning is logged if the fluid-based preview template for a
content element could not be rendered.

The logged warning includes
- the UID of the content element
- the resulting path to the template file
- and the exception message

Resolves: #87015
Releases: master, 8.7
Change-Id: I2cd100a5140a07845145b16259b7cbe3e5eed852
Reviewed-on: https://review.typo3.org/58966
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
7 weeks ago[BUGFIX] Rename invalid file name of RST 07/59007/2
Benni Mack [Sat, 1 Dec 2018 21:39:36 +0000 (22:39 +0100)]
[BUGFIX] Rename invalid file name of RST

Due to a bug within Gerrit's editing interface, a file got renamed with a "\t"
filename at the end.

Resolves: #87054
Related: #65636
Releases: 8.7
Change-Id: Id9440309ef48000465e927fabe49a3d4a851e7ee
Reviewed-on: https://review.typo3.org/59007
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
7 weeks ago[BUGFIX] Make meta data editable for non-writable storages 78/58978/3
Nicole Cordes [Tue, 25 Aug 2015 16:29:28 +0000 (18:29 +0200)]
[BUGFIX] Make meta data editable for non-writable storages

Decouple check for writable files/storage from permission
to edit meta data. Permission to edit meta data is now
only denied when users have only access to the file
via a readonly file mount.

Resolves: #65636
Resolves: #66507
Releases: master, 8.7
Change-Id: I25a0fbc9cf761898dbdb95dec1d3d39bb2f4b7fd
Reviewed-on: https://review.typo3.org/58978
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
7 weeks ago[TASK] Update bamboo to gerrit notification url 71/58971/3
Christian Kuhn [Wed, 28 Nov 2018 15:21:23 +0000 (16:21 +0100)]
[TASK] Update bamboo to gerrit notification url

Resolves: #87026
Releases: master, 8.7, 7.6
Change-Id: Idfbf4bbf0bab8a6e4bedc37e92903ed2c85af494
Reviewed-on: https://review.typo3.org/58971
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
7 weeks ago[BUGFIX] Allow `<s>` tag in RTE processing in CSS styled content too 69/58969/2
Jigal van Hemert [Wed, 28 Nov 2018 10:37:39 +0000 (11:37 +0100)]
[BUGFIX] Allow `<s>` tag in RTE processing in CSS styled content too

Resolves: #87024
Relates: #87012
Releases: 8.7
Change-Id: Idcfbea18615ce89b47152ecee1220df42a39751e
Reviewed-on: https://review.typo3.org/58969
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Joerg Kummer <typo3@enobe.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Riccardo De Contardi <erredeco@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
7 weeks ago[BUGFIX] Allow `<s>` tag in RTE processing 58/58958/3
Andreas Fernandez [Tue, 27 Nov 2018 09:40:32 +0000 (10:40 +0100)]
[BUGFIX] Allow `<s>` tag in RTE processing

`lib.parseFunc` is now capable of handling the `<s>` tag by adding it to
`allowTags`. The list already contains `<strike>`, but this is a
non-valid tag in HTML5. For compatibility reasons, both tags exist now.

Resolves: #87012
Releases: master, 8.7
Change-Id: I113b7721c9483735dff0875f8c7bffb276f09e5b
Reviewed-on: https://review.typo3.org/58958
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
7 weeks ago[BUGFIX] Drop GROUP BY clause in Info > PageTS Config 65/58965/3
Andreas Fernandez [Tue, 27 Nov 2018 15:18:22 +0000 (16:18 +0100)]
[BUGFIX] Drop GROUP BY clause in Info > PageTS Config

The GROUP BY clause used in InfoPageTypoScriptConfigController's
`getOverviewOfPagesUsingTSConfig()` is dropped, as grouping by
a unique value doesn't make any sense.

Resolves: #87019
Related: #76484
Releases: master, 8.7
Change-Id: I0054064fb6f0bba9b65737bf323db364377bb4e6
Reviewed-on: https://review.typo3.org/58965
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
8 weeks ago[BUGFIX] Enlarge scheduler object DB field 55/58955/2
Benni Mack [Mon, 26 Nov 2018 14:51:45 +0000 (15:51 +0100)]
[BUGFIX] Enlarge scheduler object DB field

The serialized PHP object is stored within the database field
"serialized_task_object". When serializing this could lead to several
issues.

One particular issue is that the object has lots of data or dependencies,
it cannot be stored at all in this database field.

Although we know that this implementation detail of scheduler is a rather
bad idea, we can only fix this by enlarging the field from "blob" to
"mediumblob" for now.

Resolves: #87006
Releases: master, 8.7
Change-Id: I2b335f258fe18b494033bde28eff76f2e67d34bb
Reviewed-on: https://review.typo3.org/58955
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
2 months ago[BUGFIX] Fix outdated link in docs 18/58918/2
Philipp Kitzberger [Tue, 20 Nov 2018 09:37:35 +0000 (10:37 +0100)]
[BUGFIX] Fix outdated link in docs

That linked resource is just not available under that URL anymore.

Releases: master, 8.7
Resolves: #86951
Change-Id: I22ca04e00d7ce74f5d3a7f072c27d20bbfd193a2
Reviewed-on: https://review.typo3.org/58918
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
2 months ago[BUGFIX] Strip tags only from strings in ArrayUtility::stripTagsFromValuesRecursive 14/58914/2
Wolfgang Klinger [Thu, 15 Nov 2018 16:45:15 +0000 (17:45 +0100)]
[BUGFIX] Strip tags only from strings in ArrayUtility::stripTagsFromValuesRecursive

Prevent an implicit type cast to string through strip_tags.
Ignore any scalar values other than string,
but preserve the possibility of an object's __toString conversion.

Resolves: #86938
Releases: master, 8.7
Change-Id: I27cb7834dc9e838f60f0d1bda94ab2c4e4011043
Reviewed-on: https://review.typo3.org/58914
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
2 months ago[TASK] Check number of file extensions 13/58913/2
Benni Mack [Mon, 19 Nov 2018 08:36:48 +0000 (09:36 +0100)]
[TASK] Check number of file extensions

Show the add media and text form only if at least
one file extension exists.

Resolves: #86925
Releases: master, 8.7
Change-Id: I37c23800f1ddda78b7f248c0de9e970a73976c4a
Reviewed-on: https://review.typo3.org/58913
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[TASK] Add searchFields in TCA for sys_news, sys_action and sys_note 12/58912/2
Wolfgang Klinger [Fri, 16 Nov 2018 17:06:02 +0000 (18:06 +0100)]
[TASK] Add searchFields in TCA for sys_news, sys_action and sys_note

Resolves: #86932
Releases: master, 8.7
Change-Id: Ic699b0af99fb73bfdb91e3dbbb3e6f3e41335b5b
Reviewed-on: https://review.typo3.org/58912
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Cast file resource pointer in UploadFileReferenceConverter 11/58911/2
Georg Ringer [Wed, 7 Nov 2018 21:39:40 +0000 (22:39 +0100)]
[BUGFIX] Cast file resource pointer in UploadFileReferenceConverter

The return value of the hmac check is a string and must be casted to
an integer as the method using the value requires an integer.

Resolves: #86878
Releases: master, 8.7
Change-Id: Ic6db911c213eb668141ba0c849ff8a627a6f94dc
Reviewed-on: https://review.typo3.org/58911
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Select proper records in DBAL workspace restrictions 02/58902/2
Benni Mack [Thu, 15 Nov 2018 10:28:11 +0000 (11:28 +0100)]
[BUGFIX] Select proper records in DBAL workspace restrictions

A new WorkspaceRestriction is added to solve all issues
once and for all.

For now, this restriction is only added in v8.7 but not in use yet.

Resolves: #84985
Releases: master, 8.7
Change-Id: I22d5f276460107802bef3d390e6781434f1c28d3
Reviewed-on: https://review.typo3.org/58902
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Check Tsconfig in page module for value of content element 92/58892/2
Georg Ringer [Tue, 13 Nov 2018 12:46:53 +0000 (13:46 +0100)]
[BUGFIX] Check Tsconfig in page module for value of content element

In case a content element is added with TsConfig its label can't be
loaded from TCA but the TsConfig must be checked.

Resolves: #86909
Releases: master, 8.7
Change-Id: I2de2b73dcd4799a45aece330f377e86bd2bf596f
Reviewed-on: https://review.typo3.org/58892
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Show frontend user image migration wizard again 95/58895/2
Markus Klein [Wed, 14 Nov 2018 12:21:24 +0000 (13:21 +0100)]
[BUGFIX] Show frontend user image migration wizard again

Resolves: #82068
Releases: 8.7
Change-Id: Id972e5531cf9e85fd7a1ecf8bd69a9912a384084
Reviewed-on: https://review.typo3.org/58895
Reviewed-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Tested-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[TASK] Remove leftovers of "options.uploadFieldsInTopOfEB" 76/58876/2
Georg Ringer [Thu, 8 Nov 2018 20:08:37 +0000 (21:08 +0100)]
[TASK] Remove leftovers of "options.uploadFieldsInTopOfEB"

With #80463 - before v8 LTS - the setting
"options.uploadFieldsInTopOfEB" has been removed from the templates,
no need to check the value inside the PHP code anymore.

Resolves: #86885
Related: #86848
Releases: master, 8.7
Change-Id: I40c333aeba2987a57fe26353f00ac55a74da7878
Reviewed-on: https://review.typo3.org/58876
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 months ago[BUGFIX] Ignore provided pages for sitemap menu 75/58875/2
Georg Ringer [Tue, 6 Nov 2018 07:15:02 +0000 (08:15 +0100)]
[BUGFIX] Ignore provided pages for sitemap menu

The sitemap menu doesn't show the pages field and therefore
it must not be used in the MenuProcessor configuration as well.

Resolves: #85693
Releases: master, 8.7

Change-Id: I286054cc58982fa0db4fed0af82d7c065b1700a4
Reviewed-on: https://review.typo3.org/58852
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Josef Glatz <josef.glatz@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-on: https://review.typo3.org/58875
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
2 months ago[BUGFIX] Hide internal prefix "cat:" in tags of upgrade docs 63/58863/2
Georg Ringer [Mon, 5 Nov 2018 19:28:52 +0000 (20:28 +0100)]
[BUGFIX] Hide internal prefix "cat:" in tags of upgrade docs

The prefix "cat:" is used internally and it doesn't make sense to
show it to a regular user. Neither does it provide more output nor is
"cat" a regular word.

Resolves: #86858
Releases: master, 8.7
Change-Id: I8c48819814767c1ef4367c49da9ab3685081dceb
Reviewed-on: https://review.typo3.org/58863
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 months ago[BUGFIX] Fix isMissing called on Null error 50/58850/2
Bernhard Sirlinger [Mon, 5 Nov 2018 21:12:40 +0000 (22:12 +0100)]
[BUGFIX] Fix isMissing called on Null error

Add a Null check in FileLinktype->checkLink
function

Resolves: #86857
Releases: master,8.7
Change-Id: I2cc270dd7b8392fa8fd240c6efca3894f0ce3273
Reviewed-on: https://review.typo3.org/58850
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 months ago[TASK] Changed label for page_tree_stop 31/58831/2
Steffen Dietrich [Fri, 2 Nov 2018 16:51:54 +0000 (17:51 +0100)]
[TASK] Changed label for page_tree_stop

Clearified the message of the label of the field.
Added tooltip for a better explanation.

Resolves: #84580
Releases: master, 8.7
Change-Id: I13488115161a949193b2c5765b29407437f6b1ea
Reviewed-on: https://review.typo3.org/58831
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 months ago[BUGFIX] Keep existing validation errors for recursive domain relations 33/58833/3
Markus Klösges [Mon, 16 Apr 2018 08:43:24 +0000 (10:43 +0200)]
[BUGFIX] Keep existing validation errors for recursive domain relations

Do not overwrite already generated validation errors when a property
validator leads to a recursive validate() call to the currently
validated GenericObjectValidator.

Resolves: #84475
Releases: master, 8.7
Change-Id: Ifbdb28ddcf6a8e7f1517801ebcd6634149b2bd5d
Reviewed-on: https://review.typo3.org/58833
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 months ago[BUGFIX] Fix translated file relation with sql_mode=ONLY_FULL_GROUP_BY 26/58826/2
Mathias Brodala [Wed, 31 Oct 2018 16:34:11 +0000 (17:34 +0100)]
[BUGFIX] Fix translated file relation with sql_mode=ONLY_FULL_GROUP_BY

The SQL mode ONLY_FULL_GROUP_BY enforces all fields used in "GROUP BY"
to be present in "SELECT".

See https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sqlmode_only_full_group_by

Resolves: #85159
Releases: master, 8.7
Change-Id: Iff7895dd9703557ca0b91613516bdb3391b4d4f6
Reviewed-on: https://review.typo3.org/58826
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
2 months ago[BUGFIX] Provide effectivePid for flexforms segment 23/58823/2
Patrick Lenk [Tue, 30 Oct 2018 11:20:36 +0000 (12:20 +0100)]
[BUGFIX] Provide effectivePid for flexforms segment

Custom ckeditor config is now loaded in flexforms.

Resolves: #83809
Related: #81748
Releases: master, 8.7
Change-Id: I9c0fe85d81f3e34209cd52afee18594e49020f54
Reviewed-on: https://review.typo3.org/58823
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
2 months ago[BUGFIX] Adding 3 to "TYPO" 12/58812/2
Mathias Brodala [Wed, 31 Oct 2018 15:41:11 +0000 (16:41 +0100)]
[BUGFIX] Adding 3 to "TYPO"

On other "TYPO3" references the "3" is present but not on this occurence.
Add the "3" to "TYPO" in order to have "TYPO3".

Releases: master, 8.7
Resolves: #86816
Change-Id: I21cfe6b10ca1757645c407014b3acbc41b7d7570
Reviewed-on: https://review.typo3.org/58812
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
2 months ago[TASK] Add PHP 7.3 to bamboo core v8 testing 08/58808/2
Christian Kuhn [Wed, 31 Oct 2018 10:09:57 +0000 (11:09 +0100)]
[TASK] Add PHP 7.3 to bamboo core v8 testing

Change-Id: I84575fb973027c184ac2f9a65d227adc38d57d07
Resolves: #86812
Releases: 8.7
Reviewed-on: https://review.typo3.org/58808
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
2 months ago[BUGFIX] Execute scheduler tasks ordered by next execution time 06/58806/2
Sascha Egerer [Tue, 30 Oct 2018 09:52:04 +0000 (10:52 +0100)]
[BUGFIX] Execute scheduler tasks ordered by next execution time

When executing scheduler tasks the next execution time of the task
should be used to define the execution order.

Resolves: #86795
Releases: master, 8.7
Change-Id: Id678c74a60491aa3c8be8a33534b71ac37245217
Reviewed-on: https://review.typo3.org/58806
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Make the "Stop preview" link clickable when previewing a page (workspaces) 16/58316/4
Guillaume Germain [Tue, 18 Sep 2018 14:28:30 +0000 (16:28 +0200)]
[BUGFIX] Make the "Stop preview" link clickable when previewing a page (workspaces)

Resolves: #86298
Releases: 8.7
Change-Id: I95bde368cff46e0fd02251ad673aefdd6b5f2e6d
Reviewed-on: https://review.typo3.org/58316
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
2 months ago[TASK] Run functional tests without xdebug on bamboo 02/58802/2
Christian Kuhn [Tue, 30 Oct 2018 14:41:54 +0000 (15:41 +0100)]
[TASK] Run functional tests without xdebug on bamboo

With the increased number of functional tests in v9 we
should squeeze out as much performance as possible from
the tests so waiting for bamboo is not so annoying. Not
loading xdebug gives us roughly 10-30% for functionals.

Resolves: #86801
Releases: master, 8.7
Change-Id: Ic7b9dd4dd0c71799ecb7207fc0e7170f98729545
Reviewed-on: https://review.typo3.org/58802
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Show correct namespace in example block of CommaSeparatedValueProcessor 00/58800/3
Joerg Boesche [Tue, 30 Oct 2018 13:27:29 +0000 (14:27 +0100)]
[BUGFIX] Show correct namespace in example block of CommaSeparatedValueProcessor

Resolves: #86800
Releases: master, 8.7
Change-Id: I243589ee7e619f26e99e27d34c626e848a1ee80a
Reviewed-on: https://review.typo3.org/58800
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
2 months ago[BUGFIX] Update karma 98/58798/3
Andreas Fernandez [Tue, 30 Oct 2018 11:49:07 +0000 (12:49 +0100)]
[BUGFIX] Update karma

karma is used for JavaScript based unit tests. The currently installed
version is aged and doesn't compile on newer systems anymore, thus the
package is updated to a recent version.

Used command:
yarn add karma@^3.1.0 --dev

Resolves: #86798
Releases: master, 8.7
Change-Id: I1cea78cf3759227a2cd09b8560f37121ae580202
Reviewed-on: https://review.typo3.org/58798
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 months ago[TASK] Test fully built css in bamboo 91/58791/2
Christian Kuhn [Tue, 30 Oct 2018 08:28:11 +0000 (09:28 +0100)]
[TASK] Test fully built css in bamboo

Extend the "Lint scss ts" bamboo job to also build css
next to js and only after that verify with git status
no file changed. This should prevent outdated css as
recently fixed with #86789.
Additionally switch from npm to direct grunt calls,
to be in sync with runTests.sh and to allow kicking
npm from the docker images entirely.

Change-Id: I5134d43c5f5d524005242eee59aa743b6e49219a
Resolves: #86794
Related: #86789
Releases: master, 8.7
Reviewed-on: https://review.typo3.org/58791
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 months ago[TASK] Set TYPO3 version to 8.7.21-dev 93/58793/2
Oliver Hader [Tue, 30 Oct 2018 10:41:02 +0000 (11:41 +0100)]
[TASK] Set TYPO3 version to 8.7.21-dev

Change-Id: I133eea5842cb0fc03d7f0b8b3bbbf6180e971d64
Reviewed-on: https://review.typo3.org/58793
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 months ago[RELEASE] Release of TYPO3 8.7.20 92/58792/2 8.7.20 TYPO3_8-7-20 v8.7.20
Oliver Hader [Tue, 30 Oct 2018 10:39:35 +0000 (11:39 +0100)]
[RELEASE] Release of TYPO3 8.7.20

Change-Id: I0ac38a40730cc8fa5766a79a09ff3e6b739054ee
Reviewed-on: https://review.typo3.org/58792
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 months ago[BUGFIX] Re-build backend.css 89/58789/3
Christian Kuhn [Tue, 30 Oct 2018 09:37:20 +0000 (10:37 +0100)]
[BUGFIX] Re-build backend.css

v8 is affected by outdated css similar to master.
`# t3-form-structure-panel` vs `#t3-form-structure-panel`
caused by https://review.typo3.org/#/c/55797/

Change-Id: Ied9227d60637e59b57102be240a4d21bf022a74b
Resolves: #86789
Releases: 8.7
Reviewed-on: https://review.typo3.org/58789
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 months ago[TASK] Use typo3/phar-stream-wrapper package 77/58777/3
Oliver Hader [Sun, 26 Aug 2018 20:38:59 +0000 (22:38 +0200)]
[TASK] Use typo3/phar-stream-wrapper package

PharStreamWrapper has been released as standalone package under
the MIT license: https://github.com/TYPO3/phar-stream-wrapper

Stream invocation is handled by the new composer package, previous
classes PharStreamWrapper and PharStreamWrapperException have been
removed from the TYPO3 core but are still kept in class alias maps
for compatibility reasons. Since the standalone package is now
independent from TYPO3 constraints, the TYPO3 specific logic to
intercept Phar invocations has been moved to the new class
PharStreamWrapperInterceptor.

`composer require typo3/phar-stream-wrapper:^3.0.1`

Related: #85984
Resolves: #86666
Releases: 8.7, 7.6
Change-Id: I724c4238d1a8184a8c7c908f16d71c06f87244d8
Reviewed-on: https://review.typo3.org/58777
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
2 months ago[BUGFIX] Render correct paging label 80/58780/2
Andreas Fernandez [Mon, 29 Oct 2018 15:29:16 +0000 (16:29 +0100)]
[BUGFIX] Render correct paging label

In case of paging in any record list, the page browser is rendered in top
and on bottom of ther record list.

The upper browser now renders the paging correctly by calculating the
offset of items of the previous page instead of hard-coding a "1".

Resolves: #86787
Releases: master, 8.7
Change-Id: Ib7c8856f248107ea9d17aeabe83a564189f69abf
Reviewed-on: https://review.typo3.org/58780
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Pass record info when determining defaultUploadFolder in FileBrowser 75/58775/5
Frans Saris [Fri, 31 Aug 2018 08:21:13 +0000 (10:21 +0200)]
[BUGFIX] Pass record info when determining defaultUploadFolder in FileBrowser

The fileBrowser now passes the related pid, table and field to
getDefaultUploadFolder().

Resolves: #86053
Releases: master, 8.7
Change-Id: I954753ee84b4107b37ba45cbd08917f4c4be17d9
Reviewed-on: https://review.typo3.org/58775
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Add url for linkToTop in css_styled_content 75/57775/3
Joerg Kummer [Thu, 2 Aug 2018 11:17:38 +0000 (13:17 +0200)]
[BUGFIX] Add url for linkToTop in css_styled_content

This adds current URL to the ToTop link when css_styled_content is used.
Fixes broken linkToTop URL's since config.prefixLocalAnchors was removed.
Also compatible with TYPO3 v7 where compatibility6 is installed
and typoscript config.prefixLocalAnchors is configured.

Resolves: #81202
Releases: 8.7, 7.6
Change-Id: Id7b9f1c24575de297d2ca60af686fd6d299343e2
Reviewed-on: https://review.typo3.org/57775
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Richard Vollebregt <richard.vollebregt@maxserv.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Allow unicode characters in verifyFileNameAgainstDenyPattern 72/58772/2
Pascal Rinker [Mon, 25 Jun 2018 14:43:32 +0000 (16:43 +0200)]
[BUGFIX] Allow unicode characters in verifyFileNameAgainstDenyPattern

Using (valid) unicode characters in
GeneralUtility::verifyFilenameAgainstDenyPattern was not possible due
to a missing unicode modifier when evaluating regular expressions.
The unicode modifier has been added.
Since unicode errors in regular expressions will lead to `false`
results, it is important to perform type-safe checks against `0`.

Resolves: #67061
Releases: master, 8.7
Change-Id: If3eea7129c92b296b85b93a1f1c81a446a2f5f90
Reviewed-on: https://review.typo3.org/58772
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Pass FlexForm context to USER display condition 70/58770/2
Nicole Cordes [Thu, 27 Sep 2018 14:23:21 +0000 (16:23 +0200)]
[BUGFIX] Pass FlexForm context to USER display condition

If using a user display condition within a FlexForm field,
the passed information is insufficient and information about the
parsed FlexForm is missing.

Resolves: #86403
Releases: master, 8.7
Change-Id: I9917b3f98f7d7eb4fa3370e1cd2e9a9cd0eef627
Reviewed-on: https://review.typo3.org/58770
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Registration of multiple additional view models 68/58768/2
Ralf Zimmermann [Fri, 31 Aug 2018 17:17:22 +0000 (19:17 +0200)]
[BUGFIX] Registration of multiple additional view models

The form setup properties within "additionalViewModelModules" must be
written as numerical associative arrays to make it possible that
multiple extensions can extend the form editor with javascript modules.

Resolves: #85710
Releases: master, 8.7
Change-Id: Iaddf1bfd6f4df8d0c01e0c18be9cef458d8d2caf
Reviewed-on: https://review.typo3.org/58768
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] Correctly resolve parameter for USER display condition 67/58767/2
Nicole Cordes [Thu, 27 Sep 2018 13:56:11 +0000 (15:56 +0200)]
[BUGFIX] Correctly resolve parameter for USER display condition

According to the documentation there is no limit of the used
additional parameters. However during parameter processing, there
is a limit of 4 parameters applied. This limit needs to be unset
when dealing with a USER display condition.

Resolves: #85274
Releases: master, 8.7
Change-Id: Ieff6d089cbb5540ab1d3b389eb0511ef993b900d
Reviewed-on: https://review.typo3.org/58767
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[BUGFIX] BE checkFullLanguagesAccess check all translated records 65/58765/2
Benni Mack [Sun, 28 Oct 2018 14:12:11 +0000 (15:12 +0100)]
[BUGFIX] BE checkFullLanguagesAccess check all translated records

All translated records are checked for language access in the method
checkFullLanguagesAccess of BackendUserAuthentication

Resolves: #86778
Releases: master, 8.7
Change-Id: I9c0101507c741471a8537a92329a9a66b78fa559
Reviewed-on: https://review.typo3.org/58765
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
2 months ago[TASK] Use different placeholder than ### 63/58763/2
Benni Mack [Sun, 28 Oct 2018 13:38:22 +0000 (14:38 +0100)]
[TASK] Use different placeholder than ###

preg_quote since PHP 7.3.0 also quotes #.
Simply use a different placeholder.

Resolves: #86586
Releases: master, 8.7, 7.6
Change-Id: I8ed9bd39605341a09347e21dd38c9a1824a01ee5
Reviewed-on: https://review.typo3.org/58763
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>