Packages/TYPO3.CMS.git
5 years ago[RELEASE] Release of TYPO3 4.5.32 26/26226/2 TYPO3_4-5-32
TYPO3 Release Team [Tue, 10 Dec 2013 10:05:45 +0000 (11:05 +0100)]
[RELEASE] Release of TYPO3 4.5.32

Change-Id: Ied61f0997ee99da6866d4c3d43fd46ed213c6c83
Reviewed-on: https://review.typo3.org/26226
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[SECURITY] XSS in header link of all content elements 84/26184/2
Anja Leichsenring [Tue, 10 Dec 2013 09:51:29 +0000 (10:51 +0100)]
[SECURITY] XSS in header link of all content elements

The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escaping the parameter
with quoteJSvalue solves the problem.

Change-Id: I1652e2f1e9fea660d2a5a9e74ace6317fe05ba3b
Fixes: #31206
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 4a1a06ad0124defafb991639b19d81f81f7d5b95
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26184
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in colorpicker wizard 83/26183/2
Anja Leichsenring [Tue, 10 Dec 2013 09:51:23 +0000 (10:51 +0100)]
[SECURITY] XSS in colorpicker wizard

Encode user-input in JavaScript context for colorpicker.

Change-Id: Ia5d181bb74f3cbe2d2b7c75097655f9c7593b70d
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 9fba6ded6247aaa74b974daf1c9bba5eb4aaf028
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26183
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Prevent editor controlled hmac content 82/26182/2
Franz G. Jahn [Tue, 10 Dec 2013 09:51:17 +0000 (10:51 +0100)]
[SECURITY] Prevent editor controlled hmac content

An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. To prevent this, we add an
additional secret.

Fixes: #45043
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
(cherry picked from commit 66013e46f09b38343ac22d9e231328966bff0c6e)
Security-Commit: fa5bdd2ac518555f21ec857dc31d2991a1e937ad
Security-Bulletin: TYPO3-CORE-SA-2013-004

Change-Id: I66b1ddc379577fc3ed67012384a15c38a6b76a03
Reviewed-on: https://review.typo3.org/26182
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS vulnerability in extension manager 81/26181/2
Marcus Krause [Tue, 10 Dec 2013 09:51:10 +0000 (10:51 +0100)]
[SECURITY] XSS vulnerability in extension manager

Add escaping on extension meta data when rendering.

Change-Id: I64cb5f23281ddb6c63439bf33aaeac1b1fa803b4
Fixes: #20811
Releases: 4.7, 4.5
Security-Commit: 647add5b8b668c173376ac45e4d227e4b25112d9
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26181
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Information Disclosure in Wizards 80/26180/2
Anja Leichsenring [Tue, 10 Dec 2013 09:51:05 +0000 (10:51 +0100)]
[SECURITY] Information Disclosure in Wizards

It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA by manipulating
GET parameters of the forms and table wizard.

This change adds a check if the editor has access
to the given record.

Change-Id: I524ae9bd75a5cca9e37918e64f5c492c9fa3c36e
Fixes: #41714
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 9ee30833350405d003de206501118d1300998bee
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26180
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Fix open redirection in openid extension 79/26179/2
Anja Leichsenring [Tue, 10 Dec 2013 09:50:59 +0000 (10:50 +0100)]
[SECURITY] Fix open redirection in openid extension

The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulnerability.
Add and verify hmac of the redirect url.

Change-Id: I0c446199504018cab6e4ad2f6bd9085458ca86f0
Fixes: #54099
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 6be16f2ea6b135b6f7ab2dec17d126f3f1eb89c4
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26179
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] feuser_adminLib.inc allows to set arbitrary fields 78/26178/2
Steffen Ritter [Tue, 10 Dec 2013 09:50:53 +0000 (10:50 +0100)]
[SECURITY] feuser_adminLib.inc allows to set arbitrary fields

The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt-in.
This class is neither used by core nor really maintained.

In the opt-in process the fields which should be updated to
activate the user are put as URL parameter into the
activation link. In the default configuration this feature
set allows to set any values of any field to this record.

As a result a user could manipulate his activation link and
therefore extend his usergroups.

This patch ensures that all fields which are about to update
are added to the hash as well as only taking the values
from TypoScript so even if the fields match no harm can be
done.

Change-Id: Ie27fba37522f7f46894a962fbd9425c328ce0583
Fixes: #48187
Releases: 6.0, 4.7, 4.5
Security-Commit: 2c930f8f2a8d18b83bb9d2d49cbdbec839b47188
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26178
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in be_layout wizard 77/26177/2
Anja Leichsenring [Tue, 10 Dec 2013 09:50:48 +0000 (10:50 +0100)]
[SECURITY] XSS in be_layout wizard

Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
The solution is the introduction of a hmac validation of the parameters
used in JavaScript.

Change-Id: I6a9fcd43affa637fd6ac3cd08ae89212e52e6754
Fixes: #36768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: bcc8a321517ad50bae3dec9366f76b4e886e74e9
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26177
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Remove possible XSS from ActionController Error output 76/26176/2
Anja Leichsenring [Tue, 10 Dec 2013 09:50:43 +0000 (10:50 +0100)]
[SECURITY] Remove possible XSS from ActionController Error output

As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::errorAction() method
could lead to a cross side scripting possibility.
The offending output has been removed without substitution.

Change-Id: Ide28a2af395a0a9558153ff6465dc8ae946a8b29
Fixes: #54074
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: f52d894b8adc385535ae0d3bc28700cd449e9f21
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26176
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard 75/26175/2
Marcus Krause [Tue, 10 Dec 2013 09:50:36 +0000 (10:50 +0100)]
[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard

If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you then add a new
element to be related.
In order to "store" the originating document which has been
edited, the Wizard/AddController and EditDocumentController
exchange state data in an URL-parameter.
This state-array is serialized in the EditDocumentController
and again unserialized in the Wizard/AddController from that
GET parameter. Without any checks, every code can be injected
to be unserialized here - even though we just need an array
with some data.
This patch changes serialize/unserialize to json_encode and
json_decode. Since the GET parameter only is used in
conjunction of these two classes it is save to changes the
format how the URL parameters are serialized.

Change-Id: I6bac68bb724ba185f66e3ffb07593120f96ccb17
Fixes: #54073
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 23d28d4899b658f6a0646ad5cbbc1a4d4d0c22bd
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26175
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Fix failing test 41/26041/3
Anja Leichsenring [Sun, 8 Dec 2013 12:35:17 +0000 (13:35 +0100)]
[BUGFIX] Fix failing test

Change-Id: I26b7697cdc4b40e007b89898491761105d0ba696
Resolves: #54282
Releases: 4.5
Reviewed-on: https://review.typo3.org/26041
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix failing test 40/26040/2
Anja Leichsenring [Sun, 8 Dec 2013 12:10:10 +0000 (13:10 +0100)]
[BUGFIX] Fix failing test

A superflous function was used, that does not exist in Extbase 1.3.

Change-Id: Ib25d21c53afc47a36fe44e4317abd78e736dc115
Resolves: #54280
Releases: 4.5
Reviewed-on: https://review.typo3.org/26040
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] ClientUtility does not detect Internet Explorer 11 87/25887/2
Stefan Neufeind [Sun, 1 Dec 2013 14:33:13 +0000 (15:33 +0100)]
[BUGFIX] ClientUtility does not detect Internet Explorer 11

Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing patterns
fail and the browser is detected as unknown browser.

TYPO3 deactivates several features for unknown browser. As a
result f.e. the RTE does not load.

This change adds special treatment for IE11+ by introducing an
additional regular expression matching the new user agent format
and looking for the Trident engine to be present.

In addition unit tests for common IE 9-11 user agents are added.

Change-Id: I389f344a498ac77f3e6445656dd125fd5d236a98
Resolves: #54124
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25887
Reviewed-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years agoRevert "[BUGFIX] Object passed to date()" 47/25847/2
Markus Klein [Sun, 1 Dec 2013 14:28:37 +0000 (15:28 +0100)]
Revert "[BUGFIX] Object passed to date()"

This reverts commit d361b2999c8ba8d1cdb218ead4f60ef1de9fe458

The change I6821bafa51372c50d8903c63d62ea44933bc12b3 does not
apply to 4.5 and 4.7, since $task is not an object in these
versions.

Change-Id: Ia2cd5287f3e128c90155c76fa360c58289d5a1ce
Releases: 4.5, 4.7
Resolves: #54120
Reviewed-on: https://review.typo3.org/25847
Reviewed-by: Philipp Gampe
Reviewed-by: Benny Schimmer
Tested-by: Benny Schimmer
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] ext:adodb Restrict connection wizard to admins 60/25760/3
Christian Kuhn [Fri, 29 Nov 2013 15:11:04 +0000 (16:11 +0100)]
[BUGFIX] ext:adodb Restrict connection wizard to admins

In the unlikely case ext:datasources is used, there is a potential
information disclosure that content of this table is shown to
non-admin backend users. This is better sanitized with the patch.

Change-Id: I748a0e05b57ac8c6d9c37cdd86fdb093c380dea5
Resolves: #42651
Releases: 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25760
Reviewed-by: Franz G. Jahn
Tested-by: Franz G. Jahn
Reviewed-by: Oliver Klee
Tested-by: Oliver Klee
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Distinguish unassigend columns and colPos 0 89/25389/3
Philipp Gampe [Wed, 13 Nov 2013 17:52:52 +0000 (18:52 +0100)]
[BUGFIX] Distinguish unassigend columns and colPos 0

When using backend layout columns without a colPos value they should be
just placeholders with the label "Not assigned". Currently they are
showing the content of the column 0 instead if there is such a column in
the backend layout.

The label "Not assigned" is used for columns without any
label, otherwise the label is used together with the suffix
"(Not assigned)".

Change-Id: I02c418eebdd9345c3066aa8c3eeec353d2cd9e58
Resolves: #25157
Resolves: #45550
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/25389
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Set TYPO3 version to 4.5.32-dev 95/25695/2
TYPO3 Release Team [Tue, 26 Nov 2013 15:23:26 +0000 (16:23 +0100)]
[TASK] Set TYPO3 version to 4.5.32-dev

Change-Id: I0c80cd295e4146fb8c5c9ac2c9e3188d18f5959e
Reviewed-on: https://review.typo3.org/25695
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 4.5.31 94/25694/2 TYPO3_4-5-31
TYPO3 Release Team [Tue, 26 Nov 2013 15:22:57 +0000 (16:22 +0100)]
[RELEASE] Release of TYPO3 4.5.31

Change-Id: I3e7c742865cf45eb50918e3de4029fa60beea15d
Reviewed-on: https://review.typo3.org/25694
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[BUGFIX] Table cache_imagesizes is defined twice 15/25515/2
Michiel Roos [Tue, 19 Nov 2013 15:20:53 +0000 (16:20 +0100)]
[BUGFIX] Table cache_imagesizes is defined twice

The table cache_imagesizes is defined in two files:
t3lib/stddb/tables.sql
typo3/sysext/cms/ext_tables.sql

This is the case for the 4.5 branch as well as the 4.7 branch.
It has been cleaned up in 6.x.

Change-Id: I02f7895ccd25a2404b7742f1706466328869cfce
Resolves: #53758
Releases: 4.7, 4.5
Reviewed-on: https://review.typo3.org/25515
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Scheduler extension sql file is invalid 08/25508/2
Michiel Roos [Tue, 19 Nov 2013 10:27:11 +0000 (11:27 +0100)]
[BUGFIX] Scheduler extension sql file is invalid

On import into MySQL an error is thrown and MySQL
refuses to create the table:

ERROR 1067 (42000) at line 4: Invalid default value for 'uid'

This is due to the fact that a default value is being set
for an auto_increment field.

Change-Id: Ic072d3ec21b4e8adbecf9ff88e6ac4a2919959ec
Resolves: #53750
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/25508
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Fix broken edit icons on cType HTML 07/25407/2
Stefan Neufeind [Thu, 14 Nov 2013 17:31:15 +0000 (18:31 +0100)]
[BUGFIX] Fix broken edit icons on cType HTML

Fix the wrong Typoscript configuration for front-end edit icons
for cType HTML (for the traditional fe-editing).

Resolves: #17493
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I743d8d8ee77bd76bd9ed2a12cd34817196d3719a
Reviewed-on: https://review.typo3.org/25407
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Correctly append additionalTreelistUpdateFields 79/25279/2
Bart Dubelaar [Mon, 11 Nov 2013 18:14:55 +0000 (19:14 +0100)]
[BUGFIX] Correctly append additionalTreelistUpdateFields

The list of additionalTreelistUpdateFields was not correctly
appended to the updateRequiringFields array.

Resolves: #37948
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I7df514649203bf607a6ac3550c875c429e0f7328
Reviewed-on: https://review.typo3.org/25279
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Faulty check for missing SMTP port 18/23518/2
Stefan Neufeind [Sat, 31 Aug 2013 22:40:23 +0000 (00:40 +0200)]
[BUGFIX] Faulty check for missing SMTP port

Check also for null port to avoid a fatal error.

Resolves: #31998
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ibf45b3c0783a70e5afba33f90d1d8e05f76834cf
Reviewed-on: https://review.typo3.org/23518
Reviewed-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Escape title, extension, description of scheduler tasks 31/25231/2
Stefan Neufeind [Sat, 9 Nov 2013 15:41:41 +0000 (16:41 +0100)]
[BUGFIX] Escape title, extension, description of scheduler tasks

Properly escapes the title, description and extension of
displayed scheduler tasks

Resolves: #29179
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ie03383f694863e435bfb96341226f8c78be426e5
Reviewed-on: https://review.typo3.org/25231
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] T3editor: Honour fileDenyPattern on saving included TS 60/25060/4
Stefan Neufeind [Tue, 29 Oct 2013 21:22:27 +0000 (22:22 +0100)]
[BUGFIX] T3editor: Honour fileDenyPattern on saving included TS

fileDenyPattern is only checked on loading so far.
Needs to be added for saving as well taken into account, since
otherwise an arbitrary file (including .php) can be overwritten.

Change-Id: Ia7edc83c8954942fb848746abc0980a304a1a6df
Resolves: #53195
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25060
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Remove declare(encoding=) 57/25157/2
Josef Florian Glatz [Mon, 4 Nov 2013 15:59:10 +0000 (16:59 +0100)]
[BUGFIX] Remove declare(encoding=)

AbstractWidgetViewHelper can throw warnings about invalid
declare statements if zend.multibyte is off. Those lines
were also dropped in TYPO3.Fluid, TYPO3 6.0 & TYPO3 4.7.

Change-Id: I7f4efca526249034b74ba42b1103b58831b5a2ea
Resolves: #38055
Releases: 4.5
Reviewed-on: https://review.typo3.org/25157
Reviewed-by: Wouter Wolters
Reviewed-by: Ernesto Baschny
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
5 years ago[BUGFIX] Cannot auto-load SC_* classes 79/24979/2
Ernesto Baschny [Wed, 23 Oct 2013 12:24:46 +0000 (14:24 +0200)]
[BUGFIX] Cannot auto-load SC_* classes

These script files cannot be auto-loaded because they also include
runnable code.

Resolves: #53075
Releases: 4.7, 4.5
Change-Id: Ib3a956b69355466016099e996b6ca6c5f89978cd
Reviewed-on: https://review.typo3.org/24979
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[TASK] Added missing core autoloaded files 27/23627/3
Ernesto Baschny [Wed, 4 Sep 2013 20:33:15 +0000 (22:33 +0200)]
[TASK] Added missing core autoloaded files

Adds lots of missing autoloading files in t3lib/core_autoload.php
and cms/ext_autoload.php and fixes some bugs.

These files were autogenerated by extdeveval and thus also change
the order of the entries to a natural sorting. Refer to the issue
in the tracker for details on what exactly changed.

Resolves: #50881
Releases: 4.7, 4.5
Change-Id: I6f571f31a70d94a0f1ab73513ebbec0bb1a9086a
Reviewed-on: https://review.typo3.org/23627
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Object passed to date() 13/24713/2
Philipp Gampe [Sun, 13 Oct 2013 20:08:46 +0000 (22:08 +0200)]
[BUGFIX] Object passed to date()

Function date() expects a timestamp as second parameter, not
an object.

Resolves: #52759
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6821bafa51372c50d8903c63d62ea44933bc12b3
Reviewed-on: https://review.typo3.org/24713
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Wrong calculation of maximum value for checkbox fields 56/24656/2
Nicole Cordes [Sat, 12 Oct 2013 17:37:46 +0000 (19:37 +0200)]
[BUGFIX] Wrong calculation of maximum value for checkbox fields

This patch corrects the calculation of the maximum value for a group
of checkboxes which is stored as bit flag value in the database. The
formular for the maximum value is 2nd power of the item count minus one.

Resolves: #52104
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I0eb430b72a072838c6ac3bc3f5e339ff2509c455
Reviewed-on: https://review.typo3.org/24655
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-on: https://review.typo3.org/24656

5 years ago[BUGFIX] Select available page when changing WS 95/24595/3
Thorsten Kahler [Fri, 11 Oct 2013 15:57:22 +0000 (17:57 +0200)]
[BUGFIX] Select available page when changing WS

When changing to another workspaces the currently selected page is not
always available.
This change selects the next available page from the rootline for page
tree and submodules of web module when the current page does not exist
in the workspace.

Change-Id: I0502fea3c21515421586403a41f5c696ffc0d762
Fixes: #37611
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/24595
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Add workspace overlay for fetched records. 81/24581/2
Anja Leichsenring [Fri, 11 Oct 2013 14:40:54 +0000 (16:40 +0200)]
[BUGFIX] Add workspace overlay for fetched records.

Call workspace overlay to resolve the right uid for
move-placeholder.

Change-Id: I6af65fcda1b1fffe72dfbc314976e42f30120d71
Fixes: #36573
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/24581
Reviewed-by: Sascha Egerer
Tested-by: Sascha Egerer
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Don't show duplicates in workspace preview 75/24075/2
Timo Webler [Thu, 26 Sep 2013 16:04:02 +0000 (18:04 +0200)]
[BUGFIX] Don't show duplicates in workspace preview

Fixes workspace filter conditions in case of workspace preview in
t3lib_pageSelect::enableFields().

Additionally cleared up the corresponding comments.

Change-Id: I088928a88cb673f18f218ef691a6c528019317c0
Fixes: #37065
Releases: 6.2, 6.1, 6.0, 4.5
Reviewed-on: https://review.typo3.org/24075
Reviewed-by: Sascha Egerer
Tested-by: Sascha Egerer
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] EmConfUtility accesses non-arrays 99/24099/2
Markus Klein [Thu, 26 Sep 2013 22:37:43 +0000 (00:37 +0200)]
[BUGFIX] EmConfUtility accesses non-arrays

Properly check for array-type before accessing
or counting the variable.

Resolves: #52045
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Id161fddadbbcadd462de36e8227278107f2e7a3a
Reviewed-on: https://review.typo3.org/24099
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Check for string before using strlen 92/24092/3
Markus Klein [Thu, 26 Sep 2013 21:53:12 +0000 (23:53 +0200)]
[BUGFIX] Check for string before using strlen

If pi_flexform is converted to an array already, checking via strlen
produces a warning. An additional check via is_string suppresses the
warning.

Resolves: #52091
Resolves: #51684
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I97c41cdedb1afb28e2a9ca39e1d9cfb3921d9f47
Reviewed-on: https://review.typo3.org/24092
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] CF FileBackend unlimited lifetime support 83/24083/2
Dominique Feyer [Thu, 26 Sep 2013 15:41:49 +0000 (17:41 +0200)]
[BUGFIX] CF FileBackend unlimited lifetime support

Backport of a bugfix that was part of #39430 in 6.0.

Change-Id: I2266ae12284a139a384854e3ff0bacf23f277859
Resolves: #34886
Related: #39430
Releases: 4.7, 4.5
Reviewed-on: https://review.typo3.org/24073
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit e06f05a67c6c516f5970ce4d5785f8c9356e34ff)
Reviewed-on: https://review.typo3.org/24083

5 years ago[BUGFIX] Fix cropping of transparent gifs with im6. 32/14132/4
Felix Bùˆnemann [Wed, 22 Aug 2012 09:40:48 +0000 (11:40 +0200)]
[BUGFIX] Fix cropping of transparent gifs with im6.

The usage of the ! operator to force cropping empty image
canvas is inverted between ImageMagick v4 and v6 while
GraphicsMagick accepts both syntaxes, so we only need to
check for v4.

Needs different solution for newer TYPO3 due to im4
deprecation, see gerrit change 13996 for more info.

Related: #19045
Releases: 4.5
Change-Id: Iee1260a94f2686a512ce1b1df65c384319a4c4de
Reviewed-on: https://review.typo3.org/14132
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
Reviewed-by: Felix Buenemann
Tested-by: Felix Buenemann
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Use a 401 header if login is not successful 02/23802/2
Georg Ringer [Fri, 6 Sep 2013 08:00:04 +0000 (10:00 +0200)]
[TASK] Use a 401 header if login is not successful

If login is not correct, a 401 should be used instead of a 200.

Change-Id: Ia2fa139e89fe19df77bb0530b4fbce502506f524
Resolves: #51803
Releases: 6.2,6.1,6.0,4.5
Reviewed-on: https://review.typo3.org/23802
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Set TYPO3 version to 4.5.31-dev 80/23780/2
TYPO3 Release Team [Thu, 12 Sep 2013 09:30:00 +0000 (11:30 +0200)]
[TASK] Set TYPO3 version to 4.5.31-dev

Change-Id: Ifd4a45e440a1b25df360163d7c67a0f85ea58099
Reviewed-on: https://review.typo3.org/23780
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 4.5.30 79/23779/2 TYPO3_4-5-30
TYPO3 Release Team [Thu, 12 Sep 2013 09:29:34 +0000 (11:29 +0200)]
[RELEASE] Release of TYPO3 4.5.30

Change-Id: Ic083947be2c806f1edf2f177163dae4d6c36fce4
Reviewed-on: https://review.typo3.org/23779
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[BUGFIX] Backend Layout Grid Wizard not fully visible in Mac Firefox 22 14/23514/2
Philipp Gampe [Sat, 31 Aug 2013 21:18:57 +0000 (23:18 +0200)]
[BUGFIX] Backend Layout Grid Wizard not fully visible in Mac Firefox 22

Under Firefox the outer table's height and width of the backend layout
wizard is set to 100%. Since there is content before the table, this
leads to the table being cut of, as there are no scrollbars. According
to the suggestion of Philipp Gampe the table's height and width are
changed to 90%.

Resolves: #50424
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I589fdfd8de0a8d6ebb4b3ee4fd2a173341116016
Reviewed-on: https://review.typo3.org/23514
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Exclude empty passwords from password hashing check 35/23435/2
Nicole Cordes [Wed, 28 Aug 2013 14:02:36 +0000 (16:02 +0200)]
[BUGFIX] Exclude empty passwords from password hashing check

The test for insecure passwords handles empty passwords as insecure and
recommends to use the saltedpasswords scheduler task to convert all
insecure passwords. But the scheduler task doesn't convert empty
passwords, so a never ending story exists. Therefore this patch exludes
empty passwords being handled as insecure.

Resolves: #36244
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6bdd5c8807a07841850c1e4c22afe57eec28b335
Reviewed-on: https://review.typo3.org/23435
Reviewed-by: Kay Strobach
Tested-by: Kay Strobach
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Escape title tag of image links 49/23349/2
Alexander Stehlik [Tue, 27 Aug 2013 08:59:50 +0000 (10:59 +0200)]
[BUGFIX] Escape title tag of image links

This patch adds a missing call to htmlspecialchars() when
the title tag of image links is initialized.

Resolves: #50760
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: If41f33d9621f7790c0ff0de4aebcd7cdcb59707f
Reviewed-on: https://review.typo3.org/23349
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Page tree filtering broken in IE7 & IE8 40/23340/2
Aske Ertmann [Mon, 22 Jul 2013 18:46:23 +0000 (20:46 +0200)]
[BUGFIX] Page tree filtering broken in IE7 & IE8

The page tree doesn't show the result when using the filter
in the page tree in IE7 & IE8. ExtJS somehow breaks silently
when trying to use a non-tag (text) as a drag handle. This fix
works with the original change that introduced this, meaning it
doesn't break the functionality of dragging of locked records.

Change-Id: I3f33fb3e4f6bd7622f502a9265897fee9d3e4ed3
Resolves: #25327
Resolves: #37026
Related: #M17952
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/23340
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
5 years ago[BUGFIX] TCA: subtypes_addlist not processed 52/19652/3
Ernesto Baschny [Sun, 11 Mar 2012 17:39:57 +0000 (18:39 +0100)]
[BUGFIX] TCA: subtypes_addlist not processed

TCA: subtypes_addlist is not processed
if the subtype_value_field is in a palette

Change-Id: I6bcaaf36c330962c1d7d9fdd4a73ae502e9710dc
Fixes: #30636
Releases: 4.5, 4.7, 6.0, 6.1
Reviewed-on: https://review.typo3.org/19652
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Handle file_references properly in t3lib_befunc::thumbCode 34/21934/2
Tolleiv Nietsch [Fri, 5 Jul 2013 13:36:09 +0000 (15:36 +0200)]
[BUGFIX] Handle file_references properly in t3lib_befunc::thumbCode

Group fields with internal_type "file_reference" reference the files
directly. The filepaths don't need any additional uploadFolder prefixes.

Due to the FAL changes in that method, this patch is not relevant for 6.0.

Change-Id: I7428fb9561180dd51cc1f45a9f6c012626b72fa8
Resolves: #31295
Releases: 4.5
Reviewed-on: https://review.typo3.org/21934
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] number_format() expects parameter 1 to be double 78/22978/2
Anja Leichsenring [Thu, 8 Aug 2013 20:49:17 +0000 (22:49 +0200)]
[BUGFIX] number_format() expects parameter 1 to be double

In stdWrap function numberFormat $content is a string.
Make sure this is a float value when it is passed into
PHP function number_format.

Change-Id: If4a98ae8238264f94f771c997fbe6cac98311912
Resolves: #50868
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/22977
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-on: https://review.typo3.org/22978

5 years ago[BUGFIX] MySQL: Use ENGINE (not TYPE) for storage-engine 98/22798/2
Stefan Neufeind [Sat, 3 Aug 2013 22:44:07 +0000 (00:44 +0200)]
[BUGFIX] MySQL: Use ENGINE (not TYPE) for storage-engine

Using TYPE is deprecated since a MySQL 4.x and was removed in MySQL
5.5. Core already uses ENGINE but SqlParser turned that into TYPE,
leading to errors.

From https://dev.mysql.com/doc/refman/5.0/en/storage-engines.html:
"The older term TYPE is supported as a synonym for ENGINE for
backward compatibility, but ENGINE is the preferred term and TYPE
is deprecated."

Change-Id: I6607d3e726c43cb74ca00f33ec2332de4f6a76d8
Resolves: #50466
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/22798
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Syntax error in class.tx_coreupdates_t3skin.php 96/22796/2
Wouter Wolters [Tue, 30 Jul 2013 12:18:00 +0000 (14:18 +0200)]
[BUGFIX] Syntax error in class.tx_coreupdates_t3skin.php

Fix Syntax Problem: Cannot use [] for reading

Change-Id: I9f5be90dbc9aa55475049bd8a8720cab0c321af4
Resolves: #35274
Releases: 4.7, 4.5
Reviewed-on: https://review.typo3.org/22796
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix fatal error in extension manager 56/22656/2
Michael Stucki [Mon, 29 Jul 2013 12:16:23 +0000 (14:16 +0200)]
[BUGFIX] Fix fatal error in extension manager

TER extensions which were uploaded just recently contain a change in
ext_emconf.php. This change conflicts with older TYPO3 releases:

If the extension has no conflicts, the constraint is written as an empty
string although it is expected to be an array in any case.

This fix adds a check to work around the problem.

Change-Id: Ibb361f82c39d99089ec6455935ddc3e775cebbc7
Resolves: #46642
Releases: 4.7, 4.5
Reviewed-on: https://review.typo3.org/22656
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Provide information about import action in TCEmain to hooks 45/22645/2
Stefan Galinski [Tue, 27 Nov 2012 01:31:50 +0000 (02:31 +0100)]
[TASK] Provide information about import action in TCEmain to hooks

While importing T3D files the TCEmain currently fires the required
processing on records just as if the editor is generating the records. If
extensions hook into TCEmain, there is no way to differenciate this
situation from the regular editing mode - which might provide unexpected
results, i.e. wrong IRRE relations.

Solution is to provide a boolean to indicate that TCEmain has been called
during an import action which extensions could use to recognize this
situation.

Change-Id: I4fe429fb88f8ec24a7fda885f38ddfbdb4a642f5
Resolves: #36031
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/22645
Reviewed-by: Jo Hasenau
Tested-by: Jo Hasenau
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Set TYPO3 version to 4.5.30-dev 14/22714/2
TYPO3 Release Team [Tue, 30 Jul 2013 12:43:01 +0000 (14:43 +0200)]
[TASK] Set TYPO3 version to 4.5.30-dev

Change-Id: If965931f73498172f9950382421c293ae417afd2
Reviewed-on: https://review.typo3.org/22714
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 4.5.29 13/22713/2 TYPO3_4-5-29
TYPO3 Release Team [Tue, 30 Jul 2013 12:42:36 +0000 (14:42 +0200)]
[RELEASE] Release of TYPO3 4.5.29

Change-Id: I51cad328946686b1aa0bb37a2c8744f77794fcb4
Reviewed-on: https://review.typo3.org/22713
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[SECURITY] XSS in 3rd party library Audio Player 01/22701/2
Oliver Hader [Tue, 30 Jul 2013 12:38:01 +0000 (14:38 +0200)]
[SECURITY] XSS in 3rd party library Audio Player

Update player.swf of version 2.0.4.6 from
http://wordpress.org/plugins/audio-player/

Change-Id: Ib9ba8c7f02279c42d619154b9b79cc38a8e2c41b
Fixes: #49210
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 75b52f4080952e25b4387f3e9665f01803184591
Security-Bulletin: TYPO3-CORE-SA-2013-002
Reviewed-on: https://review.typo3.org/22701
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Fix double-stdWrapping of GIFBUILDER's TEXT object 32/20532/3
jyps [Sun, 5 May 2013 15:07:53 +0000 (17:07 +0200)]
[BUGFIX] Fix double-stdWrapping of GIFBUILDER's TEXT object

During extensive overhaul of stdWrap from TYPO3 v4.4 to v4.5 a
bug was introduced that led to double-stdWrapping of all
properties of GIFBUILDER's TEXT object.

Change-Id: Ib74fdc9899f3d0ee3f6fc96ffbb9c7dbc3ee01e2
Fixes: #41487
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/20532
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] Remove empty .gitmodules file 17/22617/2
Christian Kuhn [Fri, 26 Jul 2013 21:02:46 +0000 (23:02 +0200)]
[TASK] Remove empty .gitmodules file

With removal of git submodules the .gitmodules file is empty
and can be removed now.

Change-Id: I453f63c0852825b46e9ea62f87385d9eace25134
Resolves: #50480
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/22613
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 643f2e9cef2e7997e2c7ae5b8d8bbf279d9983c1)
Reviewed-on: https://review.typo3.org/22617

5 years ago[TASK] Revise typo3/sysext/README.txt 59/22559/2
Wouter Wolters [Wed, 24 Jul 2013 18:00:47 +0000 (20:00 +0200)]
[TASK] Revise typo3/sysext/README.txt

* Replace GIT repository link with the new one
* Remove information about submodules

Change-Id: I60db762ce831c7edea413d9f7780a5617b7f9e96
Resolves: #50410
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/22559
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Set TYPO3 version to 4.5.29-dev 25/22525/2
TYPO3 Release Team [Tue, 23 Jul 2013 17:58:55 +0000 (19:58 +0200)]
[TASK] Set TYPO3 version to 4.5.29-dev

Change-Id: I73ac008099c789255f184785e52069d26764a03f
Reviewed-on: https://review.typo3.org/22525
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 4.5.28 24/22524/2 TYPO3_4-5-28
TYPO3 Release Team [Tue, 23 Jul 2013 17:58:31 +0000 (19:58 +0200)]
[RELEASE] Release of TYPO3 4.5.28

Change-Id: I60233a700dd013cc905f9b19bc5abf9d0b8cf26a
Reviewed-on: https://review.typo3.org/22524
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[BUGFIX] Page within a mountpoint using Show Content from Page fatals 37/12837/5
Patrick [Mon, 5 Dec 2011 09:00:31 +0000 (10:00 +0100)]
[BUGFIX] Page within a mountpoint using Show Content from Page fatals

When pages:content_from_pid is used, the TSFE for the current object
will be cloned to a temporary object for the page to get the content
from.  In this temporary object, the id for the page will be changed to
the contents of content_from_pid.  However, the MP variable will not be
changed.

This results in a TSFE object with the wrong MP variable connected to
the id.  Within this temporary object the rootline will be calculated,
which will be empty, because of the wrong MP variable.  This triggers
"The requested page didn't have a proper connection to the tree-root"

This bugfix fixes this by emptying the MP variable.

Change-Id: I56fc25924a1766d2befaffee8abbed5466a04942
Fixes: #32292
Releases: 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/12837
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[BUGFIX] PHP Module pgsql not supported 89/21089/2
Nicole Cordes [Tue, 20 Nov 2012 16:42:03 +0000 (17:42 +0100)]
[BUGFIX] PHP Module pgsql not supported

On some systems (e.g. current Debian system) the module for PostgreSQL is
called pgsql instead of postgres. So this has to be added to the module
list.

Change-Id: Id55170cefef6df32ae616c05696bec8fa59b9cb2
Fixes: #43163
Releases: 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/21089
Reviewed-by: Stefan Neufeind
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
5 years ago[BUGFIX] stdWrap for special.value applied twice 39/21739/2
Markus Klein [Sat, 29 Jun 2013 20:24:30 +0000 (22:24 +0200)]
[BUGFIX] stdWrap for special.value applied twice

In HMENU the stdWrap for special.value is applied twice.
This patches removes the superfluous call
in HierarchicalMenuContentObject.php.

Furthermore it also moves the stdWrap for excludeUidList
to AbstractMenuContentObject.php for consistency reasons.

Change-Id: Ia6594a76602acdab8b39d50803595343e65f6d02
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Fixes: #40855
Reviewed-on: https://review.typo3.org/21739
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix PHP warning trigged in initFEuser 41/22341/2
Markus Klein [Mon, 15 Jul 2013 18:32:18 +0000 (20:32 +0200)]
[BUGFIX] Fix PHP warning trigged in initFEuser

TypoScriptFrontendController::initFEuser() calls
$GLOBALS['TYPO3_DB']->cleanIntList() with a possible NULL argument.
This leads to a PHP warning in GeneralUtility::trimExplode().

Resolves: #42921
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Id33ee8fe5e4177716af6ce8c9084e098b86c280c
Reviewed-on: https://review.typo3.org/22341
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] requestUpdate sensitive to spaces 13/22313/2
Markus Klein [Mon, 15 Jul 2013 07:37:58 +0000 (09:37 +0200)]
[BUGFIX] requestUpdate sensitive to spaces

The TCA property "requestUpdate" is sensitive to spaces, although this
is documented nowhere. Indeed "foo1, foo2" will not work whereas
"foo1,foo2" does. This patch strips spaces from the "requestUpdate"
string before testing it.

Change-Id: Ifbb1fe5be59077207316e48204d65a978592f878
Resolves: #49872
Related: #42789
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/22313
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] requestUpdate sensitive to spaces 88/22188/2
Francois Suter [Wed, 10 Jul 2013 12:12:32 +0000 (14:12 +0200)]
[BUGFIX] requestUpdate sensitive to spaces

The TCA property "requestUpdate" is sensitive to spaces, although this
is documented nowhere. Indeed "foo1, foo2" will not work whereas
"foo1,foo2" does. This patch strips spaces from the "requestUpdate"
string before testing it.

Resolves: #42789
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I340090e93e7b8645493f8db0c8c374cb1227f684
Reviewed-on: https://review.typo3.org/22188
Reviewed-by: Francois Suter
Tested-by: Francois Suter
5 years ago[BUGFIX] Allow non-Admins to delete Records finally 56/21456/2
dkd-egerer Sascha Egerer [Tue, 27 Nov 2012 00:42:59 +0000 (01:42 +0100)]
[BUGFIX] Allow non-Admins to delete Records finally

This patch adds the posibility for non Admins to delete
records finally in the recycler.

Change-Id: I1fda11d621403758f4d78b7fa8f730d7b47d79a7
Fixes: #34156
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/21456
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] t3lib_userAuthGroup::checkLogFailures() gives PHP notice 82/21482/5
Xavier Perseguers [Mon, 19 Sep 2011 20:47:00 +0000 (22:47 +0200)]
[BUGFIX] t3lib_userAuthGroup::checkLogFailures() gives PHP notice

Due to improper method signature in the parent class of t3lib_userAuthGroup,
a PHP notice is generated when calling method checkLogFailures().

Change-Id: Ic41cb88889ee18f2508ae5b2e96858e8bf16c349
Fixes: #30055
Releases: 4.5, 4.6
Reviewed-on: https://review.typo3.org/21482
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Invalid use of array_shift() in t3lib_div 13/21413/5
Xavier Perseguers [Mon, 19 Sep 2011 20:58:53 +0000 (22:58 +0200)]
[BUGFIX] Invalid use of array_shift() in t3lib_div

PHP Runtime Notice: Only variables should be passed by reference.

Change-Id: Ib1e9af4b58202f085d1afbba2b9bd0b288a8ef58
Fixes: #30056
Releases: 4.5, 4.6
Reviewed-on: https://review.typo3.org/21413
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Invalid method signature for t3lib_pageTree::init() 15/21415/5
Xavier Perseguers [Mon, 19 Sep 2011 22:11:17 +0000 (00:11 +0200)]
[BUGFIX] Invalid method signature for t3lib_pageTree::init()

Method t3lib_treeView::init() is not properly overriden in subclasses.

Change-Id: Ia39eb8ba775e1f217fb77f402dd8f2ab4e1d24ae
Fixes: #30062
Releases: 4.5, 4.6
Reviewed-on: https://review.typo3.org/21415
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Some methods in t3lib_TSparser should be static 83/21483/4
Xavier Perseguers [Mon, 19 Sep 2011 21:23:23 +0000 (23:23 +0200)]
[BUGFIX] Some methods in t3lib_TSparser should be static

A few methods in t3lib_TSparser are called statically but are not
declared as being static. This leads to PHP notices.

Change-Id: I7ea7cb659a830e74c4f8797f118662b517015614
Fixes: #30058
Releases: 4.5, 4.6
Reviewed-on: https://review.typo3.org/21483
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Add support for "outdated" extensions 42/21742/2
Jigal van Hemert [Sun, 30 Jun 2013 06:14:47 +0000 (08:14 +0200)]
[TASK] Add support for "outdated" extensions

Extension Manager displays installed extensions which are marked as
"outdated" with different styling. Reports module also checks for
installed and available "outdated" extensions.

Change-Id: I3050f3f7142e4153954f1b7f76b4bf64a3066223
Resolves: #49350
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/21742
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[BUGFIX] RTE: Importing google webfonts breaks style sheet parsing 64/21864/2
Stanislas Rolland [Wed, 3 Jul 2013 22:45:12 +0000 (18:45 -0400)]
[BUGFIX] RTE: Importing google webfonts breaks style sheet parsing

Problem: Firefox raises a security error because the file is not in the
same domain as the executing script. Probably a Firefox bug since the
file certainly has adequate headers: the font are indeed displayed in
the RTE.

Solution: Since the Webfont style sheet does not contain any css rules
anyways, we will catch the error, and if it is a security error, log it
to the Javascript console (or Firebug) and silently continue. Re-throw
any other type of error.

Resolves: #49648
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Change-Id: I225152ad5d84de50f29d3830be6f1f3e10f249c8
Reviewed-on: https://review.typo3.org/21864
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
5 years ago[TASK] Improve error message in NotFoundView to identify source 36/21736/2
Claus Due [Sat, 29 Jun 2013 12:43:54 +0000 (14:43 +0200)]
[TASK] Improve error message in NotFoundView to identify source

The error message before this change would only report the
action name, after this change it will reflect the controller and
extension name as well.

Set to apply to all maintained version since this changes no functions
whatsoever - it only improves error feedback.

Resolves: #49519
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I61dc32a4542b8664ca9443414278e983bc181c4a
Reviewed-on: https://review.typo3.org/21736
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Incorrect grouping of exclude fields in translated backend 36/21636/2
Jigal van Hemert [Sun, 5 May 2013 13:26:51 +0000 (15:26 +0200)]
[BUGFIX] Incorrect grouping of exclude fields in translated backend

If you use the backend in a language other than English, then the
grouping of the exclude fields in the be_group record is messed up when
flexform fields are included.

E.g. in a German backend, all tt_content fields are grouped below pages.

Sort the table names beforehand and afterwards all fields inside each
table.
Besides the patch converts some variables names into meaningful ones.

For TYPO3_4-5, the patch merges the existing unit test into this file.

Change-Id: I28ebc69d5cfc0316bdf44558276d3e939d011c2d
Fixes: #47839
Related: #34098
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/21636
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] t3lib_utility_mailTest fails 17/21617/2
Philipp Gampe [Sun, 23 Jun 2013 15:22:38 +0000 (17:22 +0200)]
[BUGFIX] t3lib_utility_mailTest fails

The tested method always adds a From address to the mail header. This
is not reflected in the test.
Additionally clean up the test header a bit (backup globals).

Resolves: #49361
Releases: 4.5
Change-Id: I33d85916980eea34331d7d87682de9f71119af25
Reviewed-on: https://review.typo3.org/21617
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Insert rows only once in exec_INSERTmultipleRows 08/21408/2
Jigal van Hemert [Fri, 14 Jun 2013 00:30:42 +0000 (02:30 +0200)]
[BUGFIX] Insert rows only once in exec_INSERTmultipleRows

For native handler types multiple rows can be inserted using the mysql
INSERTmultipleRows API call. When another handler was used, the operation
was done twice, due to a missing else after the native handler condition.
This resulted in two database records for every INSERT statement.

The patch adds the missing else branch for the condition, preventing
the second run that was only meant to handle non-native handler types.

Change-Id: Ibab98a0c73b379bac063c8d1c19e30e93f38faf4
Resolves: #48220
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/21408
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Flexform field is available but not passed to sub-function calls 79/21579/2
Claus Due [Fri, 21 Jun 2013 18:47:45 +0000 (20:47 +0200)]
[BUGFIX] Flexform field is available but not passed to sub-function calls

This change fixes three occurrences of calls to FlexForm DS
processing methods which accept a $fieldName argument but in
the current state of the code is given an empty string instead
of the $field variable which exists in all three contexts and
contains the proper value.

Passing the field name along to these sub functions allows hook
subscribers to use the field name - among other things. In any
case this fixes an unexpected behaviour turning it into an
expected one.

Resolves: #49331
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I078b0734f3bfa74a9acd61773c5c380f091286f8
Reviewed-on: https://review.typo3.org/21579
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Illegal string offset warning in AjaxLoginHandler 73/21573/2
Markus Klein [Fri, 21 Jun 2013 17:40:21 +0000 (19:40 +0200)]
[BUGFIX] Illegal string offset warning in AjaxLoginHandler

After logout $GLOBALS['BE_USER']->user['uid'] is checked.
This is done without isset() which triggers a warning, as ->user is unset,
if the logout was successful.

Resolves: #49327
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ia13af7f2a75090050113ff6a5d388b790df0bab1
Reviewed-on: https://review.typo3.org/21573
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Fix JS error with Context Sensitive Help 48/21548/2
Michel Nederlof [Wed, 19 Jun 2013 21:47:02 +0000 (23:47 +0200)]
[BUGFIX] Fix JS error with Context Sensitive Help

Using the edit form for records in a new pop window leads
to a JS error, as "top" is not defined in the new window.

Resolves: #26588
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I2eab83a2c9df2fed13fd5bcc1c829bf4f2b9a055
Reviewed-on: https://review.typo3.org/21548
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Illegal string offset 'translations' in DatabaseRecordList 60/21460/2
Philipp Gampe [Sat, 15 Jun 2013 14:55:32 +0000 (16:55 +0200)]
[BUGFIX] Illegal string offset 'translations' in DatabaseRecordList

The return value of TranslationConfigurationProvider->translationInfo
normally is an array, but it is a string in case of an error.
Move the line below the is_array() check, because it is only needed
inside.

Fixes: #47103
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ia781eae987d9295bc2b299f83c087669c96dfd00
Reviewed-on: https://review.typo3.org/21460
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[TASK] Merge submodule version into core
Thomas Maroschik [Mon, 27 May 2013 17:04:55 +0000 (19:04 +0200)]
[TASK] Merge submodule version into core

5 years ago[TASK] Merge submodule workspaces into core
Thomas Maroschik [Mon, 27 May 2013 17:04:54 +0000 (19:04 +0200)]
[TASK] Merge submodule workspaces into core

5 years ago[TASK] Merge submodule linkvalidator into core
Thomas Maroschik [Mon, 27 May 2013 17:04:53 +0000 (19:04 +0200)]
[TASK] Merge submodule linkvalidator into core

5 years ago[TASK] Merge submodule fluid into core
Thomas Maroschik [Mon, 27 May 2013 17:04:53 +0000 (19:04 +0200)]
[TASK] Merge submodule fluid into core

5 years ago[TASK] Merge submodule extbase into core
Thomas Maroschik [Mon, 27 May 2013 17:04:51 +0000 (19:04 +0200)]
[TASK] Merge submodule extbase into core

5 years ago[TASK] Merge submodule dbal into core
Thomas Maroschik [Mon, 27 May 2013 17:04:50 +0000 (19:04 +0200)]
[TASK] Merge submodule dbal into core

5 years ago[BUGFIX] Pass $field to BackendUtility::getFlexFormDS 74/21074/2
Wouter Wolters [Sun, 19 May 2013 14:21:37 +0000 (16:21 +0200)]
[BUGFIX] Pass $field to BackendUtility::getFlexFormDS

This bugfix just passes an already existing argument
along to the hook method, making the $field variable
available there.

Change-Id: I5337490920a96a8db0af8f8ecc01e967dba0c9ca
Fixes: #39527
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/21074
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Set TYPO3 version to 4.5.28-dev 27/21027/2
TYPO3 Release Team [Fri, 24 May 2013 14:27:35 +0000 (16:27 +0200)]
[TASK] Set TYPO3 version to 4.5.28-dev

Change-Id: I2ad5f71706e9caeaa0e1b2c32b95d075334b24ef
Reviewed-on: https://review.typo3.org/21027
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 4.5.27 26/21026/2 TYPO3_4-5-27
TYPO3 Release Team [Fri, 24 May 2013 14:27:08 +0000 (16:27 +0200)]
[RELEASE] Release of TYPO3 4.5.27

Change-Id: I340309f0355c3b2a1d976ea4cdcd067ac66e226a
Reviewed-on: https://review.typo3.org/21026
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years agoRevert "[BUGFIX] Extension Security Report goes green if TER was never fetched" 06/21006/3
Markus Klein [Thu, 23 May 2013 18:28:50 +0000 (20:28 +0200)]
Revert "[BUGFIX] Extension Security Report goes green if TER was never fetched"

The change does not consider the "old old EM", which does not update
the repository timestamp in sys_ter properly. Hence the reports module
does not show adequate information, even though the TER was fetched
properly by the "old old EM".

This reverts commit d4439a159896954b93cfbe020d879e0f8eab98f9

Change-Id: I142c0cdf2faff12deb57cb04aafb72e89406d96b
Releases: 4.5
Reviewed-on: https://review.typo3.org/21006
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Fix last line in table wizard 22/20922/2
Philipp Gampe [Sun, 19 May 2013 14:44:24 +0000 (16:44 +0200)]
[BUGFIX] Fix last line in table wizard

In the table wizard (table ce) you have the possibility to move first line
to the last line and vice versa. But on last line the false icon and
input field is set. We also have a FIXME comment there.

With the patch we fix the problem and you can again move the last
line on top of the lines.

Resolves: #16531
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I7fe69397ba595a6b2aec8cdfba05b286f3b8ebe4
Reviewed-on: https://review.typo3.org/20922
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] be_users.userMods is too small to hold all modules 91/20891/2
Philipp Gampe [Fri, 17 May 2013 20:42:51 +0000 (22:42 +0200)]
[BUGFIX] be_users.userMods is too small to hold all modules

It is impossible to assign all modules to a single user, because the
DB field is too small.  Saving such a record will result in a DB error
and a truncated modules list.

Solution: Change to field from varchar(255) to text to support a larger
number of modules.

This change requires a DB compare to become active. The fix is simply
not present otherwise, but also don't affect existing installations in
any way.

Resolves: #16762
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I67b2ed6b650f9eaf5bdcc9ef81ce93cbbdc54b7f
Reviewed-on: https://review.typo3.org/20891
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Multi-table relationship not recognized in t3lib_loadDBGroup 50/9150/3
Markus Opahle [Wed, 22 Feb 2012 14:54:29 +0000 (15:54 +0100)]
[BUGFIX] Multi-table relationship not recognized in t3lib_loadDBGroup

If a multi-table relationship has $MM_oppositeFieldConf['allowed']=='*',
then it is not recognized as such one in t3lib_loadDBGroup::start().

Change-Id: Ifbf8a71af8a9d0a0636d8a2332999c402a717559
Resolves: #34148
Releases: 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/9150
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
Reviewed-by: Mario Rimann
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] undefined variable imgExt 40/12840/2
Simon Schaufelberger [Thu, 1 Mar 2012 14:32:55 +0000 (15:32 +0100)]
[BUGFIX] undefined variable imgExt

reducing colors in getImgResource function fails if not using
image-magick

Change-Id: I127ea54becd12a09cdd92a299e1f2d517d106763
Fixes: #34446
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: https://review.typo3.org/12840
Reviewed-by: Marcus Schwemer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Sorting not respected for backend layout dropdowns 14/20714/2
Anja Leichsenring [Sun, 12 May 2013 07:02:02 +0000 (09:02 +0200)]
[BUGFIX] Sorting not respected for backend layout dropdowns

The core record backend_layout can be sorted manually, but this is not
reflected in the pages TCA for the dropdowns backend_layout and
backend_layout_next_level.

This patch fixes this issue by adding the sorting in the foreign_where
clause

Thanks to Frans Saris for reporting this issue

Change-Id: I04680278075ddc0de69600423be5fe783e34f562
Resolves: #47688
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/20714
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Wrong class in t3lib_TCEforms_Suggest 94/20694/2
Nicole Cordes [Fri, 10 May 2013 20:44:06 +0000 (22:44 +0200)]
[BUGFIX] Wrong class in t3lib_TCEforms_Suggest

Due to an backport error from #21588 a wrong class was introduced with. This
patch replaces the wrong class with the correct one so suggest wizard is
working again.

Change-Id: I9059452b2ceb9952ce6426a90872fee1b225c3b6
Resolves: #48052
Releases: 4.7, 4.5
Reviewed-on: https://review.typo3.org/20694
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Activate syntax check for PHP 5.4 47/20647/2
Helmut Hummel [Wed, 8 May 2013 21:30:32 +0000 (23:30 +0200)]
[TASK] Activate syntax check for PHP 5.4

Change-Id: I30cdec14a5841e27665b5fa3bf101b80549be6cb
Reviewed-on: https://review.typo3.org/20647
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[TASK] Activate travis to check for syntax errors 45/20645/3
Helmut Hummel [Wed, 8 May 2013 18:11:53 +0000 (20:11 +0200)]
[TASK] Activate travis to check for syntax errors

Change-Id: I38aa9202703fda0c4a3cd9414551f2f936c5d509
Reviewed-on: https://review.typo3.org/20645
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Fix SQL error in Livesearch with empty TCA sortby setting 41/15541/2
Laurent Cherpit [Sat, 6 Oct 2012 15:18:43 +0000 (17:18 +0200)]
[BUGFIX] Fix SQL error in Livesearch with empty TCA sortby setting

If a searchable TCA field has a sortby setting which contains an empty
string or NULL, then BE Livesearch creates a query with one or more
'ORDER BY' without value, generating an SQL error. This fixes that.

Change-Id: I0457020ef31850458e3bd4286214f8e57278223e
Fixes: #40816
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/15541
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Mario Rimann
Reviewed-by: Steffen Ritter
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
Reviewed-by: Ernesto Baschny