Packages/TYPO3.CMS.git
6 years ago[RELEASE] Release of TYPO3 4.6.15 32/16432/1 TYPO3_4-6-15
TYPO3 Release Team [Mon, 12 Nov 2012 22:08:19 +0000 (23:08 +0100)]
[RELEASE] Release of TYPO3 4.6.15

Change-Id: I5770c742c148020d910d4e9121a4390a472f31e2

6 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Mon, 12 Nov 2012 21:46:29 +0000 (22:46 +0100)]
[TASK] Raise submodule pointer

Change-Id: I648ce4a04832faba5806eb2cf75415f9a7b527a0
Reviewed-on: http://review.typo3.org/16427
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[TASK] Raise version numbers of system extensions
Steffen Ritter [Mon, 12 Nov 2012 21:00:25 +0000 (22:00 +0100)]
[TASK] Raise version numbers of system extensions

Change-Id: I600c93d9e5f5bb0dccd18caab40a5bf03df6c726
Reviewed-on: http://review.typo3.org/16422
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[TASK] Fix TYPO3 logos
Helmut Hummel [Sun, 11 Nov 2012 00:26:58 +0000 (01:26 +0100)]
[TASK] Fix TYPO3 logos

The logos have been changed to match the new CI,
but were cut out sloppily.

Exchange the most prominent logos with proper ones.

Fixes: #42850
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Id5ac815b8c2b381bef89f9e152345fd29a822bf6
Reviewed-on: http://review.typo3.org/16396
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] getFuncCheck must quotes wrong
Michael Späth [Sat, 10 Nov 2012 12:13:06 +0000 (13:13 +0100)]
[BUGFIX] getFuncCheck must quotes wrong

The security fix preventing XSS included a regression
since the quoting has been backported wrong.

This results in an JS error which prevens all jumpURL
calls in the backend from working.

Change-Id: I80210a30ad9e7bb1d7b9da3b9d09490c428a24ff
Releases: 4.5, 4.6, 4.7
Resolves: #42812
Reviewed-on: http://review.typo3.org/16376
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[TASK] Set TYPO3 version to 4.6.15-dev
TYPO3 Release Team [Thu, 8 Nov 2012 12:02:21 +0000 (13:02 +0100)]
[TASK] Set TYPO3 version to 4.6.15-dev

Change-Id: I027f9930e59f872e888abe9bcd26d251fe4bc174
Reviewed-on: http://review.typo3.org/16311
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[RELEASE] Release of TYPO3 4.6.14
TYPO3 Release Team [Thu, 8 Nov 2012 12:02:11 +0000 (13:02 +0100)]
[RELEASE] Release of TYPO3 4.6.14

Change-Id: I3a359e98c9ef77e0660df702d454858c7454aaf7
Reviewed-on: http://review.typo3.org/16310
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[SECURITY] Fix SQL injection and XSS in record history
Oliver Hader [Thu, 8 Nov 2012 11:44:20 +0000 (12:44 +0100)]
[SECURITY] Fix SQL injection and XSS in record history

This patch fixes the SQL injection possibilities in the record
history view as well as fixing XSS possibilities. The submitted
GET/POST data gets sanitized now besides that.

Change-Id: Ia595a7f0847352afe6a6de1ed1e5173b8fa0d099
Fixes: #42696
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 1583a40f946dccb606c466656292cbfb6d5d5fc9
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16301
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] XSS in TCA Tree
Oliver Hader [Thu, 8 Nov 2012 11:44:14 +0000 (12:44 +0100)]
[SECURITY] XSS in TCA Tree

Properly html encode the label of tree nodes.

Fixes: #42774
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I59773eb475d0736933a17b3151c998a7e3c528b7
Security-Commit: 04a1bd7b4f131c9e31c39ee63e6ccaf4932dbd8f
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16300
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck
Helmut Hummel [Thu, 8 Nov 2012 11:44:08 +0000 (12:44 +0100)]
[SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck

The method getFuncCheck creates an URL from input variables and puts
it in JavaScript context without properly encoding them.

This might lead to XSS if the input variables come from untrusted source.

Fixes: #42776
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ie9ac07acdfaa322b50366dc62da599055ff00248
Security-Commit: 6fb472ca36fbeb32ddcfd18ac68a90f2f0933af1
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16299
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Thu, 8 Nov 2012 09:27:15 +0000 (10:27 +0100)]
[TASK] Raise submodule pointer

Change-Id: Ia83d1ee864677a0f4aa21365447c0796935933b7
Reviewed-on: http://review.typo3.org/16288
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[BUGFIX] No sorting in TypoScript Object Browser when browsing
Nicole Cordes [Fri, 10 Aug 2012 10:41:55 +0000 (12:41 +0200)]
[BUGFIX] No sorting in TypoScript Object Browser when browsing

If you enable "Sort alphabetically" the correct value (1) is submitted to
extension settings. But when you use any other functionality of the page
(e.g. setting some conditions or use search filter) the value is set to
"on" which disables the sorting.

Change-Id: I88233f94edba032c9b23072fb5e9132b276c8f1e
Fixes: #39677
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/16149
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
6 years ago[BUGFIX] Translated non-published page in workspace breaks live workspace
Oliver Hader [Fri, 2 Nov 2012 14:07:54 +0000 (15:07 +0100)]
[BUGFIX] Translated non-published page in workspace breaks live workspace

Translation of pages are stored in pages_language_overlay and
can be managed in workspaces as well. If a new translation is
created in the workspace only, the page module is broken in
the live workspace.

The reason for that is, that workspaces placeholders need to
be ignored if not working on a real workspace.

Change-Id: Ied52a985c3cb1c0796f616679414799d956024d8
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #42281
Reviewed-on: http://review.typo3.org/16136
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[BUGFIX] Illegal string offsets in t3lib_stdgraphic
Wouter Wolters [Sun, 28 Oct 2012 11:36:39 +0000 (12:36 +0100)]
[BUGFIX] Illegal string offsets in t3lib_stdgraphic

Change-Id: I8be45d59b780595e25d6d7f5371300b6506baa2f
Fixes: #38024
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/16132
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] PHP 5.4 warning in CLI context in switch back user
Christian Kuhn [Thu, 1 Nov 2012 22:15:48 +0000 (23:15 +0100)]
[BUGFIX] PHP 5.4 warning in CLI context in switch back user

PHP 5.4 raises warnings of type "Illegal string offset" if you access
$foo['bar'] and $foo is no array. This is the case in hook
SwitchBackUser, if in cli context.

Change-Id: I5ed32e054b156c9fbc64e99ff33ba5c4637ce266
Fixes: #37578
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/16111
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] t3lib_div: adjust substUrlsInPlainText to also work on URLs at end of sentence
Robert Heel [Mon, 6 Feb 2012 02:47:48 +0000 (03:47 +0100)]
[BUGFIX] t3lib_div: adjust substUrlsInPlainText to also work on URLs at end of sentence

Reworked substUrlsInPlainText by using regex.
Adding unittest.

Change-Id: Ib9b7d7990ac695cbb6fedac6bb346304a048ab10
Resolves: #28248
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/10538
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Wrong call to TSFE in FrontendEditing
Steffen Ritter [Fri, 12 Oct 2012 19:41:06 +0000 (21:41 +0200)]
[BUGFIX] Wrong call to TSFE in FrontendEditing

The FrontendEditingController calls TSFE->includeTCA right
before the index_ts.php calls TSFE->getCompressedTCA().

Because of the missing parameter within the
FrontendEditingController, getCompressedTCA wil not be
executed anymore. As an result the TSFE->TCAcachedExtras
are not available when FE-editing is active.

This prevents the a working language overlay, which only
looks to that array, which fields are configured to be
overlayed.

Change-Id: Ib130b11dd76c0b533b9a699a113f03e750ba2516
Fixes: #40733
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15539
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] PHP warning: open_basedir restriction
Xavier Perseguers [Tue, 16 Oct 2012 15:32:06 +0000 (17:32 +0200)]
[BUGFIX] PHP warning: open_basedir restriction

Change-Id: Iae39a4d5c58a1e509eed55ab089caf1b2c140078
Fixes: #42054
Relates: #35212
Releases: 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15956
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[TASK] Fix generation of ext_emconf.php
Wouter Wolters [Sat, 27 Oct 2012 16:00:37 +0000 (18:00 +0200)]
[TASK] Fix generation of ext_emconf.php

Fix generation of ext_emconf.php so that it will return valid
commented code. This is already done for 6.0

Change-Id: I11b708c411d6368839571a0d21fdd751308daad7
Resolves: #42444
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/15981
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
6 years ago[BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows
Stanislas Rolland [Wed, 11 Jul 2012 14:42:34 +0000 (10:42 -0400)]
[BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows

Problem: The filename created by t3lib_div::tempnam may contain
backslashes.

Solution: Process the file name through t3lib_div::fixWindowsFilePath

Change-Id: Ie8a23ce82801f6618a8d0ed012121056aa7be0e3
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #38699
Reviewed-on: http://review.typo3.org/15889
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] New form wizard not loading in IE8
Sebastian Schawohl [Tue, 31 Jan 2012 10:02:20 +0000 (11:02 +0100)]
[BUGFIX] New form wizard not loading in IE8

Internet Explorer 8 raises an error on JavaScript objects with reserved
words as property names. In the new form wizard an object was created
with class as property name which is a reserved word. Surrounding with
quotes fixes the bug.

Change-Id: Id9ceef79e8503886cdaebbf14ddb4e92c4b7dcea
Fixes: #33504
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/15883
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Fix case of tests folder
Xavier Perseguers [Fri, 19 Oct 2012 12:57:20 +0000 (14:57 +0200)]
[BUGFIX] Fix case of tests folder

Change-Id: I7f6f41e1fb39d4e984883544befbd04610188702
Relates: #41828
Reviewed-on: http://review.typo3.org/15820
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Unit test for saltedpasswords fail
Xavier Perseguers [Tue, 16 Oct 2012 12:38:36 +0000 (14:38 +0200)]
[BUGFIX] Unit test for saltedpasswords fail

Change-Id: I858fdf23a71e739c68b757bf486038b6c57d2675
Relates: #41828
Releases: 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/15717
Reviewed-by: Oliver Klee
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does
Stanislas Rolland [Tue, 16 Oct 2012 14:45:24 +0000 (10:45 -0400)]
[BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does

Problem: When linking from a piece of content in the RTE to a disabled
page in the tree, the link isn't shown in the final frontend rendering.
However, the small arrow icon that you can have in front of the link to
denote its type, does get shown.
Solution: Remove the icon if no link is generated

Change-Id: I0d119cc40f1e2e04bddfbf2b3d4073405152bb2a
Resolves: #36087
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15796
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] RTE: Words containing umlauts not added to personal dictionary
Stanislas Rolland [Thu, 18 Oct 2012 12:34:52 +0000 (08:34 -0400)]
[BUGFIX] RTE: Words containing umlauts not added to personal dictionary

Problem: The spell checker must analyze the dictionary file and may
have to update the charset of the personal dictionary. In doing so,
it is looking for the wrong file when the dictionary in use is a
regional/variety dictionary.

Change-Id: Ibb6214be3b8cb4aeb2eb179e4a221b62c1e6f50e
Resolves: #29685
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15784
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] Extension Import not working with postgresql and DBAL
Ernesto Baschny [Wed, 18 Jul 2012 19:15:06 +0000 (21:15 +0200)]
[BUGFIX] Extension Import not working with postgresql and DBAL

Change-Id: I496e3729b3c98c85a07e75539de9464f272837e6
Fixes: #38406
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15775
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Creating new pages via drag'n'drop respects page TS
Philipp Kitzberger [Mon, 19 Mar 2012 15:25:25 +0000 (16:25 +0100)]
[BUGFIX] Creating new pages via drag'n'drop respects page TS

When creating a new page node via drag'n'drop shortcuts in pagetree,
the TCAdefaults.pages array from page TsConfig is now being respected.
This allows to preset certain field values for new pages.

Change-Id: I21c2f84951699469b00a745b62d2a95fb114809e
Fixes: #25021
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9888
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[TASK] Set TYPO3 version to 4.6.14-dev
TYPO3 Release Team [Tue, 16 Oct 2012 13:41:35 +0000 (15:41 +0200)]
[TASK] Set TYPO3 version to 4.6.14-dev

Change-Id: Ib23a244f05f394227d526f5f127aa7762ed65dc7
Reviewed-on: http://review.typo3.org/15733
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[RELEASE] Release of TYPO3 4.6.13
TYPO3 Release Team [Tue, 16 Oct 2012 13:41:26 +0000 (15:41 +0200)]
[RELEASE] Release of TYPO3 4.6.13

Change-Id: I211c7fd92d45298c8c67cd8ca4a8cfb5852847ea
Reviewed-on: http://review.typo3.org/15732
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Tue, 16 Oct 2012 13:16:45 +0000 (15:16 +0200)]
[TASK] Raise submodule pointer

Change-Id: I9ced13664b2699f4ff6d7b1eb149a6b525f0ff27
Reviewed-on: http://review.typo3.org/15727
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[TASK] Update md5 sums for 4.6.13
Steffen Ritter [Tue, 16 Oct 2012 12:27:31 +0000 (14:27 +0200)]
[TASK] Update md5 sums for 4.6.13

Change-Id: Id4bfa9fd549959dc90469a67d05e00302d554e2a
Reviewed-on: http://review.typo3.org/15715
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[TASK] Update backend sprites according to rebranding
Steffen Ritter [Tue, 16 Oct 2012 12:33:29 +0000 (14:33 +0200)]
[TASK] Update backend sprites according to rebranding

Change-Id: Id4124e96a392f05c37e22d1dc3ce39e0daf08df0
Reviewed-on: http://review.typo3.org/15716
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[!!!][BUGFIX] Localization fallback does not work in Backend
Xavier Perseguers [Tue, 16 Oct 2012 12:03:28 +0000 (14:03 +0200)]
[!!!][BUGFIX] Localization fallback does not work in Backend

The ll-XML parser internally falls-back to English when looking for a
non-existing language translation. This prevents the localization
fallback mechanism to detect that the translation did not exist or was
only partially available and thus take the language dependency into
account to return a proper label.

Change-Id: I4095d20ec8fc08105dfff108c7e3865f468ddb91
Fixes: #41996
Releases: 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15709
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[TASK] Adjust Logos to new style-guide
Felix Kopp [Mon, 8 Oct 2012 09:48:55 +0000 (11:48 +0200)]
[TASK] Adjust Logos to new style-guide

TYPO3 is changing and so is the logo.
Secondary color green is dropped and replaced by orange.
Also the signet moves to the left.

Adjusts logos/images/icons/files in backend to new brand definition.

Fixes: #41704
Releases: 4.5, 4.6, 4.7, 6.0
Change-Id: I34c80b085ef6b6efaffe2de4b67bb47c79b570ec
Reviewed-on: http://review.typo3.org/15706
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] BE user switch impossible when in adminOnly mode
Philipp Kitzberger [Wed, 21 Dec 2011 16:32:11 +0000 (17:32 +0100)]
[BUGFIX] BE user switch impossible when in adminOnly mode

Enables the switching of BE users when the BE is in adminOnly mode.

Change-Id: Iebae234f4f297f9b85f5deff9d52c409d4d7e4f0
Fixes: #32686
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13012
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Validation of umlaut URLs and mail addresses
Mario Rimann [Thu, 24 Nov 2011 22:38:16 +0000 (23:38 +0100)]
[BUGFIX] Validation of umlaut URLs and mail addresses

Adds IDN support to t3lib_div's validating methods for email
addresses and URLs.

Change-Id: I0568d2bf9d78a1447d2baf75a63ad977d17c08c2
Resolves: #30311
Releases: 4.8, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9435
Reviewed-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Excludefieds must exclude admin only tables
Georg Ringer [Sat, 3 Mar 2012 13:21:32 +0000 (14:21 +0100)]
[BUGFIX] Excludefieds must exclude admin only tables

The field "allowed excludefields" should not show
fields of tables which are restricted to admins,
either because of the flag adminOnly =1 or
rootLevel = 1

Change-Id: Icfa6a9c163d3ee736ab50394741c383351eddd2c
Resolves: #34460
Releases: 4.8,4.7,4.6,4.5
Reviewed-on: http://review.typo3.org/12854
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] undefined variable imgExt
Simon Schaufelberger [Thu, 1 Mar 2012 14:32:55 +0000 (15:32 +0100)]
[BUGFIX] undefined variable imgExt

reducing colors in getImgResource function fails if not using
image-magick

Change-Id: I58a4c14bda731a1f36f04a352cfed74770d884fb
Fixes: #34446
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/12839
Reviewed-by: Simon Schaufelberger
Reviewed-by: Marcus Schwemer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] t3lib_iconWorks must check if array exists before using it
Jigal van Hemert [Fri, 23 Mar 2012 21:22:59 +0000 (22:22 +0100)]
[BUGFIX] t3lib_iconWorks must check if array exists before using it

A few places in t3lib_iconWorks use variables as arrays without
checking if they are actually arrays. This leads to warnings in
the syslog.

Change-Id: Id3f2e02099669c4be7c4050d35b634c8a964f060
Fixes: #24248
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12800
Reviewed-by: Marcus Schwemer
Reviewed-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[TASK] Introduce "TYPO3 CMS" in EXT: about
Felix Kopp [Mon, 15 Oct 2012 18:52:37 +0000 (20:52 +0200)]
[TASK] Introduce "TYPO3 CMS" in EXT: about

Changed terminology to "TYPO3 CMS" where applicable in
backend module About.

Change-Id: I064607c3d45dc3a138df21db91d45964c14d0e2c
Resolves: #41823
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15652
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Make generated thumbnails browser-cachable
Dmitry Dulepov [Wed, 23 Nov 2011 13:50:53 +0000 (15:50 +0200)]
[BUGFIX] Make generated thumbnails browser-cachable

Thumbnail generation code appends current timestamp in each
invocation of the thumbnail generation script. This is useless
because it prevents caching. Removing this timestamp will not
cause any issues with old vs new versions because the URL
includes an md5 checksum of the file size and file timestamp.
So when the file is updated, the md5 sum will change. The
patch also changes short md5 to full md5.

Additionally proper last-modified, expires and etag headers
are sent.

Change-Id: Icb32ca8fbde91dffa65b835ac9c0954f3f5da53f
Fixes: #21481
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12820
Reviewed-by: Philipp Gampe
Reviewed-by: Marcus Schwemer
Reviewed-by: Wouter Wolters
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] TCEForms.Suggest wizard in IRRE records
Nicole Cordes [Fri, 27 Apr 2012 14:45:24 +0000 (16:45 +0200)]
[BUGFIX] TCEForms.Suggest wizard in IRRE records

Currently suggest wizards don't work in IRRE records. This is because of
the missing javascript functions. IRRE elements are post loaded and
wirzards are not known on loading the parent form.

Change-Id: Id1c23d7e53c4e8499f13bb1776bf76c960995b04
Fixes: #27020
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/11821
Reviewed-by: Wouter Wolters
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Warning in list module
Philipp Gampe [Thu, 9 Aug 2012 15:08:12 +0000 (17:08 +0200)]
[BUGFIX] Warning in list module

The function addElement needs to have an array as third argument.

Change-Id: Ic88b3f246e27f2ab255a0d2017beb9a5d62e6f15
Fixes: #39678
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13876
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Endless loop in flushOutputBuffers()
Christian Kuhn [Wed, 10 Oct 2012 15:39:51 +0000 (17:39 +0200)]
[BUGFIX] Endless loop in flushOutputBuffers()

Change-Id: I87f998211d12f2d7c40a582f8b2c605f2edcaed0
Resolves: #40126
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15495
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Take versioned record into account for showHidden flag.
Bart Dubelaar [Fri, 27 Jan 2012 12:02:49 +0000 (13:02 +0100)]
[BUGFIX] Take versioned record into account for showHidden flag.

The flag showHiddenPage is set if the requested uid is a hidden page.
The original code always looked at the original uid and not to version
in the active workspace. This is fixed.

Change-Id: I4bc9cc0cd37e4a71cbf71cef37e10bf2f8bf3cb5
Fixes: #33392
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12803
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Fix SQL error in Livesearch with empty TCA sortby setting
Laurent Cherpit [Sat, 6 Oct 2012 15:18:43 +0000 (17:18 +0200)]
[BUGFIX] Fix SQL error in Livesearch with empty TCA sortby setting

If a searchable TCA field has a sortby setting which contains an empty
string or NULL, then BE Livesearch creates a query with one or more
'ORDER BY' without value, generating an SQL error. This fixes that.

Change-Id: I0457020ef31850458e3bd4286214f8e57278223e
Fixes: #40816
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15542
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Pagetree - Prevent a call to moveNode while creating nodes
Tobias Schultheiss [Thu, 16 Aug 2012 14:54:56 +0000 (16:54 +0200)]
[BUGFIX] Pagetree - Prevent a call to moveNode while creating nodes

Change-Id: I355cfb5ed4d2ebfac26376f5f774dca4d89a0c6c
Fixes: #39820
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15555
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] FLUIDTEMPLATE - Serialization of 'Closure' is not allowed
Oliver Hader [Thu, 3 May 2012 19:27:03 +0000 (21:27 +0200)]
[BUGFIX] FLUIDTEMPLATE - Serialization of 'Closure' is not allowed

When using FLUIDTEMPLATE and COA_INT or USER_INT on the same
level and partials are used in the Fluid template, then there
will be Closures. COA_INT and USER_INT are going to serialize
the cObj, which fails when a Closure shall be processed.

Since the Closures have been collected in $cObj->contentObjects
the fix is to use a cloned version of the cObj which does not
contain these contentObjects anymore for COA_INT and USER_INT.

Change-Id: I03dada20a133474f5260d432cbf75fd29c2b11e7
Fixes: #36820
Related: #32295
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/13897
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Prevent saltedpasswords destroying the password
Xavier Perseguers [Tue, 16 Oct 2012 07:09:59 +0000 (09:09 +0200)]
[BUGFIX] Prevent saltedpasswords destroying the password

When a record is using a plain MD5 password, EXT:saltedpasswords will
destroy the password after the second successive edit.

Add check for already temporarily hashed passwords to prevent that.

Change-Id: I487cbb335616c1d378a704845d5cc96e4ad6cb62
Fixes: #41828
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15672
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] RTE: Localization to content language does not work
Stanislas Rolland [Mon, 15 Oct 2012 20:16:14 +0000 (16:16 -0400)]
[BUGFIX] RTE: Localization to content language does not work

Solution: Create content language service

Change-Id: I7353fe33bba13e38d4b7eb20e966895aa71bc3eb
Resolves: #39271
Releases: 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15660
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] imagecopyresized: correct invalid parameters
Stefan Neufeind [Wed, 14 Mar 2012 12:40:37 +0000 (13:40 +0100)]
[BUGFIX] imagecopyresized: correct invalid parameters

The classes t3lib_stdgraphic and t3lib_iconworks provide
the method imagecopyresized. Those functions got parameters
$w, $h twice in the function-header and therefore the function
only worked in "special cases".

This patch also adds a docblock and improves the (internal)
naming of the variables.

Change-Id: I00166cb30b278e1124675111d2cc3174811e4151
Resolves: #26660
Releases: 4.4, 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/6829
Reviewed-by: Wouter Wolters
Reviewed-by: Andreas Bouche
Tested-by: Andreas Bouche
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] RTE: Paste as plain text doesn't work in Safari (Mac only)
Stanislas Rolland [Wed, 10 Oct 2012 16:42:15 +0000 (12:42 -0400)]
[BUGFIX] RTE: Paste as plain text doesn't work in Safari (Mac only)

Problem: Access to clipboard is denied.
Solution: Redirect paste to hidden section.

Change-Id: I196065b34c38990ab99251855da542e08fe5ce9e
Resolves: #35356
Releases: 4.5, 4.6
Reviewed-on: http://review.typo3.org/15626
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] CE with "All languages" doesn't show with every lang
Marcus Schwemer [Tue, 19 Jun 2012 06:55:48 +0000 (08:55 +0200)]
[BUGFIX] CE with "All languages" doesn't show with every lang

The page module should also list the content elements
with language set to "All". Now elements set to "All" are displayed
in all languages, not only with the default language.

Change-Id: I2b0875e1993b3af29fbdec4f700b16a7c56696d8
Fixes: #24087
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15614
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] CE with "All languages" isn't shown in Page module
Georg Ringer [Fri, 23 Mar 2012 11:12:57 +0000 (12:12 +0100)]
[BUGFIX] CE with "All languages" isn't shown in Page module

The page module should also list the content elements
with language set to "All"

Change-Id: I6d8aaf4829a70b3945508884d9a09cf23d1e4842
Resolves: #24087
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12078
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] Proper cursor icon in access module
Georg Ringer [Mon, 16 Jan 2012 18:32:52 +0000 (19:32 +0100)]
[BUGFIX] Proper cursor icon in access module

The access module got those nice red/green icons but many
people don't know that those are clickable because the cursor
icon is wrong.

Change-Id: I3120a509d0019a9f49508a55e6bba49f48d9719e
Fixes: #33230
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12796
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[TASK] Group excludefields by table
Johannes Feustel [Sun, 19 Feb 2012 16:14:44 +0000 (17:14 +0100)]
[TASK] Group excludefields by table

Do not display table name redundantly for each item but group items like
it is done for other fields like page types.

* Add header for each table of items in excludefields array and remove
table from item label
* Add possibility to set icon for headers
* Unset icon for page type headers
* Remove unused variable $descr

Change-Id: I4201c64a50ee63c9d9e3415e0e8245614db7af07
Resolves: #34098
Releases: 4.7,4.6,4.5
Reviewed-on: http://review.typo3.org/13916
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] User settings don't remember that default language is selected
Jigal van Hemert [Sat, 19 Nov 2011 14:34:40 +0000 (15:34 +0100)]
[BUGFIX] User settings don't remember that default language is selected

If the default language is stored as the BE language it should be pre-selected
in the language selector in the User settings.

Change-Id: If21e87086af17d310ca33ef4205b8c07220ad564
Fixes: #31943
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13923
Tested-by: Steffen Ritter
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
6 years ago[BUGFIX] Make alphanum. filter work with umlauts
Andreas Lappe [Wed, 28 Mar 2012 16:57:15 +0000 (18:57 +0200)]
[BUGFIX] Make alphanum. filter work with umlauts

Changes the regular expression used to validate the string into a
unicode-aware character-class and adds two tests for this.

Change-Id: I93e7bce7d327e19a72ba1342fb37c3ead2f57b73
Fixes: #35284
Releases: 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13931
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] Fix the additional icon check
Wouter Wolters [Sat, 13 Oct 2012 15:26:51 +0000 (17:26 +0200)]
[BUGFIX] Fix the additional icon check

When looking for additional icons the class AbstractSpriteHandler
a missing check if array on configuration.
Makes the whole TYPO3 installation to crash.

Change-Id: Ie7cab19791a83215fe91599d6b3d03aa847243f6
Resolves: #41463
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15568
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] Fix translation moving in workspaces
Tolleiv Nietsch [Sun, 12 Feb 2012 05:01:55 +0000 (06:01 +0100)]
[BUGFIX] Fix translation moving in workspaces

Seems that the API changes introduced with changeset 89bd701c
haven't been made everywhere. This caused some issue when
translated records are move in a workspace.

Goes together with a fix in EXT:version which can be found under
https://review.typo3.org/8997

Change-Id: I6d85c7c913edee3ec98efe0a3b723554a8b6fb10
Fixes: #33592
Releases: 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/13010
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[BUGFIX] strftime expects parameter 2 to be long, string given
Simon Schaufelberger [Tue, 18 Sep 2012 19:44:50 +0000 (21:44 +0200)]
[BUGFIX] strftime expects parameter 2 to be long, string given

Any zero length string value is replaced with the current timestamp.
(Just like the default value for the second parameter of
strtime/gmstrftime.)

Change-Id: I64a92d72d5ae680a6288b3e0cd8063d581de8566
Fixes: #38717
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/14716
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
6 years ago[BUGFIX] RTE: array_flip warning on array of languages
Stanislas Rolland [Wed, 10 Oct 2012 18:30:44 +0000 (14:30 -0400)]
[BUGFIX] RTE: array_flip warning on array of languages

Make sure the array is not corrupted.

Change-Id: I858731a55091ee5dffde33f995c3fef9044d041d
Resolves: #35147
Releases: 4.5, 4.6
Reviewed-on: http://review.typo3.org/15501
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] Fix compressor flooding typo3temp
Xavier Perseguers [Tue, 9 Oct 2012 13:27:49 +0000 (15:27 +0200)]
[BUGFIX] Fix compressor flooding typo3temp

Check for the temporary external file and
compare the content of the file with the freshly fetched content.

Change-Id: Id5f9e3a48395e2cba349c4592d241f035f867c5c
Fixes: #40409
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/15492
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] JS error in IE7 while starting RTE
Stanislas Rolland [Wed, 10 Oct 2012 02:58:06 +0000 (22:58 -0400)]
[BUGFIX] JS error in IE7 while starting RTE

Fixes for issue #33637 were incorrectly backported to TYPO3 4.6.
The selection was not yet structured as an object in that release.

Change-Id: Ibe084b34bd1196d5d65c51645092d646ae6f3e8d
Resolves: #40082
Releases: 4.6
Reviewed-on: http://review.typo3.org/15470
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] Words with special characters not added to personal dictionary
Stanislas Rolland [Fri, 6 Jul 2012 21:02:07 +0000 (17:02 -0400)]
[BUGFIX] Words with special characters not added to personal dictionary

Problem: Words containing special characters (f. e. German umlauts)
can´t be added to the user´s personal dictionary.
Solution: Work around Aspell issue.

Change-Id: I0423993e335a253fc1450aeec8357c5bcb6da236
Releases: 4.5, 4.6, 4.7, 6.0
Resolves: #38653
Reviewed-on: http://review.typo3.org/15466
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] RTE is not loading in IE8, when used with feedit
Stefan Aebischer [Mon, 3 Sep 2012 12:50:30 +0000 (13:50 +0100)]
[BUGFIX] RTE is not loading in IE8, when used with feedit

Solution: Avoid calls to undefined console methods

Change-Id: I6df37fde56bd01c8078fb7ad889aa50e1b29f842
Fixes: #40558
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/15463
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] htmlArea RTE: Cursor jumps to first letter with Chrome 22
Stanislas Rolland [Thu, 4 Oct 2012 16:54:03 +0000 (12:54 -0400)]
[BUGFIX] htmlArea RTE: Cursor jumps to first letter with Chrome 22

Selection gets broken when bookmarks are inserted by undo/redo
mechanism in Google Chrome 22.

Change-Id: I7c4bf5a8cf080a26daf49649d8262da1bf18b979
Resolves: #41411
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15334
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
6 years ago[BUGFIX] Do not save expand state for root node in TCA tree
Christoph Gerold [Sun, 2 Sep 2012 10:46:06 +0000 (12:46 +0200)]
[BUGFIX] Do not save expand state for root node in TCA tree

To avoid a PHP warning: Missing argument for
BackendUserSettings::addToList() the expanded state must
not be saved for the tree root node which does not
have a uid property.

Change-Id: Id6d16525cd68e4ec13f36c8d95d2ecc0cc1bc794
Resolves: #31978
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/15170
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
6 years ago[BUGFIX] File upload button is collapsed in Chrome 21
Steffen Gebert [Wed, 15 Aug 2012 11:57:43 +0000 (13:57 +0200)]
[BUGFIX] File upload button is collapsed in Chrome 21

In Chrome 21, the FlashUploader button is collapsed to a few pixels of
height. So it is nearly impossible to hit the button.

Change-Id: I3da941f1c7dc657899b820ad258c9a6af72b26c6
Releases: 6.0, 4.7, 4.6, 4.5
Resolves: #39659
Reviewed-on: http://review.typo3.org/14478
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
6 years ago[BUGFIX] Switch to List module on root page leads to blank page
Thomas Löffler [Wed, 12 Sep 2012 06:41:50 +0000 (08:41 +0200)]
[BUGFIX] Switch to List module on root page leads to blank page

Reproducable only with admin account. Switch to Page module, go to root
page (id = 0), switch to List module => blank page. Works only on
root page.

Change-Id: I476d8523a7c31db6a78bef99ad7cbf3b39b1239e
Releases: 6.0, 4.7, 4.6, 4.5
Resolves: #40781
Reviewed-on: http://review.typo3.org/14798
Reviewed-by: Thomas Loeffler
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
6 years ago[BUGFIX] Error handler registration accepts way too much PHP error types
Marcus Krause [Sat, 22 Sep 2012 12:21:58 +0000 (14:21 +0200)]
[BUGFIX] Error handler registration accepts way too much PHP error types

Taken from http://php.net/manual/en/function.set-error-handler.php
set_error_handler has limitations for error types to process.

In detail E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING,
E_COMPILE_ERROR, E_COMPILE_WARNING cannot handled by an user defined
function.

This issue is about reflecting this in config_default settings and
in t3lib_error_ErrorHandler to make sure to process only error types
we can handle.

Change-Id: I908aa33c07a7de69095dce3e0d74d19134733231
Fixes: #31827
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14934
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Tree view in admin panel is broken with PHP 5.4
Philipp Gampe [Sat, 22 Sep 2012 16:15:59 +0000 (18:15 +0200)]
[BUGFIX] Tree view in admin panel is broken with PHP 5.4

The double ['0.'] in $arr['0.']['0.'] is wrong.
Fun fact: This is "broken" since the initial commit.

Fixes: #41213
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I7e92a23f2efe405d14265168fa228844cb66a2fb
Reviewed-on: http://review.typo3.org/14923
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
6 years ago[BUGFIX] Error handler callback causes fatal error for parse time errors
Marcus Krause [Sat, 22 Sep 2012 12:09:36 +0000 (14:09 +0200)]
[BUGFIX] Error handler callback causes fatal error for parse time errors

TYPO3's error handler callback t3lib_error_ErrorHandler::handleError()
causes a fatal error for PHP parse time errors.

If an error occurs during parse time (like E_DEPRECATED due to
deprecated $foo =& stdClass() code), autoloading is not available
and such PHP standard class 'Exception' (extended by t3lib_exception)
is not resolvable.
This results in a fatal and misleading error
'Class "Exception" not found'
together with a not useful backtrace. Additionally this behaviour
hides the original causing error (deprecated code).

Change-Id: I4ab97c1bf2d888022369f2095285cecc5a4c54a4
Fixes: #31834
Related: #31827
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14926
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Error messages are not shown in 123 installation process
Nicole Cordes [Fri, 21 Sep 2012 10:03:49 +0000 (12:03 +0200)]
[BUGFIX] Error messages are not shown in 123 installation process

Because of a missing ERRORMESSAGES subpart in the 123 install template,
error messages collected while processing are not shown in the frontend.
This patch adds the subpart to the template to show more error information
in the frontend.

Change-Id: I9ee57317958b4505565161c1679d1549c6b89c2c
Fixes: #41158
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14901
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
6 years ago[TASK] Database creating fails due to not allowed characters
Jigal van Hemert [Sat, 22 Sep 2012 05:08:57 +0000 (07:08 +0200)]
[TASK] Database creating fails due to not allowed characters

Due to compatibility the CREATE DATABASE statement is used without quotes.
At least for MySQL databases there are limited characters allowed to use
in unquoted database names (0-9,a-z,A-Z$_). At the moment the database
name is parsed with enabled hyphen but this is obviously not allowed. The
parsing has to be changed to meet the MySQL limitation as well.

Change-Id: Id8e025e6c681487818973a595652dd29cb86c4b8
Resolves: #41151
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14898
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
6 years ago[BUGFIX] autoloader should ignore non existing extensions
Georg Ringer [Thu, 9 Aug 2012 13:56:08 +0000 (15:56 +0200)]
[BUGFIX] autoloader should ignore non existing extensions

When building the core registry a call to t3lib_extMgm::extPath() is done
for every extension of the LocalConfiguration/localconf.php
Sometimes the extension is not installed anymore which was never a problem
in earlier versions.

The change catches the exception and ignores this extension when building
the registry.

Change-Id: I3b358bcd6aa9311460ece3c8cb845a2a6cb0a36a
Resolves: #39649
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/13892
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
6 years ago[BUGFIX] Link to install tool in reports leads to old page
Thomas Löffler [Mon, 17 Sep 2012 18:02:09 +0000 (20:02 +0200)]
[BUGFIX] Link to install tool in reports leads to old page

There is a link to install tool on the reports page which leads
to the old page with the missing button "unlock install tool".

Change-Id: If5b33c379581672dbfd2d1024b0dd485e2281b7c
Resolves: #37067
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/14782
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] pi_getLL() alternative language translation fails
Xavier Perseguers [Thu, 16 Aug 2012 10:44:07 +0000 (12:44 +0200)]
[BUGFIX] pi_getLL() alternative language translation fails

The translation fallback introduced with TYPO3 4.6 is not taken
into account by the pi_getLL() method.

Change-Id: I9c60d14e903eba1cc0d19ea8cd3a58f5365abfa1
Fixes: #39850
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/14238
Reviewed-by: Markus Klein
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] L10n PHP parser stores NULL for unknown key
Xavier Perseguers [Sun, 9 Sep 2012 20:03:08 +0000 (22:03 +0200)]
[BUGFIX] L10n PHP parser stores NULL for unknown key

The PHP parser caches NULL instead of an array when the Backend
language is not available for a given extension using PHP array
localization files (e.g., tscobj with German "de").

This leads to PHP warning when reading the labels as NULL cannot
be used in a foreach statement.

Change-Id: I1678674ecfba71e04c9c13aed44dd7f0aa574cbc
Fixes: #40643
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/14484
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] L10n parser interface is wrongly defined
Xavier Perseguers [Wed, 5 Sep 2012 07:18:10 +0000 (09:18 +0200)]
[BUGFIX] L10n parser interface is wrongly defined

The parsers extending the localization parser interface do not have a
compatible third parameter of method getParsedData() as it is optional
with the 3 implementations (PHP, ll-XML, XLIFF) but is not defined as
this in the interface.

Change-Id: Ifb2f2e9b94c61f53d626aa387513322fa0737c83
Fixes: #40641
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/14362
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Compressor: filemtime(): stat failed in Help > About TYPO3
Xavier Perseguers [Sun, 25 Mar 2012 16:31:48 +0000 (18:31 +0200)]
[BUGFIX] Compressor: filemtime(): stat failed in Help > About TYPO3

t3lib_Compressor fails to correctly compute relative path from
main directory when compressing JS and CSS files from Core that
do not contain the typo3/ prefix but start with either contrib/
or sysext/.

Change-Id: I41f09e76ea2ac48e1e9ce097de881334a324c357
Fixes: #35212
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/9864
Reviewed-by: Dominique Feyer
Tested-by: Dominique Feyer
Reviewed-by: Laurent Cherpit
Tested-by: Laurent Cherpit
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
6 years ago[BUGFIX] Set charset property after cloning t3lib_PageRenderer
Laurent Cherpit [Mon, 26 Mar 2012 13:37:05 +0000 (15:37 +0200)]
[BUGFIX] Set charset property after cloning t3lib_PageRenderer

TCA tree causes fatal error when using in (IRRE)
1284906026: Language and character encoding are not set.

Change-Id: I6e859cb31edd4280d39e0f1ff268b865ac233fca
Fixes: #27957
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/14246
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years agoRevert "[BUGFIX] Invalid fallback for non-localized labels"
Xavier Perseguers [Wed, 15 Aug 2012 17:34:09 +0000 (19:34 +0200)]
Revert "[BUGFIX] Invalid fallback for non-localized labels"

This reverts commit 1e0e808121febca3da6a300fbbc148c8088b4020

Real bug is in Extbase: #36905 and #39569

Fixes: #39814
Change-Id: I602795bb5c6925cf48fcd5a4eaecfffc95367fcc
Reviewed-on: http://review.typo3.org/13802
Reviewed-by: Dominique Feyer
Tested-by: Dominique Feyer
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] PHP warning when no language pack is available
Xavier Perseguers [Fri, 24 Aug 2012 08:51:07 +0000 (10:51 +0200)]
[BUGFIX] PHP warning when no language pack is available

Make sure to return either an array or a boolean and not a
string when retrieving the status of an translation pack.

Change-Id: Ic837026f387e370cf28a5c65866954898dc8a37c
Fixes: #40108
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/14025
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
6 years ago[BUGFIX] Multi-table relationship not recognized in t3lib_loadDBGroup
Markus Opahle [Wed, 22 Feb 2012 14:54:29 +0000 (15:54 +0100)]
[BUGFIX] Multi-table relationship not recognized in t3lib_loadDBGroup

If a multi-table relationship has $MM_oppositeFieldConf['allowed']=='*',
then it is not recognized as such one in t3lib_loadDBGroup::start().

Change-Id: Ibe98a0068f8cd69cadc74dec5ae802681f636f8f
Resolves: #34148
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/13015
Reviewed-by: Markus Opahle
Tested-by: Markus Opahle
Reviewed-by: Wouter Wolters
Reviewed-by: Steffen Gebert
Tested-by: Steffen Gebert
6 years ago[TASK] Set TYPO3 version to 4.6.13-dev
TYPO3 Release Team [Wed, 15 Aug 2012 10:38:02 +0000 (12:38 +0200)]
[TASK] Set TYPO3 version to 4.6.13-dev

Change-Id: I2be44605f32372aa41b8b7ef3b771feb1011eb71
Reviewed-on: http://review.typo3.org/13778
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[RELEASE] Release of TYPO3 4.6.12
TYPO3 Release Team [Wed, 15 Aug 2012 10:37:51 +0000 (12:37 +0200)]
[RELEASE] Release of TYPO3 4.6.12

Change-Id: I7961760c56be03b9dac82964eefe44c00d6306ee
Reviewed-on: http://review.typo3.org/13777
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[SECURITY] XSS in install tool
Mario Rimann [Wed, 15 Aug 2012 10:19:18 +0000 (12:19 +0200)]
[SECURITY] XSS in install tool

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: Ic40340c9d0a4242d31a7202c140b9ba0d1f88184
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 3b42f81101b537481734204308ad7ce99fd99cb5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13754
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] Page Link Target vulnerable to XSS
Markus Bucher [Wed, 15 Aug 2012 10:19:10 +0000 (12:19 +0200)]
[SECURITY] Page Link Target vulnerable to XSS

This patch adds htmlspecialchars to page link target to prevent
XSS.

Change-Id: I9e1ab1ac22c7bc1225f1d3d3234865e1e603656b
Fixes: #32653
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13753
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] XSS in validateForm
Markus Bucher [Wed, 15 Aug 2012 10:19:03 +0000 (12:19 +0200)]
[SECURITY] XSS in validateForm

Properly quote the form name and field list
for the JavaScript validation

Fixes: #25052
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I98bfef92b5595ab343a49e1cba1d8b2563d1d8aa
Security-Commit: d832f7be6bad577ba0be08a7382b421a433ee07f
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13752
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] XSS in TCE forms
Christian Kuhn [Wed, 15 Aug 2012 10:18:56 +0000 (12:18 +0200)]
[SECURITY] XSS in TCE forms

Properly encode field labels that are set via TSConfig.

Fixes: #25356
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I23fc1de4ceeab54e1d3d97bc27870a0c070b6038
Security-Commit: 8ddba7927a643e94b491cafd5f348551fdea84ca
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13751
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] XSS in Scheduler Example Task
Mario Rimann [Wed, 15 Aug 2012 10:18:48 +0000 (12:18 +0200)]
[SECURITY] XSS in Scheduler Example Task

The scheduler test-task that sends an email does not properly
sanitize the input of the email field when rendering the editing
form of that task.

Change-Id: Idb4c998fd712552fbb80af77c2856d46aadbf44a
Fixes: #30967
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 5ee5c9798fdb04b106b72ab941532e7a68f43a98
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13750
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] HTML5 support in RemoveXSS
Franz G. Jahn [Wed, 15 Aug 2012 10:18:41 +0000 (12:18 +0200)]
[SECURITY] HTML5 support in RemoveXSS

Add support for HTML5 tags and attributes in RemoveXSS.

Change-Id: I2a5545a703ad149eb5eb5f308ba1857b1af5cd30
Fixes: #37127
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 440c49e1d129be446f3e28e8db77407bb4d095e1
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13749
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] Information Disclosure in the Configuration Module
Mario Rimann [Wed, 15 Aug 2012 10:18:35 +0000 (12:18 +0200)]
[SECURITY] Information Disclosure in the Configuration Module

The configuration module showed the encryption key as plaintext.
For this view, the encryption key is masked and it's length is
shown instead, e.g. "***** (length: 96 characters)"

Change-Id: I8ed5ee014f686fdf8ff527c0b569218c51a9bcaa
Fixes: #39345
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 585cf4f52ff4e946f31371f4cb6fde33d398d4d4
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13748
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] Untrusted GP data is unserialized in old CSH handling
Helmut Hummel [Wed, 15 Aug 2012 10:18:27 +0000 (12:18 +0200)]
[SECURITY] Untrusted GP data is unserialized in old CSH handling

Using the old and already deprecated CSH handling in TYPO3 backend,
untrusted GP data is unserialized. Validate the submitted data with
an hmac.

Change-Id: Ifc93c7d853c2b0df59dd12ab95a7ce1ee4a28a8e
Fixes: #33520
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13747
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] XSS in Indexed Search statistics
Steffen Gebert [Wed, 15 Aug 2012 10:18:20 +0000 (12:18 +0200)]
[SECURITY] XSS in Indexed Search statistics

Indexed Search statistics module is vulnerable to
persistent XSS attack injected by arbitrary frontend users.

Change-Id: I084bffd1e0b489e6f061f5672f7fb12b3bab1aee
Fixes: #31927
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 62ae11e97b563746bed0884d8f3d52d8fc3ea84a
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13746
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[SECURITY] t3lib_div::quoteJSvalue allows XSS
Helmut Hummel [Wed, 15 Aug 2012 10:18:14 +0000 (12:18 +0200)]
[SECURITY] t3lib_div::quoteJSvalue allows XSS

When t3lib_div::quoteJSvalue() was used with second
parameter set to TRUE closing HTML script tags were
not escaped correctly.

Now every character except harmless ones is encoded
to a hex representation.

Change-Id: I98d752ca13abb8655eb1fc06c003d9228c61b952
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #23226
Security-Commit: 5df5647a9ed543de5451f4ab4baa6767218d89db
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13745
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
6 years ago[TASK] Set TYPO3 version to 4.6.12-dev
TYPO3 Release Team [Wed, 8 Aug 2012 12:35:45 +0000 (14:35 +0200)]
[TASK] Set TYPO3 version to 4.6.12-dev

Change-Id: Id1292157b43692274d65a9368cf5bc2309451988
Reviewed-on: http://review.typo3.org/13522
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[RELEASE] Release of TYPO3 4.6.11
TYPO3 Release Team [Wed, 8 Aug 2012 12:35:36 +0000 (14:35 +0200)]
[RELEASE] Release of TYPO3 4.6.11

Change-Id: Id1ab668a1706f3ce60a607be0dfa3b8b437d2841
Reviewed-on: http://review.typo3.org/13521
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
6 years ago[TASK] Raise submodule pointer
TYPO3 Release Team [Wed, 8 Aug 2012 12:29:26 +0000 (14:29 +0200)]
[TASK] Raise submodule pointer

Change-Id: Id23a7e439025f7b7b1824923fd6bd5adebbc8217
Reviewed-on: http://review.typo3.org/13519
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team