Packages/TYPO3.CMS.git
5 years ago[RELEASE] Release of TYPO3 6.0.10 75/23775/2 TYPO3_6-0-10
TYPO3 Release Team [Thu, 12 Sep 2013 09:11:31 +0000 (11:11 +0200)]
[RELEASE] Release of TYPO3 6.0.10

Change-Id: I0f9c4e958d535b7273f327b183666b8ed7b28694
Reviewed-on: https://review.typo3.org/23775
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[TASK] Move StorageRepositoryTest tests to AbstractRepositoryTest 66/23766/2
Anja Leichsenring [Wed, 11 Sep 2013 16:59:28 +0000 (18:59 +0200)]
[TASK] Move StorageRepositoryTest tests to AbstractRepositoryTest

All tests in the class belong to AbstractRepository, so the tests move.

Change-Id: I5e78e0d61a2d8f8bcfd06d871a909b749417e616
Resolves: #51923
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23766
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Move forgotten getEnvironmentMode() 61/23761/2
Anja Leichsenring [Wed, 11 Sep 2013 16:47:30 +0000 (18:47 +0200)]
[BUGFIX] Move forgotten getEnvironmentMode()

getWhereClauseForEnabledFields() moved from StorageRepository
to AbstractRepository, but getEnvironmentMode() stayed
in StorageRepository although getWhereClauseForEnabledFields()
relies on it. Move getEnvironmentMode() as well.

Change-Id: Id252c8bd3b9e09a2c38d5ea1ebe6497dd76c12ae
Resolves: #51562
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23761
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[TASK] FAL ResourceStorage must not access sys_file table directly 57/23757/2
Steffen Ritter [Wed, 11 Sep 2013 15:45:47 +0000 (17:45 +0200)]
[TASK] FAL ResourceStorage must not access sys_file table directly

The ResourceStorage accesses the index table sys_file directly via
a call to the $GLOBALS[TYPO3_DB]. The interaction with the sys_file
index table should be managed only by an according repository to
allow changes within that mechanism.

This patch rearranges the factory method to use the according
call within the FileRepository and adapts it, as the FileRepository
will return a file Object instead of an array.

This serves as a preparation for further indexing optimisations,
which need IndexRecords to be handled centrally.

Releases: 6.2, 6.1, 6.0
Resolves: #51519
Change-Id: I5aa2d212b936b218db1808ea3d0384b8292287a9
Reviewed-on: https://review.typo3.org/23757
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Follow-Up: Missing signals on adding file 54/23754/2
Stefan Neufeind [Wed, 11 Sep 2013 15:04:37 +0000 (17:04 +0200)]
[BUGFIX] Follow-Up: Missing signals on adding file

Mocked driver needs to return a proper "file" on calls to addFile().

Change-Id: Iddfc2f9b7e71101ad229a513727f65f64d654d45
Releases: 6.2, 6.1, 6.0
Resolves: #50795
Reviewed-on: https://review.typo3.org/23754
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Remove sys_file.deleted flag and it's usage 48/23748/2
Ernesto Baschny [Wed, 11 Sep 2013 13:53:32 +0000 (15:53 +0200)]
[TASK] Remove sys_file.deleted flag and it's usage

This also fixes the 'Uncaught TYPO3 Exception #1317178604
No file found for given UID.' that appears when some sys_file
entries have a deleted flag set by mistake.

Resolves: #51562
Releases: 6.2, 6.1, 6.0
Change-Id: Id23636d2732f3562b8a155025656b26041c9a4e2
Reviewed-on: https://review.typo3.org/23748
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Missing signals on adding file 46/23746/2
Andreas Wolf [Mon, 5 Aug 2013 13:28:01 +0000 (15:28 +0200)]
[BUGFIX] Missing signals on adding file

There are signals for most operations performed in the file storage, but
not for adding a file. Especially this operation is interesting for
things like file indexing, automatic generation of variants (renditions)
etc., therefore this patch adds the two missing signals.

Resolves: #50795
Releases: 6.2, 6.1, 6.0
Change-Id: I0def7b44ff8977a42916e01388604fcbf2d6d299
Reviewed-on: https://review.typo3.org/23746
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Follow-up: Fix fileinfo property mapping in ResourceStorage 24/23724/2
Stefan Neufeind [Mon, 9 Sep 2013 22:11:50 +0000 (00:11 +0200)]
[BUGFIX] Follow-up: Fix fileinfo property mapping in ResourceStorage

Adjust unittest to changed conditions.

Change-Id: Ia885ba544a159cb1666464cece30c3e6ea3558b6
Fixes: #49386
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23724
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[BUGFIX] Extbase scheduler task serialization 09/23709/2
arjenhoekema [Thu, 5 Sep 2013 07:49:11 +0000 (09:49 +0200)]
[BUGFIX] Extbase scheduler task serialization

When using Command Controllers as scheduled tasks the Extbase
Scheduled Task is serialized. Some singleton properties like
'objectManager', 'commandManager' and 'taskExecutor' are serialized
leading to duplicates of this objects.

Added magic "__sleep" and "__wakeup" methods destructing and
re-constructing the above objects.

Resolves: #50723
Releases: 6.2, 6.1, 6.0
Change-Id: I0a84487a1d8885f75dd4b4eaf004bb0dc93645c2
Reviewed-on: https://review.typo3.org/23709
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Fix fileinfo property mapping in ResourceStorage::setFileContents 13/23713/2
Thomas Maroschik [Mon, 24 Jun 2013 14:33:02 +0000 (16:33 +0200)]
[BUGFIX] Fix fileinfo property mapping in ResourceStorage::setFileContents

Fixes the handling of the mismatch between the file info property
"mimetype" and the file object property "mime_type" by using the
exposed API methods.

Fixes: #49386
Releases: 6.2, 6.1, 6.0
Change-Id: If948de2a8bead340ae97097b3e4e391a27296362
Reviewed-on: https://review.typo3.org/23713
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] excludeFromUpdates flag ignored 10/23710/2
Francois Suter [Wed, 14 Aug 2013 11:51:22 +0000 (13:51 +0200)]
[BUGFIX] excludeFromUpdates flag ignored

Since the 6.0 Extension Manager, the "excludeFromUpdates" state
is ignored. It should be checked for and the update button in the
list view hidden in such a case.

Resolves: #51018
Releases: 6.0, 6.1, 6.2
Change-Id: I734331d1b85728dc86732f66ad495a9f83cd0aca
Reviewed-on: https://review.typo3.org/23710
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] mounts of same storage had same subfolder count in Filelist 42/23642/2
Simon Schick [Wed, 22 May 2013 17:42:14 +0000 (19:42 +0200)]
[BUGFIX] mounts of same storage had same subfolder count in Filelist

When you opened the filelist module as user who just was allowed to see
a bunch of filemounts, the filemounts had either all or none the expand-
icon, based on the first file-mount of this storage the user has access
to.

Resolves: #48467
Releases: 6.2, 6.1, 6.0
Change-Id: I1e6a29e351a643f52c0f7a42fde38c9d9b2fc5cb
Reviewed-on: https://review.typo3.org/23642
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] Replace double quotes in exceptions 07/23707/2
Wouter Wolters [Wed, 4 Sep 2013 17:34:48 +0000 (19:34 +0200)]
[TASK] Replace double quotes in exceptions

Replace double quotes in exceptions to single quotes

Change-Id: I1a98d783d34eaf4f131b14ab27098c6a4759c9a0
Resolves: #51743
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23707
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[TASK] Cleanup 05/23705/2
Wouter Wolters [Wed, 4 Sep 2013 17:45:48 +0000 (19:45 +0200)]
[TASK] Cleanup

Replace \' with " in exceptions

Add missing PHP closing tag in StoragePermissionsAspect

Restructure a select query in the
BackendUserAuthentication class.

Change-Id: Id161c761288be93b8f43a2f855254ac954c32d5b
Resolves: #51744
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23705
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Filename not displayed in selector (file_reference) 82/23682/3
Martin Borer [Thu, 5 Sep 2013 21:29:49 +0000 (23:29 +0200)]
[BUGFIX] Filename not displayed in selector (file_reference)

The selector values in BE-fields with type group->file_reference are
empty. The filename should be displayed at this place.

Resolves: #47414
Releases: 6.2, 6.1, 6.0
Change-Id: I9fa237d2cd14ff0e9b347736090bd2171eb8a747
Reviewed-on: https://review.typo3.org/23682
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Ignore userTSConfig if not set in getModTSconfig() 03/23703/2
Helmut Hummel [Mon, 9 Sep 2013 18:06:17 +0000 (20:06 +0200)]
[BUGFIX] Ignore userTSConfig if not set in getModTSconfig()

It can happen that settings that are not defined in
userTSConfig can overwrite pageTSConfig settings
with a null value because of the change in #51007

This case is now checked so that in this case
the original pageTSConfig value is preserved.

Resolves: #51871
Releases: 6.0, 6.1, 6.2
Change-Id: I3fa356a1e5aa20716a6bc83f7c76b8b755fc0bbf
Reviewed-on: https://review.typo3.org/23703
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Disable caching for ADMCMD_view parameter 67/23667/3
Philipp Kitzberger [Tue, 3 Sep 2013 14:11:31 +0000 (16:11 +0200)]
[BUGFIX] Disable caching for ADMCMD_view parameter

This prevents that previewing a page leads to an entry for this page
in the TYPO3 cache table because contents on this page might be set
hidden.

Resolves: #51682
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I154d790454bf6bf0215b83e493919107a6c5bd93
Reviewed-on: https://review.typo3.org/23667
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Do not add trailing slashes to files 99/23699/2
Helmut Hummel [Mon, 9 Sep 2013 15:13:09 +0000 (17:13 +0200)]
[BUGFIX] Do not add trailing slashes to files

In the security fix #50883 a canonicalize method
for folders has been used where items could
either be files or folders.

This added a trailing slash to files which triggered
a basedir PHP warning if basedir is configured
in PHP.

Use the canonicalize method for file paths instead
to fix this issue.

Resolves: #51761
Releases: 6.0, 6.1, 6.2
Change-Id: I9ef4b6a90ca257ad0104115bd7d48c4de68f135f
Reviewed-on: https://review.typo3.org/23699
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Enable ProcessedFiles to do file exists 65/23665/2
Helmut Hummel [Fri, 6 Sep 2013 10:53:15 +0000 (12:53 +0200)]
[BUGFIX] Enable ProcessedFiles to do file exists

Make storage 0 folder readable, browsable and writable
to mitigate the problems that arise with non
readable processing directories.

Also allow file exists in general if the
identifier in subject is in processing folder.

Resolves: #51808
Releases: 6.0, 6.1, 6.2
Change-Id: I1959d7911d955592db1771d608e8fafcc26c45e9
Reviewed-on: https://review.typo3.org/23665
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Fix viewObjectNamePattern regression in Extbase 80/23680/2
Alexander Schnitzler [Sat, 7 Sep 2013 10:19:14 +0000 (12:19 +0200)]
[BUGFIX] Fix viewObjectNamePattern regression in Extbase

http://forge.typo3.org/issues/47609 introduced an Extbase
regression by changing the behaviour of viewObjectNamePattern
in the ActionController without deprecating it first.

This patch fixes this regression but keeps the wanted behaviour
by resetting the value of viewObjectNamePattern and introducing
a namespacedViewObjectNamePattern with the namespaced pattern.

Resolves: #51758
Releases: 6.2, 6.1, 6.0
Change-Id: Ie32b178e1799c396e969fd48f81f9fe6243f6e70
Reviewed-on: https://review.typo3.org/23680
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[FEATURE] Find best-matching local storage instead of default-storage 57/23557/4
Stefan Neufeind [Fri, 15 Feb 2013 02:21:57 +0000 (03:21 +0100)]
[FEATURE] Find best-matching local storage instead of default-storage

If no storage-UID is given usually the default-storage will be
used ("legacy-storage"). Some problems with not up-to-date
index-records etc. can be prevented by using a matching storage
instead of falling back to the default-storage (ID 0).

Implement search for best matching storage.

Resolves: #45498
Releases: 6.0, 6.1, 6.2
Change-Id: Ife00d68314fe43804227bb26280d0d475cbaf10b
Reviewed-on: https://review.typo3.org/23557
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Recreate processig folder without permission checks 56/23656/2
Helmut Hummel [Thu, 5 Sep 2013 07:45:13 +0000 (09:45 +0200)]
[BUGFIX] Recreate processig folder without permission checks

When fetching the processing folder and it does not
exist, it is created on the fly. This should be done
without checking permissions. However by making
storage 0 not browsable, permissions will be checked
when fetching subfolders.

Instead we now fetch the folder objects directly
from the driver, where no permission checks are done.

Resolves: #51747
Releases: 6.0, 6.1, 6.2
Change-Id: I1a4c3b183323151c436969a478c669adb3856476
Reviewed-on: https://review.typo3.org/23656
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Do not register storage factory slot during install 54/23654/2
Helmut Hummel [Wed, 4 Sep 2013 17:55:56 +0000 (19:55 +0200)]
[BUGFIX] Do not register storage factory slot during install

In install tool context TYPO3_MODE is set to BE
but there is no backend user initialized.
Because of that the storage permission aspect
fails as it requires a valid backend user object.

Do not register the slot when in install tool context.

Releases: 6.0, 6.1, 6.2
Resolves: #51733
Change-Id: I2da95ccd357b730b97bcf99bef21b18c04469274
Reviewed-on: https://review.typo3.org/23654
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[FEATURE] Render icon with button view helper 51/23651/2
Francois Suter [Fri, 23 Aug 2013 16:32:05 +0000 (18:32 +0200)]
[FEATURE] Render icon with button view helper

Fluid is currently lacking a view helper to render a skinned icon.
By making the button icon view helper accept an empty URI as an
argument, we let it render an unlinked icon, rather than adding
a new view helper with very similar code.

This patch also cleans up the class phpDoc block, which
contained several errors.

Although initially planned for 6.2 only, this change
will go into 6.0 and 6.1 also to fix the regression
in #51767

Resolves: #51305
Resolves: #51767
Releases: 6.0, 6.1
Change-Id: I74b1dc3346e20c9094313a2da451bcb6c1f60f29
Reviewed-on: https://review.typo3.org/23651
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[TASK] Remove conflict code 26/23626/2
Wouter Wolters [Wed, 4 Sep 2013 18:09:13 +0000 (20:09 +0200)]
[TASK] Remove conflict code

Remove conflict code which was luckily inside doc-comments.

Resolves: #51745
Releases: 6.1, 6.0
Change-Id: I2a175000028fb12a7a1558494e70b9183dd61786
Reviewed-on: https://review.typo3.org/23626
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Set TYPO3 version to 6.0.10-dev 10/23610/2
TYPO3 Release Team [Wed, 4 Sep 2013 12:24:27 +0000 (14:24 +0200)]
[TASK] Set TYPO3 version to 6.0.10-dev

Change-Id: Idda440048c4bee27ac22560b026c73979bca3e0f
Reviewed-on: https://review.typo3.org/23610
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[RELEASE] Release of TYPO3 6.0.9 09/23609/2 TYPO3_6-0-9
TYPO3 Release Team [Wed, 4 Sep 2013 12:23:52 +0000 (14:23 +0200)]
[RELEASE] Release of TYPO3 6.0.9

Change-Id: I3f87e9c0e2d6f4fd06f7eb8ebaff58b882b769d3
Reviewed-on: https://review.typo3.org/23609
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Prohibit accessing storage 0 from backend UI 00/23600/2
Steffen Ritter [Wed, 4 Sep 2013 11:22:59 +0000 (13:22 +0200)]
[SECURITY] Prohibit accessing storage 0 from backend UI

Manually accessing backend entry-points regarding files passing
an identifier with storage 0 may allow unfiltered access for read,
write, rename, create and delete actions.

The user interface must never deal with storage 0. Therefore
implement checks for storage 0 as protection.

Change-Id: Id64c29536d48dd0261993404d174815f18953afc
Releases: 6.2, 6.1, 6.0
Fixes: #50886
Security-Commit: b813a875ad76aa7860b76602eb1f32dcfc9fadcd
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23600
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Identifiers may refer to resources outside the storage 99/23599/2
Steffen Ritter [Wed, 4 Sep 2013 11:22:49 +0000 (13:22 +0200)]
[SECURITY] Identifiers may refer to resources outside the storage

The Driver needs to canonicalize all incoming identifiers at first,
and than check for their validity on every action performed.
If a canonicalized path resided inside a storage it does not contain
any ../ anymore.
An exception is thrown in that case.

Change-Id: I1154561760000f29afc83e6a8f302a6e7b55f3c3
Releases: 6.2, 6.1, 6.0
Fixes: #50883
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23599
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Deny arbitrary code execution possibility for editors 94/23594/2
Helmut Hummel [Wed, 4 Sep 2013 11:12:38 +0000 (13:12 +0200)]
[SECURITY] Deny arbitrary code execution possibility for editors

Because the filename is sanitized in the driver
after the check for denied file extensions is
performed, it was still possible to rename files
with denied file extensions.

We now perform the file extension check
on the final filename which is going to be used
by the driver.

This change makes the sanitizing method public
and introduces a basic implementation in
AbstractDriver to not break existing driver
implementations.

Fixes: #51495
Releases: 6.2, 6.1, 6.0
Change-Id: I2c055b7b070a5e13c2172d1f20fdcd83ee597e08
Security-Commit: b8fecf970bd2751588d3b64fceaf8b3dc4e1dd7f
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23594
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Refactor and fix FAL user permission handling 93/23593/2
Helmut Hummel [Wed, 4 Sep 2013 11:12:31 +0000 (13:12 +0200)]
[SECURITY] Refactor and fix FAL user permission handling

* User permissions are only applied to storage objects
  that are attached to a member variable of
  BackendUserAuthentication. This is error prone
  and leads to insufficient (no) checks if the code
  fetches a storage directly from the factory
  (like edit document controller does)
  Instead, apply the permissions by using a signal
  in StorageFactory directly after the storage object
  is built.

* Refactor the mount point handling, especially the
  user and group home directories, which was completely
  broken after the introduction of FAL. File mounts
  are now also applied to the storage on creation.

* Make fallback storage 0 read only and not browsable.

Fixes: #51327
Releases: 6.2, 6.1, 6.0
Change-Id: If1fa18486cf051a7f4489e36691d42786386df63
Security-Commit: f29804cdbbf8fe29dc0e7916563f5fa58b54f25a
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23593
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Add possibility to en-/disable file permission checks 92/23592/2
Helmut Hummel [Wed, 4 Sep 2013 11:12:18 +0000 (13:12 +0200)]
[SECURITY] Add possibility to en-/disable file permission checks

For admins and for front end request, we must be able
to deactivate permission checks completely, while
it must be possible to restrict backend users
to not have any file permissions thus, not be able to
see/change any file.

Fixes: #51326
Releases: 6.2, 6.1, 6.0

Change-Id: I0b2ba16562d412e4a3bb523a54f7de317ea25c25
Security-Commit: f34d867bd0a2ab32177f3f2834a87e3381ac6f69
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23592
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Check permissions in all actions of ResourceStorage 91/23591/2
Steffen Ritter [Wed, 4 Sep 2013 11:11:55 +0000 (13:11 +0200)]
[SECURITY] Check permissions in all actions of ResourceStorage

The ResourceStorage omits checks for the configured user and
group permissions within the actions on that Storage.

This patch refines some naming within the security methods
as well as adding security checks to every method.

PHP file extensions are now also removed from the
text file extension list.

Releases: 6.2, 6.1, 6.0
Fixes: #51079
Change-Id: I95a6d89da7eb2b6ea52afea1c49b1df8acb00707
Security-Commit: 0aaf9d7033a0b182bca720960733ccba73bc5183
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23591
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[TASK] CGL Cleanup of ResourceStorage 56/23556/2
Helmut Hummel [Tue, 3 Sep 2013 13:14:13 +0000 (15:14 +0200)]
[TASK] CGL Cleanup of ResourceStorage

To ease further backporting this change
backports some non functional CGL cleanup
to 6.0 branch

Releases: 6.0

Change-Id: Idf9d728a9143ab5cec311401fb6f56220c1f58a4
Reviewed-on: https://review.typo3.org/23556
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Storage is offline but is still used 33/23233/2
Frans Saris [Wed, 7 Aug 2013 10:09:54 +0000 (12:09 +0200)]
[BUGFIX] Storage is offline but is still used

Check before generating a publicUrl if storage is online.

Resolves: #49842
Releases: 6.2, 6.1, 6.0
Change-Id: I766e337cf5e7dfcb309bbce0bbd7c4d8df733c84
Reviewed-on: https://review.typo3.org/23233
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Fix fatal error in ExtendedFileUtility 49/23549/2
Helmut Hummel [Tue, 3 Sep 2013 10:59:30 +0000 (12:59 +0200)]
[BUGFIX] Fix fatal error in ExtendedFileUtility

The backport of #46595 to the 6.0 branch
did not take into account that the ExtendedFileUtility
misses the addFlashMessage method.

Replace the call with a static to fix the fatal
error.

Releases: 6.0
Resolves: #51672
Change-Id: I487b628c2282f5e6e3bd07643585c3323f1e4ffd
Reviewed-on: https://review.typo3.org/23549
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Faulty check for missing SMTP port 16/23516/2
Tomita Militaru [Sat, 31 Aug 2013 07:56:41 +0000 (10:56 +0300)]
[BUGFIX] Faulty check for missing SMTP port

Check also for null port to avoid a fatal error.

Resolves: #31998
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ibf45b3c0783a70e5afba33f90d1d8e05f76834cf
Reviewed-on: https://review.typo3.org/23516
Reviewed-by: Tomita Militaru
Tested-by: Tomita Militaru
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Backend Layout Grid Wizard not fully visible in Mac Firefox 22 12/23512/2
Roland Schenke [Fri, 30 Aug 2013 08:30:16 +0000 (10:30 +0200)]
[BUGFIX] Backend Layout Grid Wizard not fully visible in Mac Firefox 22

Under Firefox the outer table's height and width of the backend layout
wizard is set to 100%. Since there is content before the table, this
leads to the table being cut of, as there are no scrollbars. According
to the suggestion of Philipp Gampe the table's height and width are
changed to 90%.

Resolves: #50424
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I589fdfd8de0a8d6ebb4b3ee4fd2a173341116016
Reviewed-on: https://review.typo3.org/23512
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGIFX] Missing argument in EM List view VH 94/23494/2
Francois Suter [Fri, 30 Aug 2013 13:36:35 +0000 (15:36 +0200)]
[BUGIFX] Missing argument in EM List view VH

Due to a careless backport, the EM List view now calls on the
\TYPO3\CMS\Fluid\ViewHelpers\Be\Buttons\IconViewHelper VH
without the required "uri" argument, causing the List view
to crash.

Resolves: #51585
Releases: 6.0, 6.1
Change-Id: I8c96bbe783ea9713e2ca5a2434854e653c2f01d4
Reviewed-on: https://review.typo3.org/23493
Reviewed-by: Francois Suter
Tested-by: Francois Suter
Reviewed-on: https://review.typo3.org/23494

5 years ago[BUGFIX] Only log file/directory actions which were done 90/23390/4
Helmut Hummel [Sun, 25 Aug 2013 20:01:16 +0000 (22:01 +0200)]
[BUGFIX] Only log file/directory actions which were done

Some file/directory actions were logged as they were
successfully performed, even when they failed.

Resolves: #51328
Releases: 6.2, 6.1, 6.0

Change-Id: Iab03e668d3f7d0e8feec09851ea50a59ab4b71a0
Reviewed-on: https://review.typo3.org/23390
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Sprite manager cache improvement 80/23480/2
Christian Kuhn [Thu, 29 Aug 2013 19:40:15 +0000 (21:40 +0200)]
[BUGFIX] Sprite manager cache improvement

The sprite manager cache entry is created and then required
directly again. This may lead to runtime issues if the file
is required already before it is fully written.
The patch optimizes that by setting the runtime information
directly from the given data.

Change-Id: I3f6250d8513dad32e266538a075abc8e3daeb68c
Resolves: #51544
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23480
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] TCA 'group' selectedListStyle with 'width' breaking layout 75/23475/2
Ernesto Baschny [Tue, 27 Aug 2013 22:47:50 +0000 (00:47 +0200)]
[BUGFIX] TCA 'group' selectedListStyle with 'width' breaking layout

The problem came from a row of icons which was always rendered below
the select list with a hardcoded width of "250px", regardless if there
was content or not. Solution is not to render this icon row if there are
no icons, thus allowing the select list to be reduced in width.

Releases: 6.2, 6.1, 6.0
Resolves: #50707
Change-Id: I23520c1c547de1155091e38c69013a18fed9e559
Reviewed-on: https://review.typo3.org/23391
Reviewed-by: Kai Ole Hartwig
Tested-by: Kai Ole Hartwig
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 447814734d640b6811e71085d5939727dd5766de)
Reviewed-on: https://review.typo3.org/23475

5 years ago[BUGFIX] Database integrity check fatal error 68/23468/2
Stefan Fürst [Wed, 28 Aug 2013 14:08:10 +0000 (16:08 +0200)]
[BUGFIX] Database integrity check fatal error

If a file or directory below uploads/ is not readable by the
executing user, the integrity check system in db check module
menu may fatal. This is sanatized by the patch.

Resolves: #51460
Releases: 6.2, 6.1, 6.0
Change-Id: Ide3401c014aa7bec33585083f81f30c00100da09
Reviewed-on: https://review.typo3.org/23424
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 81d22419488af753e394d82fc1338feff0c5795c)
Reviewed-on: https://review.typo3.org/23468

5 years ago[BUGFIX] Cast autoload and classAliasMap to Array 57/23457/2
Michel Georgy [Thu, 29 Aug 2013 07:34:21 +0000 (09:34 +0200)]
[BUGFIX] Cast autoload and classAliasMap to Array

If you create an empty ext_autoload.php or an empty classAliasMap.php
file or fail to return an array, NULL is merged with the existing
array which results in NULL for the array $classRegistry or
$aliasToClassNameMapping
This patch casts the required Array(which is possibly NULL) to an
Array to prevent array_merge with NULL values.

Fixes: #51474
Releases: 6.2, 6.1, 6.0
Change-Id: I1887da3a942b17e441338a95cb7da49a17535907
Reviewed-on: https://review.typo3.org/23441
Reviewed-by: Kai Ole Hartwig
Tested-by: Kai Ole Hartwig
Reviewed-by: Christoph Dörfel
Tested-by: Christoph Dörfel
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 8cc7f45526bc8828dada995bc91804038d326eea)
Reviewed-on: https://review.typo3.org/23457

5 years ago[BUGFIX] Add missing API method FileInterface::getNameWithoutExtension 55/23455/2
Ernesto Baschny [Tue, 6 Aug 2013 17:17:07 +0000 (19:17 +0200)]
[BUGFIX] Add missing API method FileInterface::getNameWithoutExtension

This method was supposed to be in the interface, but due to a syntax
error in the closing comment tag, it was not (and was not detected as a
PHP syntax error).

This finally adds this method and implements it also in the class
FileReference which hadn't had this method before but also implements
this interface.

Resolves: #51509
Releases: 6.2, 6.1, 6.0
Change-Id: I8ee1ecc155e9cfaeec7ac0ac7086f75df13f4c34
Reviewed-on: https://review.typo3.org/23454
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
(cherry picked from commit 182e5cdd02acf6b27fc3fc17670dfdfa61d6bbf6)
Reviewed-on: https://review.typo3.org/23455

5 years ago[BUGFIX] Exclude empty passwords from password hashing check 33/23433/2
Nicole Cordes [Wed, 28 Aug 2013 14:02:36 +0000 (16:02 +0200)]
[BUGFIX] Exclude empty passwords from password hashing check

The test for insecure passwords handles empty passwords as insecure and
recommends to use the saltedpasswords scheduler task to convert all
insecure passwords. But the scheduler task doesn't convert empty
passwords, so a never ending story exists. Therefore this patch exludes
empty passwords being handled as insecure.

Resolves: #36244
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6bdd5c8807a07841850c1e4c22afe57eec28b335
Reviewed-on: https://review.typo3.org/23433
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] Make the extension titles link to the configuration 77/23377/2
Nicole Cordes [Mon, 29 Jul 2013 16:13:53 +0000 (18:13 +0200)]
[TASK] Make the extension titles link to the configuration

In the extension manager make the extension titles link to the
configuration again. This will provide an additional clickable area and
it allows the integrators to continue using the known behavior.

Resolves: #50234
Releases: 6.2, 6.1, 6.0
Change-Id: I120e8fb47628fe118291cbdd57951a0238ebcd71
Reviewed-on: https://review.typo3.org/23377
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Hide translations in categories selector 59/23359/2
Francois Suter [Fri, 23 Aug 2013 16:09:54 +0000 (18:09 +0200)]
[BUGFIX] Hide translations in categories selector

The \TYPO3\CMS\Core\Category\CategoryRegistry::addTcaColumn() method
provides an API for adding a system categories selector to a given
table. However the generated TCA misses a condition in
"foreign_table_where" to hide translated categories.

Resolves: #51304
Releases: 6.0, 6.1, 6.2
Change-Id: I2622371a89c8eabeb29e835c7f6673ffc6349186
Reviewed-on: https://review.typo3.org/23359
Reviewed-by: Francois Suter
Tested-by: Francois Suter
5 years ago[BUGFIX] Tests in Localization\Parser\LocallangXmlParserTest fail 51/23351/2
Nicole Cordes [Wed, 7 Aug 2013 11:27:50 +0000 (13:27 +0200)]
[BUGFIX] Tests in Localization\Parser\LocallangXmlParserTest fail

If the system is already translated into French two tests in
Localization\Parser\LocallangXmlParserTest fail. This is because another
localization file is taken where test strings are not included.

As the tested functions can't work system independent, the test has to
make sure no system dependencies are used. Therefore the patch
introduces a new language "md5" to prove the workflow.

Resolves: #50870
Releases: 6.2, 6.1, 6.0
Change-Id: I64e8864a7d746c4f5c278f5e67d8dae068d8f920
Reviewed-on: https://review.typo3.org/23351
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Escape title tag of image links 45/23345/2
Alexander Stehlik [Sun, 4 Aug 2013 11:54:53 +0000 (13:54 +0200)]
[BUGFIX] Escape title tag of image links

This patch adds a missing call to htmlspecialchars() when
the title tag of image links is initialized.

Resolves: #50760
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: If41f33d9621f7790c0ff0de4aebcd7cdcb59707f
Reviewed-on: https://review.typo3.org/23345
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Page tree filtering broken in IE7 & IE8 38/23338/2
Aske Ertmann [Mon, 22 Jul 2013 18:46:23 +0000 (20:46 +0200)]
[BUGFIX] Page tree filtering broken in IE7 & IE8

The page tree doesn't show the result when using the filter
in the page tree in IE7 & IE8. ExtJS somehow breaks silently
when trying to use a non-tag (text) as a drag handle. This fix
works with the original change that introduced this, meaning it
doesn't break the functionality of dragging of locked records.

Change-Id: I3f33fb3e4f6bd7622f502a9265897fee9d3e4ed3
Resolves: #25327
Resolves: #37026
Related: #M17952
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/23338
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
5 years ago[BUGFIX] Ignore permission checks for processed files 16/23216/2
Helmut Hummel [Wed, 14 Aug 2013 14:49:55 +0000 (16:49 +0200)]
[BUGFIX] Ignore permission checks for processed files

It must be possible that processed files are generated
even if the user has read only permissions on a storage.

Additionally add a method to Storage, to specifically
update a processed file with a local file.

Resolves: #51209
Releases: 6.0, 6.1, 6.2
Change-Id: I847b02f070c55647e06695c1c70b0b7e8e238177
Reviewed-on: https://review.typo3.org/23216
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] No version overlay should be done for sys_language 04/23204/2
Lienhart Woitok [Tue, 27 Nov 2012 01:43:04 +0000 (02:43 +0100)]
[BUGFIX] No version overlay should be done for sys_language

The tables sys_language and static_languages do not support
versioning. Therefore, when doing a version preview, no
version overlay should be applied to them.

Change-Id: I37be782601fc37e78a74d2459b6f246c5107b701
Fixes: #37892
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23204
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Files with unclean path indexed multiple times 00/23200/2
Stefan Neufeind [Sat, 6 Apr 2013 15:11:52 +0000 (17:11 +0200)]
[BUGFIX] Files with unclean path indexed multiple times

When adding a file or requesting a file by an identifier
cleanup any . and .. in the path before handing off
to the driver so files are not indexed multiple times.

Fixes: #46989
Releases: 6.2, 6.1, 6.0
Change-Id: I4198a8885a6a148e68e1e0f717775f9af976a9ef
Reviewed-on: https://review.typo3.org/23200
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] FilesContentObject::stdWrapValue(): only execute stdWrap once 80/23180/2
Stefan Neufeind [Thu, 1 Aug 2013 01:03:20 +0000 (03:03 +0200)]
[TASK] FilesContentObject::stdWrapValue(): only execute stdWrap once

Change-Id: I4bad84460e1d1b16e05498e382644cd5946c3be8
Resolves: #50614
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23180
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Language-module icons need to display in correct size 78/23178/2
Stefan Neufeind [Wed, 31 Jul 2013 14:07:39 +0000 (16:07 +0200)]
[BUGFIX] Language-module icons need to display in correct size

Since inline:display-block was missing on those icons, those
icons didn't display in their intended size although they
had a width/height-attribute set.

Change-Id: I5ba318e6a3ca4602714d0c4b5f12674e2e305952
Resolves: #43428
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23178
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] TCA: subtypes_addlist not processed 60/23160/2
Benjamin Mack [Sat, 6 Apr 2013 09:54:32 +0000 (11:54 +0200)]
[BUGFIX] TCA: subtypes_addlist not processed

TCA: subtypes_addlist is not processed
if the subtype_value_field is in a palette

Fixes: #30636
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6bcaaf36c330962c1d7d9fdd4a73ae502e9710dc
Reviewed-on: https://review.typo3.org/23160
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Query parameters of external link may get altered 58/23158/2
Stanislas Rolland [Tue, 30 Jul 2013 02:34:54 +0000 (22:34 -0400)]
[BUGFIX] Query parameters of external link may get altered

If an external link is set to the same domain as the BE domain and
the id query parameter is present, any other query parameters will
be altered (and repeated).
Solution: href of external link should remain unaltered.

Resolves: #47844
Releases: 6.0, 6.1, 6.2
Change-Id: I79564ebf63ee4f92bfd3f95b17f72592ea849163
Reviewed-on: https://review.typo3.org/23158
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[TASK] Disable scheduler-tests if EXT:scheduler not loaded 35/23135/2
Anja Leichsenring [Fri, 16 Aug 2013 12:34:39 +0000 (14:34 +0200)]
[TASK] Disable scheduler-tests if EXT:scheduler not loaded

Change-Id: I62ec38fc27330e74c4bc3eed6ded3a2f4a6de550
Resolves: #51115
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23135
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Fix file permission methods in BackendUserAuthentication 25/23125/2
Helmut Hummel [Wed, 7 Aug 2013 16:33:37 +0000 (18:33 +0200)]
[BUGFIX] Fix file permission methods in BackendUserAuthentication

Take default TSConfig file permissions into account:

File permissions configured in User TSConfig,
are not taken into account, because the properties
from the getTSConfig method are returned in a
'properties' key of an array but the top level
array is used. Use getTSConfigProp instead.

Fix the bit wise check for old file permissions:

XOR the value is wrong because it gives the wrong
result if more bits are set. Use AND operation
to properly check if a specific bit is not set.

Check if the user is admin in getFilePermissionsForStorage()

Add tests to confirm the desired behaviour.

Releases: 6.0, 6.1, 6.2
Resolves: #51004
Change-Id: I78c5fa13f2110e6044c0a81e2e7e4f3298766226
Reviewed-on: https://review.typo3.org/23125
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Fix inconsistencies in getTSConfig in BackenuserAuth 22/23122/2
Helmut Hummel [Sat, 10 Aug 2013 21:18:05 +0000 (23:18 +0200)]
[BUGFIX] Fix inconsistencies in getTSConfig in BackenuserAuth

BackenuserAuthentication::getTSConfig() behaves
inconsistently when an object string is given with
multiple sections but no result in the actual TSConfig
of the user. Other than noted in the method declaration,
the method returns an empty array instead of an array
where the 'properties' key is null.

Additionally we fix a bug which caused wrong results
if "0" was used as a key in configuration and accessed
with something like "permissions.file.0"

Resolves: #51007
Releases: 6.0, 6.1, 6.2
Change-Id: Ie3daa0abc04a927186e9e9f3a88875086b606f93
Reviewed-on: https://review.typo3.org/23122
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years agoRevert "[BUGFIX] Fix inconsistencies in getTSConfig in BackenuserAuth" 21/23121/2
Helmut Hummel [Fri, 16 Aug 2013 07:12:25 +0000 (09:12 +0200)]
Revert "[BUGFIX] Fix inconsistencies in getTSConfig in BackenuserAuth"

This reverts commit d3b785100efee55f08391d044ca574cd488587cd

Defective cherry-pick causing failing builds on Travis

Change-Id: Ic61becef429f9d3bb379d01bb312528471dc44a4
Reviewed-on: https://review.typo3.org/23121
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years agoRevert "[BUGFIX] Fix file permission methods in BackendUserAuthentication" 20/23120/2
Helmut Hummel [Fri, 16 Aug 2013 07:11:51 +0000 (09:11 +0200)]
Revert "[BUGFIX] Fix file permission methods in BackendUserAuthentication"

This reverts commit 329645ce21088e06b8e35e7bef985f32a08bf00f

Missing dependencies caused failing builds on Travis

Change-Id: I21bcdebcb62fc7f1c203befcecec5d9ecd60f020
Reviewed-on: https://review.typo3.org/23120
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Fix inconsistencies in getTSConfig in BackenuserAuth 80/23080/3
Helmut Hummel [Sat, 10 Aug 2013 21:18:05 +0000 (23:18 +0200)]
[BUGFIX] Fix inconsistencies in getTSConfig in BackenuserAuth

BackenuserAuthentication::getTSConfig() behaves
inconsistently when an object string is given with
multiple sections but no result in the actual TSConfig
of the user. Other than noted in the method declaration,
the method returns an empty array instead of an array
where the 'properties' key is null.

Additionally we fix a bug which caused wrong results
if "0" was used as a key in configuration and accessed
with something like "permissions.file.0"

Resolves: #51007
Releases: 6.0, 6.1, 6.2
Change-Id: I80fc7398c1955ff77d052377e3ba81bb8aea01cf
Reviewed-on: https://review.typo3.org/23080
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Fix file permission methods in BackendUserAuthentication 12/23112/3
Helmut Hummel [Wed, 7 Aug 2013 16:33:37 +0000 (18:33 +0200)]
[BUGFIX] Fix file permission methods in BackendUserAuthentication

Take default TSConfig file permissions into account:

File permissions configured in User TSConfig,
are not taken into account, because the properties
from the getTSConfig method are returned in a
'properties' key of an array but the top level
array is used. Use getTSConfigProp instead.

Fix the bit wise check for old file permissions:

XOR the value is wrong because it gives the wrong
result if more bits are set. Use AND operation
to properly check if a specific bit is not set.

Check if the user is admin in getFilePermissionsForStorage()

Add tests to confirm the desired behaviour.

Releases: 6.0, 6.1, 6.2
Resolves: #51004
Change-Id: Ia5d6fa1cb47a74306fe5465a0e70c2f2aea2a4b8
Reviewed-on: https://review.typo3.org/23112
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Avoid usage of subheader in mailform 08/23108/2
Francois Suter [Wed, 17 Jul 2013 20:07:01 +0000 (22:07 +0200)]
[BUGFIX] Avoid usage of subheader in mailform

Since TYPO3 CMS 4.7 the subheader field is rendered by lib.stdheader
if the chosen doctype is HTML 5. However the old mailform (ab)uses this
field for storing the recipient e-mail address. The subheader must
not be displayed in this case.

Resolves: #46094
Releases: 6.2, 6.1, 6.0, 4.7
Change-Id: I19d13e65b941e2514a9c4a12cb37f015661e9d8f
Reviewed-on: https://review.typo3.org/23108
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Typing after abbr or acronym tag is difficult 74/23074/2
Stanislas Rolland [Tue, 30 Jul 2013 03:16:15 +0000 (23:16 -0400)]
[BUGFIX] Typing after abbr or acronym tag is difficult

Solution: After inserting the abbreviation, position the cursor
after and outside the inserted tag.

Resolves: #47806
Releases: 6.0, 6.1, 6.2
Change-Id: I4e8c47cf031fe3df2772ed47cb42122b8db9a646
Reviewed-on: https://review.typo3.org/23074
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
5 years ago[BUGFIX] FAL: Image Processing doesn't respect GFX "thumbnails_png" 51/22851/2
Benjamin Mack [Fri, 19 Jul 2013 13:16:05 +0000 (15:16 +0200)]
[BUGFIX] FAL: Image Processing doesn't respect GFX "thumbnails_png"

The Task Interface of the File Abstraction Layer defines the
target file extension for graphcal tasks. Previously this was done
with the option "thumbnails_png" from the TYPO3_CONF_VARS.

However, checking for that parameter is not done anymore within
FAL/AbstractGraphicalTask. Thus, all .gif images are shown as .png
files, even though TYPO3 is not configured like that.

This can be seen when using GM, thumbnails_png=0, and creating
a preview image of an animated GIF. The preview will not be shown
for some images then.

The patch introduces the existing option back in to 6.x/FAL.

Releases: 6.2, 6.1, 6.0
Resolves: #50193
Change-Id: Ie539fe1aa1ab7366129a156be8ce9b05a5f8d5d2
Reviewed-on: https://review.typo3.org/22851
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Allow reading files if storage is not browsable 66/23066/2
Helmut Hummel [Sat, 10 Aug 2013 21:26:42 +0000 (23:26 +0200)]
[BUGFIX] Allow reading files if storage is not browsable

Whether a storage is browsable or not should not
affect the possibility to read a file with a
given identifier.

Releases: 6.0, 6.1, 6.2
Resolves: #51010

Change-Id: Ic754143ed39a277f14c488c5b0d4c050dde027df
Reviewed-on: https://review.typo3.org/23066
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Take into account all file and folder permissions 45/23045/2
Helmut Hummel [Sat, 10 Aug 2013 17:40:47 +0000 (19:40 +0200)]
[BUGFIX] Take into account all file and folder permissions

When handling the old file permission settings from
user or user group records, all current FAL user
permissions should be set accordingly, to not allow
file actions with FAL which were not allowed before.

In particular no write / change actions should be
allowed if no permissions are granted in the records.

Releases: 6.0, 6.1, 6.2
Resolves: #51005
Related: #51007

Change-Id: I873f23ed02428842621c8256df5792e54abbfe2c
Reviewed-on: https://review.typo3.org/23045
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Failing tests in Resource\Driver\LocalDriverTest on Windows 40/23040/3
Nicole Cordes [Tue, 6 Aug 2013 20:22:06 +0000 (22:22 +0200)]
[BUGFIX] Failing tests in Resource\Driver\LocalDriverTest on Windows

The test createdFilesAreEmpty depends on another test which returns a
mocked object. In the mock two returnValues for getIdentifier() and
getName() were set. But due to PHPUnit architecture mocked functions
belong to the test there were defined and cannot be shared. This is why
the mock has to be initialized within the test itself. The test only
works because on unix system you can open a folder which returns an
empty string.

Furthermore if you use any php function to get a folder path we have to
fix the containing backslashes.

Finally due to some errors we have to rewind any iterator of class
RecursiveIteratorIterator as otherwise a wrong index is returned.

Resolves: #50844
Releases: 6.2, 6.1, 6.0
Change-Id: I13f9efbd1618056fcd66220e3de5e12af79e4dc6
Reviewed-on: https://review.typo3.org/23040
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
5 years ago[BUGFIX] Missing \TYPO3\CMS\Core\Utility\ in ResourceFactory 43/23043/2
Wouter Wolters [Sun, 11 Aug 2013 19:02:24 +0000 (21:02 +0200)]
[BUGFIX] Missing \TYPO3\CMS\Core\Utility\ in ResourceFactory

After merge of the new signal inside the ResourceFactory
the call to GeneralUtility is wrong.

Resolves: #51012
Releases: 6.1, 6.0
Change-Id: Ia76d26559a8cc3618bd4fcd11c750b3f1cd885c7
Reviewed-on: https://review.typo3.org/23043
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Add signal in ResourceFactory for storage creation 39/23039/2
Helmut Hummel [Sun, 11 Aug 2013 16:28:42 +0000 (18:28 +0200)]
[TASK] Add signal in ResourceFactory for storage creation

We miss a central place to adapt or change
configuration for a resource storage.

Add a signal in the resource factory to be able
to post process a storage object after creation.

Releases: 6.0, 6.1, 6.2
Resolves: #51011
Change-Id: Iace95bc50ab149b4e62dd85c01417b3a3e6bf1cf
Reviewed-on: https://review.typo3.org/23039
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] LocalDriver: Recursive file listing is broken 94/22194/2
Andreas Wolf [Tue, 29 Jan 2013 14:11:24 +0000 (15:11 +0100)]
[BUGFIX] LocalDriver: Recursive file listing is broken

The recursive file listing, introduced as part of the public API in
the fix for #43249, is currently broken.

One problem is that the file information retrieval is incomplete: The
filename of files in subfolders also contains the path to this file from
the current folder, while the identifier is missing that information.
The identifier is thus wrong and the filename contains too much
information (more than the filename).

Additionally, the method getDirectoryItemList() returns the file list
with the filenames as key, which will fail when a file name exists twice
in different folders. Therefore, this patch changes the keys to numeric
values when a recursive folder list is requested.

Change-Id: Iaebd862327d2dfc849044236474f6da2444cd4f5
Resolves: #44910
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/22194
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] rtehtmlarea acronym error with static_info_tables 6.0+ 29/23029/2
Stanislas Rolland [Mon, 29 Jul 2013 16:33:06 +0000 (12:33 -0400)]
[BUGFIX] rtehtmlarea acronym error with static_info_tables 6.0+

Problem: Editing acronym records fails with Static Info Tables 6.0+ as
tx_staticinfotables_div->selectItemsTCA does not exist anymore.
Solution: Use suggest wizard

Resolves: #50502
Releases: 6.0, 6.1, 6.2
Change-Id: I69e564662df19f0625ec3e71b05e91c7ed5edfc8
Reviewed-on: https://review.typo3.org/23029
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
5 years ago[BUGFIX] Reports module tries to load not-installed extension 80/22980/2
Wouter Wolters [Tue, 30 Jul 2013 22:28:37 +0000 (00:28 +0200)]
[BUGFIX] Reports module tries to load not-installed extension

When you select a report from an extension, the reports module
will remember this when you re-open it. But if you have
uninstalled the extension in the meantime, the reports module
will throw an exception. This is fixed by checking the
$reportClass. If this is NULL then redirect to indexAction.

Change-Id: Ifad4e6ee8dc651a3d6b1360486fd5a7cb2abf111
Resolves: #48523
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/22980
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] number_format() expects parameter 1 to be double 75/22975/2
Wouter Wolters [Wed, 7 Aug 2013 17:46:54 +0000 (19:46 +0200)]
[BUGFIX] number_format() expects parameter 1 to be double

In stdWrap function numberFormat $content is a string.
Make sure this is a float value when it is passed into
PHP function number_format.

Change-Id: If4a98ae8238264f94f771c997fbe6cac98311912
Resolves: #50868
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/22975
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Ignore case in file extension filter 38/22938/2
Alexander Stehlik [Sat, 3 Aug 2013 18:14:10 +0000 (20:14 +0200)]
[BUGFIX] Ignore case in file extension filter

This patch makes the FileExtensionFilter case insensitive.

If the filter is configured to allow files with the ".EXT"
extension it will now also allow files with an ".ext"
extension.

Additionally the order of a data provider method in the
FileExtensionFilterTest has been corrected.

Resolves: #50568
Releases: 6.2, 6.1, 6.0
Change-Id: I5761ab7f06116ef847caeb2ae786e580730c0e6b
Reviewed-on: https://review.typo3.org/22938
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Correctly set user storage permissions 29/22929/2
Helmut Hummel [Wed, 7 Aug 2013 11:00:39 +0000 (13:00 +0200)]
[BUGFIX] Correctly set user storage permissions

With FAL a new way to define file permissions
(for storages) has been introduced. You can set
these in User TsConfig instead of doing it
in the user record.

There is a backwards compatibility layer, which should
set the permissions according to the database entry
in case no permissions have been set in TsConfig.
This however does not work, because of a wrong check
for existence of UserTsConfig properties.

Instead of checking for an array (which is always the case),
we have to check if the array is not empty.

Releases: 6.0, 6.1, 6.2
Resolves: #50872
Change-Id: I0ec30a1ae96c4b6916a3e46c7222f832c44f603e
Reviewed-on: https://review.typo3.org/22929
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[TASK] Introduce AbstractHierarchicalFilesystemDriver 20/22920/2
Steffen Ritter [Wed, 7 Aug 2013 09:09:55 +0000 (11:09 +0200)]
[TASK] Introduce AbstractHierarchicalFilesystemDriver

There are many tasks which apply to all drivers working on an
Hierarchical FileSystem (NFS, WebDav, LocalDriver, ....).
When it comes to security we dont want custom drivers to implement
that all on their own, but provide it by the System.

Introducing AbstractHierarchicalFilesystemDriver enables us to
do so, without breaking compatibility (Base class, interface
and Classname stay the same).

Releases: 6.2, 6.1, 6.0
Resolves: #50867
Change-Id: Ib1b45c6ad384f82f7a5138372ed91269b8db38c2
Reviewed-on: https://review.typo3.org/22920
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Failing Resource\FactoryTest on Windows systems 14/22914/2
Nicole Cordes [Tue, 6 Aug 2013 20:00:25 +0000 (22:00 +0200)]
[BUGFIX] Failing Resource\FactoryTest on Windows systems

Two tests in class TYPO3\CMS\Core\Tests\Unit\Resource\FactoryTest fail
with warnings. This is because of two single issues.

First of all the test depends on a folder which (might) belong to an own
storage other than storage 0 (fileadmin). This patch changes fileadmin
to the typo3 folder as this one should be not included in any storage.

On the other hand on Windows systems a full path contains always a colon
which breaks any storage check. To solve this we have to fix any
absolute path beforehand as it is done in the sub functions as well.

Resolves: #50843
Releases: 6.2, 6.1, 6.0
Change-Id: I950a3c81222155da403ca1eb7b920e8682033450
Reviewed-on: https://review.typo3.org/22914
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
5 years ago[BUGFIX] Indexing of external files does not work in indexed_search 07/22907/3
Wouter Wolters [Fri, 26 Jul 2013 15:35:17 +0000 (17:35 +0200)]
[BUGFIX] Indexing of external files does not work in indexed_search

After the namespace change a wrong replace was done in
indexed_search. Replace it with the correct class.

Change-Id: I35295f4fecde241ec3004a8ee6b7dd71d5e34e93
Resolves: #47106
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/22907
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Callback in CrawlerHook of indexed_search sysext buggy 27/22727/3
Marius Büscher [Wed, 31 Jul 2013 08:45:07 +0000 (10:45 +0200)]
[BUGFIX] Callback in CrawlerHook of indexed_search sysext buggy

The property $callBack pointed to a Controller that was not existing.
Now it points back to the Hook.

Resolves: #50562
Releases: 6.2, 6.1, 6.0
Change-Id: I79e0ce73a23d98c5922ead43480202b3445282b2
Reviewed-on: https://review.typo3.org/22727
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Backup singletons in unit tests prior to other setUp operations 00/22900/2
Nicole Cordes [Tue, 6 Aug 2013 22:43:49 +0000 (00:43 +0200)]
[BUGFIX] Backup singletons in unit tests prior to other setUp operations

If the singleton management is changed in unit tests, a local copy of
the previous stage is done to re-construct this state in tearDown().
This has to be done before any other instantiation in setUp() is
initiated which might register additional singletons.

Resolves: #50812
Releases: 6.2, 6.1, 6.0
Change-Id: I7788a5788aca6777040b777aeceb0558f96022b2
Reviewed-on: https://review.typo3.org/22900
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Fix EmConfUtility::fixEmConf conflicts generation 92/22892/2
Sascha Egerer [Thu, 1 Aug 2013 09:46:42 +0000 (11:46 +0200)]
[BUGFIX] Fix EmConfUtility::fixEmConf conflicts generation

EmConfUtility::fixEmConf generates a string instead
of an array for "$emConf['constraints']['conflicts']"

Resolves: #50628
Releases: 6.2, 6.1, 6.0
Change-Id: I37e026569e761b8550a9b0e6a1cb10835f6c899b
Reviewed-on: https://review.typo3.org/22892
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Incorrect check for empty folder 89/22889/2
Philipp Gampe [Mon, 29 Jul 2013 20:15:32 +0000 (22:15 +0200)]
[BUGFIX] Incorrect check for empty folder

The condition in ResourceStorage::deleteFolder is wrong.
Negate the isFolderEmpty() clause.

Resolves: #50125
Releases: 6.2, 6.1, 6.0
Change-Id: Ia60f3e97ff8d1e0cc2671cec1b31cfc995c235b1
Reviewed-on: https://review.typo3.org/22889
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Use magic __CLASS__ in getInstance()-methods 87/22887/2
Stefan Neufeind [Thu, 1 Aug 2013 01:20:23 +0000 (03:20 +0200)]
[TASK] Use magic __CLASS__ in getInstance()-methods

Some classes contain static getInstance()-methods that return
an instance of themselves. Instead of using the correct namespace
and classname everywhere, just use __CLASS__.

Change-Id: I22770505acded0c54b07dd0e239976ad01fdf893
Resolves: #50615
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/22887
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Fix empty href parameter 34/22834/2
Anja Leichsenring [Sat, 3 Aug 2013 13:38:46 +0000 (15:38 +0200)]
[BUGFIX] Fix empty href parameter

In case the link target is not available (maybe hidden), the behaviour
known from the Core is to render the link text, but no a tag. The pageVH
renders the link, but the href parameter will be empty.

Resolves: #50751
Releases: 6.2, 6.1, 6.0
Change-Id: I526aa0e3d42f8aba867b3f996bac2366dc1f6d19
Reviewed-on: https://review.typo3.org/22834
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Fix failing test in StorageRepositoryTest 42/22842/2
Anja Leichsenring [Tue, 6 Aug 2013 08:18:00 +0000 (10:18 +0200)]
[BUGFIX] Fix failing test in StorageRepositoryTest

With #50803 the usage of the constant TYPO3_MODE was introduced. This
leads to the failing test, after the constant can not be redefined
for test purposes.

To work around this, a method that can be mocked is introduced, and
specifically set to "FE" for this test to work again.

Resolves: #50809
Relates: #50803
Releases: 6.2, 6.1, 6.0
Change-Id: I7319d8ccef530feff69a7f9885df24dba0beed4d
Reviewed-on: https://review.typo3.org/22842
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
5 years ago[BUGFIX] Fatal error: "enableFields on non-object" in extension manager 32/22832/2
Ernesto Baschny [Mon, 5 Aug 2013 20:28:05 +0000 (22:28 +0200)]
[BUGFIX] Fatal error: "enableFields on non-object" in extension manager

Don't rely on $TSFE object to detect if we are in a frontend context. Rely
on TYPO3_MODE constant instead.

Releases: 6.2, 6.1, 6.0
Resolves: #50803
Change-Id: I06ea2692dab7683c7284e5f3ff45036d72c64999
Reviewed-on: https://review.typo3.org/22832
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] MySQL: Use ENGINE (not TYPE) for storage-engine 93/22793/3
Stefan Neufeind [Fri, 26 Jul 2013 13:19:35 +0000 (15:19 +0200)]
[BUGFIX] MySQL: Use ENGINE (not TYPE) for storage-engine

Using TYPE is deprecated since a MySQL 4.x and was removed in MySQL
5.5. Core already uses ENGINE but SqlParser turned that into TYPE,
leading to errors.

From https://dev.mysql.com/doc/refman/5.0/en/storage-engines.html:
"The older term TYPE is supported as a synonym for ENGINE for
backward compatibility, but ENGINE is the preferred term and TYPE
is deprecated."

Change-Id: I6607d3e726c43cb74ca00f33ec2332de4f6a76d8
Resolves: #50466
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
(cherry picked from commit a7b47c61008c6ca484a1ba2f252792dc24557559)
Reviewed-on: https://review.typo3.org/22793
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] selected = 1 doesn't work in FormContentObject 52/22752/2
Wouter Wolters [Sun, 28 Apr 2013 22:01:20 +0000 (00:01 +0200)]
[BUGFIX] selected = 1 doesn't work in FormContentObject

Wrong variable is used to set selected correctly.

Change-Id: I90623339c4d13eb07d7e5ef87e1b4e3aa8cf147e
Resolves: #43893
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/20282
Reviewed-by: uwe trotzek
Tested-by: uwe trotzek
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 8d30ece2f0dfc0306c22a63d9e57a75e32d1365e)
Reviewed-on: https://review.typo3.org/22752

5 years ago[BUGFIX] Suppress double page entry in temporary mounted pagetree 77/19977/3
Frank Frewer [Thu, 11 Apr 2013 16:29:55 +0000 (18:29 +0200)]
[BUGFIX] Suppress double page entry in temporary mounted pagetree

This patch suppresses that some pages will be shown as subpages of
themselves while defining a temporary mountpoint in the pagetree and then
searching in the mounted tree.

Fixes: #47123
Releases: 6.1, 6.0, 4.7
Change-Id: I2d6f895b6b6fd110e9a4fbc163295e8c992fdb61
Reviewed-on: https://review.typo3.org/19977
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[TASK] Provide information about import action in TCEmain to hooks 43/22643/2
Stefan Galinski [Tue, 27 Nov 2012 01:31:50 +0000 (02:31 +0100)]
[TASK] Provide information about import action in TCEmain to hooks

While importing T3D files the TCEmain currently fires the required
processing on records just as if the editor is generating the records. If
extensions hook into TCEmain, there is no way to differenciate this
situation from the regular editing mode - which might provide unexpected
results, i.e. wrong IRRE relations.

Solution is to provide a boolean to indicate that TCEmain has been called
during an import action which extensions could use to recognize this
situation.

Change-Id: I4fe429fb88f8ec24a7fda885f38ddfbdb4a642f5
Resolves: #36031
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/22643
Reviewed-by: Jo Hasenau
Tested-by: Jo Hasenau
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] RTE wizard can't "save document and view page" 47/22647/2
Stanislas Rolland [Tue, 23 Apr 2013 15:47:46 +0000 (11:47 -0400)]
[BUGFIX] RTE wizard can't "save document and view page"

Including the full fieldConfig from TCA may produce too long an URL.
In IE, the RTE wizard simply does not open.

Solution: Remove the fieldConfig parameter not used by the RTE wizard.

Revolves: #43637
Resolves: #43631
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Change-Id: Idd855d56d6a7ed92d40d9a788bc11efb3f535ed3
Reviewed-on: https://review.typo3.org/22647
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Set TYPO3 version to 6.0.9-dev 18/22718/2
TYPO3 Release Team [Tue, 30 Jul 2013 13:01:21 +0000 (15:01 +0200)]
[TASK] Set TYPO3 version to 6.0.9-dev

Change-Id: I496e73257f6438e59a03041fed81abdbfa87f2a1
Reviewed-on: https://review.typo3.org/22718
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 6.0.8 17/22717/2 TYPO3_6-0-8
TYPO3 Release Team [Tue, 30 Jul 2013 13:00:54 +0000 (15:00 +0200)]
[RELEASE] Release of TYPO3 6.0.8

Change-Id: I9c3f0f27e268223b5aa82d3d74e44901e51e1269
Reviewed-on: https://review.typo3.org/22717
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[SECURITY] fileDenyPattern ignored in file-list module 06/22706/2
Jigal van Hemert [Tue, 30 Jul 2013 12:38:52 +0000 (14:38 +0200)]
[SECURITY] fileDenyPattern ignored in file-list module

Change-Id: Icf4b3452c3b039f12335e184161083cbcbd3acec
Fixes: #47452
Releases: 6.0, 6.1, 6.2
Security-Commit: 42797af8fc4492a98e3ade0d053d14db7aae6622
Security-Bulletin: TYPO3-CORE-SA-2013-002
Reviewed-on: https://review.typo3.org/22706
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in 3rd party library Flowplayer 05/22705/2
Oliver Hader [Tue, 30 Jul 2013 12:38:38 +0000 (14:38 +0200)]
[SECURITY] XSS in 3rd party library Flowplayer

Change-Id: I6bb53b23ca4df6f8d4b8ee801bd99a1a5c32f5b2
Fixes: #49209
Releases: 4.7, 6.0, 6.1, 6.2
Security-Commit: dd3663738902bbd49efd200333f01f43d6f32632
Security-Bulletin: TYPO3-CORE-SA-2013-002
Reviewed-on: https://review.typo3.org/22705
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in 3rd party library Audio Player 04/22704/2
Oliver Hader [Tue, 30 Jul 2013 12:38:29 +0000 (14:38 +0200)]
[SECURITY] XSS in 3rd party library Audio Player

Update player.swf of version 2.0.4.6 from
http://wordpress.org/plugins/audio-player/

Change-Id: Ib9ba8c7f02279c42d619154b9b79cc38a8e2c41b
Fixes: #49210
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 8f2cef3f99ca46db31f867d0d02430d7d005c62b
Security-Bulletin: TYPO3-CORE-SA-2013-002
Reviewed-on: https://review.typo3.org/22704
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader