Packages/TYPO3.CMS.git
5 years ago[RELEASE] Release of TYPO3 6.0.12 34/26234/2 TYPO3_6-0-12
TYPO3 Release Team [Tue, 10 Dec 2013 10:29:49 +0000 (11:29 +0100)]
[RELEASE] Release of TYPO3 6.0.12

Change-Id: I87726750c92e85a2d28f6bd1bd1665cbef1a520a
Reviewed-on: https://review.typo3.org/26234
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[SECURITY] XSS in header link of all content elements 05/26205/2
Anja Leichsenring [Tue, 10 Dec 2013 09:53:25 +0000 (10:53 +0100)]
[SECURITY] XSS in header link of all content elements

The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escaping the parameter
with quoteJSvalue solves the problem.a

Change-Id: I9bea9114437852cdb8e0586d4e867cdf7a5a1138
Fixes: #31206
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: b9b7d0ba0979fe9c2ac8af5df944cf09d187b60d
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26205
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in colorpicker wizard 04/26204/2
Marcus Krause [Tue, 10 Dec 2013 09:53:20 +0000 (10:53 +0100)]
[SECURITY] XSS in colorpicker wizard

Encode user-input in JavaScript context for colorpicker.

Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 8051c037ed6fae408c99cc9c29232d4c3f2a5504
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26204
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Prevent editor controlled hmac content 03/26203/2
Franz G. Jahn [Tue, 10 Dec 2013 09:53:15 +0000 (10:53 +0100)]
[SECURITY] Prevent editor controlled hmac content

An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. To prevent this, we add an
additional secret.

Fixes: #45043
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
(cherry picked from commit 00316f7c5d61c9ec72aaf1ee1519e50357c8c6e7)
Security-Commit: b3c77b523c0f04109cd16a16378bf4d7665ac4fb
Security-Bulletin: TYPO3-CORE-SA-2013-004

Change-Id: I17136da945182c8fcf94fd7ce53aace872e2b8f7
Reviewed-on: https://review.typo3.org/26203
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in backend user adminstration 02/26202/2
Marc Bastian Heinrichs [Tue, 10 Dec 2013 09:53:07 +0000 (10:53 +0100)]
[SECURITY] XSS in backend user adminstration

Change-Id: I1d31daf0dbc0dfa0ae49c17be9e6e85a85b8bea2
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 6fae30c4abb279085e21ddecc944e8e5de2cf773
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26202
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Information Disclosure in Wizards 01/26201/2
Helmut Hummel [Tue, 10 Dec 2013 09:53:02 +0000 (10:53 +0100)]
[SECURITY] Information Disclosure in Wizards

It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA by manipulating
GET parameters of the forms and table wizard.

This change adds a check if the editor has access
to the given record.

Change-Id: I3d3b318cefed36888d4cbbc00badad6c0818454c
Fixes: #41714
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 3c38aa1115a3a14e4fcd3408362d6a1bebe75155
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26201
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Fix open redirection in openid extension 00/26200/2
Helmut Hummel [Tue, 10 Dec 2013 09:52:56 +0000 (10:52 +0100)]
[SECURITY] Fix open redirection in openid extension

The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulnerability.

Add and verify hmac of the redirect url.

Change-Id: I5d11061ad8d0059180942c62e016f81868f56e65
Fixes: #54099
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: c3e938848d92334b37e9b4f3793d844f52291662
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26200
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] feuser_adminLib.inc allows to set arbitrary fields 99/26199/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:51 +0000 (10:52 +0100)]
[SECURITY] feuser_adminLib.inc allows to set arbitrary fields

The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt-in.
This class is neither used by core nor really maintained.

In the opt-in process the fields which should be updated to
activate the user are put as URL parameter into the
activation link. In the default configuration this feature
set allows to set any values of any field to this record.

As a result a user could manipulate his activation link and
therefore extend his usergroups.

This patch ensures that all fields which are about to update
are added to the hash as well as only taking the values
from TypoScript so even if the fields match no harm can be
done.

Change-Id: Id7d5e68d10c862aab0086755f880b5856f2141c5
Fixes: #48187
Releases: 6.0, 4.7, 4.5
Security-Commit: 57a6a356f33dcc7ec5fdb52b6857a010dd068936
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26199
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in be_layout wizard 98/26198/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:45 +0000 (10:52 +0100)]
[SECURITY] XSS in be_layout wizard

Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
The solution is the introduction of a hmac validation of the parameters
used in JavaScript.

Change-Id: I58e9c9845ee88d374d3f06cf99d155a6816c1b35
Fixes: #36768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 0960c276be49c555e6fd7c1fc4a65950b8a0af95
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26198
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in beuser VH 97/26197/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:39 +0000 (10:52 +0100)]
[SECURITY] XSS in beuser VH

The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.

Change-Id: I2cb3ed3383e2feab4462d63c177c78917568cc12
Fixes: #47086
Releases: 6.2, 6.1, 6.0
Security-Commit: 860c3c0134cded680e5beb394ed89ef0ef6a81d2
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26197
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Remove possible XSS from ActionController Error output 96/26196/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:32 +0000 (10:52 +0100)]
[SECURITY] Remove possible XSS from ActionController Error output

As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::errorAction() method
could lead to a cross side scripting possibility.

The offending output has been removed without substitution.

Change-Id: I7cd09466af55f4b5b83581dcf164c5b8037cd45c
Fixes: #54074
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 2f2bd2db81f2a2b4de34839cce7d54e792572402
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26196
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard 95/26195/2
Steffen Ritter [Tue, 10 Dec 2013 09:52:26 +0000 (10:52 +0100)]
[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard

If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you then add a new
element to be related.

In order to "store" the originating document which has been
edited, the Wizard/AddController and EditDocumentController
exchange state data in an URL-parameter.

This state-array is serialized in the EditDocumentController
and again unserialized in the Wizard/AddController from that
GET parameter. Without any checks, every code can be injected
to be unserialized here - even though we just need an array
with some data.

This patch changes serialize/unserialize to json_encode and
json_decode. Since the GET parameter only is used in
conjunction of these two classes it is save to changes the
format how the URL parameters are serialized.

Change-Id: Ife07d794b92cadeccbefda04af443a5a8cd161b6
Fixes: #54073
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 8ce4743c0ff10fa6b9e4d57798dc6c7e1d51e38c
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26195
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] ClientUtility does not detect Internet Explorer 11 85/25885/2
Stefan Neufeind [Sun, 1 Dec 2013 14:33:13 +0000 (15:33 +0100)]
[BUGFIX] ClientUtility does not detect Internet Explorer 11

Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing patterns
fail and the browser is detected as unknown browser.

TYPO3 deactivates several features for unknown browser. As a
result f.e. the RTE does not load.

This change adds special treatment for IE11+ by introducing an
additional regular expression matching the new user agent format
and looking for the Trident engine to be present.

In addition unit tests for common IE 9-11 user agents are added.

Change-Id: I389f344a498ac77f3e6445656dd125fd5d236a98
Resolves: #54124
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25885
Reviewed-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Add missing namespacing for calling GeneralUtility 34/25834/2
Stefan Neufeind [Sun, 1 Dec 2013 11:12:14 +0000 (12:12 +0100)]
[BUGFIX] Add missing namespacing for calling GeneralUtility

Regression-fix for change from:
https://review.typo3.org/25057

Resolves: #54117
Releases: 6.1, 6.0
Change-Id: I0de156365d4d8f55cb269e0b29e40b7c3dbcf9e5
Reviewed-on: https://review.typo3.org/25834
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Reviewed-by: Oliver Klee
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] ext:adodb Restrict connection wizard to admins 62/25762/3
Christian Kuhn [Fri, 29 Nov 2013 15:23:40 +0000 (16:23 +0100)]
[BUGFIX] ext:adodb Restrict connection wizard to admins

In the unlikely case ext:datasources is used, there is a potential
information disclosure that content of this table is shown to
non-admin backend users. This is better sanitized with the patch.

Change-Id: I748a0e05b57ac8c6d9c37cdd86fdb093c380dea5
Resolves: #42651
Releases: 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25762
Reviewed-by: Oliver Klee
Tested-by: Oliver Klee
Reviewed-by: Franz G. Jahn
Tested-by: Franz G. Jahn
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[TASK] Set TYPO3 version to 6.0.12-dev 99/25699/2
TYPO3 Release Team [Tue, 26 Nov 2013 15:42:46 +0000 (16:42 +0100)]
[TASK] Set TYPO3 version to 6.0.12-dev

Change-Id: Ie5b5357e3979d5299e147f1afdebe7df042470ea
Reviewed-on: https://review.typo3.org/25699
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 6.0.11 98/25698/2 TYPO3_6-0-11
TYPO3 Release Team [Tue, 26 Nov 2013 15:42:18 +0000 (16:42 +0100)]
[RELEASE] Release of TYPO3 6.0.11

Change-Id: I5519d03da62894d133df316dbb675a4651f850f1
Reviewed-on: https://review.typo3.org/25698
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[BUGFIX] t3skin calls addIconSprite for each lang 84/25684/2
Michiel Roos [Mon, 25 Nov 2013 10:40:49 +0000 (11:40 +0100)]
[BUGFIX] t3skin calls addIconSprite for each lang

The t3skin extension adds icon sprites for each language. And that's
great, but not so great that it calls addIconSprite for each language.

Instead the iconArray can be built up and submitted once to
addIconSprite.

This saves 248 calls to addIconSprite which calls array_merge etc.

This saves ~ 22 ms for each request.

Change-Id: I0fdc09de46899e4160f907aefd8b3b3b596a2df3
Resolves: #53918
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/25684
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Reload list module on clickmenu action 44/25544/2
Bernhard Kraft [Wed, 20 Nov 2013 10:48:32 +0000 (11:48 +0100)]
[BUGFIX] Reload list module on clickmenu action

This solves the problem of a not refreshing list module
when the clickmenu of an element is used to copy/move the
element.

Releases: 6.2, 6.1, 6.0, 4.5
Resolves: #15958
Change-Id: I2eee6162636e0c78ed361c26f81ce2bfe8835283
Reviewed-on: https://review.typo3.org/25544
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix moving/copying files and folders between storages 18/25618/2
Frans Saris [Wed, 20 Nov 2013 22:22:21 +0000 (23:22 +0100)]
[BUGFIX] Fix moving/copying files and folders between storages

When a file or folder is moved between 2 storages the target
storages is asked for the filepermissions of the source
file/folder. This breaks because current storages + driver
can not access/find source.

This patch makes sure that on places where a source can be
from an other storage the source storage is used for the
permission check.

Releases: 6.0, 6.1, 6.2
Resolves: #53802
Change-Id: Ib2c1443fad295a3b7eeeb01ab38359fcdf6849ab
Reviewed-on: https://review.typo3.org/25618
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Fix regression in ResourceCompressor 15/25615/2
Markus Klein [Thu, 21 Nov 2013 15:28:50 +0000 (16:28 +0100)]
[BUGFIX] Fix regression in ResourceCompressor

Resolves: #53844
Related: #53243
Releases: 6.2, 6.1, 6.0
Change-Id: I7f6a178b063d71c9182316a81e787c9ab5246b8e
Reviewed-on: https://review.typo3.org/25615
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Filemtime / Filesize trigger warning 42/25542/2
Tomita Militaru [Mon, 11 Nov 2013 19:53:22 +0000 (21:53 +0200)]
[BUGFIX] Filemtime / Filesize trigger warning

Adds check for file_exists before calling filemtime / filsize
to avoid warning message.

Resolves: #53243
Releases: 6.2, 6.1, 6.0
Change-Id: I0f7da0c3e1920ddcf7d2d427a48ddcca71a6a4a3
Reviewed-on: https://review.typo3.org/25542
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Fluid paginate widget wrong number of links 37/25537/2
Klaas Johan Kooistra [Fri, 8 Nov 2013 15:42:09 +0000 (16:42 +0100)]
[BUGFIX] Fluid paginate widget wrong number of links

If the maximumNumberOfLinks configuration option is set to 8
the widget will render 10 links.

Solved the problem by changing a plus to a minus in the calculation
of the display range end and added unit tests for several cases.

Resolves: #53458
Releases: 6.2, 6.1, 6.0
Change-Id: Ic1c55b0bf925b546d119c67433f63e662493a08b
Reviewed-on: https://review.typo3.org/25537
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Fix JS error in lang module 19/25519/2
Markus Klein [Tue, 19 Nov 2013 21:17:18 +0000 (22:17 +0100)]
[BUGFIX] Fix JS error in lang module

The tables of the language module do not resize
on change of windows height. This fixes the
Javascript error.

Releases: 6.0, 6.1, 6.2
Resolves: #53773
Change-Id: I614d370108092b224059d5a5d07d78a10a10e2a2
Reviewed-on: https://review.typo3.org/25519
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Scheduler extension sql file is invalid 06/25506/2
Michiel Roos [Tue, 19 Nov 2013 10:27:11 +0000 (11:27 +0100)]
[BUGFIX] Scheduler extension sql file is invalid

On import into MySQL an error is thrown and MySQL
refuses to create the table:

ERROR 1067 (42000) at line 4: Invalid default value for 'uid'

This is due to the fact that a default value is being set
for an auto_increment field.

Change-Id: Ic072d3ec21b4e8adbecf9ff88e6ac4a2919959ec
Resolves: #53750
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/25506
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action 01/25501/2
Ralf Hettinger [Sat, 27 Apr 2013 08:12:00 +0000 (10:12 +0200)]
[BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action

This fixes the error "TBE_EDITOR not defined" which occured when using
sys_action > create backend user and assigning a db mount.

Resolves: #34544
Releases: 6.2, 6.1, 6.0
Change-Id: Idb78c23e2dea576fb1cab41979d4b068ca45a8b7
Reviewed-on: https://review.typo3.org/25501
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] ExtDirect StateProvider should store all settings 99/25499/2
Johannes Feustel [Mon, 16 Sep 2013 00:14:11 +0000 (02:14 +0200)]
[BUGFIX] ExtDirect StateProvider should store all settings

ExtDirect StateProvider seems to queue Ext.state.Manager.set() calls and
collects them to fire only one AJAX call.

In TYPO3\CMS\Backend\InterfaceState\ExtDirect on the other hand setState()
only stores the first item of the data array to $GLOBALS['BE_USER']->uc
the other settings are just ignored. Instead it should iterate the data
array and store all items.

Change-Id: I8d8bd01131545a6cad1a3933184c25c6d5f26149
Fixes: #51998
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25499
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[TASK] Optimization in AbstractViewHelper 97/25497/2
Wouter Wolters [Mon, 18 Nov 2013 21:27:22 +0000 (22:27 +0100)]
[TASK] Optimization in AbstractViewHelper

Small optimization in AbstractViewHelper to fetch the type
after the check for the default value of the argument.

Change-Id: Ie9b68d892f4a20521606709b8fdfba83099c3d70
Resolves: #53746
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25497
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Rename hook in VariableFrontend.php 95/25495/2
Nicole Cordes [Sat, 16 Nov 2013 20:33:10 +0000 (21:33 +0100)]
[BUGFIX] Rename hook in VariableFrontend.php

Due to the namespace changes the hook in
typo3\sysext\core\Classes\Cache\Frontend\VariableFrontend.php was
renamed. This patch changes name back to the one before.

Resolves: #53707
Releases: 6.2, 6.1, 6.0
Change-Id: Ibb86188b38aba9ca7e7e2670f843234fae16fa87
Reviewed-on: https://review.typo3.org/25495
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc 86/25486/2
Markus Klein [Mon, 18 Nov 2013 10:42:02 +0000 (11:42 +0100)]
[BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc

The values of the additional attributes for the backend icon viewhelper
need to be processed through htmlspecialchars().

Resolves: #53711
Releases: 6.2, 6.1, 6.0
Change-Id: I89794c77ad1bb7bad99517e24ae7345e0803616e
Reviewed-on: https://review.typo3.org/25486
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
5 years agoRevert "[BUGFIX] EM: Fetch list as html, not as json" 48/25448/2
Helmut Hummel [Fri, 15 Nov 2013 17:40:37 +0000 (18:40 +0100)]
Revert "[BUGFIX] EM: Fetch list as html, not as json"

This reverts commit 8a80c2336eabed5c794b2401981b1d35608787e1

This change did not work at all, left unused
templates behind (List/Ter.json),
and caused further bugs #53661

Change-Id: I62d1c6c06a5acb8aeed0a12226b3e7ed1bd3282b
Reviewed-on: https://review.typo3.org/25448
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] FILES.folder does not work 11/25411/2
Stefan Froemken [Sat, 26 Oct 2013 13:58:27 +0000 (15:58 +0200)]
[BUGFIX] FILES.folder does not work

cObject IMAGE was executed with empty values
because given key contains filenames instead of
numbers

Resolves: #45724
Releases: 6.2, 6.1, 6.0
Change-Id: I5582b63080b7e6124c3780a8430efb410876a662
Reviewed-on: https://review.typo3.org/25411
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Move beuser property mappings to global scope 06/24006/2
Philipp Gampe [Mon, 23 Sep 2013 10:00:55 +0000 (12:00 +0200)]
[BUGFIX] Move beuser property mappings to global scope

Currently the persistence settings for all tx_beuser models are defined
in module.tx_beuser.persistence.classes.
If any other module tries to access the corresponding backend user
repository from tx_beuser, then no mappings will be loaded by extbase,
resulting in a wrong cache entry for the model and the attempt to
access a nonexisting table.

Move the class mapping part of the TS template into
  config.tx_extbase.persistence.classes
to make them available for all extensions and modules.

Resolves: #51234
Releases: 6.2, 6.1, 6.0
Change-Id: I0b39c96c9db89c379e5613231a215f27b2dfbcde
Reviewed-on: https://review.typo3.org/24006
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix broken edit icons on cType HTML 06/25406/2
Stefan Neufeind [Thu, 14 Nov 2013 17:29:46 +0000 (18:29 +0100)]
[BUGFIX] Fix broken edit icons on cType HTML

Fix the wrong Typoscript configuration for front-end edit icons
for cType HTML (for the traditional fe-editing).

Resolves: #17493
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I743d8d8ee77bd76bd9ed2a12cd34817196d3719a
Reviewed-on: https://review.typo3.org/25406
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Distinguish unassigend columns and colPos 0 87/25387/2
Georg Ringer [Sun, 17 Feb 2013 17:06:51 +0000 (18:06 +0100)]
[BUGFIX] Distinguish unassigend columns and colPos 0

When using backend layout columns without a colPos value they should be
just placeholders with the label "not assigned". Currently they are
showing the content of the column 0 instead if there is such a column in
the backend layout.

The label "not assigned" is used for columns without any
label, otherwise the label is used together with the suffix
"(not assigned)".

Change-Id: I02c418eebdd9345c3066aa8c3eeec353d2cd9e58
Resolves: #25157
Resolves: #45550
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/25387
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Native date and datetime values do not consider timezone 68/25368/2
Oliver Hader [Wed, 11 Sep 2013 14:12:20 +0000 (16:12 +0200)]
[BUGFIX] Native date and datetime values do not consider timezone

The TCA configuration property "dbType" allows to store "date"
or "datetime" values directly in the database (instead of using
a timestamp value).
However, the timezone is not recognized correctly - besides that,
the serverTimeZone is applied which does not make much sense at
all, since it leaves out DST handling.

Fixes: #51918
Releases: 6.0, 6.1, 6.2
Change-Id: I45da65d8cee2611358303e93305cb5c793223746
Reviewed-on: https://review.typo3.org/25368
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Compressor resolves dots in filenames correctly 11/25011/2
Christian Kuhn [Thu, 17 Oct 2013 16:46:47 +0000 (18:46 +0200)]
[BUGFIX] Compressor resolves dots in filenames correctly

Method getFilenameFromMainDir() tries to resolve a given file path
to a path relative to the document root and takes care of file
existance.

Sometimes it is fed with a path like '../path/to/file' and then
prepends it with the document root to call an is_file() on it. The
constructed path is then '/path/to/doc/root/typo3/../path/to/file'. If
now 'root' is a symlink to some sub structure itself, is_file()
will fail, because it does not solve the '..' part correctly anymore.

Using resolveBackPath() on the path before feeding it to is_file()
transforms the path to '/path/to/doc/root/path/to/file'. So the dots
are resolved and is_file is happy.

Change-Id: I20b4f4bbea695aeb02e3d92469236bc63cd05d97
Resolves: #52926
Releases: 6.2, 6.1, 6.0, 4.7
Reviewed-on: https://review.typo3.org/25011
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] T3editor: Make errors/exceptions show correctly 80/25080/2
Stefan Neufeind [Thu, 24 Oct 2013 23:26:02 +0000 (01:26 +0200)]
[BUGFIX] T3editor: Make errors/exceptions show correctly

* Display T3editor.lang.errorWhileSaving in a flashmessage.
* Pass exception-messages through the AJAX-call and display
  them in the flashmessage as well.

Change-Id: Ia743b5a3fc9a7b272854920bcc0e9d081d4822ef
Resolves: #53115
Releases: 6.2, 6.1, 6.0, 4.5
Reviewed-on: https://review.typo3.org/25080
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Fix menu popup for all IE versions 85/25285/3
Alexander Opitz [Wed, 21 Aug 2013 15:09:23 +0000 (17:09 +0200)]
[BUGFIX] Fix menu popup for all IE versions

The IE has problems with base URLs in JS on window.open()
function calls. This problem was already fixed for content
objects but not for the menu.

This change adds the baseUrlWrap and also the quoteJSvalue
function call like in ContentObjectRenderer::typoLink().

Resolves: #22136
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: Ia1ad859d2acb358378bc4ffa3f6a9162b3fc6937
Reviewed-on: https://review.typo3.org/25285
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] dataTables: Avoid sending cookie-data too often 44/25344/2
Stefan Neufeind [Thu, 17 Oct 2013 23:05:25 +0000 (01:05 +0200)]
[BUGFIX] dataTables: Avoid sending cookie-data too often

All core-modules currently using jQuery-dataTables are
called through mod.php. So by adding that to the
cookie-path we can at least prevent sending those cookies
with requests like JS/CSS/images.

Change-Id: Ia9ea30e8967564572c7104600eb8dcc67647382d
Resolves: #52934
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25344
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Wrong usage-text for cli_dispatch 47/25347/2
Tomita Militaru [Tue, 12 Nov 2013 12:05:14 +0000 (14:05 +0200)]
[BUGFIX] Wrong usage-text for cli_dispatch

Correct usage text for cli_dispatch, use --refindex update
instead of -e

Resolves: #53399
Releases: 6.2, 6.1, 6.0
Change-Id: I6e571e8ba1cc139c7a4004800491637d5b3af6d7
Reviewed-on: https://review.typo3.org/25347
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Evaluator in JS fails with namespaces 18/25318/2
Stefan Aebischer [Mon, 28 Oct 2013 22:07:09 +0000 (23:07 +0100)]
[BUGFIX] Evaluator in JS fails with namespaces

If you add an own evaluator, you have to insert the
class inclusive namespaces. JavaScript in TYPO3
backend fails to use the correct class set in
namespaces.

Resolves: #52904
Releases: 6.2,6.1,6.0
Change-Id: I356a2a7ff169462307506c64234741e6a690f8e2
Reviewed-on: https://review.typo3.org/25318
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Make be.buttons.icon-ViewHelper extensible 12/25312/2
Stefan Neufeind [Mon, 11 Nov 2013 22:43:29 +0000 (23:43 +0100)]
[BUGFIX] Make be.buttons.icon-ViewHelper extensible

Many of the standard-ViewHelpers (tag-based) at least support
additionalAttributes. Introduce this for be.buttons.icon as well
to allow for attributes like onclick or target. Those arguments
will be assigned to the surrounding a-tag if an uri is specified.

Change-Id: I0b8ef12842a818ed5d49437a003287aff9b08f13
Resolves: #53538
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25312
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Hard-coded labels in file collections 81/25281/2
Tomita Militaru [Mon, 11 Nov 2013 14:29:35 +0000 (16:29 +0200)]
[TASK] Hard-coded labels in file collections

Adds labels for file collection types in TCA

Resolves: #52727
Release: 6.2, 6.1, 6.0
Change-Id: I0aafc385d824a41a4e6045a9708d726dee06ea39
Reviewed-on: https://review.typo3.org/25281
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Correctly append additionalTreelistUpdateFields 78/25278/2
Bart Dubelaar [Tue, 27 Nov 2012 00:45:21 +0000 (01:45 +0100)]
[BUGFIX] Correctly append additionalTreelistUpdateFields

The list of additionalTreelistUpdateFields was not correctly
appended to the updateRequiringFields array.

Resolves: #37948
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I7df514649203bf607a6ac3550c875c429e0f7328
Reviewed-on: https://review.typo3.org/25278
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] EM: Fetch list as html, not as json 70/25270/2
Stefan Neufeind [Fri, 8 Nov 2013 13:40:14 +0000 (14:40 +0100)]
[BUGFIX] EM: Fetch list as html, not as json

After performing an update from TER currently the extension-list
is fetched as format=json. This however leads to that situation
that links in the list also have format=json and won't work
anymore (example: pagination-widget).

Change-Id: Id37ab27bb3acd821e9dc0cadb23978aa3e5d9784
Resolves: #53423
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25270
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Fix wrong handling of php and TYPO3 dependencies 27/24127/3
Susanne Moog [Sun, 8 Sep 2013 13:26:22 +0000 (15:26 +0200)]
[BUGFIX] Fix wrong handling of php and TYPO3 dependencies

Due to a superfluos try-catch block dependencies for TYPO3 and
PHP version were not checked correctly.

Additionally the TER version comparison was wrong as it did not
include the given version (only less or greater was checked, not
...OrEqual).

Resolves: #48809
Resolves: #51730
Resolves: #51182
Releases: 6.2, 6.1, 6.0
Change-Id: I773e1af014cd3e8525794c2fcdc615ea8a5f36a1
Reviewed-on: https://review.typo3.org/24127
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Correct storage selection (follow-up) 33/25233/2
Ernesto Baschny [Thu, 26 Sep 2013 14:44:59 +0000 (16:44 +0200)]
[BUGFIX] Correct storage selection (follow-up)

The new matching did not consider Windows paths names as the
previous version did. Using PathUtility is safer.

Releases: 6.2, 6.1, 6.0
Resolves: #52173
Change-Id: Ib0454a468bb93f5baab9677ffafc86efd0f1ae27
Reviewed-on: https://review.typo3.org/25233
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[TASK] Fix superfluous strlen() on constant strings 44/25244/2
Steffen Ritter [Sat, 9 Nov 2013 21:41:29 +0000 (22:41 +0100)]
[TASK] Fix superfluous strlen() on constant strings

Releases: 6.2, 6.1, 6.0
Resolves: #53477
Change-Id: I27817df25c126beb216c2b933c82ad9c35b74d80
Reviewed-on: https://review.typo3.org/25244
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
5 years ago[BUGFIX] Enable treeConfig overriding by Page TSconfig 36/25236/2
Stefan Froemken [Mon, 8 Apr 2013 10:58:15 +0000 (12:58 +0200)]
[BUGFIX] Enable treeConfig overriding by Page TSconfig

Add treeConfig to whitelist to allow overriding rootUid
as described in the documentation. Example:

TCEFORM.pages.categories.config.treeConfig.rootUid = 1

Resolves: #47040
Releases: 6.2, 6.1, 6.0, 4.7
Change-Id: Idd55593b063daa0be3c2943400f82617b0bf6218
Reviewed-on: https://review.typo3.org/25236
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] T3editor: Honour fileDenyPattern on saving included TS 58/25058/2
Stefan Neufeind [Tue, 29 Oct 2013 21:17:25 +0000 (22:17 +0100)]
[BUGFIX] T3editor: Honour fileDenyPattern on saving included TS

fileDenyPattern is only checked on loading so far.
Needs to be added for saving as well taken into account, since
otherwise an arbitrary file (including .php) can be overwritten.

Change-Id: Ia7edc83c8954942fb848746abc0980a304a1a6df
Resolves: #53195
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25058
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Escape title, extension, description of scheduler tasks 15/25215/2
Tomita Militaru [Sat, 2 Nov 2013 22:14:14 +0000 (00:14 +0200)]
[BUGFIX] Escape title, extension, description of scheduler tasks

Properly escapes the title, description and extension of
displayed scheduler tasks

Resolves: #29179
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ie03383f694863e435bfb96341226f8c78be426e5
Reviewed-on: https://review.typo3.org/25215
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Exception using cObject FORM in TypoScript 18/23718/2
Andreas Bouche [Fri, 4 Nov 2011 09:32:09 +0000 (10:32 +0100)]
[BUGFIX] Exception using cObject FORM in TypoScript

Through a bug introduced by #31120, an Exception is thrown when a
TypoScript FORM object should be rendered.

Fixes: #31572
Releases: 6.2, 6.1, 6.0, 4.7
Change-Id: Ie67484fd014620ea229a7bee8bfebd063a3b57ae
Reviewed-on: https://review.typo3.org/23718
Reviewed-by: Stefan Neufeind
Reviewed-by: Sebastian Michaelsen
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
5 years ago[BUGFIX] Enable BE search for multiple mountpoints 87/24887/2
Georg Ringer [Thu, 19 Sep 2013 05:31:20 +0000 (07:31 +0200)]
[BUGFIX] Enable BE search for multiple mountpoints

Backend search now allows search from all mounts of an editor.
If the root page is selected it will search in all mounts of the
backend user.

Change-Id: Ic462725bb4cba8100c5eeca5f7f47b5711ab2869
Resolves: #35073
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24887
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
5 years ago[TASK] Exclude central Modernizr from concatenation 81/24881/2
Stefan Neufeind [Thu, 17 Oct 2013 20:30:29 +0000 (22:30 +0200)]
[TASK] Exclude central Modernizr from concatenation

Modernizr is added to every "page" in the backend
as a default in DocumentTemplate. By default all JS
gets merged. Thus Modernizr is added to multiple
files.

Reduce the size of JS-files and allow browsers to
take advantage of reusing that code by having this
library as a separate part.

Change-Id: If18ca423ac3b4b1347c1319189d0feb019f37b7f
Resolves: #52931
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24881
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Suppress empty tag names in output of array2xml 49/24849/2
Markus Hoelzle [Wed, 16 Oct 2013 13:26:58 +0000 (15:26 +0200)]
[BUGFIX] Suppress empty tag names in output of array2xml

If a tag name is empty GeneralUtility::array2xml must not output that
tag at all.

Resolves: #52529
Releases: 6.2, 6.1, 6.0
Change-Id: Ib075feac25e5ba06884436db6d4be69cc428a43d
Reviewed-on: https://review.typo3.org/24849
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
5 years ago[BUGFIX] Preserve vendor name in refering request 89/24789/3
Thomas Maroschik [Tue, 15 Oct 2013 09:28:41 +0000 (11:28 +0200)]
[BUGFIX] Preserve vendor name in refering request

Fluid FormViewHelper adds some hidden fields that contain information
about the current controller. When the form is submitted and contains
a validation error the errorAction int the ActionController is hit.
This one builds a refering request object from the hidden fields without
a vendor name, as this one is not passed from the FormViewHelper.
The request object tries to guess the controller name but guesses a non
namespaced classes name as the vendor name is not given. To get further
information about the class methods the class name gets autoloaded and
creates a wrong classes cache entry as the autoloader cannot detect if
a extension has namespaced or non namespaced classes from the outside.

This patch introduces a hidden vendor name field in the Fluid FormViewHelper.

Fixes: #52823
Releases: 6.2, 6.1, 6.0
Change-Id: I0a82cf2ee07ce293eda0b9f50d3cac7b2a513f15
Reviewed-on: https://review.typo3.org/24787
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-on: https://review.typo3.org/24789
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
5 years ago[BUGFIX] Moving folders fails 01/24801/2
Oliver Hader [Tue, 15 Oct 2013 12:38:43 +0000 (14:38 +0200)]
[BUGFIX] Moving folders fails

On moving existing folders inside another existing folder in the
file-module, the following exception is thrown:

1314085991: uid of Storage has to be numeric.

The reason is obvious, since the submitted storage key contains
the storage object instead of the UID of the storage.

Change-Id: Ia6f6af5252880a7bde8a537bc9e343c392eadbf5
Fixes: #52845
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/24801
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Only load folder contents if folder is initialised 82/24782/2
Frans Saris [Mon, 5 Aug 2013 20:13:55 +0000 (22:13 +0200)]
[BUGFIX] Only load folder contents if folder is initialised

FolderBasedFileCollection::loadContents() has to check if
the folder is initialised prior to loading the contents to
prevent fatal errors.

Fixes: #50802
Releases: 6.2, 6.1, 6.0
Change-Id: If3ce06cff13595da49abbb6aa99c891969aea692
Reviewed-on: https://review.typo3.org/24782
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Superfluous usage of ObjectManagerException 75/24775/2
Oliver Hader [Mon, 14 Oct 2013 22:00:53 +0000 (00:00 +0200)]
[BUGFIX] Superfluous usage of ObjectManagerException

The workspace backend module uses
\TYPO3\CMS\Extbase\Object\ObjectManagerException instead of
\TYPO3\CMS\Extbase\Object\ObjectManager.

Change-Id: Ieb30ed6cd3e8d33de7270800044b0eeebf83be90
Fixes: #52824
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/24775
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[FEATURE] Add getValidators to AbstractCompositeValidator 71/24771/2
Stefan Froemken [Wed, 4 Sep 2013 07:09:14 +0000 (09:09 +0200)]
[FEATURE] Add getValidators to AbstractCompositeValidator

removeValidator is unusable as long as there is no method
to get contained validators

Resolves: #51707
Releases: 6.1, 6.0
Change-Id: If8705e8b5c7c2dfa84a732b97813d6097930f209
Reviewed-on: https://review.typo3.org/24771
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
5 years ago[BUGFIX] Use callback in preg_replace in RemoveXSS 57/24757/2
Jigal van Hemert [Mon, 14 Oct 2013 08:34:52 +0000 (10:34 +0200)]
[BUGFIX] Use callback in preg_replace in RemoveXSS

Since PHP 5.5.0 the use of the /e modifier is deprecated in preg_replace.
Use callback function instead.
Also change comments to CGL format.

Change-Id: I44f12e8bfa1c976e494dae847cc6c53d15ed7c2d
Fixes: #52771
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/24757
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Detect unix-styled absolute paths on Windows systems 25/24725/2
Nicole Cordes [Mon, 14 Oct 2013 08:12:34 +0000 (10:12 +0200)]
[BUGFIX] Detect unix-styled absolute paths on Windows systems

Currently PathUtility::isAbsolutePath and GeneralUtility::isAbsPath
only the for ":\" to detect absolute paths on Windows systems. This
patch provides even ":/" as unix-styled paths are mostly used now.

Resolves: #52773
Releases: 6.2, 6.1, 6.0
Change-Id: I1e132bbe74394861af4bf02a22287c9496953150
Reviewed-on: https://review.typo3.org/24725
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
5 years ago[BUGFIX] Object passed to date() 11/24711/2
Xavier Perseguers [Sun, 13 Oct 2013 17:56:12 +0000 (19:56 +0200)]
[BUGFIX] Object passed to date()

Function date() expects a timestamp as second parameter, not
an object.

Fixes: #52759
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6821bafa51372c50d8903c63d62ea44933bc12b3
Reviewed-on: https://review.typo3.org/24711
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[TASK] Use 6.1 branch in travis-integration for travis 62/24662/2
Christian Kuhn [Sat, 12 Oct 2013 20:18:56 +0000 (22:18 +0200)]
[TASK] Use 6.1 branch in travis-integration for travis

Change-Id: I748bae0a4c4995d6e47b42d2d84cead36db3665d
Resolves: #52731
Related: #47018
Releases: 6.1, 6.0
Reviewed-on: https://review.typo3.org/24660
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit f4f2756533761fa2da2d89f6f91e2be90c2dcb42)
Reviewed-on: https://review.typo3.org/24662

5 years ago[BUGFIX] Use BackendUtility use statement 59/24659/2
Anja Leichsenring [Sat, 12 Oct 2013 18:34:23 +0000 (20:34 +0200)]
[BUGFIX] Use BackendUtility use statement

Due to a faulty backport BackendUtility was used without proper
namespace, leading to a fatal error while editing page properties.
This introduces the use statement for all occurences in the class.

Resolves: #52728
Releases: 6.1, 6.0
Change-Id: I37b9e98513b1dd173e7099bce68a5950b9dd12e1
Reviewed-on: https://review.typo3.org/24659
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Wrong calculation of maximum value for checkbox fields 54/24654/2
Nicole Cordes [Sat, 12 Oct 2013 16:36:30 +0000 (18:36 +0200)]
[BUGFIX] Wrong calculation of maximum value for checkbox fields

This patch corrects the calculation of the maximum value for a group
of checkboxes which is stored as bit flag value in the database. The
formular for the maximum value is 2nd power of the item count minus one.

Resolves: #52104
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I0eb430b72a072838c6ac3bc3f5e339ff2509c455
Reviewed-on: https://review.typo3.org/24653
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
(cherry picked from commit 33d441555e8e9ad8f6c6c6a5157397815597d057)
Reviewed-on: https://review.typo3.org/24654

5 years ago[BUGFIX] Prevent empty newline below scheduler-task-name 20/24620/2
Stefan Neufeind [Sat, 12 Oct 2013 01:20:07 +0000 (03:20 +0200)]
[BUGFIX] Prevent empty newline below scheduler-task-name

The newline below a scheduler-task-name is only needed
if a progress-bar and/or additional-information follow.

Change-Id: I8d92fc0d3b8d88fdbdfdc79d8ee501b74d821bcc
Resolves: #52715
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24620
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes 04/24604/2
Alexander Schnitzler [Fri, 11 Oct 2013 16:33:10 +0000 (18:33 +0200)]
[BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes

Currently the method just splits the given class name
by backslashes to detect the proper vendor name. If using
a leading backslash the algorithm of this function causes
a wrong result. Therefore all leading backslashes must be
removed first.

Releases: 6.2, 6.1, 6.0
Fixes: #52708
Change-Id: Icdc46facf66260bf528994964fb713d3dd24b3c6
Reviewed-on: https://review.typo3.org/24604
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] BackendUtility::viewOnClick() called with non-integer 94/24594/2
Oliver Hader [Thu, 8 Aug 2013 10:48:24 +0000 (12:48 +0200)]
[BUGFIX] BackendUtility::viewOnClick() called with non-integer

The origin is in DatabaseRecordList::makeControl() that
tries to create a preview link with the page id "243#33163"
- more strict checks will deny this request because it's not
the expected integer value. Thus, BackendUtility::viewOnClick()
is called with a string instead of an integer.
This happens in the regular list module in the TYPO3 backend.
It's not critical if hooks and further processors use intval() on the
argument, but is bad if methods expect the defined integer value.

Change-Id: Ib66c1ee219b67e51d534f11fbf1eaa330476ca93
Fixes: #50912
Releases: 4.5, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/24594
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Clear_cache() must not consider page ids lower than 0 92/24592/2
Oliver Hader [Fri, 11 Oct 2013 12:30:53 +0000 (14:30 +0200)]
[BUGFIX] Clear_cache() must not consider page ids lower than 0

DataHandler::clear_cache() is called with a table and an uid that
has been modified to trigger the clear cache commands. To find
siblings, children, parents, etc. the pid value is directly used
to find the affected pages. However, in a workspace context, the
pid is always "-1" which leads to a selection of all page
records of all workspaces. This amount is used to flush all
defined caches by a given tag name and might result in execution
time outs.

To avoid these superfluous cache flushes, page ids lower than 0
are ignored now in this section.

Fixes: #51051
Releases: 6.0, 6.1, 6.2
Change-Id: I03987bbd8c5d3526fb4dfda75b0dd0316fe1d836
Reviewed-on: https://review.typo3.org/24592
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Select available page when changing WS 91/24591/2
Thorsten Kahler [Thu, 7 Feb 2013 17:13:34 +0000 (18:13 +0100)]
[BUGFIX] Select available page when changing WS

When changing to another workspaces the currently selected page is not
always available.
This change selects the next available page from the rootline for page
tree and submodules of web module when the current page does not exist
in the workspace.

Change-Id: I0502fea3c21515421586403a41f5c696ffc0d762
Fixes: #37611
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/24591
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Copy records to target page before origin page is deleted 85/24585/2
Timo Webler [Thu, 10 Oct 2013 07:21:48 +0000 (09:21 +0200)]
[BUGFIX] Copy records to target page before origin page is deleted

When a deletion of a page is published, all moved records
have to be copied to their new location before they get deleted.

Resolves: #52636
Releases: 6.2, 6.1, 6.0
Change-Id: Ide471b4f25c0350a1df57af3d92283310a76cac9
Reviewed-on: https://review.typo3.org/24585
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Create workspace placeholder with processed field content 83/24583/2
Sascha Egerer [Wed, 7 Aug 2013 19:27:08 +0000 (21:27 +0200)]
[BUGFIX] Create workspace placeholder with processed field content

The field content that is used for the workspace placeholder records
is not processed through the field configuration.

This produces annoying error messages to the user.

Resolves: #17551
Releases: 6.2, 6.1, 6.0
Change-Id: I79823cc2bd0d26a03b0850045c08999ebdbc1a9b
Reviewed-on: https://review.typo3.org/24583
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Add workspace overlay for fetched records. 78/24578/2
Timo Webler [Wed, 25 Apr 2012 15:07:31 +0000 (17:07 +0200)]
[BUGFIX] Add workspace overlay for fetched records.

Call workspace overlay to resolve the right uid for
move-placeholder.

Change-Id: I6af65fcda1b1fffe72dfbc314976e42f30120d71
Fixes: #36573
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/24578
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] WS preview shows pages changes from all WS 74/24574/2
Thorsten Kahler [Thu, 7 Feb 2013 10:14:25 +0000 (11:14 +0100)]
[BUGFIX] WS preview shows pages changes from all WS

In workspace preview the query condition for pages records has to be
enhanced to restrict to live WS and current WS.

Change-Id: Ib271b9bb435b50f2777621707728a74ba5de4187
Fixes: #37209
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24574
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Delete modified record in WS just deletes WS version 68/24568/2
Sascha Egerer [Fri, 4 Oct 2013 09:57:35 +0000 (11:57 +0200)]
[BUGFIX] Delete modified record in WS just deletes WS version

If you edit a record in a workspace and then you try to
delete the record, the record it not deleted but the
version (workspace-change record) is.

Resolves: #52530
Releases: 6.2, 6.1, 6.0
Change-Id: I6a77f9a398276af98c41d841053641f3e07b2e33
Reviewed-on: https://review.typo3.org/24568
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Don't show duplicates in workspace preview 09/24009/2
Timo Webler [Mon, 3 Dec 2012 08:51:02 +0000 (09:51 +0100)]
[BUGFIX] Don't show duplicates in workspace preview

Fixed workspace filters in case of workspace preview
in TYPO3\CMS\Frontend\Page\PageRepository::enableFields().

Additionally cleared up the corresponding comments.

Change-Id: I088928a88cb673f18f218ef691a6c528019317c0
Fixes: #37065
Releases: 6.2, 6.1, 6.0, 4.5
Reviewed-on: https://review.typo3.org/24009
Reviewed-by: Stefan Neufeind
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Cannot upload an extension as zip 32/24532/2
Xavier Perseguers [Wed, 25 Sep 2013 07:41:58 +0000 (09:41 +0200)]
[BUGFIX] Cannot upload an extension as zip

The file extension ".zip" should be systematically removed when
extracting the extension key from the uploaded file name.

Fixes: #52178
Releases: 6.2, 6.1, 6.0
Change-Id: I5316b995533fa324d3b19407ad9bb6365ab8858b
Reviewed-on: https://review.typo3.org/24037
Reviewed-by: Sebastian Fischer
Tested-by: Sebastian Fischer
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit e1db658c3f6d332f4c1971f333b55c168aed43df)
Reviewed-on: https://review.typo3.org/24532

5 years ago[BUGFIX] Fix namespace in FileMountRepositoryTest 50/24450/2
Marc Bastian Heinrichs [Mon, 7 Oct 2013 11:00:05 +0000 (13:00 +0200)]
[BUGFIX] Fix namespace in FileMountRepositoryTest

Currently a "Tests\Unit\" is missing in between.

Resolves: #46845
Releases: 6.1, 6.0
Change-Id: I2cb4f7fedf826ff35b66ecd4ea600bc60b41123b
Reviewed-on: https://review.typo3.org/24450
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Fields of type file_reference are not properly indexed 49/24449/2
Martin Borer [Mon, 12 Aug 2013 10:44:46 +0000 (12:44 +0200)]
[BUGFIX] Fields of type file_reference are not properly indexed

sys_refindex entries for TCA-fields of type group->file_reference
are not correct. The fields ref_table and ref_uid are not filled.
This results in a wrong number of references in the Ref column of
the Filelist module and prevents a warning that a resource is still
in use when deleting it.

Resolves: #49538
Releases: 6.2, 6.1, 6.0
Change-Id: I1c44fc98b7ceefd6247ec372e5b28f8682a47bf1
Reviewed-on: https://review.typo3.org/24449
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Missing closing tag in ElementBrowser 38/24438/2
Philipp Gampe [Sun, 6 Oct 2013 22:10:12 +0000 (00:10 +0200)]
[BUGFIX] Missing closing tag in ElementBrowser

There is missing " />" at the end for $clickIcon, which refers to
the thumbnail in the element browser.
Resolves: #52546
Releases: 6.2, 6.1, 6.0
Change-Id: I2da27190db0ca627c2967750f828c6748b039356
Reviewed-on: https://review.typo3.org/24438
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[FEATURE] Backport ClassNamingUtility 95/22795/3
Stefan Neufeind [Sat, 3 Aug 2013 22:06:09 +0000 (00:06 +0200)]
[FEATURE] Backport ClassNamingUtility

ClassNamingUtility is useful since the introduction of namespaces
in 6.0. Originally this feature was introduced with 6.1.

Change-Id: I7ccc2a25e60c5deda36cdce0c3eaab213101ab49
Resolves: #50756
Releases: 6.0
Reviewed-on: https://review.typo3.org/22795
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[TASK] Use instanceof comparison instead of string comparison 99/24399/2
Benjamin Serfhos [Wed, 2 Oct 2013 12:28:17 +0000 (14:28 +0200)]
[TASK] Use instanceof comparison instead of string comparison

This allows the ViewHelper to render elements which are extending
the model.

Resolves: #52469
Releases: 6.2, 6.1, 6.0
Change-Id: If4b9b3019b44e38a5a25cb74ff993e572464bb9d
Reviewed-on: https://review.typo3.org/24399
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] TS is fetched from cache incorrectly sometimes 78/24178/2
Dmitry Dulepov [Mon, 3 Dec 2012 09:40:25 +0000 (13:40 +0400)]
[BUGFIX] TS is fetched from cache incorrectly sometimes

If $TYPO3_CONF_VARS['FE']['defaultTypoScript_constants'] or
$TYPO3_CONF_VARS['FE']['defaultTypoScript_setup'] are set through
the PHP code, cached TS will not be found in cache. This would
result in TS parsing every time when there are USER_INT objects
on the page. It may slow down the page with USER_INT objects
by about 300% comparing to the cached version.

This change is re-added after it got reverted due to lack of reviews in
Ia0fd65a35897c71d60c48c0b03098ce67ad16c70.

Change-Id: Ief3a065451644423b236489729716b906f3d4500
Resolves: #43540
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/24178
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
5 years ago[BUGFIX] Initialize extension name in command requests 25/24125/2
Alexander Stehlik [Wed, 25 Sep 2013 06:40:37 +0000 (08:40 +0200)]
[BUGFIX] Initialize extension name in command requests

This patch initializes the extension name in the configuration manager
as soon as it is available during an Extbase command line request.

Resolves: #51329
Releases: 6.2, 6.1, 6.0
Change-Id: I73b0f0e7a0b20e1773c9eb92f0d2175416ce2bb1
Reviewed-on: https://review.typo3.org/24125
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
5 years ago[BUGFIX] Incomplete backup in AbstractUserAuthenticationTest 19/24119/2
Christian Kuhn [Sat, 28 Sep 2013 07:02:27 +0000 (09:02 +0200)]
[BUGFIX] Incomplete backup in AbstractUserAuthenticationTest

The test for issue #50913 exchanged TYPO3_DB with a mock. In 6.0,
this global must be backed up manually.

Change-Id: I7aea5646cd6ce157d86930857e3c6a306f9cfd4f
Resolves: #52346
Related: #50913
Releases: 6.0
Reviewed-on: https://review.typo3.org/24119
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Check for string before using strlen 90/24090/3
Kilian Hann [Tue, 24 Sep 2013 13:34:15 +0000 (15:34 +0200)]
[BUGFIX] Check for string before using strlen

If pi_flexform is converted to an array already, checking via strlen
produces a warning. An additional check via is_string suppresses the
warning.

Resolves: #52091
Resolves: #51684
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I97c41cdedb1afb28e2a9ca39e1d9cfb3921d9f47
Reviewed-on: https://review.typo3.org/24090
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] EmConfUtility accesses non-arrays 98/24098/2
Markus Klein [Mon, 16 Sep 2013 19:20:12 +0000 (21:20 +0200)]
[BUGFIX] EmConfUtility accesses non-arrays

Properly check for array-type before accessing
or counting the variable.

Resolves: #52045
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Id161fddadbbcadd462de36e8227278107f2e7a3a
Reviewed-on: https://review.typo3.org/24098
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Clear cached menu by tag 96/24096/2
Zbigniew Jacko [Tue, 3 Sep 2013 22:10:48 +0000 (00:10 +0200)]
[BUGFIX] Clear cached menu by tag

This change adds a table cf_cache_hash for clear cache by tag
for example for cached menu.

Resolves: #51588
Releases: 6.2, 6.1, 6.0
Change-Id: I18b8aad3ac82737bbc52d4aae49be9028b6df944
Reviewed-on: https://review.typo3.org/23624
Reviewed-by: Tymoteusz Motylewski
Tested-by: Tymoteusz Motylewski
Reviewed-by: Piotr Molewski
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit f6a8c13d3f71be582147be19d105046fce1d82ad)
Reviewed-on: https://review.typo3.org/24096

5 years ago[BUGFIX] Fix jumpToUrl()-Usage in Element Browser 94/24094/2
Benjamin Pick [Wed, 18 Sep 2013 14:53:44 +0000 (16:53 +0200)]
[BUGFIX] Fix jumpToUrl()-Usage in Element Browser

The Javascript functions jumpToUrl(URL,anchor) and jumpToUrl(URL,formEl)
cannot be used interchangeably. This leads to a javascript error,
because the formElement is rendered as string
("[object HTMLInputElement]").

Resolves: #50437
Releases: 6.0, 6.1, 6.2
Change-Id: I53e1be3c157a2ef6c646f02af15e8c746b6e6375
Reviewed-on: https://review.typo3.org/24094
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] groupFor-VH does not work with @lazy 88/24088/2
Stefan Froemken [Wed, 25 Sep 2013 13:50:41 +0000 (15:50 +0200)]
[BUGFIX] groupFor-VH does not work with @lazy

If you group an property with annotated @lazy option
f:groupedFor-ViewHelper can't group by this property.

Resolves: #52266
Releases: 6.2, 6.1, 6.0
Change-Id: Ie208b67eec8500fee87ee1c62b1bd348c0ed5598
Reviewed-on: https://review.typo3.org/24088
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Fix PHP warning trigged in getAuthInfoArray() 03/24003/2
Christian Finkemeier [Thu, 8 Aug 2013 13:18:55 +0000 (15:18 +0200)]
[BUGFIX] Fix PHP warning trigged in getAuthInfoArray()

AbstractUserAuthentication::getAuthInfoArray() calls
$GLOBALS['TYPO3_DB']->cleanIntList() with a possible NULL argument.
This leads to a PHP warning in GeneralUtility::trimExplode().

Resolves: #50913
Relates: #42921
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I42ddf8fed715c5f8ce060e6ca5826ef3ed8f223e
Reviewed-on: https://review.typo3.org/24003
Reviewed-by: Stefan Neufeind
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Fatal in DefaultConfiguration 86/24086/2
Christian Kuhn [Thu, 26 Sep 2013 20:00:46 +0000 (22:00 +0200)]
[BUGFIX] Fatal in DefaultConfiguration

Change-Id: I6f6c8a2ddc26a6c7584e6a067c887768cf3ae5b1
Resolves: #52316
Related: #52305
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24086
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Configure main extbase caches for unlimited entry lifetime 82/24082/2
Christian Kuhn [Thu, 26 Sep 2013 14:12:25 +0000 (16:12 +0200)]
[BUGFIX] Configure main extbase caches for unlimited entry lifetime

The extbase reflection and object caches are "stable" cache entries
and only need to be deleted if extensions change or are updates. The
extension manager takes care of flushing in this case.
Currently, the default lifetime of those cache entries is only one
hour, so they are recalculated pretty often. This is especially a
problem if the site was not accessed for more than an hour, since
tons of cache entries exceeded their lifetime and require
recalculation.
The patch moves the cache configuration of the required extbase
extension to DefaultConfiguration and sets unlimited default
lifetime for object and reflection cache.

Change-Id: I671692645aeb104f7fa73595cc79b25ed5984b85
Resolves: #52305
Related: #51116
Related: #52304
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24082
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[TASK] Use SimpleFileBackend for t3lib_l10n cache 80/24080/2
Christian Kuhn [Thu, 26 Sep 2013 13:00:08 +0000 (15:00 +0200)]
[TASK] Use SimpleFileBackend for t3lib_l10n cache

The language cache by default uses the FileBackend to store its data.
Language cache entries need to be deleted only if new extensions are
loaded and if new language overlays are fetched. They do not need
tagging and can have an unlimited lifetime.
Switching to SimpleFileBackend removes the tagging and sets unlimited
lifetime by to reduce read and write load on this cache.

Change-Id: I5c4778f4c38ae369b6873574e961fa65208d77a1
Resolves: #52295
Related: #52125
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/24080
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] EM does not link to docs.typo3.org 54/24054/2
Xavier Perseguers [Tue, 24 Sep 2013 12:57:27 +0000 (14:57 +0200)]
[BUGFIX] EM does not link to docs.typo3.org

docs.typo3.org is new official documentation platform supporting both
OpenOffice and Sphinx manuals.

Fixes: #52226
Releases: 6.2, 6.1, 6.0
Change-Id: Ie5f27bf15f5174a6e1bb53bedd575ceeb362add8
Reviewed-on: https://review.typo3.org/24017
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-on: https://review.typo3.org/24054

5 years ago[BUGFIX] Increase performance of exports for caches 52/24052/2
Markus Klein [Mon, 23 Sep 2013 10:20:01 +0000 (12:20 +0200)]
[BUGFIX] Increase performance of exports for caches

Exporting arrays for caches is now done with var_export().

Resolves: #51116
Releases: 6.2, 6.1, 6.0
Change-Id: I7519fd9c2ab21cc22a3f4e092b611c6bca58c30f
Reviewed-on: https://review.typo3.org/24052
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[BUGFIX] Remove duplicate exception code 47/24047/2
Fabien Udriot [Wed, 25 Sep 2013 07:59:08 +0000 (09:59 +0200)]
[BUGFIX] Remove duplicate exception code

Exception code "1314354065" is used twice: once in the abstract
Resource repository and the other one in the File Collection repository.
Since exception code must be unique, the patch simply renames one
occurrence.

Change-Id: I41474db5de7e8f575275d57e9585252857334ee2
Releases: 6.0, 6.1, 6.2
Resolves: #52243
Reviewed-on: https://review.typo3.org/24038
Reviewed-by: Kilian Hann
Tested-by: Kilian Hann
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-on: https://review.typo3.org/24047

5 years ago[BUGFIX] Correct storage selection (common prefixes) 94/23994/2
Ernesto Baschny [Mon, 23 Sep 2013 08:29:56 +0000 (10:29 +0200)]
[BUGFIX] Correct storage selection (common prefixes)

If there is a local storage "uploads/test/" and a requested file
is in "uploads/other/file.txt", the storage matching will not
consider this storage for this file anymore, although they share a
common prefix, but will use a correct matching storage (e.g. 0).

Releases: 6.2, 6.1, 6.0
Resolves: #52173
Change-Id: Id14ffd6620554c086b6e77dca285ade8dee39ab2
Reviewed-on: https://review.typo3.org/23994
Reviewed-by: Stefan Neufeind
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring