Packages/TYPO3.CMS.git
4 years ago[RELEASE] Release of TYPO3 6.0.14 12/30312/2 TYPO3_6-0-14
TYPO3 Release Team [Thu, 22 May 2014 08:10:25 +0000 (10:10 +0200)]
[RELEASE] Release of TYPO3 6.0.14

Change-Id: I08089195ded2aa1b150139c7a9d944e38af92887
Reviewed-on: https://review.typo3.org/30312
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[SECURITY] Add trusted HTTP_HOST configuration 91/30291/2
Helmut Hummel [Thu, 22 May 2014 07:32:48 +0000 (09:32 +0200)]
[SECURITY] Add trusted HTTP_HOST configuration

TYPO3 uses the values of HTTP_HOST in several
places without validating them. This could
lead to a situation where links are generated
using the host part from HTTP_HOST.

Since HTTP_HOST headers are user input and
can be spoofed by an attacker, it leads
into several potential and actual security issues.

To address this, a configuration option for
trusted hosts is added, which is evaluated every
time getIndpEnv('HTTP_HOST') is called.

The configuration option is

$GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern']

and can contain either a regular expression or the
value "SERVER_NAME"

To properly output the exception message in case
the trustedHostPattern does not match,
we need to adapt the exception handlers slightly
to not log information in this case and to actually
show the message even in production context to not
confuse admins on what is currently going wrong.

To not break all existing installations, the default
pattern is set to 'SERVER_NAME' which allows all
HTTP_HOST values matching the SERVER_NAME (and
optionally the SERVER_PORT if a port is specified
in the HTTP_HOST value).

This will secure all installation which use properly
configured name based virtual hosts, but leaves
installations where the web server is not bound
to a specific host name still in an insecure state.

Change-Id: I782fc022c829e4b0065e432d1c29467d808e7e98
Fixes: #30377
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30291
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in (old) extension manager information function 90/30290/2
Nicole Cordes [Thu, 22 May 2014 07:32:44 +0000 (09:32 +0200)]
[SECURITY] XSS in (old) extension manager information function

Needs to be fixed also in 6.x, but the affected function is not
used anymore.

Change-Id: Ida71054ffeaf963aed1da4674ec4ef87137d44ee
Fixes: #54111
Fixes: #54113
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 4fbe054f8595b18e135556208a2411cf2d5fc7ab
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30290
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in new content element wizard 89/30289/2
Marcus Krause [Thu, 22 May 2014 07:32:39 +0000 (09:32 +0200)]
[SECURITY] XSS in new content element wizard

Sanitize user-input colPos in new content element wizard.

Change-Id: Ic43566fc93fadf6a1d997ff73bf027468001fb38
Fixes: #48695
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 736a0f48add5b8fa9a72de839d33188194d9366b
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30289
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in template tools on root page 88/30288/2
Marc Bastian Heinrichs [Thu, 22 May 2014 07:32:34 +0000 (09:32 +0200)]
[SECURITY] XSS in template tools on root page

Change-Id: I3fb1c66314c6ef05d7f243a79c6af12466376078
Fixes: #54109
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 32029d767839a9a7be676df6ebb822ab3208b8f2
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30288
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in Backend Layout Wizard 87/30287/2
Helmut Hummel [Thu, 22 May 2014 07:32:29 +0000 (09:32 +0200)]
[SECURITY] XSS in Backend Layout Wizard

Change-Id: I95af00f6eedd9635e31c375922dc8fc90d930c0e
Fixes: #57576
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 466c3cc6dbe1eb3ebc38e26d22365da29a2c59c1
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30287
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Encode URL for use in JavaScript 86/30286/2
Jigal van Hemert [Thu, 22 May 2014 07:32:25 +0000 (09:32 +0200)]
[SECURITY] Encode URL for use in JavaScript

The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: Id4e860a8b6df53d368d3ce97d2a249eedfb0ed38
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 7251ca7283d7ff1f65c060af02cbe6080299f6ec
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30286
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Fix insecure unserialize in colorpicker 85/30285/2
Helmut Hummel [Thu, 22 May 2014 07:32:20 +0000 (09:32 +0200)]
[SECURITY] Fix insecure unserialize in colorpicker

Change-Id: Id31f4a16308484fd3d9c799f1dbf4473464508ca
Fixes: #56458
Releases: 6.1, 6.0, 4.7, 4.5
Security-Commit: ac30580c27a2e4374f5b4e6206f70c8392c40999
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30285
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Remove charts.swf to get rid of XSS vulnerability 84/30284/2
Helmut Hummel [Thu, 22 May 2014 07:32:15 +0000 (09:32 +0200)]
[SECURITY] Remove charts.swf to get rid of XSS vulnerability

The file charts.swf is vulnerable to XSS, is delivered
by ExtJS but not used in TYPO3 CMS at all.

Since the vendor of ExtJS did not fix this vulnerability,
we decided to remove it from TYPO3 sources.

Change-Id: I571812df4ef161844d03819cbc0eaa693082dce8
Fixes: #54526
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 8395e75b9c685b5bc3cc516b882c3cc3dda17918
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30284
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Indexer tries to insert NULL into DB 43/30243/2
Markus Klein [Sun, 12 Jan 2014 15:57:41 +0000 (16:57 +0100)]
[BUGFIX] Indexer tries to insert NULL into DB

The Indexer of indexed_search tries to insert NULL values
into NOT NULL columns of the database.

Since #53662 NULL values are passed to the database,
hence these insert statements now fail.

Resolves: #54917
Releases: 6.2, 6.1, 6.0
Change-Id: Ia935abe14b9c3be2062f1b38ec98fb63921a1c2f
Reviewed-on: https://review.typo3.org/30243
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] FlashMessageService not available in TYPO3 6.0 39/30039/2
Oliver Hader [Tue, 13 May 2014 10:44:49 +0000 (12:44 +0200)]
[BUGFIX] FlashMessageService not available in TYPO3 6.0

Issue #51079 introduced the disposal of FlashMessageService
which has been added for TYPO3 6.1 the first time. It's obvious
that the current implementation fails in TYPO3 6.0.

Resolves: #53079
Releases: 6.0
Change-Id: I78ee1f844db9069bfbfa8d1e5853f5c005133969
Reviewed-on: https://review.typo3.org/30039
Reviewed-by: Markus Klein
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] DependencyUtility does count() on an integer 84/29884/2
Markus Klein [Mon, 5 May 2014 21:56:00 +0000 (23:56 +0200)]
[BUGFIX] DependencyUtility does count() on an integer

Remove the superfluous count() call.

Resolves: #58529
Releases: 6.2, 6.1, 6.0
Change-Id: I0933650b52063009de52268034480f6e06af56ac
Reviewed-on: https://review.typo3.org/29884
Reviewed-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Database query error for non-workspaces tables 60/29660/2
Oliver Hader [Fri, 25 Apr 2014 13:36:41 +0000 (15:36 +0200)]
[BUGFIX] Database query error for non-workspaces tables

In frontend rendering mode PageRepository::versionOL() is called
frequently to overlay workspace data. A further method call then
creates a query with required t3ver_* fields. This query fails
if a table is not considered to support workspaces/versioning at
all. This behaviour is regression that has been introduced with
issue #30604 during TYPO3 4.7 development.

Resolves: #58180
Releases: 6.2, 6.1, 6.0
Change-Id: I81d24ea16116563f4f0d75fafd06496a9c4e993d
Reviewed-on: https://review.typo3.org/29660
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[TASK] Set TYPO3 version to 6.0.14-dev 20/29520/2
TYPO3 Release Team [Wed, 16 Apr 2014 20:38:12 +0000 (22:38 +0200)]
[TASK] Set TYPO3 version to 6.0.14-dev

Change-Id: I617ee0022296df1c97b9f60f44e0c46dc40d1ddb
Reviewed-on: https://review.typo3.org/29520
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[RELEASE] Release of TYPO3 6.0.13 19/29519/2 TYPO3_6-0-13
TYPO3 Release Team [Wed, 16 Apr 2014 20:37:44 +0000 (22:37 +0200)]
[RELEASE] Release of TYPO3 6.0.13

Change-Id: Id4d221ea3268143700c7075fff534687564ef51a
Reviewed-on: https://review.typo3.org/29519
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[TASK] Updates prototype and scriptaculous, fixing IE9+ issues 72/29472/2
Ernesto Baschny [Tue, 28 Jan 2014 11:15:10 +0000 (12:15 +0100)]
[TASK] Updates prototype and scriptaculous, fixing IE9+ issues

Upgrades prototype from 1.6.0.3 to 1.7.1 and scriptaculous
from 1.8.2 to 1.9.0.

Solves the problem with sorting IRRE elements in IE9+, for example.

Resolves: #51768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I5ea11b2e926ae0f23d1c6d85a0ff5ba24995eebb
Reviewed-on: https://review.typo3.org/29472
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes 70/28170/3
Marc Bastian Heinrichs [Fri, 7 Mar 2014 16:36:11 +0000 (17:36 +0100)]
[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes

The SoftReferenceIndex parses and rebuilds typolink tags, but the
support for the title attributes was missing.
This leads to lost title attributes on typolinks in exports from impexp.

Resolves: #56580
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I9bf5c02b79ae4c9024322f0da99dcca37b678daa
Reviewed-on: https://review.typo3.org/28170
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Fix refindex for FlexForm fields type group file_reference 98/28798/2
Marc Bastian Heinrichs [Thu, 13 Mar 2014 16:56:00 +0000 (17:56 +0100)]
[BUGFIX] Fix refindex for FlexForm fields type group file_reference

According to the fixes for the normal TCA fields of type "group"
internal_type "file_reference" in #49538 and #56353, this needs also
to be fixed for the FlexForm fields: handle the internal_type
file_reference as an db reference to sys_file.

Resolves: #56991
Releases: 6.2, 6.1, 6.0
Change-Id: Ie66c86c1bf3f0386d23259d0aee6706564beace3
Reviewed-on: https://review.typo3.org/28798
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Fields of type group file are not properly indexed 96/28796/2
Marc Bastian Heinrichs [Mon, 3 Feb 2014 22:52:43 +0000 (23:52 +0100)]
[BUGFIX] Fields of type group file are not properly indexed

If an record with a field of type "group", internal_type "file"
should be indexed in the ReferenceIndex an SQL error exception
gets thrown. So the relation to the file isn't represented in the
refindex. Thus those files are also missing in exports created
with system extension impexp.

This is caused by wrong array keys and incorrectly storing a file
relation as DB relation since merge of FAL.

Resolves: #56353
Resolves: #56352
Releases: 6.2, 6.1, 6.0
Change-Id: I78211efcb6bf3032811ef0b0e20ed7f98f9fa8fb
Reviewed-on: https://review.typo3.org/28796
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference 07/28807/2
Marc Bastian Heinrichs [Wed, 26 Mar 2014 09:21:16 +0000 (10:21 +0100)]
[BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference

The field "link" of the table "sys_file_reference" handles links. To
make the SoftReferenceIndex, which is used by impexp and
linkvalidator, work right, the “softref” key "typolink" should be
registered.

Resolves: #57010
Releases: 6.2, 6.1, 6.0
Change-Id: I95cb8dbfa0c6d84926cd57d1fe4e4dad93e9c21a
Reviewed-on: https://review.typo3.org/28807
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[TASK] Integrate default README.txt 72/29172/2
Oliver Hader [Fri, 4 Apr 2014 14:19:28 +0000 (16:19 +0200)]
[TASK] Integrate default README.txt

This file is a modified and updated version like it has been
releases with every package in the past. Since these files have
been taken from git.typo3.org/TYPO3CMS/Distributions/Base.git,
which is target to be cleaned up, the file is explicitely put
to old branches as well.

Resolves: #57656
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: I3b696895deaf03b2f630e12f1bd7b17b649b985c
Reviewed-on: https://review.typo3.org/29172
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Prevent XSS in scheduler form 51/29151/2
Nicole Cordes [Thu, 3 Apr 2014 14:15:49 +0000 (16:15 +0200)]
[SECURITY] Prevent XSS in scheduler form

The class name is submitted in a hidden form and is susceptible to XSS.
The patch introduced htmlspecialchars to prevent XSS possibility.

Resolves: #57603
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I4979e66f28a581e168c56d91327a1bbe2672448d
Reviewed-on: https://review.typo3.org/29151
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Test typeof TBE_EDITOR for object not function 02/29002/2
Alexander Opitz [Tue, 25 Mar 2014 15:02:52 +0000 (16:02 +0100)]
[BUGFIX] Test typeof TBE_EDITOR for object not function

As TBE_EDITOR is defined as object in jsfunc.tbe_editors.js we should
change the check here. Otherwise no eval user functions will be called.

Resolves: #57296
Releases: 6.2, 6.1
Change-Id: Ie1b701dcbf465827bc336233c2523f4df1dde9ba
Reviewed-on: https://review.typo3.org/29002
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
4 years ago[BUGFIX] Typo in Extbase localization file 07/28707/2
Xavier Perseguers [Mon, 24 Mar 2014 15:40:19 +0000 (16:40 +0100)]
[BUGFIX] Typo in Extbase localization file

Fixes: #57238
Releases: 6.2, 6.1, 6.0
Change-Id: Icca7e1637387e2ad31a1368abcd59b1bd443255f
Reviewed-on: https://review.typo3.org/28707
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
4 years ago[BUGFIX] Extbase tries to overlay pages_language_overlay records 63/28363/2
Stanislas Rolland [Thu, 13 Mar 2014 01:46:22 +0000 (21:46 -0400)]
[BUGFIX] Extbase tries to overlay pages_language_overlay records

Method doLanguageAndWorkspaceOverlay of
Extbase\Persistence\Generic\Storage\Typo3DbBackend should not attempt
to get a parent record if the overlays are in a separate table (most
probably pages_language_overlay) by checking whether
$GLOBALS['TCA'][$tableName]['ctrl']['transOrigPointerTable'] is set.

Resolves: #56855
Releases: 6.0, 6.1, 6.2
Change-Id: I2cb53bc4733ee626ca0ae92e5dd91073d88ecc9d
Reviewed-on: https://review.typo3.org/28363
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Temporary DB tree mount notice missing in ElementBrowser 82/28182/2
Lorenz Ulrich [Tue, 11 Dec 2012 14:57:18 +0000 (15:57 +0100)]
[BUGFIX] Temporary DB tree mount notice missing in ElementBrowser

If "Stop Page Tree" is set for a page, it is possible to set temporary
DB tree mounts in the element browser/link browser.
If such a tree mount is set, a notice is displayed right above the tree.

This notice is necessary to cancel this temporary mount.
Currently the ElementBrowser misses this notice when used
for e.g. header_link.

Change-Id: I942aad0e54d17ceb793008850f0563bb416503be
Fixes: #43885
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/28182
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] IdentityProperties were not set 52/28052/3
Stefan Froemken [Mon, 11 Mar 2013 17:36:49 +0000 (18:36 +0100)]
[BUGFIX] IdentityProperties were not set

After submitting an invalid form twice, extbase tries to
create the related submodel instead of edit.
This is because of the missing __identity part
for the related submodel

Resolves: #46185
Releases: 6.0, 6.1, 6.2
Change-Id: If3ec15b9eff0fc8d9a7dc682518cbfd72bb4665b
Reviewed-on: https://review.typo3.org/28052
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Double escape of title in indexed search 99/27999/2
Markus Klein [Tue, 25 Feb 2014 17:08:56 +0000 (18:08 +0100)]
[BUGFIX] Double escape of title in indexed search

SearchController::compileSingleResultRow() causes double
htmlspecialchars() call on $title.

This patch removes the general htmlspecialchars() call since
$title will be escaped in linkPage() anyway.
The only place which requires escaping has the call added now.

Resolves: #56262
Releases: 6.2, 6.1, 6.0
Change-Id: Ic94fe7fe7d2145fc539adcdf21faf42c33f5b32e
Reviewed-on: https://review.typo3.org/27999
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Do not log with severity 1320177676 55/27955/2
Christian Weiske [Thu, 27 Feb 2014 12:37:43 +0000 (13:37 +0100)]
[BUGFIX] Do not log with severity 1320177676

Extbase logged a code smell with a severity of 1320177676
instead of 1 ("notice").

Change-Id: If28c2d66713bdedb3094af22f8f7a00a504d995d
Resolves: #56378
Releases: 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/27955
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser 44/27944/2
Christian Weiske [Fri, 28 Feb 2014 09:55:13 +0000 (10:55 +0100)]
[BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser

Adjust the @return documentation of authUser() to match the actual
implementation in
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication

Change-Id: I2d94cdfee6c58de80c7ec2be2b644b5fcd6c9a97
Resolves: #56421
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/27944
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] URL-encoded title in link wizard 25/27925/2
Helmut Hummel [Wed, 11 Sep 2013 10:49:39 +0000 (12:49 +0200)]
[BUGFIX] URL-encoded title in link wizard

The security fix introduced a bug that the title is encoded
every time the link wizard is opened, leading to multiple
encoded strings.

Solution is to not encode it centrally but encode it just
before using it in the JavaScript context.

Fixes: #41413
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Change-Id: I6b08db290d5457761edc4506105672d79840764d
Reviewed-on: https://review.typo3.org/27925
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" 99/27899/3
Markus Klein [Thu, 27 Feb 2014 13:30:29 +0000 (14:30 +0100)]
[BUGFIX] Revert "[TASK] Use a 401 header if login is not successful"

This reverts commit 40cb0a435e31dd0378151ce6613ad54c8e7d075b.

The 401 header code is used with HTTP based authentication schemes,
based on RFC 2617.

This is not the case here.

Resolves: #55966
Reverts: #51803
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I279e98d8e756bbbbaae6d387a84328b84fb23388
Reviewed-on: https://review.typo3.org/27899
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Paginator in TER list not using ajax 52/27852/2
Jigal van Hemert [Tue, 25 Feb 2014 14:40:00 +0000 (15:40 +0100)]
[BUGFIX] Paginator in TER list not using ajax

The paginator in the extension list from TER is transformed into
using Ajax. This fails because this process searches for links inside
a class which is used by the frontend paginator widget. Changing it to
the id of the backend paginator widget makes the ajax calls work again.

Resolves: #56184
Releases: 6.2, 6.1, 6.0
Change-Id: I06c193b2657eb3edae623dc0126b06c240f486c6
Reviewed-on: https://review.typo3.org/27852
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] felogin reset password links not clickable 27/27827/2
Jigal van Hemert [Tue, 1 Jan 2013 10:28:18 +0000 (11:28 +0100)]
[BUGFIX] felogin reset password links not clickable

Encoding a few extra character besides the ones according to RFC3986
makes password reset links working again in various mail clients which
do not comply to this RFC (and which do not have plans to fix this in
the near future).

Change-Id: I0b42bef6cb732c5fc6cc2d900407271cb606e301
Fixes: #23984
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/27827
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
4 years ago[BUGFIX] Use count on storage after initialization of LazyObjectStorage 44/27444/2
Marc Bastian Heinrichs [Wed, 5 Feb 2014 12:42:32 +0000 (13:42 +0100)]
[BUGFIX] Use count on storage after initialization of LazyObjectStorage

The count in LazyObjectStorage for relation type HAS_MANY has
to use the count on storage items after initialization. Otherwise
the wrong count is returned for a not persisted storage.

Resolves: #54724
Releases: 6.2, 6.1, 6.0
Change-Id: I817ce86dde11b175e6a5765a8f6518770ba75f28
Reviewed-on: https://review.typo3.org/27444
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Fix possible language handling issue 65/27665/2
Markus Klein [Sun, 1 Sep 2013 11:01:49 +0000 (13:01 +0200)]
[BUGFIX] Fix possible language handling issue

The language initialization process is currently split in two main
methods (TypoScriptFrontendController->initLLvars and ->settingLanguage).

Only settingLanguage contains hooks and sets the "sys_language_uid"
property (and "sys_language_content") which determine the displayed
records in Frontend. On the opposite, initLLvars is not hookable and sets
the "lang" property, which may be used by charset conversion methods.

In order to determine display language within hooks, the only way
currently is to call initLLvars a second time after determining language,
but this method populates the "languageDependencies" property without
initializing it. So it is filled two times, which leads to incorrect
labels, especially if the displayed language is English and the
default language is not English (as "languageDependencies" is already
filled with "default language").

The three parts of the patch are:
 * The initLLvars method now pre-initializes the "languageDependencies"
   property.
 * The initLLvars is now called from "settingLanguage" method, right
   after the "settingLanguage_preProcess" hook to avoid a second call it.
 * The convPOSTCharset call is now moved after the language
   initialization, as the language determination done by initLLvars
   can have some impact on charset handling (multi-charset locallang.php
   legacy).

Change-Id: I6924345931342d5114b13e5d6fab417387559b9a
Resolves: #49499
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27665
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() 51/27751/2
Markus Klein [Thu, 20 Feb 2014 09:36:45 +0000 (10:36 +0100)]
[BUGFIX] DatabaseConnection::listQuery wrong usage of strpos()

In DatabaseConnection::listQuery strpos() is used with wrong
parameter order.

Resolves: #56135
Releases: 6.2, 6.1, 6.0
Change-Id: Iaa18d46442a2aac21a836216cb61ae376bbb2090
Reviewed-on: https://review.typo3.org/27751
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Various static calls to non-static functions 07/27707/2
Markus Klein [Tue, 18 Feb 2014 09:14:53 +0000 (10:14 +0100)]
[BUGFIX] Various static calls to non-static functions

Resolves: #56067
Releases: 6.2, 6.1, 6.0
Change-Id: I6d1e19026afde81bec46cec3dff9060fa6042c43
Reviewed-on: https://review.typo3.org/27707
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Missing encoding in flexforms IRRE javascript 75/27675/2
Alexey Gafiulov [Mon, 17 Feb 2014 22:33:34 +0000 (23:33 +0100)]
[BUGFIX] Missing encoding in flexforms IRRE javascript

encodeURIComponent is added to escape all special characters in
parameters for AJAX call.

Resolves: #54304
Releases: 6.2, 6.1, 6.0
Change-Id: I3559104e1a26241b519f40a10000637852a4f114
Reviewed-on: https://review.typo3.org/27675
Reviewed-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] addToAllTCAtypes() doesn't add new field 71/27671/2
Tomita Militaru [Sat, 2 Nov 2013 12:53:06 +0000 (14:53 +0200)]
[BUGFIX] addToAllTCAtypes() doesn't add new field

Fixes problem with match on substring when adding a new field
using ExtensionManagementUtility::addToAllTCAtypes()

Resolves: #52527
Releases: 6.1, 6.0
Change-Id: I8877cdabc00f5ac64f1f7857bf47c275d36aae62
Reviewed-on: https://review.typo3.org/27671
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Usage of undefined variables in ShortcutToolbarItem 62/27662/2
Tim Lochmueller [Sun, 16 Feb 2014 12:08:04 +0000 (13:08 +0100)]
[BUGFIX] Usage of undefined variables in ShortcutToolbarItem

Fix a undefined variable and a wrong variable assignment in the
ShortcurtToolbarItem.

Resolves: #55998
Releases: 6.2, 6.1, 6.0
Change-Id: I0f0ebcc846a9aa56edd05e384d62aad8f0a5b05b
Reviewed-on: https://review.typo3.org/27662
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] cache_clearAtMidnight conflicts with content start/endtime 61/27561/2
Dmitry Dulepov [Tue, 22 Oct 2013 07:30:09 +0000 (11:30 +0400)]
[BUGFIX] cache_clearAtMidnight conflicts with content start/endtime

If the config.cache_ClearAtMidnight is set, the current code of
TypoScriptFrontendController::get_cache_timeout() will not take
content's starttime/endtime into account. Thus if the content
(or other configured record) has start or end time before the
midnight, it will not be taken into account and the cache timeout
will be wrong.

Change-Id: I732da8f07270a86c62b7ce5028b12b630bb2e027
Resolves: #53028
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27561
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[TASK] Execute lint in parallel 31/27531/2
Helmut Hummel [Mon, 10 Feb 2014 19:29:25 +0000 (20:29 +0100)]
[TASK] Execute lint in parallel

Change-Id: Id06f35b5fa4148e7110d9248ceee80e69e8a5327
Reviewed-on: https://review.typo3.org/27531
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Allow to render the same TS object twice 16/27516/2
Markus Klein [Tue, 19 Nov 2013 17:36:53 +0000 (18:36 +0100)]
[BUGFIX] Allow to render the same TS object twice

CONTENT/RECORDS elements prevent to render the same object twice.

Resolves: #53768
Resolves: #28745
Releases: 6.2, 6.1, 6.0
Change-Id: I30750f2dc848521999c3734129439d7f6f90aae1
(cherry picked from commit 1b9d3a59f82b290ae16073e1df5f83fa48363db8)
Reviewed-on: https://review.typo3.org/27516
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* 19/27519/2
Christian Kuhn [Sun, 9 Feb 2014 19:25:17 +0000 (20:25 +0100)]
[BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl*

Two tests check getUrl() by calling some resource on typo3.org.
This smells funny and the tests are unstable if network, dns
or typo3.org is down or slow. Mocking is not easily possible
with the lowlevel nature of getUrl().
The tests are removed for now.

Change-Id: I85a83345404c833a67c2f532e820fd28bb7c08e7
Resolves: #55821
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27519
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] "New page" wizard discloses existence of pages outside DB mount 30/27430/2
Nicole Cordes [Sat, 27 Jul 2013 21:13:06 +0000 (23:13 +0200)]
[BUGFIX] "New page" wizard discloses existence of pages outside DB mount

When creating a new page inside the top level of a DB mount which is
only a sub tree, the pages up and down from the DB mount root will be
displayed in the position selector if the logged-in user has read
permissions for these pages. This is unwanted information disclosure as
the permissions should not matter for pages which are outside the DB
mount.

Resolves: #18797
Releases: 6.2, 6.1, 6.0
Change-Id: I98008bc7f4308c9fb32dae645325e7cb1b44e413
Reviewed-on: https://review.typo3.org/27430
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[TASK] Add possibility creating accessible mock for abstract classes 53/27253/2
Marc Bastian Heinrichs [Tue, 12 Nov 2013 15:09:30 +0000 (16:09 +0100)]
[TASK] Add possibility creating accessible mock for abstract classes

Resolves: #53564
Releases: 6.0, 6.1, 6.2
Change-Id: If7d69e4f87e368c1eef672cb68f1af92d6ae501b
Reviewed-on: https://review.typo3.org/27253
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] CSV-Download not working in IE and HTTPS backend 77/27477/2
Wouter Wolters [Sat, 18 May 2013 19:22:16 +0000 (21:22 +0200)]
[BUGFIX] CSV-Download not working in IE and HTTPS backend

When using a HTTPS backend the download of CSV is not
working in Internet Explorer browser versions lower then 9.
Add the needed header to fix this problem.

Change-Id: Iefa63fb37d57491fb73bfd504b6caed5b76c8cac
Resolves: #16491
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/20902
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 8c699f8c5b38ff11e2d517ee5c91dfdb1ab475e5)
Reviewed-on: https://review.typo3.org/27477

4 years ago[BUGFIX] Missing namespace in ContentObjectRenderer 71/27371/2
Markus Klein [Thu, 6 Feb 2014 09:17:44 +0000 (10:17 +0100)]
[BUGFIX] Missing namespace in ContentObjectRenderer

Resolves: #55713
Releases: 6.1, 6.0
Change-Id: I791b64bec8af256454485bdb016d87ec27778df1
Reviewed-on: https://review.typo3.org/27371
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Set missing markers to empty string 34/27134/2
Bernhard Kraft [Tue, 28 Jan 2014 17:47:13 +0000 (18:47 +0100)]
[BUGFIX] Set missing markers to empty string

Change-Id: I3892f88bdd094b390a22fe94d9b089bd9b8aef71
Resolves: #54112
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27134
Reviewed-by: Bernhard Kraft
Tested-by: Bernhard Kraft
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Add stdWrap on value property of TEXT 46/27246/2
Markus Klein [Mon, 16 Dec 2013 09:45:14 +0000 (10:45 +0100)]
[BUGFIX] Add stdWrap on value property of TEXT

As discussed back in 2010, the value property of the TEXT content object
should have stdWrap functionality as well, if the HTML content object
is deprecated.

Today the 6.0 TSref already mentions stdWrap for value and
the HTML cObject has been removed with 6.0 as well.

This fix now finally adds the stdWrap.

Resolves: #54371
Releases: 6.2, 6.1, 6.0
Change-Id: I1b7068b3715bc9f8aa4608d5f746c16b70562f3b
Reviewed-on: https://review.typo3.org/27246
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Locker throws exception if semaphore can not be acquired 94/27294/2
Markus Klein [Mon, 16 Sep 2013 15:59:10 +0000 (17:59 +0200)]
[BUGFIX] Locker throws exception if semaphore can not be acquired

Locker has wrong LockState in semaphore mode, if the lock
could not be acquired.

Resolves: #52048
Releases: 6.2, 6.1, 6.0
Change-Id: Ifdc2f5d9b2a3c35a0ebef54817a56344f27ab15d
Reviewed-on: https://review.typo3.org/27294
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Regression in DataHandler 74/27174/2
Wouter Wolters [Thu, 30 Jan 2014 22:09:54 +0000 (23:09 +0100)]
[BUGFIX] Regression in DataHandler

The fix for issue #53862 calls GeneralUtility::idnaEncode
without fully qualified class namespace.

Follow-up to: c99a07a9

Resolves: #55475
Releases: 6.1, 6.0
Change-Id: I8ba161ee73e7456da53d2182b4a22d87dad9d53c
Reviewed-on: https://review.typo3.org/27174
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Handle empty tags in language pack index files 03/26903/2
Alexander Stehlik [Fri, 17 Jan 2014 09:46:44 +0000 (10:46 +0100)]
[BUGFIX] Handle empty tags in language pack index files

This patch adds a check to the L10n index parser to consider
whether the value of an XML tag is empty or contains only
spaces. In this case it is not included in the resulting array.

Resolves: #41450
Releases: 6.2, 6.1, 6.0
Change-Id: Ia17a430f3ab2d79e2f97b55feb9d3c4ee60bfb7e
Reviewed-on: https://review.typo3.org/26903
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] ClickMenu does not show destination-foldername 32/27132/2
Stefan Neufeind [Tue, 28 Jan 2014 20:16:36 +0000 (21:16 +0100)]
[BUGFIX] ClickMenu does not show destination-foldername

Change-Id: I623d243ea504b0e646bd969e55ed7686ad3e9caf
Releases: 6.2, 6.1, 6.0
Resolves: #55407
Reviewed-on: https://review.typo3.org/27106
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 69f7c44190d69efe20e2726e7259878720691b9e)
Reviewed-on: https://review.typo3.org/27132

4 years ago[BUGFIX] Invalid constant in the domain redirect function 04/27104/2
Tim Lochmueller [Mon, 27 Jan 2014 08:44:14 +0000 (09:44 +0100)]
[BUGFIX] Invalid constant in the domain redirect function

There is a "copy-and-paste" mistake in the domain redirect mechanism.
The function HttpUtility::redirect should call with a valid HTTP
status code (the const value) and not with the name of the constant.

Resolves: #55350
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I97f55ac8df1688011198666da1fd322a5c3bd323
Reviewed-on: https://review.typo3.org/27104
Reviewed-by: Tim Lochmüller
Tested-by: Tim Lochmüller
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[TASK] Change phpunit repository url for travis 83/27083/3
Philipp Gampe [Mon, 27 Jan 2014 17:21:45 +0000 (18:21 +0100)]
[TASK] Change phpunit repository url for travis

Additionally, change the url for the introduction package.

Resolves: #55366
Resolves: #55377
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ia90d7c85f81828bd23275b7fa4017ee74a758ad6
Reviewed-on: https://review.typo3.org/27083
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
4 years ago[BUGFIX] Simulate time in TYPO3 admin panel broken 84/26984/2
Peter Niederlag [Tue, 21 Jan 2014 22:57:54 +0000 (23:57 +0100)]
[BUGFIX] Simulate time in TYPO3 admin panel broken

* Test typeof TBE_EDITOR == "undefined" in jsfunc.evalfield
* Thanks to Stefan Neufeind/Markus Klein for adding the Unittest

Resolves: #55093
Releases: 6.2, 6.1, 6.0
Change-Id: I2cc8a5ca3dd6251f89618d3615c1457938ff135e
Reviewed-on: https://review.typo3.org/26984
Reviewed-by: Stefan Neufeind
Reviewed-by: Henrik Ziegenhain
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] CLI context cannot write to backend log 23/27023/2
Oliver Hader [Thu, 23 Jan 2014 13:50:58 +0000 (14:50 +0100)]
[BUGFIX] CLI context cannot write to backend log

The CLI context cannot write to the backend log. The
log entry also has an information about the currently used
IP address, which is taken from the environment variable
REMOTE_ADDR. In a CLI disposal this value is NULL and cannot
be stored in the database, since the accordant sys_log.IP
field does not support NULL values.

Note: Already merged in master (6.2) with different subject:
[BUGFIX] Functional tests cannot write to backend log

Fixes: #54849
Releases: 6.2, 6.1, 6.0
Change-Id: If6c572c62ab7022a4cab596fa4660dec754aee3c
Reviewed-on: https://review.typo3.org/27023
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] Create valid file reference index data 46/26646/2
Alexander Stehlik [Tue, 10 Dec 2013 12:25:03 +0000 (13:25 +0100)]
[BUGFIX] Create valid file reference index data

This patch prevents the creation of sys_refindex entries that point to no
table and no record.

Additionally it fixes the array structure for the creation of
sys_refindex records for sys_file relations.

For deleted file references no reference will be created between
sys_file and the referenced table.

The configuration for the uid_foreign field was changed from a select
field for tt_content records to a normal input field to prevent the
creation of invalid refindex data. To which table uid_foreign is
pointing depends on the tablenames field.

To make sure both sides of the relation of a sys_file_reference appear
in the refindex table the exclusion of sys_file_reference as
foreign_table is removed.

Resolves: #53712
Releases: 6.2, 6.1, 6.0
Change-Id: Ic864ade10e4e97fbd9017b9c779be68d911dd626
Reviewed-on: https://review.typo3.org/26646
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] File browser fails on inexistent expandFolder 84/26884/3
Mario Rimann [Wed, 18 Dec 2013 09:17:30 +0000 (10:17 +0100)]
[BUGFIX] File browser fails on inexistent expandFolder

If a user browsed to a directory "foo" and re-opens the file-
browser later, the same directory is shown expanded.

In case the directory has been moved/renamed/deleted in the
meantime, the user gets an exception due to the inexistent
directory.

This change just adds a try/catch block around to handle that
situation.

Change-Id: I39aab6be46aec1d3f1f365e5d5f5455aca9b3aa2
Resolves: #50266
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/26884
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Show correct record title for be_groups and be_users 42/23142/4
Markus Klein [Wed, 12 Dec 2012 10:48:42 +0000 (11:48 +0100)]
[BUGFIX] Show correct record title for be_groups and be_users

Currently it lists groups only using field title of
be_groups table regardless of any label definitions in TCA.
Use BackendUtility::getRecordTitle() instead.

Change-Id: I051c29687cb51d1883846b3cb780409c1e1cadc4
Resolves: #34631
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/23142
Reviewed-by: Bernhard Kraft
Tested-by: Bernhard Kraft
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Folder tree in popup throws JS error 17/26817/2
Aske Ertmann [Tue, 26 Nov 2013 12:35:54 +0000 (13:35 +0100)]
[BUGFIX] Folder tree in popup throws JS error

When using the folder tree (file, and folder navigation) popup
(browse_links) a JS error occurs when opening new folders.

This is due to incorrect handling of scope.
This patch fixes the error for both RTE and normal link browser.

Change-Id: I25fa0871405e06d6fc084985b3beba6396b872ad
Resolves: #53826
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/26817
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Add defaultTypoScript to hierachyInfo 05/26805/2
Peter Niederlag [Fri, 10 Jan 2014 13:16:53 +0000 (14:16 +0100)]
[BUGFIX] Add defaultTypoScript to hierachyInfo

[BUGFIX] Add defaultTypoScript to hierachyInfo

Fixes a problem with the TemplateAnalyzer introduced by #43540

- Always add both defaultTypoScript_setup and defaultTypoScript_constants.
- Add information for defaultTypoScript into hierarchyInfo.

Resolves: #53352
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I97d8237a9d665188eb9f5db06d47d8403ba5aca5
Reviewed-on: https://review.typo3.org/26805
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
5 years ago[BUGFIX] isValidUrl() idna converts whole URI 31/26531/2
Michiel Roos [Fri, 22 Nov 2013 11:06:14 +0000 (12:06 +0100)]
[BUGFIX] isValidUrl() idna converts whole URI

GeneralUtility::isValidUrl() idna converts whole URI instead of
domain only.

The expensive idna_convert() is called from isValidUrl(). Instead of
feeding it just the domain part, the whole URI is converted.

When supplying just the domain part, a great speed gain can be seen.

On seriously malformed URLs, parse_url() may return FALSE and emits an
E_WARNING. So we check for that first.

PHP no longer supports the flags FILTER_FLAG_HOST_REQUIRED and
FILTER_FLAG_SCHEME_REQUIRED. A scheme is now required by default. [1]
Return FALSE if the URL does not start with a scheme.

A public GeneralUtility::idnaEncode() method uses a static idna_convert
instance and fetches converted strings from a string cache array
to avoid multiple checks on the same domain.

All manual idna_convert instances are replaced with
GeneralUtility::idnaEncode() calls.

Special characters are not allowed in the URL except in the domain
part [2]. So the test with special characters in the path was removed
from the GeneralUtilityTest class.

[1] http://www.php.net/manual/en/filter.filters.flags.php#107382
[2] http://tools.ietf.org/html/rfc3986#appendix-A

Change-Id: I7a0ab0a399d9d6cf68c824f413be6b6d621947c1
Resolves: #53862
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/26531
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Change list view delete icon if record is deleted in WS 45/24745/3
Sascha Egerer [Mon, 14 Oct 2013 15:13:07 +0000 (17:13 +0200)]
[TASK] Change list view delete icon if record is deleted in WS

If a record is deleted in a workspace the delete icon is still
displayed but the function is different. If you click on
the delete icon of a deleted record you will "restore"
the record (remove the deleted flag).
The icon should change if record is marked as deleted.

Resolves: #52554
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I9bccc076d06525fad16f9f5ca4b3413e217f32f6
Reviewed-on: https://review.typo3.org/24745
Reviewed-by: Thorsten Kahler
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Only create one keypair in rsaauth 10/26710/2
Tom Ruether [Fri, 22 Nov 2013 10:47:37 +0000 (11:47 +0100)]
[BUGFIX] Only create one keypair in rsaauth

If there are two login forms on one page the second form's private
key overwrites the first form's private key so the first form doesn't
work. With this patch only one keypair gets created and it doesn't
matter how many login forms you have one one page.

Change-Id: I42660140aea72d1888cc73d56e83b823206a0797
Fixes: #24877
Fixes: #6708
Releases: 6.2, 6.1, 6.0, 4.5
Reviewed-on: https://review.typo3.org/26710
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] use search word(s) for ordering search results (again) 07/26707/2
Ralf Hettinger [Mon, 29 Apr 2013 10:31:06 +0000 (12:31 +0200)]
[BUGFIX] use search word(s) for ordering search results (again)

There has been a regression in http://review.typo3.org/6657 which
removes correlation between searched words and ordering of search
results. Therefore the ordering of search results had nothing to do
with the search term anymore. This is fixed hereby by using the code
parts from prior versions.

Resolves: #38767
Releases: 6.2, 6.1, 6.0, 4.7
Change-Id: I9cfaceaeede38456dd7622085879c1bd0648be85
Reviewed-on: https://review.typo3.org/26707
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] l10n_mode for "pages" table and group fields. 20/25520/3
Johannes Feustel [Thu, 11 Apr 2013 10:12:46 +0000 (12:12 +0200)]
[BUGFIX] l10n_mode for "pages" table and group fields.

This patch respects the l10modes for pages, and mergeIfNotBlank for
type "group" fields.

Change-Id: I18a4caffc5761f91dae4ae0cf175ccd51ffe8c29
Fixes: #38766
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/25520
Tested-by: Philipp Gampe
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Form Wizard saving destroys Radio Buttons 72/26472/2
Markus Klein [Mon, 18 Nov 2013 10:30:18 +0000 (11:30 +0100)]
[BUGFIX] Form Wizard saving destroys Radio Buttons

This fixes a wrong parsing of \r\n characters for radio
button options.

Resolves: #53727
Releases: 6.2, 6.1, 6.0
Change-Id: I9a88be010a7dd982776bee4a98ba99d97fcc406b
Reviewed-on: https://review.typo3.org/26472
Reviewed-by: Mario Rimann
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Display relations' titles when TCA label field is type inline 12/23912/2
Claus Due [Thu, 19 Sep 2013 11:34:09 +0000 (13:34 +0200)]
[BUGFIX] Display relations' titles when TCA label field is type inline

This change adds a case to treat "inline" TCA types the same way
"select" is treated when building the record's label value.

Before, if record used field of type "inline" as TCA label field, TYPO3
would display fx "3" (number of related records as stored in field
on parent record).

After, TYPO3 will display fx "Record1, Record2, Record2" if "inline"
field contains three related records named thusly.

Fixes: #52133
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Ie06f09368e81505cb1e5989b61ae98add54b05ba
Reviewed-on: https://review.typo3.org/23912
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Allow NULL values in INSERT queries 44/26644/2
Alexander Stehlik [Fri, 15 Nov 2013 13:06:13 +0000 (14:06 +0100)]
[BUGFIX] Allow NULL values in INSERT queries

Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To make the behavior of
both methods consistent and to allow NULL values during creation of
new records by TCEmain the $allowNull parameter is also set to TRUE for
INSERT queries.

Resolves: #53662
Releases: 6.2, 6.1, 6.0
Change-Id: I066b9880a557b6c9058fc15f467631f1313300f9
Reviewed-on: https://review.typo3.org/26644
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Optimize speed for instantiating class with arguments 14/26414/3
Helmut Hummel [Thu, 12 Dec 2013 21:44:42 +0000 (22:44 +0100)]
[TASK] Optimize speed for instantiating class with arguments

PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate classes with up to 8 arguments without
reflection.

Resolves: #53682
Releases: 6.2, 6.1, 6.0
Change-Id: I82ecf0b1ea9a412a39b4429d7689f2bb6489f3df
Reviewed-on: https://review.typo3.org/26414
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception 19/26519/2
Claus Due [Sat, 30 Nov 2013 21:16:32 +0000 (22:16 +0100)]
[BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception

When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self-closing) an
error is thrown, saying closing tag ViewHelper is not the same
as openening tag ViewHelper (closing tag uses old class name,
opening tag uses new). To solve, TemplateParser now checks if
resolved ViewHelper class names are aliases of other classes and
if so, uses the real class name instead of the alias.

Steps to reproduce error:

* template namespace: {namespace myext=Tx_Myext_ViewHelpers}
* template code: <myext:vh>test</myext:vh>
* namespaced VH class: \Myext\ViewHelpers\VhViewHelper
* ClassAliasMap: Tx_Myext_ViewHelpers_VhViewHelper ->
  \Mext\ViewHelpers\VhViewHelper
* framework: render template using any View

Error 1224485398 "closing tag does not match opening tag" thrown.

Steps taken to fix error:

* run constructed class name through alias resolve method.

Fixes: #54115
Releases: 6.2, 6.1, 6.0
Change-Id: I070b6199095ec84c7213cfc0c3775f5f08340840
Reviewed-on: https://review.typo3.org/26519
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[TASK] Fix travis builds 80/26480/2
Markus Klein [Wed, 18 Dec 2013 20:56:34 +0000 (21:56 +0100)]
[TASK] Fix travis builds

Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is used which doesn't support things like "--single-branch".

To avoid this, git is updated to latest version on the build server before
starting cloning

Change-Id: Ic5f698e84f378b9fed6bd64398b8058a20be860e
Resolves: #54369
Releases: 6.2, 6.1, 6.0, 4.7
Reviewed-on: https://review.typo3.org/26480
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] ArrayIterator::seek() warning in ElementBrowser 76/26476/3
Markus Klein [Wed, 13 Nov 2013 03:10:09 +0000 (04:10 +0100)]
[BUGFIX] ArrayIterator::seek() warning in ElementBrowser

ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.

Resolves: #51752
Releases: 6.2, 6.1, 6.0
Change-Id: I56468c79225e2d3baa5e5784571074532e2287ad
Reviewed-on: https://review.typo3.org/26476
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] felogin: Unknown modifier in regular expression 74/26474/2
Wouter Wolters [Tue, 17 Sep 2013 20:47:24 +0000 (22:47 +0200)]
[BUGFIX] felogin: Unknown modifier in regular expression

A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the beginning and the end of the regular
expression.

Resolves: #52059
Releases: 6.2, 6.1, 6.0
Change-Id: Id4d3439c1cdbec691d977570bf76ba0c7bad493c
Reviewed-on: https://review.typo3.org/26474
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Remove ElementBrowser::isReadOnlyFolder 68/26468/2
Markus Klein [Wed, 27 Nov 2013 22:20:25 +0000 (23:20 +0100)]
[BUGFIX] Remove ElementBrowser::isReadOnlyFolder

ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved to the methods that
create the file upload and folder creation forms.

The method and the parts where it was used were removed.

Additionally the check if the user is allowed to create folders
by TSConfig was moved to the createFolder method to reduce the amount
of duplicate code.

Resolves: #47648
Releases: 6.2, 6.1, 6.0
Change-Id: Ic6504c8def80012cbe420fc83539cfa859a53c0d
Reviewed-on: https://review.typo3.org/26468
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] No double htmlspecialchars for filemount select 68/26368/2
Alexander Stehlik [Sat, 30 Nov 2013 00:03:34 +0000 (01:03 +0100)]
[BUGFIX] No double htmlspecialchars for filemount select

Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to use
htmlspecialchars in the renderTceformsSelectDropdown() method which
generates the select items for the filemount Backend form.

The current code will htmlencode the select value twice which results
in a htmlencoded value in the database which causes problems with
directory names that contain special characters.

Resolves: #54027
Releases: 6.2, 6.1, 6.0
Change-Id: I7ec8262f6c3d20879cde0679636a6a8e5c1d19cd
Reviewed-on: https://review.typo3.org/26368
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[BUGFIX] Cleanly unset cookies on login in cookie-check 69/25869/3
Stefan Neufeind [Sun, 1 Dec 2013 17:53:08 +0000 (18:53 +0100)]
[BUGFIX] Cleanly unset cookies on login in cookie-check

Needed to workaround a login-problem with IE11.

ExtJS tries to clear a cookie with different settings than when
setting the cookie. In IE11 this leads to problems with the cookie
being set twice on the next call to set(). The get() however
would return the first (empty) cookie.

Using set() with a date in the past also clears the cookie but
will correctly use the same path-settings.

Change-Id: Ieff22129895cd89ca2e1429703daf1636596ecb6
Resolves: #53818
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25869
Reviewed-by: Markus Klein
Tested-by: Markus Klein
5 years ago[TASK] Set TYPO3 version to 6.0.13-dev 35/26235/2
TYPO3 Release Team [Tue, 10 Dec 2013 10:30:21 +0000 (11:30 +0100)]
[TASK] Set TYPO3 version to 6.0.13-dev

Change-Id: Icdadc54348d6491619dd8dd51595e8664b101968
Reviewed-on: https://review.typo3.org/26235
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 6.0.12 34/26234/2 TYPO3_6-0-12
TYPO3 Release Team [Tue, 10 Dec 2013 10:29:49 +0000 (11:29 +0100)]
[RELEASE] Release of TYPO3 6.0.12

Change-Id: I87726750c92e85a2d28f6bd1bd1665cbef1a520a
Reviewed-on: https://review.typo3.org/26234
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[SECURITY] XSS in header link of all content elements 05/26205/2
Anja Leichsenring [Tue, 10 Dec 2013 09:53:25 +0000 (10:53 +0100)]
[SECURITY] XSS in header link of all content elements

The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escaping the parameter
with quoteJSvalue solves the problem.a

Change-Id: I9bea9114437852cdb8e0586d4e867cdf7a5a1138
Fixes: #31206
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: b9b7d0ba0979fe9c2ac8af5df944cf09d187b60d
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26205
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in colorpicker wizard 04/26204/2
Marcus Krause [Tue, 10 Dec 2013 09:53:20 +0000 (10:53 +0100)]
[SECURITY] XSS in colorpicker wizard

Encode user-input in JavaScript context for colorpicker.

Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 8051c037ed6fae408c99cc9c29232d4c3f2a5504
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26204
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Prevent editor controlled hmac content 03/26203/2
Franz G. Jahn [Tue, 10 Dec 2013 09:53:15 +0000 (10:53 +0100)]
[SECURITY] Prevent editor controlled hmac content

An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. To prevent this, we add an
additional secret.

Fixes: #45043
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
(cherry picked from commit 00316f7c5d61c9ec72aaf1ee1519e50357c8c6e7)
Security-Commit: b3c77b523c0f04109cd16a16378bf4d7665ac4fb
Security-Bulletin: TYPO3-CORE-SA-2013-004

Change-Id: I17136da945182c8fcf94fd7ce53aace872e2b8f7
Reviewed-on: https://review.typo3.org/26203
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in backend user adminstration 02/26202/2
Marc Bastian Heinrichs [Tue, 10 Dec 2013 09:53:07 +0000 (10:53 +0100)]
[SECURITY] XSS in backend user adminstration

Change-Id: I1d31daf0dbc0dfa0ae49c17be9e6e85a85b8bea2
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 6fae30c4abb279085e21ddecc944e8e5de2cf773
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26202
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Information Disclosure in Wizards 01/26201/2
Helmut Hummel [Tue, 10 Dec 2013 09:53:02 +0000 (10:53 +0100)]
[SECURITY] Information Disclosure in Wizards

It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA by manipulating
GET parameters of the forms and table wizard.

This change adds a check if the editor has access
to the given record.

Change-Id: I3d3b318cefed36888d4cbbc00badad6c0818454c
Fixes: #41714
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 3c38aa1115a3a14e4fcd3408362d6a1bebe75155
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26201
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Fix open redirection in openid extension 00/26200/2
Helmut Hummel [Tue, 10 Dec 2013 09:52:56 +0000 (10:52 +0100)]
[SECURITY] Fix open redirection in openid extension

The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulnerability.

Add and verify hmac of the redirect url.

Change-Id: I5d11061ad8d0059180942c62e016f81868f56e65
Fixes: #54099
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: c3e938848d92334b37e9b4f3793d844f52291662
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26200
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] feuser_adminLib.inc allows to set arbitrary fields 99/26199/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:51 +0000 (10:52 +0100)]
[SECURITY] feuser_adminLib.inc allows to set arbitrary fields

The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt-in.
This class is neither used by core nor really maintained.

In the opt-in process the fields which should be updated to
activate the user are put as URL parameter into the
activation link. In the default configuration this feature
set allows to set any values of any field to this record.

As a result a user could manipulate his activation link and
therefore extend his usergroups.

This patch ensures that all fields which are about to update
are added to the hash as well as only taking the values
from TypoScript so even if the fields match no harm can be
done.

Change-Id: Id7d5e68d10c862aab0086755f880b5856f2141c5
Fixes: #48187
Releases: 6.0, 4.7, 4.5
Security-Commit: 57a6a356f33dcc7ec5fdb52b6857a010dd068936
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26199
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in be_layout wizard 98/26198/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:45 +0000 (10:52 +0100)]
[SECURITY] XSS in be_layout wizard

Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
The solution is the introduction of a hmac validation of the parameters
used in JavaScript.

Change-Id: I58e9c9845ee88d374d3f06cf99d155a6816c1b35
Fixes: #36768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 0960c276be49c555e6fd7c1fc4a65950b8a0af95
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26198
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] XSS in beuser VH 97/26197/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:39 +0000 (10:52 +0100)]
[SECURITY] XSS in beuser VH

The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.

Change-Id: I2cb3ed3383e2feab4462d63c177c78917568cc12
Fixes: #47086
Releases: 6.2, 6.1, 6.0
Security-Commit: 860c3c0134cded680e5beb394ed89ef0ef6a81d2
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26197
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Remove possible XSS from ActionController Error output 96/26196/2
Anja Leichsenring [Tue, 10 Dec 2013 09:52:32 +0000 (10:52 +0100)]
[SECURITY] Remove possible XSS from ActionController Error output

As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::errorAction() method
could lead to a cross side scripting possibility.

The offending output has been removed without substitution.

Change-Id: I7cd09466af55f4b5b83581dcf164c5b8037cd45c
Fixes: #54074
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 2f2bd2db81f2a2b4de34839cce7d54e792572402
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26196
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard 95/26195/2
Steffen Ritter [Tue, 10 Dec 2013 09:52:26 +0000 (10:52 +0100)]
[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard

If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you then add a new
element to be related.

In order to "store" the originating document which has been
edited, the Wizard/AddController and EditDocumentController
exchange state data in an URL-parameter.

This state-array is serialized in the EditDocumentController
and again unserialized in the Wizard/AddController from that
GET parameter. Without any checks, every code can be injected
to be unserialized here - even though we just need an array
with some data.

This patch changes serialize/unserialize to json_encode and
json_decode. Since the GET parameter only is used in
conjunction of these two classes it is save to changes the
format how the URL parameters are serialized.

Change-Id: Ife07d794b92cadeccbefda04af443a5a8cd161b6
Fixes: #54073
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 8ce4743c0ff10fa6b9e4d57798dc6c7e1d51e38c
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26195
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
5 years ago[BUGFIX] ClientUtility does not detect Internet Explorer 11 85/25885/2
Stefan Neufeind [Sun, 1 Dec 2013 14:33:13 +0000 (15:33 +0100)]
[BUGFIX] ClientUtility does not detect Internet Explorer 11

Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing patterns
fail and the browser is detected as unknown browser.

TYPO3 deactivates several features for unknown browser. As a
result f.e. the RTE does not load.

This change adds special treatment for IE11+ by introducing an
additional regular expression matching the new user agent format
and looking for the Trident engine to be present.

In addition unit tests for common IE 9-11 user agents are added.

Change-Id: I389f344a498ac77f3e6445656dd125fd5d236a98
Resolves: #54124
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25885
Reviewed-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] Add missing namespacing for calling GeneralUtility 34/25834/2
Stefan Neufeind [Sun, 1 Dec 2013 11:12:14 +0000 (12:12 +0100)]
[BUGFIX] Add missing namespacing for calling GeneralUtility

Regression-fix for change from:
https://review.typo3.org/25057

Resolves: #54117
Releases: 6.1, 6.0
Change-Id: I0de156365d4d8f55cb269e0b29e40b7c3dbcf9e5
Reviewed-on: https://review.typo3.org/25834
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Reviewed-by: Oliver Klee
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
5 years ago[BUGFIX] ext:adodb Restrict connection wizard to admins 62/25762/3
Christian Kuhn [Fri, 29 Nov 2013 15:23:40 +0000 (16:23 +0100)]
[BUGFIX] ext:adodb Restrict connection wizard to admins

In the unlikely case ext:datasources is used, there is a potential
information disclosure that content of this table is shown to
non-admin backend users. This is better sanitized with the patch.

Change-Id: I748a0e05b57ac8c6d9c37cdd86fdb093c380dea5
Resolves: #42651
Releases: 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/25762
Reviewed-by: Oliver Klee
Tested-by: Oliver Klee
Reviewed-by: Franz G. Jahn
Tested-by: Franz G. Jahn
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
5 years ago[TASK] Set TYPO3 version to 6.0.12-dev 99/25699/2
TYPO3 Release Team [Tue, 26 Nov 2013 15:42:46 +0000 (16:42 +0100)]
[TASK] Set TYPO3 version to 6.0.12-dev

Change-Id: Ie5b5357e3979d5299e147f1afdebe7df042470ea
Reviewed-on: https://review.typo3.org/25699
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[RELEASE] Release of TYPO3 6.0.11 98/25698/2 TYPO3_6-0-11
TYPO3 Release Team [Tue, 26 Nov 2013 15:42:18 +0000 (16:42 +0100)]
[RELEASE] Release of TYPO3 6.0.11

Change-Id: I5519d03da62894d133df316dbb675a4651f850f1
Reviewed-on: https://review.typo3.org/25698
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
5 years ago[BUGFIX] t3skin calls addIconSprite for each lang 84/25684/2
Michiel Roos [Mon, 25 Nov 2013 10:40:49 +0000 (11:40 +0100)]
[BUGFIX] t3skin calls addIconSprite for each lang

The t3skin extension adds icon sprites for each language. And that's
great, but not so great that it calls addIconSprite for each language.

Instead the iconArray can be built up and submitted once to
addIconSprite.

This saves 248 calls to addIconSprite which calls array_merge etc.

This saves ~ 22 ms for each request.

Change-Id: I0fdc09de46899e4160f907aefd8b3b3b596a2df3
Resolves: #53918
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/25684
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
5 years ago[BUGFIX] Reload list module on clickmenu action 44/25544/2
Bernhard Kraft [Wed, 20 Nov 2013 10:48:32 +0000 (11:48 +0100)]
[BUGFIX] Reload list module on clickmenu action

This solves the problem of a not refreshing list module
when the clickmenu of an element is used to copy/move the
element.

Releases: 6.2, 6.1, 6.0, 4.5
Resolves: #15958
Change-Id: I2eee6162636e0c78ed361c26f81ce2bfe8835283
Reviewed-on: https://review.typo3.org/25544
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind