Packages/TYPO3.CMS.git
4 years ago[RELEASE] Release of TYPO3 6.1.11 37/32937/2 TYPO3_6-1-11
TYPO3 Release Team [Tue, 23 Sep 2014 13:22:32 +0000 (15:22 +0200)]
[RELEASE] Release of TYPO3 6.1.11

Change-Id: Ife15dec7828169dd185d355f3abd407b6aa208f5
Reviewed-on: http://review.typo3.org/32937
Reviewed-by: TYPO3 Release Team <typo3v4@typo3.org>
Tested-by: TYPO3 Release Team <typo3v4@typo3.org>
4 years ago[BUGFIX] Invalid shortcut target on translated pages 76/27676/2
Oliver Hader [Sat, 13 Oct 2012 11:38:19 +0000 (13:38 +0200)]
[BUGFIX] Invalid shortcut target on translated pages

A feature to resolve shortcut links directly in menu rendering
does not consider the overlay behaviour of the "shortcut" value.

TSFE first uses the "shortcut" value of the original/default
page and then serves for possible translated alternatives
(TypoScriptFrontendController::checkTranslatedShortcut()).
In menu rendering it's the other way round, the translated
overlay (if any) is used directly - the fallback to use the
"shortcut" value of the original/default page is not implemented.

This change introduces the fallback when rendering menus, which
will take the "shortcut" value of the default language if the
value in the overlay is empty.

Change-Id: I26a9eb4813c6b99327043b0a764ec7ff80b6a905
Fixes: #36822
Releases: 6.2, 6.1
Reviewed-on: http://review.typo3.org/27676
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
4 years ago[BUGFIX] Transfer curlProxyServer to new HTTP settings 80/31880/2
Ernesto Baschny [Sun, 27 Jul 2014 11:59:20 +0000 (13:59 +0200)]
[BUGFIX] Transfer curlProxyServer to new HTTP settings

Splits up the old curlProxyServer correctly, stripping "http://" and
potentially trailing slashes.

Resolves: #45834
Releases: 6.3, 6.2, 6.1
Change-Id: Ibfefb927b5fd3fe900170870e1093027d4fe34b5
Reviewed-on: http://review.typo3.org/31880
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
4 years ago[BUGFIX] RootlineUtility wrongly handles group-type fields 26/32726/2
Francois Suter [Tue, 15 Apr 2014 19:48:16 +0000 (21:48 +0200)]
[BUGFIX] RootlineUtility wrongly handles group-type fields

\TYPO3\CMS\Core\Utility\RootlineUtility::enrichWithRelationFields()
tries to resolve relations to the current page record, including
fields with MM-relations. But it wrongly tests only for the
"foreign_table" property, whereas group-type fields will use the
"allowed" property.

This patch checks for "allowed" first and falls back on
"foreign_table". Furthermore a check is added to ensure the final
implode is indeed working on an array.

Resolves: #50396
Releases: 6.3, 6.2, 6.1
Change-Id: I43427061a5051298a25e45584aa995846ebb877c
Reviewed-on: http://review.typo3.org/32726
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
4 years ago[BUGFIX] indexed_search: in some cases indexing does not work 02/32602/2
Samir Rachidi [Mon, 25 Aug 2014 15:59:09 +0000 (17:59 +0200)]
[BUGFIX] indexed_search: in some cases indexing does not work

In some cases $pObj->register['SYS_LASTCHANGED'] is NULL and therefore
a MySQL error occurs during indexing a page. So, in these cases,
we need to set the 'mtime' value by getting it from the page and we
always want to prevent a NULL-value getting inserted into the DB.

Resolves: #61135
Releases: 6.1, 6.2, 6.3
Change-Id: Idb78af3aa23350db4bd43f58638541e6b3ad3ae3
Reviewed-on: http://review.typo3.org/32602
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
4 years ago[TASK] Missing stdWrap for select.recursive TypoScript property 10/32210/2
Matthias Kappenberg [Tue, 13 May 2014 11:09:24 +0000 (13:09 +0200)]
[TASK] Missing stdWrap for select.recursive TypoScript property

Processing stdWrap for the select.recursive TypoScript property
has just been forgotten in the original issue #18822 during the
development of TYPO3 4.6.

Change-Id: I34f2ac45e5112fbcc2becf7936f486f0b53d361a
Resolves: #55707
Releases: 6.3, 6.2, 6.1
Reviewed-on: http://review.typo3.org/32210
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
4 years ago[BUGFIX] Collect correct information on elements in page 27/32327/2
Jigal van Hemert [Fri, 1 Aug 2014 04:55:35 +0000 (06:55 +0200)]
[BUGFIX] Collect correct information on elements in page

In the page module information on neighboring content elements is
collected while building the page layout. This information must
be remembered for other elements on the page instead of generated
new when rendering each element. This makes sure the move buttons and
edit buttons have the correct URLs.

Resolves: #60199
Releases: 6.3, 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I9fec256b145fe8aba229d8b026fba73871942347
Reviewed-on: http://review.typo3.org/32327
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
4 years ago[BUGFIX] Prevent uninstall of an extension during update 29/31329/2
Nicole Cordes [Fri, 4 Jul 2014 20:44:20 +0000 (22:44 +0200)]
[BUGFIX] Prevent uninstall of an extension during update

This patch removes the uninstall process before an extension is updated.

Resolves: #51572
Releases: 6.1
Change-Id: I61400e9568986d3bbacc3a0a7ad53a4498f3c091
Reviewed-on: http://review.typo3.org/31329
Reviewed-by: Stefano Kowalke <blueduck@gmx.net>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
4 years ago[BUGFIX] Fix Extbase language fallback in query parser 69/31869/2
Helmut Hummel [Sun, 27 Jul 2014 14:20:04 +0000 (16:20 +0200)]
[BUGFIX] Fix Extbase language fallback in query parser

Currently when TYPO3 is configured to do language fallback
and a record is translated in language A, but not
in language B and language B is requested, then this
record is excluded.

This is the case because of a wrong subselect condition.

Extbase selects records in the requested translation
or if no translation is available in the default language.
However the check if translation is available looks
for *any* translation not only for a translation in the
requested language. Thus the record from the default
language is not selected at all if there are translations
available in any other language.

Solution is to change the subselect condition to check
for the currently requested language.

Releases: 6.1, 6.2, master
Resolves: #60613
Change-Id: I8ebd68e1f5741d3557910ae2f8c2d19474548d01
Reviewed-on: http://review.typo3.org/31869
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
4 years ago[BUGFIX] Avoid superfluous IRRE child record duplication 69/30469/2
Alexander Stehlik [Wed, 28 May 2014 11:14:37 +0000 (13:14 +0200)]
[BUGFIX] Avoid superfluous IRRE child record duplication

If copying a page, all records on that page will be copied to
the accordant destination page. IRRE parent-child structures
are cloned along the way as well. However, if a table (that is
defined a IRRE child) is processed before the accordant parent
record, the parent itself will duplicate its children again.
This behaviour leads to superfluous duplicates and is wrong.

A check in DataHandler::copyRecord_procBasedOnFieldType() now
ensures that records are only copied once during the accordant
DataHander copy process.

Resolves: #44795
Releases: 6.2, 6.1
Change-Id: Iebc22529a98b73cc55396de0718fee9aa877b5bb
Reviewed-on: http://review.typo3.org/30469
Reviewed-by: Felix Jacobi <flex.jacobi+t3@gmail.com>
Tested-by: Felix Jacobi <flex.jacobi+t3@gmail.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
4 years ago[BUGFIX] Add use-statement for GeneralUtility 43/31843/3
Stefan Neufeind [Sat, 26 Jul 2014 11:27:05 +0000 (13:27 +0200)]
[BUGFIX] Add use-statement for GeneralUtility

With Change-Id: I57a2a2a06a97fc1eda6e0438bfdc6e210437e5bb
a line was packported which relied on a use-statement
for GeneralUtility. Since GeneralUtility is often used
in this class, simply add a use-statement.

Change-Id: Ifc8efbf97427a84e160c3e406b6a3e1dc1b7df1d
Resolves: #60595
Releases: 6.1
Reviewed-on: http://review.typo3.org/31843
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
4 years ago[BUGFIX] Menu-links generate two empty spaces at closing anchor 83/31683/2
Stefan Neufeind [Fri, 18 Jul 2014 22:05:05 +0000 (00:05 +0200)]
[BUGFIX] Menu-links generate two empty spaces at closing anchor

Checks for ATagParams & access key code before adding empty
spaces between anchor parameters.

Resolves: #50566
Releases: 6.3, 6.2, 6.1
Change-Id: I57a2a2a06a97fc1eda6e0438bfdc6e210437e5bb
Reviewed-on: http://review.typo3.org/31683
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
4 years ago[BUGFIX] Followup to CacheBackend patch 22/31522/2
Markus Klein [Tue, 8 Jul 2014 21:00:10 +0000 (23:00 +0200)]
[BUGFIX] Followup to CacheBackend patch

Re-add a missing use statement that vanished during rebase.

Resolves: #59587
Releases: 6.3, 6.2, 6.1
Change-Id: I16ac1b9d5a00c4300202eaef493de43fc988a81d
Reviewed-on: https://review.typo3.org/31522
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Too many tags by identifier in CacheBackends 19/31519/2
Alexander Opitz [Tue, 17 Jun 2014 07:58:32 +0000 (09:58 +0200)]
[BUGFIX] Too many tags by identifier in CacheBackends

This applies to Apc/Memcached/Wincache/Xcache backends.

After an array_merge the values aren't unique. This leads to duplicate
tags per identifier. This patch changes that and also moves the
findTagsByIdentifier call out of the foreach loop.

Resolves: #59587
Releases: 6.3, 6.2, 6.1
Change-Id: Id31e16fa4bba11038ba692a483fb9a33808d95fa
Reviewed-on: https://review.typo3.org/31519
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[TASK] Set TYPO3 version to 6.1.11-dev 11/31511/2
TYPO3 Release Team [Tue, 8 Jul 2014 12:57:49 +0000 (14:57 +0200)]
[TASK] Set TYPO3 version to 6.1.11-dev

Change-Id: Ie4ae5a728eecb0522e2937b685ed8704b3dd7cff
Reviewed-on: https://review.typo3.org/31511
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[RELEASE] Release of TYPO3 6.1.10 10/31510/2 TYPO3_6-1-10
TYPO3 Release Team [Tue, 8 Jul 2014 12:57:17 +0000 (14:57 +0200)]
[RELEASE] Release of TYPO3 6.1.10

Change-Id: I73a5e72ee9cad630ea2d2ee50d115d4a8d7310f0
Reviewed-on: https://review.typo3.org/31510
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[BUGFIX] Movements pollute colPos value of content elements 93/31493/2
Nicole Cordes [Tue, 8 Jul 2014 07:53:33 +0000 (09:53 +0200)]
[BUGFIX] Movements pollute colPos value of content elements

Due to commit I148ca1b023226f2f99417b3baf238b72346e721f the information
concerning previous and next content elements in one row is messed up.
This patch helps to build information which depends on colPos again and
prevents records being moved to another column.

Resolves: #48939
Resolves: #49055
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I3a15321ee11a1f7d96b58b8b7a5ab14098664b22
Reviewed-on: https://review.typo3.org/31493
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] TCA: handle select renderMode=tree with minitems=1 AND maxitems=1 81/31481/2
Alexander Bigga [Fri, 27 Jun 2014 12:57:39 +0000 (14:57 +0200)]
[BUGFIX] TCA: handle select renderMode=tree with minitems=1 AND maxitems=1

Using the TCA select renderMode=tree with the option
minitems=1 AND maxitems=1
leads to two bugs since TYPO3 4.5:

First #48943
* A new table entry won't mark the field selection as required. The yellow
  question mark is missing and you can save the entry.
* Once you select a checkbox in the tree and unselect it again, the
  required-check is working.

Second: #31637
* You load an existing table entry with a selection of e.g. a category
  which has been hidden or deleted. The selected checkbox won't be shown,
  but the required-check fails.
* Even worse: You can't select another category as the form thinks you
  have already selected one item (maxitem=1). You can fix this only by
  manipulating the database directly.

The reason for these bugs can be found in
DataPreprocessor::renderRecord_selectProc(). For maxitems = 1 the
foreign_table element ids for the tree will be fetched by getDataIdList().
These elements won't be checked whether they are valid (hidden/deleted).
This check is done in selectAddForeign() which is used for maxitems > 1.

The patch uses the same procedure as for maxitems > 1 in case
of renderMode = tree.

Resolves: #48943
Resolves: #31637
Releases: 6.3, 6.2, 6.1
Change-Id: I078ff524ea73951f2121d2c233a46bc2ae562952
Reviewed-on: https://review.typo3.org/31481
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Set internalUploadMap on upload in ExtendedFileUtility 85/29885/2
Marc Bastian Heinrichs [Sat, 3 May 2014 17:34:24 +0000 (19:34 +0200)]
[BUGFIX] Set internalUploadMap on upload in ExtendedFileUtility

Since introducing FAL the internalUploadMap array in
ExtendedFileUtility was not set on uploading files.

Resolves: #58463
Releases: 6.2, 6.1, 6.0
Change-Id: I4a537a57f1b688c26c20b9f68356a4be67bc5851
Reviewed-on: https://review.typo3.org/29885
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
4 years ago[BUGFIX] Wrong image reference handling during flexform copying 26/31426/2
Alexey Gafiulov [Thu, 19 Jun 2014 16:12:42 +0000 (22:12 +0600)]
[BUGFIX] Wrong image reference handling during flexform copying

References in flexforms having type=inline are not processed correctly
during copy.

Fix this by properly applying the reference field check.

Resolves: #59664
Releases: 6.3, 6.2, 6.1
Change-Id: I1abfa001ba420531ca0c59903e82b1509e0819e0
Reviewed-on: https://review.typo3.org/31426
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Suggest wizard doesn't work in page flexforms 22/31422/3
Bernhard Kraft [Wed, 18 Jun 2014 08:04:28 +0000 (10:04 +0200)]
[BUGFIX] Suggest wizard doesn't work in page flexforms

When using the suggest wizard from within a flexform in a page it
doesn't work properly. The $row variable was only set when processing
tables other than pages but is required for proper flexform handling.

Change-Id: I0eec29b3c7266bae809e2753cdee726a4c50b1ab
Resolves: #59642
Releases: 6.3, 6.2, 6.1
Reviewed-on: https://review.typo3.org/31422
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Remove non-needed URL parameter for standard search 20/31420/2
Tomita Militaru [Tue, 12 Nov 2013 14:57:56 +0000 (16:57 +0200)]
[BUGFIX] Remove non-needed URL parameter for standard search

Removes parameter to prevent duplicate content, speaking
url problems and overloaded urls.

Resolves: #51189
Releases: 6.3, 6.2, 6.1
Change-Id: I076d2f87ac7a1d0d9d831cf3293d060318750c7d
Reviewed-on: https://review.typo3.org/31420
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Fix usergroup condition in user TSconfig 52/31152/2
Markus Klein [Tue, 24 Jun 2014 14:18:59 +0000 (16:18 +0200)]
[BUGFIX] Fix usergroup condition in user TSconfig

usergroup conditions in user TSconfig are currently failing as
the list of groups the user is part of, is not yet compiled when
the TSconfig is evaluated.

This can be fixed by moving the group evaluation some lines upwards,
as this does not influence the remaining code.

Resolves: #59813
Releases: 6.3, 6.2, 6.1
Change-Id: Id3189ea5cd31936bdf538e2bb163ecc2d46ed6a0
Reviewed-on: https://review.typo3.org/31152
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Create workspace label placeholder that matches field conditions 84/31284/2
Sascha Egerer [Wed, 7 Aug 2013 17:10:04 +0000 (19:10 +0200)]
[BUGFIX] Create workspace label placeholder that matches field conditions

If a workspace placeholder record is generated the field, that
is configured as label for a table, is filled with a placeholder.
This is a hardcoded string.
If database field does not allow strings (integer, double...)
a TYPO3 warning is displayed. "... Propably value mismatch ...".
This message is very confusing because the user does not know
where it comes from.

The label should be evaluated against the TCA eval configuration
before it is written to the database.

Resolves: #31757
Releases: 6.3, 6.2, 6.1
Change-Id: I18261359550dcaddaa9bd9ca0dd77f8300e81da9
Reviewed-on: https://review.typo3.org/31284
Reviewed-by: Sascha Egerer
Tested-by: Sascha Egerer
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Fix unit tests after latest PHP changes 21/31221/3
Helmut Hummel [Sun, 29 Jun 2014 12:40:23 +0000 (14:40 +0200)]
[BUGFIX] Fix unit tests after latest PHP changes

Latest changes in PHP disallow unserialize on
certain internal classes. Since phpunit uses
unserialize to create objects of such classes
when requesting a mock without calling the constructor
these tests failed with a PHP fatal error.

Instead of skipping the tests, we can simply provide
mocked constructor arguments (if required) so that
phpunit can create a mock object by using the new operator
and passing these mocked constructor arguments.

Change-Id: I26aa06125581b4ca93abcbad2ebb98003509e81a
Resolves: #59979
Related: #59685
Releases: 6.1
Reviewed-on: https://review.typo3.org/31221
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[TASK] Improve travis notifications to channels 22/31222/2
Helmut Hummel [Sun, 29 Jun 2014 12:51:42 +0000 (14:51 +0200)]
[TASK] Improve travis notifications to channels

By default travis notifies on each build when
posting to channels (irc, slack)
We can reduce the number of notifications by only
posting successful builds when it previously failed.
Additionally encrypt the API token for posting to slack.

Releases: 6.3, 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I882d34903c972201454e6cc5b9041393e3bd3661
Reviewed-on: https://review.typo3.org/31222
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[TASK] Reset phpunit to 3.7 version 15/31215/5
Anja Leichsenring [Sun, 29 Jun 2014 09:53:58 +0000 (11:53 +0200)]
[TASK] Reset phpunit to 3.7 version

Some 6.1 tests do not work with phpunit 4.0 and above.
Instead of fixing them in 6.1 branch, we use a ext:phpunit
version that bundles phpunit 3.7.

Releases: 6.1
Resolves: #59978
Change-Id: If2d9173ef964a2f71428c495c2ac5c5171025f9c
Reviewed-on: https://review.typo3.org/31215
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Gifbuilder: Fix image-mask-functionality 02/31202/3
Stefan Neufeind [Fri, 6 Jun 2014 14:10:26 +0000 (16:10 +0200)]
[BUGFIX] Gifbuilder: Fix image-mask-functionality

Mask-functionality is broken since the
introduction of FAL.

Change-Id: Iff28d9561e10f7581041bcc35bd56dfc972954b3
Resolves: #59392
Releases: 6.3, 6.2, 6.1
Reviewed-on: https://review.typo3.org/31202
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[TASK] Add a function for clearing the rootline caches 00/31200/2
Oliver Klee [Tue, 13 May 2014 12:44:05 +0000 (14:44 +0200)]
[TASK] Add a function for clearing the rootline caches

The RootlineUtility uses two local caches and one additional cache from
the caching framework. If a unit test uses the RootlineUtility, it needs
a way of purging these caches so it does not change the environment.

Resolves: #58763
Releases: 6.3, 6.2, 6.1
Change-Id: Ia9878b808acfa03f018086829f90b84d4c5e8512
Reviewed-on: https://review.typo3.org/31200
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years agoRevert "[BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler" 41/31041/4
Helmut Hummel [Sun, 22 Jun 2014 10:24:24 +0000 (12:24 +0200)]
Revert "[BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler"

This introduced a regression. It turns out that it needs more work
to get all cases covered correctly.

Resolves: #58728
Reverts: #16472
Releases: 6.1, 6.2, 6.3

This reverts commit 203c1eb9d1c621726be57268619b7b48ffbffeb6

Change-Id: I469461a042f37757daafbf23d27a73ad236fcb50
Reviewed-on: https://review.typo3.org/31041
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Remove misspelled setting rootlevel for sys_file_collection 12/31012/2
Marc Bastian Heinrichs [Sat, 21 Jun 2014 17:24:56 +0000 (19:24 +0200)]
[BUGFIX] Remove misspelled setting rootlevel for sys_file_collection

The correct setting would have been rootLevel. So it was never
evaluated, remove it.

Resolves: #59773
Releases: 6.3, 6.2, 6.1
Change-Id: I594924caed47c5c911def94524148354790b77b4
Reviewed-on: https://review.typo3.org/31012
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
4 years ago[BUGFIX] Fix empty globalString LIT condition comparison 92/30992/2
Marc Bastian Heinrichs [Wed, 4 Jun 2014 14:40:53 +0000 (16:40 +0200)]
[BUGFIX] Fix empty globalString LIT condition comparison

An empty "LIT:" condition results in NULL, so the strict compare
doesn't match with the empty string.

Solution is to cast the haystack to string before, like it was
done anyway later in the preg_match.

Releases: 6.3, 6.2, 6.1
Resolves: #59344
Change-Id: I1e4b00e454d921eedd0c03a1767d4ec57c321bd7
Reviewed-on: https://review.typo3.org/30992
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Treat link handler links as internal URLs 76/30976/2
Alexander Stehlik [Tue, 18 Feb 2014 09:55:05 +0000 (10:55 +0100)]
[BUGFIX] Treat link handler links as internal URLs

The RteHtmlParser will now check if a scheme found by parse_url()
matches a configured typolinkLinkHandler. If this is the case the
link will be treated as internal.

Resolves: #49036
Releases: 6.3, 6.2, 6.1
Change-Id: Ie4e6bded7a1c4d0c61e4f1a20bc23115612c1519
Reviewed-on: https://review.typo3.org/30976
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Followup to "system locale when indexing" 97/30897/2
Markus Klein [Fri, 20 Jun 2014 02:34:55 +0000 (04:34 +0200)]
[BUGFIX] Followup to "system locale when indexing"

A backport mistake happened letting the jpeg file extension
vanish. Undo that mistake.

Resolves: #30244
Releases: 6.1
Change-Id: I9e12485f03b5f4f468920e47b81308de2e0c6a4a
Reviewed-on: https://review.typo3.org/30897
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Use system locale when indexing external documents 18/26918/5
Jigal van Hemert [Sun, 25 Sep 2011 09:58:14 +0000 (11:58 +0200)]
[BUGFIX] Use system locale when indexing external documents

If paths or filenames of external documents contain utf-8 characters
the system locale must be used. Functions like escapeshellarg and
basename are locale aware.

Change-Id: I50a73a42d60de569c63e5ba27ad6a6a3a66fd6c8
Fixes: #30244
Releases: 4.5, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/26918
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Pass field name variable to flexform DS utility 91/30891/3
Claus Due [Mon, 9 Jun 2014 21:30:37 +0000 (23:30 +0200)]
[BUGFIX] Pass field name variable to flexform DS utility

A field name parameter is not being passed from within
DataHandler when copying a record which has a FlexForm
DF associated with it. This causes dynamic FlexForm DS
definitions to not be able to depend on the field name,
in turn causing the problem that an incorrect DS may be
returned from the DS utility which makes TYPO3 process
the data value incorrectly (for example, not detecting
file fields and processing the values accordingly).

To solve this the $field parameter is passed.

Resolves: #59423
Releases: 6.3, 6.2, 6.1
Change-Id: Icfafd553f76e17ad5db651bb3f5dea52b140dcf7
Reviewed-on: https://review.typo3.org/30891
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Extensionmanager does not show error messages on update failure 35/29735/2
Philipp Gampe [Tue, 25 Mar 2014 02:13:49 +0000 (03:13 +0100)]
[BUGFIX] Extensionmanager does not show error messages on update failure

The extension manager fails to show any error message if an extension
update fails.

Convert exceptions (e.g. dependency fails, TER download fails) into a
nice flashmessage.
Convert any server errors (uncatchable PHP errors) into a flashmessage.

Resolves: #56823
Releases: 6.2, 6.1
Change-Id: Ife3c6d3dcd23177ba22192dd6ae720352931b538
Reviewed-on: https://review.typo3.org/29735
Reviewed-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Erroneous date sorting in File List 11/30711/2
Francois Suter [Wed, 11 Jun 2014 09:38:24 +0000 (11:38 +0200)]
[BUGFIX] Erroneous date sorting in File List

The sorting by date fails in the Filelist module when more
than 9 files with the same date are found since the numerical
suffix used to avoid overwriting existing entries in the
sorting array is not properly padded.

Fixes: #59458
Releases: 6.2, 6.1
Change-Id: I2c80a00dd1692b0987da3d461cc5a21fcea4c97d
Reviewed-on: https://review.typo3.org/30711
Reviewed-by: Francois Suter
Tested-by: Francois Suter
4 years ago[BUGFIX] sys_news on login with twice hsc 90/30690/2
Alexander Opitz [Tue, 10 Jun 2014 12:10:02 +0000 (14:10 +0200)]
[BUGFIX] sys_news on login with twice hsc

Set RteHtmlParser in dontHSC_rte modus to fix garbled output.

Resolves: #25188
Releases: 6.2, 6.1
Change-Id: Ib01c3f6dcf1729b1979003c207aa622cc5c9b5c3
Reviewed-on: https://review.typo3.org/30690
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
4 years ago[BUGFIX] Fix command description 13/30613/3
Mathias Brodala [Fri, 6 Jun 2014 17:49:14 +0000 (19:49 +0200)]
[BUGFIX] Fix command description

Due to using array_pop instead of array_shift the last line
of the command description is dropped instead of the first.

Use array_shift instead to get the full description
annotated for the command method.

Resolves: #59324
Releases: 6.2, 6.1, 4.7
Change-Id: I4d7c320b0ef334adbd15997d15d8e7a56d5739c1
Reviewed-on: https://review.typo3.org/30613
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] getIndpEnv('TYPO3_SSL') fails to detect reverseProxyIp 04/30604/2
Jan-Erik Revsbech [Thu, 5 Jun 2014 09:33:54 +0000 (11:33 +0200)]
[BUGFIX] getIndpEnv('TYPO3_SSL') fails to detect reverseProxyIp

When running TYPO3 behind a reverse proxy, which also handles SSL,
the setting reverseProxySSL should check if the site is requested
from one of the reverse proxies in order to determine whether
the site is using SSL.

It incorrectly does this check via getIndpEnv('REMOTE_ADDR') which has
already translated the proxy IP to the end-users IP, thus always
returning FALSE.

Resolves: #37467
Releases: 6.2, 6.1
Change-Id: I95615b0fea94e0ef0222e958e4e0bba5e6e9f60a
Reviewed-on: https://review.typo3.org/30604
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Illegal string offset 'uid' in TypoScriptFrontendController 95/30595/3
Robert Vock [Thu, 5 Jun 2014 11:54:58 +0000 (13:54 +0200)]
[BUGFIX] Illegal string offset 'uid' in TypoScriptFrontendController

Logoff sets user property to an empty string instead of NULL. This
leads to a PHP Warning in PHP 5.4

Change-Id: Ib0e1a31dbf2fd3fcbcf1e7afd972b53d60c3ab5d
Resolves: #59364
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/30595
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Warning in SearchController 87/30587/2
Christian Zenker [Mon, 2 Jun 2014 11:49:00 +0000 (13:49 +0200)]
[BUGFIX] Warning in SearchController

$this->sWArr is not defined SearchController.
Fix this to use the correct $this->searchWords variable.

Change-Id: Iba888f1a47dcc0952ffbbb1e3bb4413435c2a95e
Resolves: #59277
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/30587
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Fix frontend unit tests if executed standalone 63/30563/2
Helmut Hummel [Wed, 4 Jun 2014 14:23:07 +0000 (16:23 +0200)]
[BUGFIX] Fix frontend unit tests if executed standalone

* Unit tests are allowed for CLI anyway
* Remove allow all in data provider

The latter implicitly caused a global allow, as PHPUint parses
all data providers before any test is run, thus setting globals there
will cause them to be preserved (and restored when backup globals is true).

Releases: 6.2, 6.1, 6.0
Resolves: #59343
Change-Id: I646294bb472027e22d6edc0622068698fe9a88fc
Reviewed-on: https://review.typo3.org/30563
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] DataHandler::log() must not return NULL 49/30549/2
Markus Klein [Wed, 28 May 2014 17:38:29 +0000 (19:38 +0200)]
[BUGFIX] DataHandler::log() must not return NULL

Ensure the DataHandler::log() function does return integers
in all cases as denoted in the doc header.

Resolves: #59185
Releases: 6.2, 6.1, 6.0
Change-Id: I2a6aa0415b7cc19f10b4a290e43bd20065e6c9e1
Reviewed-on: https://review.typo3.org/30549
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Fix wrong JS function name in RTE 40/30540/2
Markus Klein [Tue, 3 Jun 2014 10:02:04 +0000 (12:02 +0200)]
[BUGFIX] Fix wrong JS function name in RTE

RTE feature "userlinks" generates a wrong JS function
name due to the automatic replacement during the
namespace conversion.

Revert this line to use the correct JS function name.

Resolves: #59302
Releases: 6.2, 6.1, 6.0
Change-Id: Ia6b51e7e1b1dfa0e618106f4f039bd0774464a97
Reviewed-on: https://review.typo3.org/30540
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Fix double ? in eID url for encryption key 85/30385/3
Markus Klein [Sun, 25 May 2014 14:33:06 +0000 (16:33 +0200)]
[BUGFIX] Fix double ? in eID url for encryption key

The AJAX url for retrieving a new encryption key contains
two question marks. This causes the request to fail.

Fix this by removing the superflous ? from the parameters.

Resolves: #59034
Releases: 6.1, 4.7, 4.5
Change-Id: Iab3833f50a48b71b25cf0205f7eb8d6b57dd859a
Reviewed-on: https://review.typo3.org/30385
Reviewed-by: Alexander Opitz
Reviewed-by: Michael Schams
Tested-by: Michael Schams
Reviewed-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Flexform element title is cropped to hardcoded length 88/30488/2
Sebastian Michaelsen [Wed, 21 May 2014 07:53:52 +0000 (09:53 +0200)]
[BUGFIX] Flexform element title is cropped to hardcoded length

The title of a flexform element is cropped to maximum length of 30
characters. Instead it should obey the maximum title length in the user
settings.

Resolves: #58910
Releases: 6.2, 6.1
Change-Id: I28c6fc94b2d492217479bf014ff8f67463b4e98f
Reviewed-on: https://review.typo3.org/30488
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Fix redirect to install tool in new installations 87/30487/2
Markus Klein [Sat, 24 May 2014 18:45:17 +0000 (20:45 +0200)]
[BUGFIX] Fix redirect to install tool in new installations

When setting up a new TYPO3 installation, TYPO3 should redirect
to the install tool, when accessing the frontend or backend.

This redirect fails since introduction of the trustedHostsPattern
since no configuration is available at this point, while the
request itself is a BE or FE request, which will be denied in this
case.
Solution is to set the REQUEST_TYPE to INSTALL before doing the redirect
to install tool so that creating the redirect is allowed.

Resolves: #59087
Releases: 6.2, 6.1
Change-Id: I31bcbc20fa1c9bca0d6bf2b940bf26b9affe893b
Reviewed-on: https://review.typo3.org/30487
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Parent language is not applied to new child records 72/30472/2
David Greiner [Tue, 27 May 2014 14:07:41 +0000 (16:07 +0200)]
[BUGFIX] Parent language is not applied to new child records

If localizing a parent-child structure, usually the language
of the parent element shall be applied to related child records
as well as new child records.

Due to a missing array segment, the accordant section in the
the InlineElement source code never was processed.

Resolves: #57063
Releases: 6.2, 6.1
Change-Id: I7e563044f9889538f9b8171f71f7685722db8266
Reviewed-on: https://review.typo3.org/30472
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] New content elements are always stored on pid 0 16/30416/2
Nicole Cordes [Sun, 25 May 2014 17:30:54 +0000 (19:30 +0200)]
[BUGFIX] New content elements are always stored on pid 0

Due to patch https://review.typo3.org/#/c/30305/ the string comparison
on colPos fails and new content elements are always stored on pid 0.
This patch corrects the check for an integer colPos type by setting the
unused variable to NULL.

Resolves: #59059
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: Iecd7f0cacf5c9315d882eebeb3893bcfa63ae7eb
Reviewed-on: https://review.typo3.org/30416
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Alternative implementations for view helpers do not work 49/30349/2
Marc Bastian Heinrichs [Sat, 15 Feb 2014 10:29:55 +0000 (11:29 +0100)]
[BUGFIX] Alternative implementations for view helpers do not work

Extbase allows to register alternative implementations for
objects. However that does not work for view helpers using
a closing tag. The resolved (alternative) object is compared
to the name of the original view helper and throws an
exception like:

  #1224485398: Templating tags not properly nested. Expected:
  "AlternativeViewHelper"; Actual: "OriginalViewHelper"

A simple solution is to save the class name of the object returned
from the object manager in a runtime cache and check this when
resolving a view helper name. A nice side effect is, that a same
view helper name must not be calculated over and over again.

Fixes: #52272
Releases: 6.0, 6.1, 6.2
Change-Id: Ie49e5e83c779b4748dc2059f8fbc85552ce4b406
Reviewed-on: https://review.typo3.org/30349
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Wrong HTML in locallang_csh_pages.xlf 30/30330/2
Markus Klein [Mon, 19 May 2014 18:38:30 +0000 (20:38 +0200)]
[BUGFIX] Wrong HTML in locallang_csh_pages.xlf

lang/4.5/locallang_csh_pages.xlf contains invalid
HTML structure a <p> tag should actually be a <b> tag.

Resolves: #58936
Releases: 6.2, 6.1, 4.5
Change-Id: Id37d424296628202d8d434e0cf9cafd8529da2c3
Reviewed-on: https://review.typo3.org/30330
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] TCA tree fail to load with IRRE 09/29909/2
Xavier Perseguers [Mon, 4 Mar 2013 08:51:02 +0000 (09:51 +0100)]
[BUGFIX] TCA tree fail to load with IRRE

The TCA tree element fail to load inside IRRE, in some condition
(when the record is not loaded/opened)

Change-Id: Id077a71e2191b0cf91003611e11dc5aefafab0c9
Resolves: #39035
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/29909
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Fix description of userHomePath and groupHomePath 06/29906/2
Marc Bastian Heinrichs [Sun, 4 May 2014 09:07:32 +0000 (11:07 +0200)]
[BUGFIX] Fix description of userHomePath and groupHomePath

Since making userHomePath and groupHomePath FAL compatible
the descriptions in DefaultConfiguration don't fit anymore.

Resolves: #56986
Releases: 6.2, 6.1
Change-Id: Ia27193b967137dd3744c2fdcf5b5b0d3366c0080
Reviewed-on: https://review.typo3.org/29906
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Properly check existence of array item 92/29892/2
Markus Klein [Thu, 10 Apr 2014 16:01:56 +0000 (18:01 +0200)]
[BUGFIX] Properly check existence of array item

The flexform converter in ContentObjectRenderer tries to access
an array element on a non-array.

Check existence with isset() first.

Resolves: #57809
Releases: 6.2, 6.1
Change-Id: I8e6111afee3a639b3077dc59bc2e32b72fa12f5c
Reviewed-on: https://review.typo3.org/29892
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler 97/29897/2
Alexander Opitz [Thu, 13 Jun 2013 13:48:17 +0000 (15:48 +0200)]
[BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler

The var pageNotFound is set, if the called page has access
restrictions. Afterwards starts a searching for an accessible page
in the rootline upwards.

If that page is a short link which also isn't accessible we stop
instead of searching again in this new rootline. Limiting this to a
maximum of 20 iterations to prevent endless loops.

If an accessible page is found we do not reset the pageNotFound var.
The PageNotFound handler reacts on this var and redirects to the 404
page instead of presenting the accessible page we found later on.

You can reproduce this with the introduction package, for example
change the access to the Example/Tables page to "Customer".
Afterwards go to http://yourdomain/?id=38 and you will see the 404
page. If you disable the pageNotFound_handling you will see the
content of the Example page.

Resolves: #16472
Releases: 6.2, 6.1
Change-Id: I1e58ec1f96422c6bf3e5c9c74f1b1c1666b68762
Reviewed-on: https://review.typo3.org/29897
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Fix failing unit tests for HTTP host check in CLI mode 25/30325/2
Helmut Hummel [Thu, 22 May 2014 09:33:09 +0000 (11:33 +0200)]
[BUGFIX] Fix failing unit tests for HTTP host check in CLI mode

The unit tests for the recent HTTP host fix are failing
if executed in CLI mode.
In CLI mode no server environments and HTTP headers are available,
that's why the behavior needs to know about the
test execution process.

We solve this by mocking allowed request types.

Resolves: #59022
Releases: 6.2, 6.1, 6.0
Change-Id: I3c93d181dcec5f34064798e7c31240877fde610d
Reviewed-on: https://review.typo3.org/30325
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[TASK] Set TYPO3 version to 6.1.10-dev 15/30315/2
TYPO3 Release Team [Thu, 22 May 2014 08:19:26 +0000 (10:19 +0200)]
[TASK] Set TYPO3 version to 6.1.10-dev

Change-Id: I4f3b6dc5fe3e7e64365b632d6bd2656cd45d1378
Reviewed-on: https://review.typo3.org/30315
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[RELEASE] Release of TYPO3 6.1.9 14/30314/2 TYPO3_6-1-9
TYPO3 Release Team [Thu, 22 May 2014 08:18:35 +0000 (10:18 +0200)]
[RELEASE] Release of TYPO3 6.1.9

Change-Id: I68884dbd5ac459c84ad18a14e7c7df30701ad72c
Reviewed-on: https://review.typo3.org/30314
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[SECURITY] Add trusted HTTP_HOST configuration 99/30299/2
Helmut Hummel [Thu, 22 May 2014 07:33:26 +0000 (09:33 +0200)]
[SECURITY] Add trusted HTTP_HOST configuration

TYPO3 uses the values of HTTP_HOST in several
places without validating them. This could
lead to a situation where links are generated
using the host part from HTTP_HOST.

Since HTTP_HOST headers are user input and
can be spoofed by an attacker, it leads
into several potential and actual security issues.

To address this, a configuration option for
trusted hosts is added, which is evaluated every
time getIndpEnv('HTTP_HOST') is called.

The configuration option is

$GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern']

and can contain either a regular expression or the
value "SERVER_NAME"

To properly output the exception message in case
the trustedHostPattern does not match,
we need to adapt the exception handlers slightly
to not log information in this case and to actually
show the message even in production context to not
confuse admins on what is currently going wrong.

To not break all existing installations, the default
pattern is set to 'SERVER_NAME' which allows all
HTTP_HOST values matching the SERVER_NAME (and
optionally the SERVER_PORT if a port is specified
in the HTTP_HOST value).

This will secure all installation which use properly
configured name based virtual hosts, but leaves
installations where the web server is not bound
to a specific host name still in an insecure state.

Change-Id: I38e6a18a3e66e80abda2a4682bd1348198de1f8b
Fixes: #30377
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30299
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in (old) extension manager information function 98/30298/2
Nicole Cordes [Thu, 22 May 2014 07:33:22 +0000 (09:33 +0200)]
[SECURITY] XSS in (old) extension manager information function

Needs to be fixed also in 6.x, but the affected function is not
used anymore.

Change-Id: I434689d4065496330a92e7086ec6899ddff1d2d6
Fixes: #54111
Fixes: #54113
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 383664ef458c2b978666311d294591d96a2d0eb9
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30298
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in new content element wizard 97/30297/2
Marcus Krause [Thu, 22 May 2014 07:33:17 +0000 (09:33 +0200)]
[SECURITY] XSS in new content element wizard

Sanitize user-input colPos in new content element wizard.

Change-Id: I68ee05a9113b2a0266c0be612b1a10272cb986a2
Fixes: #48695
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: eccb66a7ed4cb872f512f611395eae4ed0226e10
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30297
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in template tools on root page 96/30296/2
Marc Bastian Heinrichs [Thu, 22 May 2014 07:33:12 +0000 (09:33 +0200)]
[SECURITY] XSS in template tools on root page

Change-Id: I2958dcc7cecf8ef980d90dae66c6bd2df432ce4b
Fixes: #54109
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 788dfadc5c1339e9bc4533d595ce23a524cc5450
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30296
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in Backend Layout Wizard 95/30295/2
Helmut Hummel [Thu, 22 May 2014 07:33:08 +0000 (09:33 +0200)]
[SECURITY] XSS in Backend Layout Wizard

Change-Id: Ie3f08333e417d8d208b3b36b208056efd4dbcec0
Fixes: #57576
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: cc840cb0438cfdae76219c3ac5f28a1f341ae9b7
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30295
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Encode URL for use in JavaScript 94/30294/2
Jigal van Hemert [Thu, 22 May 2014 07:33:03 +0000 (09:33 +0200)]
[SECURITY] Encode URL for use in JavaScript

The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: I849534cd53d333f6e12846a8065ad7e5373b8e63
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 06a582c197dee4add0979f956f932ea03e2b3022
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30294
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Fix insecure unserialize in colorpicker 93/30293/2
Helmut Hummel [Thu, 22 May 2014 07:32:58 +0000 (09:32 +0200)]
[SECURITY] Fix insecure unserialize in colorpicker

Change-Id: Id3a692cdccb2d3a9ae46ae635ee5c316fa36e371
Fixes: #56458
Releases: 6.1, 6.0, 4.7, 4.5
Security-Commit: 3981e7efef710d680a18f8a5537a7085e540aab3
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30293
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Remove charts.swf to get rid of XSS vulnerability 92/30292/2
Helmut Hummel [Thu, 22 May 2014 07:32:53 +0000 (09:32 +0200)]
[SECURITY] Remove charts.swf to get rid of XSS vulnerability

The file charts.swf is vulnerable to XSS, is delivered
by ExtJS but not used in TYPO3 CMS at all.

Since the vendor of ExtJS did not fix this vulnerability,
we decided to remove it from TYPO3 sources.

Change-Id: I4d4f871e9e89250b0b818b50e8342bd902485464
Fixes: #54526
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 467ea328aaa23230bbe93b4deb18ec73fbd7b1e8
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30292
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Indexer tries to insert NULL into DB 44/30244/2
Markus Klein [Sun, 12 Jan 2014 15:57:41 +0000 (16:57 +0100)]
[BUGFIX] Indexer tries to insert NULL into DB

The Indexer of indexed_search tries to insert NULL values
into NOT NULL columns of the database.

Since #53662 NULL values are passed to the database,
hence these insert statements now fail.

Resolves: #54917
Releases: 6.2, 6.1, 6.0
Change-Id: Ia935abe14b9c3be2062f1b38ec98fb63921a1c2f
Reviewed-on: https://review.typo3.org/30244
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Wrong system requirements link 51/30151/2
Markus Klein [Thu, 15 May 2014 17:08:06 +0000 (19:08 +0200)]
[BUGFIX] Wrong system requirements link

Resolves: #58842
Releases: 6.2, 6.1
Change-Id: Ibaf87d32778349d5a87009bcd2b365447e6488fa
Reviewed-on: https://review.typo3.org/30151
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] DependencyUtility does count() on an integer 83/29883/2
Markus Klein [Mon, 5 May 2014 21:56:00 +0000 (23:56 +0200)]
[BUGFIX] DependencyUtility does count() on an integer

Remove the superfluous count() call.

Resolves: #58529
Releases: 6.2, 6.1, 6.0
Change-Id: I0933650b52063009de52268034480f6e06af56ac
Reviewed-on: https://review.typo3.org/29883
Tested-by: Stefan Neufeind
Reviewed-by: Markus Klein
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Solve stackoverflow in prototype in IE8 07/29907/2
Jigal van Hemert [Fri, 25 Apr 2014 10:39:59 +0000 (12:39 +0200)]
[BUGFIX] Solve stackoverflow in prototype in IE8

The reason for this behaviour is the combination of prototype.js
and ExtJS. The ExtJS defer() method takes precedence. Calling the
defer() method without any arguments would have resulted in using
a default value of "0.01" seconds in standalone prototype.js, but
results in directly calling the submitted function.

The stack overflow is caused by not delaying the function call
and thus ending in a recursive endless loop.

Resolves: #58187
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6db191ff67a3e869072877936d949fc733cda74f
Reviewed-on: https://review.typo3.org/29907
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Default image title in RTE contains the file name 80/29780/2
Stanislas Rolland [Thu, 1 May 2014 14:17:09 +0000 (10:17 -0400)]
[BUGFIX] Default image title in RTE contains the file name

When inserting an image in the RTE, the default image title should be
the image file title, not the image file name.

Resolves: #58373
Releases: 6.1, 6.2
Change-Id: I5aa3aae4db83cbd36244b89cc37c78184b290228
Reviewed-on: https://review.typo3.org/29780
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
4 years ago[BUGFIX] Wrong result on empty string globalString condition 49/27249/2
Marc Bastian Heinrichs [Fri, 5 Jul 2013 21:45:30 +0000 (23:45 +0200)]
[BUGFIX] Wrong result on empty string globalString condition

A TypoScript condition like
"[globalString = GP:anEmptyGetPostVarKey = ]" returns a false
value instead of the expected true value.

Fixes: #45183
Releases: 4.5,6.0, 6.1, 6.2
Change-Id: I114b702f4b5ae5f68236874325e82974a8ba6107
Reviewed-on: https://review.typo3.org/27249
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] saltedpasswords: Check rsaauth loading 60/29860/2
Nicole Cordes [Sun, 4 May 2014 17:45:48 +0000 (19:45 +0200)]
[BUGFIX] saltedpasswords: Check rsaauth loading

This patch adds the loading check of rsaauth before trying to access the
BackendFactory of rsaauth. Otherwise the extension manager gets broken
on entering extension configuration.

Resolves: #58504
Releases: 6.2, 6.1
Change-Id: I197fb5e032b31e6add388269f77e6fc834e45b54
Reviewed-on: https://review.typo3.org/29860
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
4 years ago[BUGFIX] SoftReferenceIndex support for more values in class attribute 52/29852/2
Marc Bastian Heinrichs [Sun, 4 May 2014 10:42:47 +0000 (12:42 +0200)]
[BUGFIX] SoftReferenceIndex support for more values in class attribute

The SoftReferenceIndex parses and rebuilds typolink tags, but the
support for more than one value in class attribute is missing, because
the values don't get enclosed with quotes on rebuilding.
This leads to lost classes in typolinks in exports from impexp.

Resolves: #58484
Releases: 6.2, 6.1, 4.5
Change-Id: I12ed3be7f5be36254bcee57fcb24bf2a10f92f46
Reviewed-on: https://review.typo3.org/29852
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Retrieving extension fails with some PHP versions 84/29784/2
Sascha Wilking [Fri, 2 May 2014 17:49:10 +0000 (19:49 +0200)]
[BUGFIX] Retrieving extension fails with some PHP versions

XmlParser has an issue with PHP < 5.4.28 leading to
unexpected empty arrays raising warnings. If development
preset is activated, warnings are turned into exceptions,
so the extension list parser stops importing.

Resolves: #58418
Releases: 6.2, 6.1
Change-Id: Idc6453bd8dcc46a933a1d6d72361ffff5842e39d
Reviewed-on: https://review.typo3.org/29784
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Wrong comment in ActionMenuViewHelper 33/29733/2
Markus Klein [Thu, 24 Apr 2014 22:30:46 +0000 (00:30 +0200)]
[BUGFIX] Wrong comment in ActionMenuViewHelper

ActionMenuViewHelper contains a wrong example for the usage
of the viewhelper. It uses a '=' where a ':' would be correct.

Resolves: #58166
Releases: 6.2, 6.1
Change-Id: I135310be0ac2e8df59f81dfbf694a0febbcde99a
Reviewed-on: https://review.typo3.org/29733
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Database query error for non-workspaces tables 58/29658/2
Oliver Hader [Fri, 25 Apr 2014 13:36:41 +0000 (15:36 +0200)]
[BUGFIX] Database query error for non-workspaces tables

In frontend rendering mode PageRepository::versionOL() is called
frequently to overlay workspace data. A further method call then
creates a query with required t3ver_* fields. This query fails
if a table is not considered to support workspaces/versioning at
all. This behaviour is regression that has been introduced with
issue #30604 during TYPO3 4.7 development.

Resolves: #58180
Releases: 6.2, 6.1, 6.0
Change-Id: I81d24ea16116563f4f0d75fafd06496a9c4e993d
Reviewed-on: https://review.typo3.org/29658
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[TASK] Set TYPO3 version to 6.1.9-dev 22/29522/2
TYPO3 Release Team [Wed, 16 Apr 2014 20:55:03 +0000 (22:55 +0200)]
[TASK] Set TYPO3 version to 6.1.9-dev

Change-Id: Icb574fdf43e9850c5eceba5be9fb41541305323c
Reviewed-on: https://review.typo3.org/29522
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[RELEASE] Release of TYPO3 6.1.8 21/29521/2 TYPO3_6-1-8
TYPO3 Release Team [Wed, 16 Apr 2014 20:54:35 +0000 (22:54 +0200)]
[RELEASE] Release of TYPO3 6.1.8

Change-Id: Ib8f3b0d555fad430262e8e864dcd40b9e7fa2ee0
Reviewed-on: https://review.typo3.org/29521
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[BUGFIX] DBAL sql_fetch_* must return boolean or array 13/29513/2
Jigal van Hemert [Wed, 16 Apr 2014 08:58:57 +0000 (10:58 +0200)]
[BUGFIX] DBAL sql_fetch_* must return boolean or array

If the end of a result set is reached some drivers produce NULL.
This must be changed into FALSE to be compatible with the
non-DBAL version of these functions.

Resolves: #57957
Releases: 6.2, 6.1
Change-Id: I664dd10735f88754c74e20ecd5c07fad5ef2b78d
Reviewed-on: https://review.typo3.org/29513
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
4 years ago[BUGFIX] Followup: Mandatory for Selectbox with TCA not possible 07/29507/2
Stefan Neufeind [Wed, 16 Apr 2014 14:37:55 +0000 (16:37 +0200)]
[BUGFIX] Followup: Mandatory for Selectbox with TCA not possible

Followup to: https://review.typo3.org/28625
No use-statement for MathUtility in 6.1 yet.

Change-Id: Iffa9c7cd9ab41831e34c40d7b3ada530ba73ac9c
Resolves: #24925
Resolves: #24871
Releases: 6.1
Reviewed-on: https://review.typo3.org/29507
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
4 years ago[BUGFIX] Mandatory for Selectbox with TCA not possible 25/28625/2
Benjamin Mack [Thu, 30 Jan 2014 20:30:53 +0000 (21:30 +0100)]
[BUGFIX] Mandatory for Selectbox with TCA not possible

It's not possible to create a backend selectbox
that is mandatory with only 1 item selectable.

Releases: 6.2, 6.1
Resolves: #24925
Resolves: #24871
Change-Id: Idaef6475f61c70cd8c3f6074ccd0b0195d90c581
Reviewed-on: https://review.typo3.org/28625
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes 69/28169/3
Marc Bastian Heinrichs [Fri, 7 Mar 2014 16:36:11 +0000 (17:36 +0100)]
[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes

The SoftReferenceIndex parses and rebuilds typolink tags, but the
support for the title attributes was missing.
This leads to lost title attributes on typolinks in exports from impexp.

Resolves: #56580
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I9bf5c02b79ae4c9024322f0da99dcca37b678daa
Reviewed-on: https://review.typo3.org/28169
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Fix refindex for FlexForm fields type group file_reference 97/28797/2
Marc Bastian Heinrichs [Thu, 13 Mar 2014 16:56:00 +0000 (17:56 +0100)]
[BUGFIX] Fix refindex for FlexForm fields type group file_reference

According to the fixes for the normal TCA fields of type "group"
internal_type "file_reference" in #49538 and #56353, this needs also
to be fixed for the FlexForm fields: handle the internal_type
file_reference as an db reference to sys_file.

Resolves: #56991
Releases: 6.2, 6.1, 6.0
Change-Id: Ie66c86c1bf3f0386d23259d0aee6706564beace3
Reviewed-on: https://review.typo3.org/28797
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Fields of type group file are not properly indexed 95/28795/2
Marc Bastian Heinrichs [Mon, 3 Feb 2014 22:52:43 +0000 (23:52 +0100)]
[BUGFIX] Fields of type group file are not properly indexed

If an record with a field of type "group", internal_type "file"
should be indexed in the ReferenceIndex an SQL error exception
gets thrown. So the relation to the file isn't represented in the
refindex. Thus those files are also missing in exports created
with system extension impexp.

This is caused by wrong array keys and incorrectly storing a file
relation as DB relation since merge of FAL.

Resolves: #56353
Resolves: #56352
Releases: 6.2, 6.1, 6.0
Change-Id: I78211efcb6bf3032811ef0b0e20ed7f98f9fa8fb
Reviewed-on: https://review.typo3.org/28795
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference 00/28800/2
Marc Bastian Heinrichs [Mon, 17 Mar 2014 22:32:43 +0000 (23:32 +0100)]
[BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference

The field "link" of the table "sys_file_reference" handles links. To
make the SoftReferenceIndex, which is used by impexp and
linkvalidator, work right, the “softref” key "typolink" should be
registered.

Resolves: #57010
Releases: 6.2, 6.1, 6.0
Change-Id: I95cb8dbfa0c6d84926cd57d1fe4e4dad93e9c21a
Reviewed-on: https://review.typo3.org/28800
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[TASK] Updates prototype and scriptaculous, fixing IE9+ issues 71/29471/2
Ernesto Baschny [Tue, 28 Jan 2014 11:15:10 +0000 (12:15 +0100)]
[TASK] Updates prototype and scriptaculous, fixing IE9+ issues

Upgrades prototype from 1.6.0.3 to 1.7.1 and scriptaculous
from 1.8.2 to 1.9.0.

Solves the problem with sorting IRRE elements in IE9+, for example.

Resolves: #51768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I5ea11b2e926ae0f23d1c6d85a0ff5ba24995eebb
Reviewed-on: https://review.typo3.org/29471
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Follow up foreign_match_fields not fully supported 30/29430/2
Marc Bastian Heinrichs [Wed, 8 Jan 2014 17:13:22 +0000 (18:13 +0100)]
[BUGFIX] Follow up foreign_match_fields not fully supported

On detaching related objects the foreign_match_fields needs
to be cleared.

Resolves: #47694
Relates: #45337
Releases: 6.2, 6.1
Change-Id: I6d74201afc437a2b0e2a73022bc71ed0cd1dd2d4
Reviewed-on: https://review.typo3.org/29430
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] sql_free_result does not work with all allowed types 13/29413/2
Wouter Wolters [Fri, 26 Jul 2013 14:35:18 +0000 (16:35 +0200)]
[BUGFIX] sql_free_result does not work with all allowed types

sql_free_result throws a fatal error when called with a
boolean. According to the method description boolean is an
allowed type. Check if $res is an object.

Change-Id: I6f7cdbb42c07869a320510e9b0b779f2b7cf6b70
Resolves: #50378
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/29413
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] User settings do not obey setup.override 47/29247/2
Markus Klein [Mon, 7 Apr 2014 12:45:16 +0000 (14:45 +0200)]
[BUGFIX] User settings do not obey setup.override

Add a missing isset() check whether a setting has been overridden
by user TSconfig.

Resolves: #57690
Releases: 6.2, 6.1
Change-Id: Id1290b2af85061051ce0cedff4a0be96a91c4dce
Reviewed-on: https://review.typo3.org/29247
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] ClickMenu: Visibility-options only if fields allowed 64/28364/2
Stefan Neufeind [Tue, 4 Feb 2014 23:38:04 +0000 (00:38 +0100)]
[BUGFIX] ClickMenu: Visibility-options only if fields allowed

So far the entries "Hide/Unhide" and "Visibility settings" always
showed up in the ClickMenu. We need to check via excludefields if the
other has any right to change such a field or hide the icons.

Change-Id: Ib86fbd6d30f2cc0ec52e506d5fa2f12c95a2f178
Resolves: #55683
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/28364
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[TASK] Integrate default README.txt 68/29168/3
Oliver Hader [Fri, 4 Apr 2014 14:19:28 +0000 (16:19 +0200)]
[TASK] Integrate default README.txt

This file is a modified and updated version like it has been
releases with every package in the past. Since these files have
been taken from git.typo3.org/TYPO3CMS/Distributions/Base.git,
which is target to be cleaned up, the file is explicitely put
to old branches as well.

Resolves: #57656
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: I3b696895deaf03b2f630e12f1bd7b17b649b985c
Reviewed-on: https://review.typo3.org/29168
Reviewed-by: Stefan Neufeind
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Prevent XSS in scheduler form 50/29150/2
Nicole Cordes [Thu, 3 Apr 2014 14:15:49 +0000 (16:15 +0200)]
[SECURITY] Prevent XSS in scheduler form

The class name is submitted in a hidden form and is susceptible to XSS.
The patch introduced htmlspecialchars to prevent XSS possibility.

Resolves: #57603
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I4979e66f28a581e168c56d91327a1bbe2672448d
Reviewed-on: https://review.typo3.org/29150
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Make Extbase EnvironmentService a Singleton 43/29043/2
Marc Bastian Heinrichs [Tue, 1 Apr 2014 19:17:58 +0000 (21:17 +0200)]
[BUGFIX] Make Extbase EnvironmentService a Singleton

EnvironmentService is a service and gets injected in different
classes, thus it has to be a Singleton.

Resolves: #57518
Releases: 6.2, 6.1
Change-Id: Ia8a3b8882be27c0f45569af818964036f0a9b16d
Reviewed-on: https://review.typo3.org/29043
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Test typeof TBE_EDITOR for object not function 10/28810/2
Alexander Opitz [Tue, 25 Mar 2014 15:02:52 +0000 (16:02 +0100)]
[BUGFIX] Test typeof TBE_EDITOR for object not function

As TBE_EDITOR is defined as object in jsfunc.tbe_editors.js we should
change the check here. Otherwise no eval user functions will be called.

Resolves: #57296
Releases: 6.2, 6.1
Change-Id: Ie1b701dcbf465827bc336233c2523f4df1dde9ba
Reviewed-on: https://review.typo3.org/28810
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
4 years ago[BUGFIX] Exception if thumbnail does not exist 46/26446/4
Markus Klein [Mon, 16 Dec 2013 10:02:50 +0000 (11:02 +0100)]
[BUGFIX] Exception if thumbnail does not exist

BackendUtility::thumbCode() tries to retrieve the extension
of a file object that might be NULL.

Add a check for having a valid file object.

Resolves: #54394
Releases: 6.1
Change-Id: Ia97fbb5fd3d9bd53c0d776a93969f9d059eebc4a
Reviewed-on: https://review.typo3.org/26446
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Typo in Extbase localization file 06/28706/2
Xavier Perseguers [Mon, 24 Mar 2014 15:40:19 +0000 (16:40 +0100)]
[BUGFIX] Typo in Extbase localization file

Fixes: #57238
Releases: 6.2, 6.1, 6.0
Change-Id: Icca7e1637387e2ad31a1368abcd59b1bd443255f
Reviewed-on: https://review.typo3.org/28706
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
4 years ago[BUGFIX] Module Menu throws PHP warning for top level menu items 68/28668/2
Benjamin Mack [Sat, 22 Mar 2014 12:53:56 +0000 (13:53 +0100)]
[BUGFIX] Module Menu throws PHP warning for top level menu items

When rendering the module menu icons, the menu items
on the top level (Web, File, User, Admin) don't have an icon,
however the getModuleIcon functionality processes them,
and checks for getimagesize() even though no image is added.

To overcome this, the function needs to be modified slightly to
only call getimagesize if there is actually an icon.

Releases: 6.2, 6.1
Resolves: #57179
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Change-Id: I1fdede253c00df9c36bb7063edf0b5bf320bb20e
Reviewed-on: https://review.typo3.org/28668
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack