Packages/TYPO3.CMS.git
4 years ago[RELEASE] Release of TYPO3 6.1.9 14/30314/2 TYPO3_6-1-9
TYPO3 Release Team [Thu, 22 May 2014 08:18:35 +0000 (10:18 +0200)]
[RELEASE] Release of TYPO3 6.1.9

Change-Id: I68884dbd5ac459c84ad18a14e7c7df30701ad72c
Reviewed-on: https://review.typo3.org/30314
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[SECURITY] Add trusted HTTP_HOST configuration 99/30299/2
Helmut Hummel [Thu, 22 May 2014 07:33:26 +0000 (09:33 +0200)]
[SECURITY] Add trusted HTTP_HOST configuration

TYPO3 uses the values of HTTP_HOST in several
places without validating them. This could
lead to a situation where links are generated
using the host part from HTTP_HOST.

Since HTTP_HOST headers are user input and
can be spoofed by an attacker, it leads
into several potential and actual security issues.

To address this, a configuration option for
trusted hosts is added, which is evaluated every
time getIndpEnv('HTTP_HOST') is called.

The configuration option is

$GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern']

and can contain either a regular expression or the
value "SERVER_NAME"

To properly output the exception message in case
the trustedHostPattern does not match,
we need to adapt the exception handlers slightly
to not log information in this case and to actually
show the message even in production context to not
confuse admins on what is currently going wrong.

To not break all existing installations, the default
pattern is set to 'SERVER_NAME' which allows all
HTTP_HOST values matching the SERVER_NAME (and
optionally the SERVER_PORT if a port is specified
in the HTTP_HOST value).

This will secure all installation which use properly
configured name based virtual hosts, but leaves
installations where the web server is not bound
to a specific host name still in an insecure state.

Change-Id: I38e6a18a3e66e80abda2a4682bd1348198de1f8b
Fixes: #30377
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30299
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in (old) extension manager information function 98/30298/2
Nicole Cordes [Thu, 22 May 2014 07:33:22 +0000 (09:33 +0200)]
[SECURITY] XSS in (old) extension manager information function

Needs to be fixed also in 6.x, but the affected function is not
used anymore.

Change-Id: I434689d4065496330a92e7086ec6899ddff1d2d6
Fixes: #54111
Fixes: #54113
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 383664ef458c2b978666311d294591d96a2d0eb9
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30298
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in new content element wizard 97/30297/2
Marcus Krause [Thu, 22 May 2014 07:33:17 +0000 (09:33 +0200)]
[SECURITY] XSS in new content element wizard

Sanitize user-input colPos in new content element wizard.

Change-Id: I68ee05a9113b2a0266c0be612b1a10272cb986a2
Fixes: #48695
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: eccb66a7ed4cb872f512f611395eae4ed0226e10
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30297
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in template tools on root page 96/30296/2
Marc Bastian Heinrichs [Thu, 22 May 2014 07:33:12 +0000 (09:33 +0200)]
[SECURITY] XSS in template tools on root page

Change-Id: I2958dcc7cecf8ef980d90dae66c6bd2df432ce4b
Fixes: #54109
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 788dfadc5c1339e9bc4533d595ce23a524cc5450
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30296
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] XSS in Backend Layout Wizard 95/30295/2
Helmut Hummel [Thu, 22 May 2014 07:33:08 +0000 (09:33 +0200)]
[SECURITY] XSS in Backend Layout Wizard

Change-Id: Ie3f08333e417d8d208b3b36b208056efd4dbcec0
Fixes: #57576
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: cc840cb0438cfdae76219c3ac5f28a1f341ae9b7
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30295
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Encode URL for use in JavaScript 94/30294/2
Jigal van Hemert [Thu, 22 May 2014 07:33:03 +0000 (09:33 +0200)]
[SECURITY] Encode URL for use in JavaScript

The url for the Open in New Window button must be quoted for
use in JavaScript to prevent XSS issues.

Change-Id: I849534cd53d333f6e12846a8065ad7e5373b8e63
Fixes: #48693
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 06a582c197dee4add0979f956f932ea03e2b3022
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30294
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Fix insecure unserialize in colorpicker 93/30293/2
Helmut Hummel [Thu, 22 May 2014 07:32:58 +0000 (09:32 +0200)]
[SECURITY] Fix insecure unserialize in colorpicker

Change-Id: Id3a692cdccb2d3a9ae46ae635ee5c316fa36e371
Fixes: #56458
Releases: 6.1, 6.0, 4.7, 4.5
Security-Commit: 3981e7efef710d680a18f8a5537a7085e540aab3
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30293
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Remove charts.swf to get rid of XSS vulnerability 92/30292/2
Helmut Hummel [Thu, 22 May 2014 07:32:53 +0000 (09:32 +0200)]
[SECURITY] Remove charts.swf to get rid of XSS vulnerability

The file charts.swf is vulnerable to XSS, is delivered
by ExtJS but not used in TYPO3 CMS at all.

Since the vendor of ExtJS did not fix this vulnerability,
we decided to remove it from TYPO3 sources.

Change-Id: I4d4f871e9e89250b0b818b50e8342bd902485464
Fixes: #54526
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 467ea328aaa23230bbe93b4deb18ec73fbd7b1e8
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30292
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Indexer tries to insert NULL into DB 44/30244/2
Markus Klein [Sun, 12 Jan 2014 15:57:41 +0000 (16:57 +0100)]
[BUGFIX] Indexer tries to insert NULL into DB

The Indexer of indexed_search tries to insert NULL values
into NOT NULL columns of the database.

Since #53662 NULL values are passed to the database,
hence these insert statements now fail.

Resolves: #54917
Releases: 6.2, 6.1, 6.0
Change-Id: Ia935abe14b9c3be2062f1b38ec98fb63921a1c2f
Reviewed-on: https://review.typo3.org/30244
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Wrong system requirements link 51/30151/2
Markus Klein [Thu, 15 May 2014 17:08:06 +0000 (19:08 +0200)]
[BUGFIX] Wrong system requirements link

Resolves: #58842
Releases: 6.2, 6.1
Change-Id: Ibaf87d32778349d5a87009bcd2b365447e6488fa
Reviewed-on: https://review.typo3.org/30151
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] DependencyUtility does count() on an integer 83/29883/2
Markus Klein [Mon, 5 May 2014 21:56:00 +0000 (23:56 +0200)]
[BUGFIX] DependencyUtility does count() on an integer

Remove the superfluous count() call.

Resolves: #58529
Releases: 6.2, 6.1, 6.0
Change-Id: I0933650b52063009de52268034480f6e06af56ac
Reviewed-on: https://review.typo3.org/29883
Tested-by: Stefan Neufeind
Reviewed-by: Markus Klein
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Solve stackoverflow in prototype in IE8 07/29907/2
Jigal van Hemert [Fri, 25 Apr 2014 10:39:59 +0000 (12:39 +0200)]
[BUGFIX] Solve stackoverflow in prototype in IE8

The reason for this behaviour is the combination of prototype.js
and ExtJS. The ExtJS defer() method takes precedence. Calling the
defer() method without any arguments would have resulted in using
a default value of "0.01" seconds in standalone prototype.js, but
results in directly calling the submitted function.

The stack overflow is caused by not delaying the function call
and thus ending in a recursive endless loop.

Resolves: #58187
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I6db191ff67a3e869072877936d949fc733cda74f
Reviewed-on: https://review.typo3.org/29907
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[BUGFIX] Default image title in RTE contains the file name 80/29780/2
Stanislas Rolland [Thu, 1 May 2014 14:17:09 +0000 (10:17 -0400)]
[BUGFIX] Default image title in RTE contains the file name

When inserting an image in the RTE, the default image title should be
the image file title, not the image file name.

Resolves: #58373
Releases: 6.1, 6.2
Change-Id: I5aa3aae4db83cbd36244b89cc37c78184b290228
Reviewed-on: https://review.typo3.org/29780
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
4 years ago[BUGFIX] Wrong result on empty string globalString condition 49/27249/2
Marc Bastian Heinrichs [Fri, 5 Jul 2013 21:45:30 +0000 (23:45 +0200)]
[BUGFIX] Wrong result on empty string globalString condition

A TypoScript condition like
"[globalString = GP:anEmptyGetPostVarKey = ]" returns a false
value instead of the expected true value.

Fixes: #45183
Releases: 4.5,6.0, 6.1, 6.2
Change-Id: I114b702f4b5ae5f68236874325e82974a8ba6107
Reviewed-on: https://review.typo3.org/27249
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] saltedpasswords: Check rsaauth loading 60/29860/2
Nicole Cordes [Sun, 4 May 2014 17:45:48 +0000 (19:45 +0200)]
[BUGFIX] saltedpasswords: Check rsaauth loading

This patch adds the loading check of rsaauth before trying to access the
BackendFactory of rsaauth. Otherwise the extension manager gets broken
on entering extension configuration.

Resolves: #58504
Releases: 6.2, 6.1
Change-Id: I197fb5e032b31e6add388269f77e6fc834e45b54
Reviewed-on: https://review.typo3.org/29860
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
4 years ago[BUGFIX] SoftReferenceIndex support for more values in class attribute 52/29852/2
Marc Bastian Heinrichs [Sun, 4 May 2014 10:42:47 +0000 (12:42 +0200)]
[BUGFIX] SoftReferenceIndex support for more values in class attribute

The SoftReferenceIndex parses and rebuilds typolink tags, but the
support for more than one value in class attribute is missing, because
the values don't get enclosed with quotes on rebuilding.
This leads to lost classes in typolinks in exports from impexp.

Resolves: #58484
Releases: 6.2, 6.1, 4.5
Change-Id: I12ed3be7f5be36254bcee57fcb24bf2a10f92f46
Reviewed-on: https://review.typo3.org/29852
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Retrieving extension fails with some PHP versions 84/29784/2
Sascha Wilking [Fri, 2 May 2014 17:49:10 +0000 (19:49 +0200)]
[BUGFIX] Retrieving extension fails with some PHP versions

XmlParser has an issue with PHP < 5.4.28 leading to
unexpected empty arrays raising warnings. If development
preset is activated, warnings are turned into exceptions,
so the extension list parser stops importing.

Resolves: #58418
Releases: 6.2, 6.1
Change-Id: Idc6453bd8dcc46a933a1d6d72361ffff5842e39d
Reviewed-on: https://review.typo3.org/29784
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Wrong comment in ActionMenuViewHelper 33/29733/2
Markus Klein [Thu, 24 Apr 2014 22:30:46 +0000 (00:30 +0200)]
[BUGFIX] Wrong comment in ActionMenuViewHelper

ActionMenuViewHelper contains a wrong example for the usage
of the viewhelper. It uses a '=' where a ':' would be correct.

Resolves: #58166
Releases: 6.2, 6.1
Change-Id: I135310be0ac2e8df59f81dfbf694a0febbcde99a
Reviewed-on: https://review.typo3.org/29733
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Database query error for non-workspaces tables 58/29658/2
Oliver Hader [Fri, 25 Apr 2014 13:36:41 +0000 (15:36 +0200)]
[BUGFIX] Database query error for non-workspaces tables

In frontend rendering mode PageRepository::versionOL() is called
frequently to overlay workspace data. A further method call then
creates a query with required t3ver_* fields. This query fails
if a table is not considered to support workspaces/versioning at
all. This behaviour is regression that has been introduced with
issue #30604 during TYPO3 4.7 development.

Resolves: #58180
Releases: 6.2, 6.1, 6.0
Change-Id: I81d24ea16116563f4f0d75fafd06496a9c4e993d
Reviewed-on: https://review.typo3.org/29658
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[TASK] Set TYPO3 version to 6.1.9-dev 22/29522/2
TYPO3 Release Team [Wed, 16 Apr 2014 20:55:03 +0000 (22:55 +0200)]
[TASK] Set TYPO3 version to 6.1.9-dev

Change-Id: Icb574fdf43e9850c5eceba5be9fb41541305323c
Reviewed-on: https://review.typo3.org/29522
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[RELEASE] Release of TYPO3 6.1.8 21/29521/2 TYPO3_6-1-8
TYPO3 Release Team [Wed, 16 Apr 2014 20:54:35 +0000 (22:54 +0200)]
[RELEASE] Release of TYPO3 6.1.8

Change-Id: Ib8f3b0d555fad430262e8e864dcd40b9e7fa2ee0
Reviewed-on: https://review.typo3.org/29521
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team
4 years ago[BUGFIX] DBAL sql_fetch_* must return boolean or array 13/29513/2
Jigal van Hemert [Wed, 16 Apr 2014 08:58:57 +0000 (10:58 +0200)]
[BUGFIX] DBAL sql_fetch_* must return boolean or array

If the end of a result set is reached some drivers produce NULL.
This must be changed into FALSE to be compatible with the
non-DBAL version of these functions.

Resolves: #57957
Releases: 6.2, 6.1
Change-Id: I664dd10735f88754c74e20ecd5c07fad5ef2b78d
Reviewed-on: https://review.typo3.org/29513
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
4 years ago[BUGFIX] Followup: Mandatory for Selectbox with TCA not possible 07/29507/2
Stefan Neufeind [Wed, 16 Apr 2014 14:37:55 +0000 (16:37 +0200)]
[BUGFIX] Followup: Mandatory for Selectbox with TCA not possible

Followup to: https://review.typo3.org/28625
No use-statement for MathUtility in 6.1 yet.

Change-Id: Iffa9c7cd9ab41831e34c40d7b3ada530ba73ac9c
Resolves: #24925
Resolves: #24871
Releases: 6.1
Reviewed-on: https://review.typo3.org/29507
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
4 years ago[BUGFIX] Mandatory for Selectbox with TCA not possible 25/28625/2
Benjamin Mack [Thu, 30 Jan 2014 20:30:53 +0000 (21:30 +0100)]
[BUGFIX] Mandatory for Selectbox with TCA not possible

It's not possible to create a backend selectbox
that is mandatory with only 1 item selectable.

Releases: 6.2, 6.1
Resolves: #24925
Resolves: #24871
Change-Id: Idaef6475f61c70cd8c3f6074ccd0b0195d90c581
Reviewed-on: https://review.typo3.org/28625
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes 69/28169/3
Marc Bastian Heinrichs [Fri, 7 Mar 2014 16:36:11 +0000 (17:36 +0100)]
[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes

The SoftReferenceIndex parses and rebuilds typolink tags, but the
support for the title attributes was missing.
This leads to lost title attributes on typolinks in exports from impexp.

Resolves: #56580
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I9bf5c02b79ae4c9024322f0da99dcca37b678daa
Reviewed-on: https://review.typo3.org/28169
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Fix refindex for FlexForm fields type group file_reference 97/28797/2
Marc Bastian Heinrichs [Thu, 13 Mar 2014 16:56:00 +0000 (17:56 +0100)]
[BUGFIX] Fix refindex for FlexForm fields type group file_reference

According to the fixes for the normal TCA fields of type "group"
internal_type "file_reference" in #49538 and #56353, this needs also
to be fixed for the FlexForm fields: handle the internal_type
file_reference as an db reference to sys_file.

Resolves: #56991
Releases: 6.2, 6.1, 6.0
Change-Id: Ie66c86c1bf3f0386d23259d0aee6706564beace3
Reviewed-on: https://review.typo3.org/28797
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Fields of type group file are not properly indexed 95/28795/2
Marc Bastian Heinrichs [Mon, 3 Feb 2014 22:52:43 +0000 (23:52 +0100)]
[BUGFIX] Fields of type group file are not properly indexed

If an record with a field of type "group", internal_type "file"
should be indexed in the ReferenceIndex an SQL error exception
gets thrown. So the relation to the file isn't represented in the
refindex. Thus those files are also missing in exports created
with system extension impexp.

This is caused by wrong array keys and incorrectly storing a file
relation as DB relation since merge of FAL.

Resolves: #56353
Resolves: #56352
Releases: 6.2, 6.1, 6.0
Change-Id: I78211efcb6bf3032811ef0b0e20ed7f98f9fa8fb
Reviewed-on: https://review.typo3.org/28795
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference 00/28800/2
Marc Bastian Heinrichs [Mon, 17 Mar 2014 22:32:43 +0000 (23:32 +0100)]
[BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference

The field "link" of the table "sys_file_reference" handles links. To
make the SoftReferenceIndex, which is used by impexp and
linkvalidator, work right, the “softref” key "typolink" should be
registered.

Resolves: #57010
Releases: 6.2, 6.1, 6.0
Change-Id: I95cb8dbfa0c6d84926cd57d1fe4e4dad93e9c21a
Reviewed-on: https://review.typo3.org/28800
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
4 years ago[TASK] Updates prototype and scriptaculous, fixing IE9+ issues 71/29471/2
Ernesto Baschny [Tue, 28 Jan 2014 11:15:10 +0000 (12:15 +0100)]
[TASK] Updates prototype and scriptaculous, fixing IE9+ issues

Upgrades prototype from 1.6.0.3 to 1.7.1 and scriptaculous
from 1.8.2 to 1.9.0.

Solves the problem with sorting IRRE elements in IE9+, for example.

Resolves: #51768
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I5ea11b2e926ae0f23d1c6d85a0ff5ba24995eebb
Reviewed-on: https://review.typo3.org/29471
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Follow up foreign_match_fields not fully supported 30/29430/2
Marc Bastian Heinrichs [Wed, 8 Jan 2014 17:13:22 +0000 (18:13 +0100)]
[BUGFIX] Follow up foreign_match_fields not fully supported

On detaching related objects the foreign_match_fields needs
to be cleared.

Resolves: #47694
Relates: #45337
Releases: 6.2, 6.1
Change-Id: I6d74201afc437a2b0e2a73022bc71ed0cd1dd2d4
Reviewed-on: https://review.typo3.org/29430
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] sql_free_result does not work with all allowed types 13/29413/2
Wouter Wolters [Fri, 26 Jul 2013 14:35:18 +0000 (16:35 +0200)]
[BUGFIX] sql_free_result does not work with all allowed types

sql_free_result throws a fatal error when called with a
boolean. According to the method description boolean is an
allowed type. Check if $res is an object.

Change-Id: I6f7cdbb42c07869a320510e9b0b779f2b7cf6b70
Resolves: #50378
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/29413
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] User settings do not obey setup.override 47/29247/2
Markus Klein [Mon, 7 Apr 2014 12:45:16 +0000 (14:45 +0200)]
[BUGFIX] User settings do not obey setup.override

Add a missing isset() check whether a setting has been overridden
by user TSconfig.

Resolves: #57690
Releases: 6.2, 6.1
Change-Id: Id1290b2af85061051ce0cedff4a0be96a91c4dce
Reviewed-on: https://review.typo3.org/29247
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] ClickMenu: Visibility-options only if fields allowed 64/28364/2
Stefan Neufeind [Tue, 4 Feb 2014 23:38:04 +0000 (00:38 +0100)]
[BUGFIX] ClickMenu: Visibility-options only if fields allowed

So far the entries "Hide/Unhide" and "Visibility settings" always
showed up in the ClickMenu. We need to check via excludefields if the
other has any right to change such a field or hide the icons.

Change-Id: Ib86fbd6d30f2cc0ec52e506d5fa2f12c95a2f178
Resolves: #55683
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/28364
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[TASK] Integrate default README.txt 68/29168/3
Oliver Hader [Fri, 4 Apr 2014 14:19:28 +0000 (16:19 +0200)]
[TASK] Integrate default README.txt

This file is a modified and updated version like it has been
releases with every package in the past. Since these files have
been taken from git.typo3.org/TYPO3CMS/Distributions/Base.git,
which is target to be cleaned up, the file is explicitely put
to old branches as well.

Resolves: #57656
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: I3b696895deaf03b2f630e12f1bd7b17b649b985c
Reviewed-on: https://review.typo3.org/29168
Reviewed-by: Stefan Neufeind
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
4 years ago[SECURITY] Prevent XSS in scheduler form 50/29150/2
Nicole Cordes [Thu, 3 Apr 2014 14:15:49 +0000 (16:15 +0200)]
[SECURITY] Prevent XSS in scheduler form

The class name is submitted in a hidden form and is susceptible to XSS.
The patch introduced htmlspecialchars to prevent XSS possibility.

Resolves: #57603
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I4979e66f28a581e168c56d91327a1bbe2672448d
Reviewed-on: https://review.typo3.org/29150
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Make Extbase EnvironmentService a Singleton 43/29043/2
Marc Bastian Heinrichs [Tue, 1 Apr 2014 19:17:58 +0000 (21:17 +0200)]
[BUGFIX] Make Extbase EnvironmentService a Singleton

EnvironmentService is a service and gets injected in different
classes, thus it has to be a Singleton.

Resolves: #57518
Releases: 6.2, 6.1
Change-Id: Ia8a3b8882be27c0f45569af818964036f0a9b16d
Reviewed-on: https://review.typo3.org/29043
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Test typeof TBE_EDITOR for object not function 10/28810/2
Alexander Opitz [Tue, 25 Mar 2014 15:02:52 +0000 (16:02 +0100)]
[BUGFIX] Test typeof TBE_EDITOR for object not function

As TBE_EDITOR is defined as object in jsfunc.tbe_editors.js we should
change the check here. Otherwise no eval user functions will be called.

Resolves: #57296
Releases: 6.2, 6.1
Change-Id: Ie1b701dcbf465827bc336233c2523f4df1dde9ba
Reviewed-on: https://review.typo3.org/28810
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
4 years ago[BUGFIX] Exception if thumbnail does not exist 46/26446/4
Markus Klein [Mon, 16 Dec 2013 10:02:50 +0000 (11:02 +0100)]
[BUGFIX] Exception if thumbnail does not exist

BackendUtility::thumbCode() tries to retrieve the extension
of a file object that might be NULL.

Add a check for having a valid file object.

Resolves: #54394
Releases: 6.1
Change-Id: Ia97fbb5fd3d9bd53c0d776a93969f9d059eebc4a
Reviewed-on: https://review.typo3.org/26446
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Typo in Extbase localization file 06/28706/2
Xavier Perseguers [Mon, 24 Mar 2014 15:40:19 +0000 (16:40 +0100)]
[BUGFIX] Typo in Extbase localization file

Fixes: #57238
Releases: 6.2, 6.1, 6.0
Change-Id: Icca7e1637387e2ad31a1368abcd59b1bd443255f
Reviewed-on: https://review.typo3.org/28706
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
4 years ago[BUGFIX] Module Menu throws PHP warning for top level menu items 68/28668/2
Benjamin Mack [Sat, 22 Mar 2014 12:53:56 +0000 (13:53 +0100)]
[BUGFIX] Module Menu throws PHP warning for top level menu items

When rendering the module menu icons, the menu items
on the top level (Web, File, User, Admin) don't have an icon,
however the getModuleIcon functionality processes them,
and checks for getimagesize() even though no image is added.

To overcome this, the function needs to be modified slightly to
only call getimagesize if there is actually an icon.

Releases: 6.2, 6.1
Resolves: #57179
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Change-Id: I1fdede253c00df9c36bb7063edf0b5bf320bb20e
Reviewed-on: https://review.typo3.org/28668
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
4 years ago[BUGFIX] Parsetime: config.debug should override LocalConfiguration 67/28667/2
Stefan Neufeind [Sun, 23 Mar 2014 11:36:24 +0000 (12:36 +0100)]
[BUGFIX] Parsetime: config.debug should override LocalConfiguration

Parsetime is output either if config.debug is set or if FE-debug
is activated in LocalConfiguration. Allow to explicitly override
(set to 0) the debugging in TS for cases where you want to output
page-objects like a JSON-page or so where Parsetime leads to
problems.

Change-Id: Ie5588218694219c13f136b5ac928e697ca472cfb
Resolves: #57202
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/28667
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Several typos in Page Browsing ViewHelper 39/28539/2
Benjamin Rau [Sun, 26 Jan 2014 13:00:26 +0000 (14:00 +0100)]
[BUGFIX] Several typos in Page Browsing ViewHelper

Fixing several typos and slips of the pen in the
PageBrowsing ViewHelper.

Without fixing all of them the page browsing ViewHelper
is not functional properly, that´s why i want to submit
them at once and also supply the fix for it.

That are these errors:
* Undefined but used class property prefixId
* Overwriting instead of appending content to already defined variable
* Not using UpperCamelCase for extensionName in Localization Utilty
* Accidentally using wrong variables
* Defining variable in for-loop which could be defined outside also
* Using undefined variable freeIndexUid

Resolves: #55340
Releases: 6.2, 6.1
Change-Id: I708a7af4876eba0e69fa666694315e0babcf6800
Reviewed-on: https://review.typo3.org/28539
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Cannot use contain with multivalued static enumeration column 71/28471/2
Xavier Perseguers [Sat, 1 Mar 2014 10:17:21 +0000 (11:17 +0100)]
[BUGFIX] Cannot use contain with multivalued static enumeration column

When a column is defined as a multivalued static enumeration:
'somecolumn' => array(
    'exclude' => 0,
    'label' => 'Some label',
    'config' => array(
        'type' => 'select',
        'items' => array(
            array('Option 1', 1),
            array('Option 2', 2),
            array('Option 3', 3),
            array('Option 4', 4),
        ),
        'size' => 4,
        'maxitems' => 4,
        'eval' => ''
    ),
),
it is not possible to query the domain model using operation "contains":
$value = 2;
$query->matching(
    $query->contains('somecolumn', $value)
);

Releases: 6.2, 6.1
Fixes: #56205
Change-Id: If898db7f355ad931d1c8b55febc2f59f19b0f38b
Reviewed-on: https://review.typo3.org/27787
Reviewed-by: Alexander Opitz
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Froemken
Tested-by: Stefan Froemken
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-on: https://review.typo3.org/28471
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
4 years ago[BUGFIX] RootlineUtility does not consider disablefield 00/28400/2
Christian Reiter [Tue, 11 Mar 2014 19:50:01 +0000 (20:50 +0100)]
[BUGFIX] RootlineUtility does not consider disablefield

Make sure RootlineUtility::enrichWithRelationFields() respects
the setting of $TCA[$table]['ctrl']['enablecolumns']['disabled'] when
fetching foreign data for the rootline.

Otherwise hidden relations from sys_file_reference are added to the
rootline and cause exceptions in the frontend, instead of being ignored.

Resolves: #56150
Releases: 6.2, 6.1
Change-Id: I21917fec1407a10818058da8ea879b0bb39441a4
Reviewed-on: https://review.typo3.org/28400
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Extbase tries to overlay pages_language_overlay records 62/28362/2
Stanislas Rolland [Thu, 13 Mar 2014 01:46:22 +0000 (21:46 -0400)]
[BUGFIX] Extbase tries to overlay pages_language_overlay records

Method doLanguageAndWorkspaceOverlay of
Extbase\Persistence\Generic\Storage\Typo3DbBackend should not attempt
to get a parent record if the overlays are in a separate table (most
probably pages_language_overlay) by checking whether
$GLOBALS['TCA'][$tableName]['ctrl']['transOrigPointerTable'] is set.

Resolves: #56855
Releases: 6.0, 6.1, 6.2
Change-Id: I2cb53bc4733ee626ca0ae92e5dd91073d88ecc9d
Reviewed-on: https://review.typo3.org/28362
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Alignment of button "add a new element at this place" 76/28276/2
Patrick Broens [Mon, 10 Mar 2014 12:19:49 +0000 (13:19 +0100)]
[BUGFIX] Alignment of button "add a new element at this place"

In the page module using the "Languages" view, the buttons "add a new
element at this place" are wrongly aligned.

This patch fixes this issue by adding a div which controls this alignment
by CSS

Change-Id: I9de8a47368682ed0b33c2ebfa0a590402c1ca8ef
Resolves: #56720
Releases: 6.1, 6.2
Reviewed-on: https://review.typo3.org/28276
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Show thumbnails in list module 50/28350/2
Markus Klein [Thu, 13 Mar 2014 11:28:55 +0000 (12:28 +0100)]
[BUGFIX] Show thumbnails in list module

Add missing checks if type column exists in a row.

Resolves: #56830
Releases: 6.2, 6.1
Change-Id: Ifafdb0c51266c76620696c6d94471b3efddba112
Reviewed-on: https://review.typo3.org/28350
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Followup: Ajax handler TYPO3_tcefile::process is broken 63/27863/2
Frans Saris [Wed, 19 Feb 2014 20:41:23 +0000 (21:41 +0100)]
[BUGFIX] Followup: Ajax handler TYPO3_tcefile::process is broken

Upload action was taken care of, but the ajax handler can be just
for all commands that ExtendedFileUtility->processData can handle.

This change checks the result set and flattens
data only when needed.

Resolves: #56084
Releases: 6.2, 6.1
Change-Id: Ic1a0bd9084b9eb206b9b53960890d22d2a9c56f5
Reviewed-on: https://review.typo3.org/27863
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Correctly validate New Content Element entries 07/28307/3
Ludwig Rafelsberger [Wed, 12 Feb 2014 19:36:09 +0000 (20:36 +0100)]
[BUGFIX] Correctly validate New Content Element entries

Each entry in the New Content Element wizard is tested to be valid,
i.e. the tt_content_defValues defined by that entry must be allowed
for the current BE user. Also, an entry may not select values that are
removed via TSconfig.

Setting TCEFORM.tt_content.[column].keepItems acts as a whitelist of
allowed values for *that* column. But the validity checks are done
hardcoded against the *CType* column.

Resolves: #23864
Releases: 6.2, 6.1
Change-Id: I5b6578f35552bd571fc822ac72f8f5fe12fe11f7
Reviewed-on: https://review.typo3.org/28307
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Allow record insert on rootlevel 64/24164/4
Benjamin Serfhos [Mon, 30 Sep 2013 15:01:24 +0000 (17:01 +0200)]
[BUGFIX] Allow record insert on rootlevel

The DataHandler function checkRecordInsertAccess() does
now check the configuration for the root level.

Resolves: #52386
Releases: 6.2, 6.1
Change-Id: I1810ea847e631ea6b242346a0271f491fd60fdf9
Reviewed-on: https://review.typo3.org/24164
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Temporary DB tree mount notice missing in ElementBrowser 81/28181/2
Lorenz Ulrich [Tue, 11 Dec 2012 14:57:18 +0000 (15:57 +0100)]
[BUGFIX] Temporary DB tree mount notice missing in ElementBrowser

If "Stop Page Tree" is set for a page, it is possible to set temporary
DB tree mounts in the element browser/link browser.
If such a tree mount is set, a notice is displayed right above the tree.

This notice is necessary to cancel this temporary mount.
Currently the ElementBrowser misses this notice when used
for e.g. header_link.

Change-Id: I942aad0e54d17ceb793008850f0563bb416503be
Fixes: #43885
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/28181
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] RTE on first new IRRE record keeps loading in IE 30/28130/2
Stanislas Rolland [Thu, 13 Feb 2014 21:20:49 +0000 (16:20 -0500)]
[BUGFIX] RTE on first new IRRE record keeps loading in IE

Problem: IE raises a syntax error when it encounters html comments in
the JavaScript code. The html comments are added by the page renderer.
Solution: There is no need for the page renderer to wrap inline
javascript as html comments.

Resolves: #55457
Releases: 6.2, 6.1
Change-Id: Iae180a73778ca3bb1c9934c887315b969888b10d
Reviewed-on: https://review.typo3.org/28130
Reviewed-by: Stanislas Rolland
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Default size for group-type fields 29/28129/2
Christian Plattner [Thu, 6 Mar 2014 17:09:34 +0000 (18:09 +0100)]
[BUGFIX] Default size for group-type fields

Missing size property on group-type fields causes various
problems, like missing controls (move to top and move to
bottom) or misbehaving JS. Adding a default size ensures
that a forgotten size property does not break everything.

Additionally the size property is added to the sys_collection
table, since all Core tables should be cleanly defined.

Resolves: #23552
Documentation: #56627
Releases: 6.1, 6.2
Change-Id: Idafb1912f9702fddf85b7c2c222f408419e50ecf
Reviewed-on: https://review.typo3.org/28129
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] IdentityProperties were not set 51/28051/3
Stefan Froemken [Mon, 11 Mar 2013 17:36:49 +0000 (18:36 +0100)]
[BUGFIX] IdentityProperties were not set

After submitting an invalid form twice, extbase tries to
create the related submodel instead of edit.
This is because of the missing __identity part
for the related submodel

Resolves: #46185
Releases: 6.0, 6.1, 6.2
Change-Id: If3ec15b9eff0fc8d9a7dc682518cbfd72bb4665b
Reviewed-on: https://review.typo3.org/28051
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Catch all errors while starting installer 19/23219/5
Alexander Opitz [Wed, 21 Aug 2013 12:44:19 +0000 (14:44 +0200)]
[BUGFIX] Catch all errors while starting installer

While initializing the installer it can happen that
Exceptions are thrown. As there is no ExceptionHandler
initialized yet, we get a white page and the Fatal error
will be logged.

Mostly it is the problem that typo3conf and/or typo3temp
isn't writeable. But it might something else which throws
an exception.

This patch catches the exception in the initializing
process and shows a page in the layout of the installer.
It shows the exception message, a first hint for the maybe
write permissions problem and a link with the exception number.

Resolves: #11771
Releases: 6.1
Change-Id: Ib99860054b727907a9a84bdfd3e35fe3f2eebe00
Reviewed-on: https://review.typo3.org/23219
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
4 years ago[BUGFIX] Double escape of title in indexed search 98/27998/2
Markus Klein [Tue, 25 Feb 2014 17:08:56 +0000 (18:08 +0100)]
[BUGFIX] Double escape of title in indexed search

SearchController::compileSingleResultRow() causes double
htmlspecialchars() call on $title.

This patch removes the general htmlspecialchars() call since
$title will be escaped in linkPage() anyway.
The only place which requires escaping has the call added now.

Resolves: #56262
Releases: 6.2, 6.1, 6.0
Change-Id: Ic94fe7fe7d2145fc539adcdf21faf42c33f5b32e
Reviewed-on: https://review.typo3.org/27998
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Do not log with severity 1320177676 53/27953/2
Christian Weiske [Thu, 27 Feb 2014 12:37:43 +0000 (13:37 +0100)]
[BUGFIX] Do not log with severity 1320177676

Extbase logged a code smell with a severity of 1320177676
instead of 1 ("notice").

Change-Id: If28c2d66713bdedb3094af22f8f7a00a504d995d
Resolves: #56378
Releases: 4.7, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/27953
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser 43/27943/2
Christian Weiske [Fri, 28 Feb 2014 09:55:13 +0000 (10:55 +0100)]
[BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser

Adjust the @return documentation of authUser() to match the actual
implementation in
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication

Change-Id: I2d94cdfee6c58de80c7ec2be2b644b5fcd6c9a97
Resolves: #56421
Releases: 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/27943
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] URL-encoded title in link wizard 53/27853/4
Helmut Hummel [Wed, 11 Sep 2013 10:49:39 +0000 (12:49 +0200)]
[BUGFIX] URL-encoded title in link wizard

The security fix introduced a bug that the title is encoded
every time the link wizard is opened, leading to multiple
encoded strings.

Solution is to not encode it centrally but encode it just
before using it in the JavaScript context.

Fixes: #41413
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Change-Id: I6b08db290d5457761edc4506105672d79840764d
Reviewed-on: https://review.typo3.org/27853
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" 98/27898/2
Markus Klein [Thu, 27 Feb 2014 13:29:09 +0000 (14:29 +0100)]
[BUGFIX] Revert "[TASK] Use a 401 header if login is not successful"

This reverts commit b0c54dcadfba635d44242ce3778bbf8486e9b33e.

The 401 header code is used with HTTP based authentication schemes,
based on RFC 2617.

This is not the case here.

Resolves: #55966
Reverts: #51803
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I81e0e2bb428a9da69155fc597933bd9f023cf226
Reviewed-on: https://review.typo3.org/27898
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Paginator in TER list not using ajax 51/27851/2
Jigal van Hemert [Tue, 25 Feb 2014 14:40:00 +0000 (15:40 +0100)]
[BUGFIX] Paginator in TER list not using ajax

The paginator in the extension list from TER is transformed into
using Ajax. This fails because this process searches for links inside
a class which is used by the frontend paginator widget. Changing it to
the id of the backend paginator widget makes the ajax calls work again.

Resolves: #56184
Releases: 6.2, 6.1, 6.0
Change-Id: I06c193b2657eb3edae623dc0126b06c240f486c6
Reviewed-on: https://review.typo3.org/27851
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] felogin reset password links not clickable 26/27826/2
Jigal van Hemert [Tue, 1 Jan 2013 10:28:18 +0000 (11:28 +0100)]
[BUGFIX] felogin reset password links not clickable

Encoding a few extra character besides the ones according to RFC3986
makes password reset links working again in various mail clients which
do not comply to this RFC (and which do not have plans to fix this in
the near future).

Change-Id: I0b42bef6cb732c5fc6cc2d900407271cb606e301
Fixes: #23984
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/27826
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
4 years ago[BUGFIX] Fix JS concat if first file is forced on top 18/27818/2
Benjamin Kott [Sun, 23 Feb 2014 12:00:32 +0000 (13:00 +0100)]
[BUGFIX] Fix JS concat if first file is forced on top

If a javascript file is forceOnTop the script uses array_unshift()
to put the file at the beginning of the section array. If this is
the first file that got processed, the array does not exist yet,
so the array_unshift function returns NULL and the file
will not added to the array.

The fix properly initalizes the section sub-array.

Resolves: #56242
Releases: 6.2, 6.1
Change-Id: Iadf2b6f2f512929ff5e8598af9972c5337949341
Reviewed-on: https://review.typo3.org/27818
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack
4 years ago[BUGFIX] Use count on storage after initialization of LazyObjectStorage 43/27443/2
Marc Bastian Heinrichs [Wed, 5 Feb 2014 12:42:32 +0000 (13:42 +0100)]
[BUGFIX] Use count on storage after initialization of LazyObjectStorage

The count in LazyObjectStorage for relation type HAS_MANY has
to use the count on storage items after initialization. Otherwise
the wrong count is returned for a not persisted storage.

Resolves: #54724
Releases: 6.2, 6.1, 6.0
Change-Id: I817ce86dde11b175e6a5765a8f6518770ba75f28
Reviewed-on: https://review.typo3.org/27443
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Fix possible language handling issue 64/27664/2
Markus Klein [Sun, 1 Sep 2013 11:01:49 +0000 (13:01 +0200)]
[BUGFIX] Fix possible language handling issue

The language initialization process is currently split in two main
methods (TypoScriptFrontendController->initLLvars and ->settingLanguage).

Only settingLanguage contains hooks and sets the "sys_language_uid"
property (and "sys_language_content") which determine the displayed
records in Frontend. On the opposite, initLLvars is not hookable and sets
the "lang" property, which may be used by charset conversion methods.

In order to determine display language within hooks, the only way
currently is to call initLLvars a second time after determining language,
but this method populates the "languageDependencies" property without
initializing it. So it is filled two times, which leads to incorrect
labels, especially if the displayed language is English and the
default language is not English (as "languageDependencies" is already
filled with "default language").

The three parts of the patch are:
 * The initLLvars method now pre-initializes the "languageDependencies"
   property.
 * The initLLvars is now called from "settingLanguage" method, right
   after the "settingLanguage_preProcess" hook to avoid a second call it.
 * The convPOSTCharset call is now moved after the language
   initialization, as the language determination done by initLLvars
   can have some impact on charset handling (multi-charset locallang.php
   legacy).

Change-Id: I6924345931342d5114b13e5d6fab417387559b9a
Resolves: #49499
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27664
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Rendering inline TCEforms without AJAX is broken 80/27280/2
Alexander Jahn [Thu, 19 Jul 2012 10:13:32 +0000 (12:13 +0200)]
[BUGFIX] Rendering inline TCEforms without AJAX is broken

When loading tt_content as an inline record WITHOUT using AJAX,
some additional broken fields are rendered.

Change-Id: Ia5aaec79d0fb7c3266ea4f3a0c04d65b1af4b201
Fixes: #39048
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/27280
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] concatenateJs/Css does not consider forceOnTop 72/27672/2
Markus Klein [Sun, 16 Feb 2014 10:11:15 +0000 (11:11 +0100)]
[BUGFIX] concatenateJs/Css does not consider forceOnTop

Setting the forceOnTop property for a JS or CSS file is not
observed if concatenateJs/Css is set as well.

Resolves: #53116
Resolves: #56019
Releases: 6.2, 6.1
Change-Id: Ica31656bd72f4a0249513206bac45aa16b929761
Reviewed-on: https://review.typo3.org/27672
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() 50/27750/2
Markus Klein [Thu, 20 Feb 2014 09:36:45 +0000 (10:36 +0100)]
[BUGFIX] DatabaseConnection::listQuery wrong usage of strpos()

In DatabaseConnection::listQuery strpos() is used with wrong
parameter order.

Resolves: #56135
Releases: 6.2, 6.1, 6.0
Change-Id: Iaa18d46442a2aac21a836216cb61ae376bbb2090
Reviewed-on: https://review.typo3.org/27750
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Suppress EXIF warnings indexing images 15/27715/2
Felix Althaus [Thu, 30 Jan 2014 16:42:44 +0000 (17:42 +0100)]
[BUGFIX] Suppress EXIF warnings indexing images

FileContentParser used to issue a warning trying to index image
files with corrupted EXIF data. Suppress these warnings to fail
silently.

Resolves: #55286
Releases: 6.2, 6.1
Change-Id: I863601f5579ab74a0743ab684cf1d898b633edba
Reviewed-on: https://review.typo3.org/27715
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Various static calls to non-static functions 06/27706/2
Markus Klein [Tue, 18 Feb 2014 09:14:53 +0000 (10:14 +0100)]
[BUGFIX] Various static calls to non-static functions

Resolves: #56067
Releases: 6.2, 6.1, 6.0
Change-Id: I6d1e19026afde81bec46cec3dff9060fa6042c43
Reviewed-on: https://review.typo3.org/27706
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Add missing htmlspecialchars for thumbnail URL 05/27705/2
Wouter Wolters [Mon, 17 Feb 2014 21:27:16 +0000 (22:27 +0100)]
[BUGFIX] Add missing htmlspecialchars for thumbnail URL

Resolves: #56057
Releases: 6.2, 6.1
Change-Id: I9c1ec60e7518867d27e99681d3d18957a27c4983
Reviewed-on: https://review.typo3.org/27705
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Show labels of additional doktypes in new page drag area 04/27704/2
Caspar Stuebs [Mon, 21 Oct 2013 14:46:35 +0000 (16:46 +0200)]
[BUGFIX] Show labels of additional doktypes in new page drag area

Get the labels for the doktypes from TCA

Resolves: #52955
Releases: 6.2, 6.1
Change-Id: I6d70c11f1711bf191a4ce14a91796819224649da
Reviewed-on: https://review.typo3.org/27704
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] Missing encoding in flexforms IRRE javascript 74/27674/2
Alexey Gafiulov [Mon, 17 Feb 2014 22:33:34 +0000 (23:33 +0100)]
[BUGFIX] Missing encoding in flexforms IRRE javascript

encodeURIComponent is added to escape all special characters in
parameters for AJAX call.

Resolves: #54304
Releases: 6.2, 6.1, 6.0
Change-Id: I3559104e1a26241b519f40a10000637852a4f114
Reviewed-on: https://review.typo3.org/27674
Reviewed-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] addToAllTCAtypes() doesn't add new field 63/27663/3
Tomita Militaru [Sat, 2 Nov 2013 12:53:06 +0000 (14:53 +0200)]
[BUGFIX] addToAllTCAtypes() doesn't add new field

Fixes problem with match on substring when adding a new field
using ExtensionManagementUtility::addToAllTCAtypes()

Resolves: #52527
Releases: 6.1, 6.0
Change-Id: I8877cdabc00f5ac64f1f7857bf47c275d36aae62
Reviewed-on: https://review.typo3.org/27663
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Fix clipboard thumbnail rendering 69/27669/2
Frans Saris [Mon, 17 Feb 2014 09:38:48 +0000 (10:38 +0100)]
[BUGFIX] Fix clipboard thumbnail rendering

The thumbnail rendering in filelist clibboard isn't
updated to use FAL. And adding folders to clipboard
with thumbnails enabled results in a fatal error.

This changes makes sure the thumbnail is only rendered
for files and updates the thumbnail part so it uses FAL.

Resolves: #56037
Releases: 6.2, 6.1
Change-Id: I2a0eccd633f5313fed9ab94b5081c13e08892900
Reviewed-on: https://review.typo3.org/27669
Reviewed-by: Wouter Wolters
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Usage of undefined variables in ShortcutToolbarItem 61/27661/2
Tim Lochmueller [Sun, 16 Feb 2014 12:08:04 +0000 (13:08 +0100)]
[BUGFIX] Usage of undefined variables in ShortcutToolbarItem

Fix a undefined variable and a wrong variable assignment in the
ShortcurtToolbarItem.

Resolves: #55998
Releases: 6.2, 6.1, 6.0
Change-Id: I0f0ebcc846a9aa56edd05e384d62aad8f0a5b05b
Reviewed-on: https://review.typo3.org/27661
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] CommandController is not executed at same time 54/27654/2
Tom Ruether [Mon, 27 Jan 2014 16:19:48 +0000 (17:19 +0100)]
[BUGFIX] CommandController is not executed at same time

To execute more than one different CommandController at
the same time, every execute call has to use its own request
and response object. Otherwise the request would be already
dispatched for the further tasks.

Fixes: #55362
Releases: 6.2, 6.1 , 6.0
Change-Id: I62ba9cbd2c47a59c7243a1017716b28526bcf6ea
Reviewed-on: https://review.typo3.org/27654
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Missing label felogin_forgotHash 63/27563/2
Karol Lamparski [Sat, 8 Feb 2014 12:45:50 +0000 (13:45 +0100)]
[BUGFIX] Missing label felogin_forgotHash

Resolves: #49440
Releases: 6.2, 6,1
Change-Id: Iea20a7e9c637c2f1f13c39eebe406d07edc8a2c3
Reviewed-on: https://review.typo3.org/27563
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
4 years ago[BUGFIX] cache_clearAtMidnight conflicts with content start/endtime 60/27560/2
Dmitry Dulepov [Tue, 22 Oct 2013 07:30:09 +0000 (11:30 +0400)]
[BUGFIX] cache_clearAtMidnight conflicts with content start/endtime

If the config.cache_ClearAtMidnight is set, the current code of
TypoScriptFrontendController::get_cache_timeout() will not take
content's starttime/endtime into account. Thus if the content
(or other configured record) has start or end time before the
midnight, it will not be taken into account and the cache timeout
will be wrong.

Change-Id: I732da8f07270a86c62b7ce5028b12b630bb2e027
Resolves: #53028
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27560
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[TASK] Execute lint in parallel 30/27530/2
Helmut Hummel [Mon, 10 Feb 2014 19:29:25 +0000 (20:29 +0100)]
[TASK] Execute lint in parallel

Change-Id: Id06f35b5fa4148e7110d9248ceee80e69e8a5327
Reviewed-on: https://review.typo3.org/27530
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] Allow to render the same TS object twice 15/27515/3
Markus Klein [Tue, 19 Nov 2013 17:36:53 +0000 (18:36 +0100)]
[BUGFIX] Allow to render the same TS object twice

CONTENT/RECORDS elements prevent to render the same object twice.

Resolves: #53768
Resolves: #28745
Releases: 6.2, 6.1, 6.0
Change-Id: I30750f2dc848521999c3734129439d7f6f90aae1
(cherry picked from commit 1b9d3a59f82b290ae16073e1df5f83fa48363db8)
Reviewed-on: https://review.typo3.org/27515
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
4 years ago[BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* 20/27520/2
Christian Kuhn [Sun, 9 Feb 2014 19:25:17 +0000 (20:25 +0100)]
[BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl*

Two tests check getUrl() by calling some resource on typo3.org.
This smells funny and the tests are unstable if network, dns
or typo3.org is down or slow. Mocking is not easily possible
with the lowlevel nature of getUrl().
The tests are removed for now.

Change-Id: I85a83345404c833a67c2f532e820fd28bb7c08e7
Resolves: #55821
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27520
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] "New page" wizard discloses existence of pages outside DB mount 29/27429/2
Nicole Cordes [Sat, 27 Jul 2013 21:13:06 +0000 (23:13 +0200)]
[BUGFIX] "New page" wizard discloses existence of pages outside DB mount

When creating a new page inside the top level of a DB mount which is
only a sub tree, the pages up and down from the DB mount root will be
displayed in the position selector if the logged-in user has read
permissions for these pages. This is unwanted information disclosure as
the permissions should not matter for pages which are outside the DB
mount.

Resolves: #18797
Releases: 6.2, 6.1, 6.0
Change-Id: I98008bc7f4308c9fb32dae645325e7cb1b44e413
Reviewed-on: https://review.typo3.org/27429
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[TASK] Add possibility creating accessible mock for abstract classes 52/27252/2
Marc Bastian Heinrichs [Tue, 12 Nov 2013 15:09:30 +0000 (16:09 +0100)]
[TASK] Add possibility creating accessible mock for abstract classes

Resolves: #53564
Releases: 6.0, 6.1, 6.2
Change-Id: If7d69e4f87e368c1eef672cb68f1af92d6ae501b
Reviewed-on: https://review.typo3.org/27252
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] CSV-Download not working in IE and HTTPS backend 76/27476/2
Wouter Wolters [Sat, 18 May 2013 19:22:16 +0000 (21:22 +0200)]
[BUGFIX] CSV-Download not working in IE and HTTPS backend

When using a HTTPS backend the download of CSV is not
working in Internet Explorer browser versions lower then 9.
Add the needed header to fix this problem.

Change-Id: Iefa63fb37d57491fb73bfd504b6caed5b76c8cac
Resolves: #16491
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/20902
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 8c699f8c5b38ff11e2d517ee5c91dfdb1ab475e5)
Reviewed-on: https://review.typo3.org/27476

4 years ago[BUGFIX] Fix "action" labels in BE log 68/27468/2
Thorsten Kahler [Wed, 5 Feb 2014 15:28:55 +0000 (16:28 +0100)]
[BUGFIX] Fix "action" labels in BE log

Add missing label action_1_5 and fix label action_1_4.

Resolves: #55698
Releases: 6.2, 6.1
Change-Id: I7f04aaf9d8b53cbe3109dbf72f4fddb0c089e9ad
Reviewed-on: https://review.typo3.org/27361
Reviewed-by: Wouter Wolters
Reviewed-by: Marcin Sągol
Reviewed-by: Jan Bartnik
Tested-by: Jan Bartnik
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
(cherry picked from commit 2fdd173753c0ff232f5db2358d2717bbc8360c0b)
Reviewed-on: https://review.typo3.org/27468

4 years ago[TASK] Move cursor::pointer to complete header area in IRRE 12/27312/2
Georg Ringer [Tue, 4 Feb 2014 01:10:59 +0000 (02:10 +0100)]
[TASK] Move cursor::pointer to complete header area in IRRE

The whole header is clickable, thererfore move the css rule
to this place.

Change-Id: Ia864faba4976fc5e2e84299a42e2661a9566be1c
Resolves: #55611
Releases: 6.2, 6.1
Reviewed-on: https://review.typo3.org/27312
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Followup to #54131 20/27220/2
Frans Saris [Fri, 31 Jan 2014 19:43:48 +0000 (20:43 +0100)]
[BUGFIX] Followup to #54131

added unit tests.

This change adds the mocking to the new tests.

Resolves: #54131
Releases: 6.1, 6.2
Change-Id: I09abbcea6a2c6310b7a04774808aa92ab8ad1c86
Reviewed-on: https://review.typo3.org/27220
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Missing namespace in ContentObjectRenderer 70/27370/2
Markus Klein [Thu, 6 Feb 2014 09:17:44 +0000 (10:17 +0100)]
[BUGFIX] Missing namespace in ContentObjectRenderer

Resolves: #55713
Releases: 6.1, 6.0
Change-Id: I791b64bec8af256454485bdb016d87ec27778df1
Reviewed-on: https://review.typo3.org/27370
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Set missing markers to empty string 33/27133/3
Bernhard Kraft [Tue, 28 Jan 2014 17:47:13 +0000 (18:47 +0100)]
[BUGFIX] Set missing markers to empty string

Change-Id: I3892f88bdd094b390a22fe94d9b089bd9b8aef71
Resolves: #54112
Releases: 6.2, 6.1, 6.0
Reviewed-on: https://review.typo3.org/27133
Reviewed-by: Bernhard Kraft
Tested-by: Bernhard Kraft
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Various PHP Warnings with invalid credentials 74/27274/2
Xavier Perseguers [Wed, 29 Jan 2014 13:54:37 +0000 (14:54 +0100)]
[BUGFIX] Various PHP Warnings with invalid credentials

When invalid credentials are entered in the Backend login form, various
PHP warnings are raised such as

    PHP Warning: Illegal string offset 'uid'

because $user is not an array.

Resolves: #55434
Releases: 6.2, 6.1
Change-Id: I62b85816ce04720ed9fd236965c3a6f55effd093
Reviewed-on: https://review.typo3.org/27274
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] TSFE->altPageTitle can not be set in extensions 35/27135/4
Markus Klein [Mon, 13 Jan 2014 10:03:42 +0000 (11:03 +0100)]
[BUGFIX] TSFE->altPageTitle can not be set in extensions

It is not possible to set $GLOBALS['TSFE']->altPageTitle
in USER_INT extensions anymore to modify the page title.

This has been possible before in the 4.x branches.

Fix this by implementing the title generation like all
other header data.

Resolves: #54467
Releases: 6.2, 6.1
Change-Id: I3d5be34b95cb295b92732d2f2f9bd1f123812365
Reviewed-on: https://review.typo3.org/27135
Tested-by: Alexander Opitz
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Add stdWrap on value property of TEXT 45/27245/2
Markus Klein [Mon, 16 Dec 2013 09:45:14 +0000 (10:45 +0100)]
[BUGFIX] Add stdWrap on value property of TEXT

As discussed back in 2010, the value property of the TEXT content object
should have stdWrap functionality as well, if the HTML content object
is deprecated.

Today the 6.0 TSref already mentions stdWrap for value and
the HTML cObject has been removed with 6.0 as well.

This fix now finally adds the stdWrap.

Resolves: #54371
Releases: 6.2, 6.1, 6.0
Change-Id: I1b7068b3715bc9f8aa4608d5f746c16b70562f3b
Reviewed-on: https://review.typo3.org/27245
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] Locker throws exception if semaphore can not be acquired 93/27293/2
Markus Klein [Mon, 16 Sep 2013 15:59:10 +0000 (17:59 +0200)]
[BUGFIX] Locker throws exception if semaphore can not be acquired

Locker has wrong LockState in semaphore mode, if the lock
could not be acquired.

Resolves: #52048
Releases: 6.2, 6.1, 6.0
Change-Id: Ifdc2f5d9b2a3c35a0ebef54817a56344f27ab15d
Reviewed-on: https://review.typo3.org/27293
Reviewed-by: Markus Klein
Tested-by: Markus Klein
4 years ago[BUGFIX] PropertyMapper does not work with class aliasses 62/27262/3
Frans Saris [Sun, 29 Dec 2013 21:18:17 +0000 (22:18 +0100)]
[BUGFIX] PropertyMapper does not work with class aliasses

Currently the property mapper uses the classnames found
in the the class property annotations to find the right
TypeConverter. But for class aliases this breaks as the
alias is used and not the original classname.

There was already a getClassNameForAlias call but this was
to early.

This change moves the getClassNameForAlias() call from
doMapping() to findTypeConverter().

Releases: 6.2, 6.1
Resolves: #54289
Change-Id: Ie4ab3deb3c192290db62ea06826870d2fadba8a7
Reviewed-on: https://review.typo3.org/27262
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
4 years ago[BUGFIX] getLabelsFromItemsList() retuns no value when no item found 12/27212/2
Frans Saris [Mon, 2 Dec 2013 09:43:30 +0000 (10:43 +0100)]
[BUGFIX] getLabelsFromItemsList() retuns no value when no item found

BackendUtility::getLabelsFromItemsList() does not take
itemsProcFunc into account. This means no value is
returned when there is no matching item found.

With this change the plain db value is returned
when no matching item is found.

Resolves: #54131
Releases: 6.2, 6.1
Change-Id: Ieb04394fa104627b765f6bc05d0d5886f29099c9
Reviewed-on: https://review.typo3.org/25866
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf
(cherry picked from commit 3d240dda104fa96b019a4b395c76500e74a1248b)
Reviewed-on: https://review.typo3.org/27212

4 years ago[BUGFIX] Regression in DataHandler 73/27173/3
Wouter Wolters [Thu, 30 Jan 2014 22:09:54 +0000 (23:09 +0100)]
[BUGFIX] Regression in DataHandler

The fix for issue #53862 calls GeneralUtility::idnaEncode
without fully qualified class namespace.

Follow-up to: c99a07a9

Resolves: #55475
Releases: 6.1, 6.0
Change-Id: I8ba161ee73e7456da53d2182b4a22d87dad9d53c
Reviewed-on: https://review.typo3.org/27173
Reviewed-by: Steffen Müller
Tested-by: Steffen Müller
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
4 years ago[BUGFIX] DocumentTemplate class inserts inDocStyles twice 49/27149/2
Stefan Neufeind [Thu, 30 Jan 2014 13:56:34 +0000 (14:56 +0100)]
[BUGFIX] DocumentTemplate class inserts inDocStyles twice

Change-Id: I252da74973c3dc4157717139c95ad0605e16fce1
Releases: 6.2, 6.1, 4.5
Resolves: #55458
Reviewed-on: https://review.typo3.org/27149
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
4 years ago[BUGFIX] Handle empty tags in language pack index files 02/26902/2
Alexander Stehlik [Fri, 17 Jan 2014 09:46:44 +0000 (10:46 +0100)]
[BUGFIX] Handle empty tags in language pack index files

This patch adds a check to the L10n index parser to consider
whether the value of an XML tag is empty or contains only
spaces. In this case it is not included in the resulting array.

Resolves: #41450
Releases: 6.2, 6.1, 6.0
Change-Id: Ia17a430f3ab2d79e2f97b55feb9d3c4ee60bfb7e
Reviewed-on: https://review.typo3.org/26902
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind