Packages/TYPO3.CMS.git
3 months ago[RELEASE] Release of TYPO3 7.6.32 11/59111/2 7.6.32 TYPO3_7-6-32 v7.6.32
Oliver Hader [Tue, 11 Dec 2018 12:37:49 +0000 (13:37 +0100)]
[RELEASE] Release of TYPO3 7.6.32

Change-Id: I422ccae7cf5d42fa090876d32ded5c474defafb2
Reviewed-on: https://review.typo3.org/59111
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[BUGFIX] Adjust modal window processing 09/59109/2
Oliver Hader [Tue, 11 Dec 2018 12:16:44 +0000 (13:16 +0100)]
[BUGFIX] Adjust modal window processing

Resolves: #87123
Releases: master, 8.7, 7.6
Change-Id: Idceecb174682261b967ea284e12e1836bb7e7bea
Reviewed-on: https://review.typo3.org/59109
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[TASK] Skip IPv6 related dns resolution tests 06/59106/2
Markus Klein [Mon, 10 Dec 2018 19:04:08 +0000 (20:04 +0100)]
[TASK] Skip IPv6 related dns resolution tests

Skip those tests on systems which do not properly resolve ::1 to localhost.
Travis CI is one example.

Resolves: #87119
Releases: 8.7, 7.6
Change-Id: I8d96f8da1c19f3d9924dcc048466b5f88d8f18dd
Reviewed-on: https://review.typo3.org/59106
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Add feature toggle to disable record registration 90/59090/2
Benni Mack [Tue, 11 Dec 2018 09:55:42 +0000 (10:55 +0100)]
[SECURITY] Add feature toggle to disable record registration

The "recs" query parameter allows to write
arbitrary entries into a session, leading
to a possibility to create a reasonable amount
of frontend user sessions.

In order to prevent this situation, a new configuration
option $TYPO3_CONF_VARS[FE][enableRecordRegistration]
is added to disable the functionality completely.

The feature is disabled per default in order to apply
strong security defaults. Installations that rely on this
functionality have to manually enable the feauture and
its vulnerability by changing the according TYPO3_CONF_VARS
setting in the install tool.

A security report is added to display a warning
in the TYPO3 Backend.

Resolves: #80979
Releases: 8.7, 7.6
Security-Commit: e94871da34275de6b47e10f44a1fb16219598aa9
Security-Bulletin: TYPO3-CORE-SA-2018-012
Change-Id: I1c79525cde0f8a268b2e8747db55735e10668e75
Reviewed-on: https://review.typo3.org/59090
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Avoid DoS in Online Media Helper 89/59089/2
Oliver Hader [Tue, 11 Dec 2018 09:55:36 +0000 (10:55 +0100)]
[SECURITY] Avoid DoS in Online Media Helper

Using large media files (*.youtube, *.vimeo in the TYPO3 core)
might lead to denial of service scenarios. In order to avoid
that, media files are limited to have a content size of 2048
bytes as a maximum. Usually these files contain just the remote
identifier - thus, ~20 bytes should have been sufficient already.

Resolves: #85381
Releases: master, 8.7, 7.6
Security-Commit: 0e334ba09c9676616598162c0212db931fa38c6e
Security-Bulletin: TYPO3-CORE-SA-2018-011
Change-Id: I50fd11932d9acc9990a92e1a6c9da873d340e619
Reviewed-on: https://review.typo3.org/59089
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Remove TYPO3 version from installer 88/59088/2
Benni Mack [Tue, 11 Dec 2018 09:55:29 +0000 (10:55 +0100)]
[SECURITY] Remove TYPO3 version from installer

When installing TYPO3, the current version
is shown without any kind of authentication
provided (no FIRST_INSTALL). This information
disclosure is solved.

Resolves: #86254
Releases: master, 8.7, 7.6
Security-Commit: 03727f3018fabb5ed1cbf2349833d5a97d29e870
Security-Bulletin: TYPO3-CORE-SA-2018-010
Change-Id: I495efeb0e6fe6124515d0cb8b8bba51dd7eaddd9
Reviewed-on: https://review.typo3.org/59088
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Make InstallTool session cookie HTTP-only 87/59087/2
Oliver Hader [Tue, 11 Dec 2018 09:55:23 +0000 (10:55 +0100)]
[SECURITY] Make InstallTool session cookie HTTP-only

Resolves: #86955
Releases: master, 8.7, 7.6, 6.2
Security-Commit: d554a3f8d40df0e9019b89f7bb4f8fec85e15331
Security-Bulletin: TYPO3-CORE-SA-2018-009
Change-Id: I6d74cc2bc2ba876986887564bb48eb5d5d8ae3ac
Reviewed-on: https://review.typo3.org/59087
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Prevent XSS with fe_users data in felogin/TSFE 86/59086/2
Benni Mack [Tue, 11 Dec 2018 09:55:17 +0000 (10:55 +0100)]
[SECURITY] Prevent XSS with fe_users data in felogin/TSFE

Two occurrences allow to render data of the currently logged in
frontend user that is not sanitized and thus allow XSS attacks
by frontend users.

1. EXT:fe_login adds ###FEUSER_{fieldname}### for each
field that exists in the fe_users DB table, which CAN be processed
by TypoScript but is insecure by default.

2. config.USERNAME_substToken = <!--###USERNAME###-->
sets the username dynamically, which is then insecure.

Adding htmlspecialchars as a default configuration
solves this problem.

Resolves: #87053
Releases: master, 8.7, 7.6
Security-Commit: 7f7a326fc656360ffec71415d730e40df99d63a0
Security-Bulletin: TYPO3-CORE-SA-2018-008
Change-Id: I973e350b727d20d137dd70f755913d02e8f5644e
Reviewed-on: https://review.typo3.org/59086
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Prevent XSS in modal component 85/59085/2
Oliver Hader [Tue, 11 Dec 2018 09:55:11 +0000 (10:55 +0100)]
[SECURITY] Prevent XSS in modal component

Resolves: #84190
Releases: master, 8.7, 7.6
Security-Commit: 4e75300bebae5e06887f3234a32a0bae9635c047
Security-Bulletin: TYPO3-CORE-SA-2018-007
Change-Id: I29ca9803823825066af87b2534aaf407183c1b4e
Reviewed-on: https://review.typo3.org/59085
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[SECURITY] Properly escape videoId for YouTube/Vimeo 84/59084/2
Susanne Moog [Tue, 11 Dec 2018 09:55:04 +0000 (10:55 +0100)]
[SECURITY] Properly escape videoId for YouTube/Vimeo

Resolves: #83184
Releases: master, 8.7, 7.6
Security-Commit: 8da8a3c1609fbd83b025c8a815d9c3b667c7722c
Security-Bulletin: TYPO3-CORE-SA-2018-006
Change-Id: Iaab42d0c00d465582cb48fe473cc345c68144031
Reviewed-on: https://review.typo3.org/59084
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
3 months ago[TASK] Simplify bamboo variable to label handling 65/59065/2
Christian Kuhn [Sat, 8 Dec 2018 13:52:56 +0000 (14:52 +0100)]
[TASK] Simplify bamboo variable to label handling

Intercept has been adapted, the variable to label handing
can be simplified a bit.

Resolves: #87109
Releases: master, 8.7, 7.6
Change-Id: I27255ef9f5eb515c89f5d89e7061fc473e2abec1
Reviewed-on: https://review.typo3.org/59065
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
3 months ago[TASK] Update bamboo to gerrit notification url 73/58973/2
Christian Kuhn [Wed, 28 Nov 2018 15:21:23 +0000 (16:21 +0100)]
[TASK] Update bamboo to gerrit notification url

Resolves: #87026
Releases: master, 8.7, 7.6
Change-Id: Idfbf4bbf0bab8a6e4bedc37e92903ed2c85af494
Reviewed-on: https://review.typo3.org/58970
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-on: https://review.typo3.org/58973

4 months ago[TASK] Add PHP 7.3 to bamboo core v7 testing 09/58809/3
Christian Kuhn [Wed, 31 Oct 2018 11:05:12 +0000 (12:05 +0100)]
[TASK] Add PHP 7.3 to bamboo core v7 testing

Extension dbal needs a patch with PHP 7.3 for
"continue inside switch" blocks, similar to
what has been done with #86589.

Change-Id: I202d6292b3d110e8e87bf3c882f25af22c0c040e
Resolves: #86813
Related: #86589
Releases: 7.6
Reviewed-on: https://review.typo3.org/58809
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
4 months ago[TASK] Use typo3/phar-stream-wrapper package 78/58778/3
Oliver Hader [Mon, 29 Oct 2018 12:02:39 +0000 (13:02 +0100)]
[TASK] Use typo3/phar-stream-wrapper package

PharStreamWrapper has been released as standalone package under
the MIT license: https://github.com/TYPO3/phar-stream-wrapper

Stream invocation is handled by the new composer package, previous
classes PharStreamWrapper and PharStreamWrapperException have been
removed from the TYPO3 core but are still kept in class alias maps
for compatibility reasons. Since the standalone package is now
independent from TYPO3 constraints, the TYPO3 specific logic to
intercept Phar invocations has been moved to the new class
PharStreamWrapperInterceptor.

`composer require typo3/phar-stream-wrapper:^2.0.1`

Related: #85984
Resolves: #86666
Releases: 8.7, 7.6
Change-Id: I724c4238d1a8184a8c7c908f16d71c06f87244d8
Reviewed-on: https://review.typo3.org/58778
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
4 months ago[BUGFIX] Add url for linkToTop in css_styled_content 78/57778/3
Joerg Kummer [Thu, 2 Aug 2018 12:57:53 +0000 (14:57 +0200)]
[BUGFIX] Add url for linkToTop in css_styled_content

This adds current URL to the ToTop link when css_styled_content is used.
Fixes broken linkToTop URL's since config.prefixLocalAnchors was removed.
Also compatible with TYPO3 v7 where compatibility6 is installed
and typoscript config.prefixLocalAnchors is configured.

Resolves: #81202
Releases: 8.7, 7.6
Change-Id: Id7b9f1c24575de297d2ca60af686fd6d299343e2
Reviewed-on: https://review.typo3.org/57778
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Johannes Seipelt <johannes.seipelt@3m5.de>
Reviewed-by: Riny van Tiggelen <info@online-gamer.nl>
Reviewed-by: Richard Vollebregt <richard.vollebregt@maxserv.com>
Reviewed-by: Rudy Gnodde <rgn@windinternet.nl>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
4 months ago[TASK] Use different placeholder than ### 66/58766/2
Benni Mack [Sun, 28 Oct 2018 13:38:22 +0000 (14:38 +0100)]
[TASK] Use different placeholder than ###

preg_quote since PHP 7.3.0 also quotes #.
Simply use a different placeholder.

Resolves: #86586
Releases: master, 8.7, 7.6
Change-Id: I8ed9bd39605341a09347e21dd38c9a1824a01ee5
Reviewed-on: https://review.typo3.org/58766
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
4 months ago[TASK] Fix continue-statement inside a switch-block 64/58764/2
Stefan Neufeind [Sun, 7 Oct 2018 23:37:18 +0000 (01:37 +0200)]
[TASK] Fix continue-statement inside a switch-block

Calling continue inside a switch-block would work just like break.
This is usually not intended and thus triggers a warning since
PHP 7.3.0.

Resolves: #86589
Releases: master, 8.7, 7.6
Change-Id: Ic35998b8a37bd35110b9d3494f1cf258e845097a
Reviewed-on: https://review.typo3.org/58764
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
5 months ago[BUGFIX] Remove `fbclid` argument from chash calculation 76/58676/2
Andreas Fernandez [Tue, 23 Oct 2018 17:56:10 +0000 (19:56 +0200)]
[BUGFIX] Remove `fbclid` argument from chash calculation

Facebook adds the `fbclid` argument to outbound URLs which triggers a
recalculcation of the cache hash. The argument is now added to the
blacklist for chash parameters.

Resolves: #86715
Releases: master, 8.7, 7.6
Change-Id: I8cd66fdfa2c549c65750d6ef896261cccba4b54d
Reviewed-on: https://review.typo3.org/58676
Reviewed-by: Tim Schreiner <schreiner.tim@gmail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
5 months ago[BUGFIX] Do not cache content with different status code than 200 80/58580/3
Markus Klein [Fri, 5 Oct 2018 08:32:02 +0000 (10:32 +0200)]
[BUGFIX] Do not cache content with different status code than 200

Resolves: #83755
Releases: master, 8.7, 7.6
Change-Id: I6e13133f221137c63283ec1575fc405a38668b1a
Reviewed-on: https://review.typo3.org/58580
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
5 months ago[TASK] Update typo3/class-alias-loader from 1.0.0 to 1.0.1 68/58568/2
Christian Kuhn [Wed, 3 Oct 2018 13:13:07 +0000 (15:13 +0200)]
[TASK] Update typo3/class-alias-loader from 1.0.0 to 1.0.1

Tiny patch level release with cosmetical fixes.

composer update typo3/class-alias-loader

Resolves: #86555
Releases: master, 8.7, 7.6
Change-Id: Ib949e1aa961ea9aede1eeaebd5da9995a2a65bc0
Reviewed-on: https://review.typo3.org/58568
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
5 months ago[TASK] Sync .rst changes from master down to v8 and v7 42/58542/2
Christian Kuhn [Mon, 1 Oct 2018 19:28:53 +0000 (21:28 +0200)]
[TASK] Sync .rst changes from master down to v8 and v7

Change-Id: I865a2f40fc32902ed002dd67220f16f0b6d20ccf
Resolves: #86528
Releases: 8.7, 7.6
Reviewed-on: https://review.typo3.org/58542
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
5 months ago[BUGFIX] Respect mountpoint variable in cObj menu runtime cache 91/58491/2
Sascha Egerer [Wed, 11 Jul 2018 14:59:22 +0000 (16:59 +0200)]
[BUGFIX] Respect mountpoint variable in cObj menu runtime cache

The mountpoint variable must be respected in the key used for the
menu runtime cache. Without that part in the key all links generated
to a mount-point sub-page will link to the first mount target page
in the menu.

Resolves: #80970
Resolves: #62248
Releases: master, 8.7, 7.6
Change-Id: I8ccfebabd515d6da9f78388de51d24603e9fe532
Reviewed-on: https://review.typo3.org/58491
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
6 months ago[TASK] Synchronize 7.x master .rst files to v8 and v7 69/58169/2
Christian Kuhn [Mon, 3 Sep 2018 21:34:57 +0000 (23:34 +0200)]
[TASK] Synchronize 7.x master .rst files to v8 and v7

Change-Id: Ic76264a855a4731a5e90be954b55b0dd6a449c92
Resolves: #86130
Releases: 8.7, 7.6
Reviewed-on: https://review.typo3.org/58169
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
7 months ago[BUGFIX] Show query on static SQL data import 17/57517/3
Michael Telgkamp [Mon, 9 Jul 2018 13:33:46 +0000 (15:33 +0200)]
[BUGFIX] Show query on static SQL data import

Resolves: #85525
Releases: 7.6
Change-Id: I529db33ed6712db7c1d6bdbb13d0066c6bc457a2
Reviewed-on: https://review.typo3.org/57517
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Tested-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
7 months ago[BUGFIX] Make LocalizationRepository handle copied records 28/57628/15
Markus Klein [Tue, 28 Feb 2017 21:25:52 +0000 (22:25 +0100)]
[BUGFIX] Make LocalizationRepository handle copied records

Improve LocalizationRepository queries to handle case
when records were copied from another page (thus t3_origuid)
is pointing to records from the other page.

Now LocalizationRepository uses l10n_source field instead of t3_origuid.
Tests for LocalizationRepository covering the case were added.

Resolves: #79443
Resolves: #78599
Releases: master, 7.6
Change-Id: Ibae4a276ea814f0ce3d453cffef1d22afeff1eb9
Reviewed-on: https://review.typo3.org/57628
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Tested-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Łukasz Uznański <l.uznanski@macopedia.pl>
Tested-by: Łukasz Uznański <l.uznanski@macopedia.pl>
Reviewed-by: Tymoteusz Motylewski <t.motylewski@gmail.com>
Tested-by: Tymoteusz Motylewski <t.motylewski@gmail.com>
7 months ago[TASK] Set TYPO3 version to 7.6.32-dev 37/57737/2
Oliver Hader [Tue, 31 Jul 2018 08:11:37 +0000 (10:11 +0200)]
[TASK] Set TYPO3 version to 7.6.32-dev

Change-Id: I86538380d738c7e746268f6824c107eeea234428
Reviewed-on: https://review.typo3.org/57737
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
7 months ago[RELEASE] Release of TYPO3 7.6.31 36/57736/2 7.6.31 TYPO3_7-6-31 v7.6.31
Oliver Hader [Tue, 31 Jul 2018 08:09:23 +0000 (10:09 +0200)]
[RELEASE] Release of TYPO3 7.6.31

Change-Id: I68338ebd80cd3db7b3e45d1c5a26d25b149d0b2c
Reviewed-on: https://review.typo3.org/57736
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
7 months ago[TASK] Document integration of PharStreamWrapper 11/57711/2
Oliver Hader [Fri, 27 Jul 2018 12:28:02 +0000 (14:28 +0200)]
[TASK] Document integration of PharStreamWrapper

Resolves: #85658
Releases: master, 8.7, 7.6
Change-Id: I6acdc235dff4b3c0c84a8a6d762d497f8d9664cc
Reviewed-on: https://review.typo3.org/57701
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-on: https://review.typo3.org/57711

7 months ago[BUGFIX] Properly check if there are open documents 57/57457/3
Andreas Fernandez [Tue, 3 Jul 2018 12:47:02 +0000 (14:47 +0200)]
[BUGFIX] Properly check if there are open documents

The toolbar item for open documents now properly checks whether there are
any open document to avoid actions on a null value. Additionally, the
arrays holding the state are now correctly initialized.

Resolves: #85465
Related: #78051
Releases: 7.6
Change-Id: I2adb52504d8131a695b4775ed21caf813d9657e1
Reviewed-on: https://review.typo3.org/57457
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Michael Oehlhof <typo3@oehlhof.de>
Reviewed-by: Alexander Grein <alexander.grein@gmail.com>
Tested-by: Alexander Grein <alexander.grein@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
8 months ago[BUGFIX] Use correct hook name for mime type guessers 81/57681/2
Andreas Fernandez [Wed, 25 Jul 2018 08:53:13 +0000 (10:53 +0200)]
[BUGFIX] Use correct hook name for mime type guessers

Resolves: #85641
Related: #60019
Releases: master, 8.7, 7.6
Change-Id: If9c94c020da6991dc070fa6aa8395042686b2752
Reviewed-on: https://review.typo3.org/57681
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
8 months ago[TASK] Switch from git.typo3.org to github for testing 45/57645/2
Christian Kuhn [Fri, 20 Jul 2018 15:35:16 +0000 (17:35 +0200)]
[TASK] Switch from git.typo3.org to github for testing

typo3.org git/gerrit show flakiness lately. To not torture
the poor servers with our pesky testing so much we switch
the git clones to github/TYPO3/TYPO3.CMS and hope merges
are mirrored over there more quickly and they sustain our
testing load easily.

Resolves: #85606
Releases: master, 8.7, 7.6
Change-Id: I772d945a3bf697172cb26edb761f01e6cb8da4bf
Reviewed-on: https://review.typo3.org/57645
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
8 months ago[TASK] Bamboo proper passwd mapping 20/57620/2
Anja [Tue, 17 Jul 2018 17:33:59 +0000 (19:33 +0200)]
[TASK] Bamboo proper passwd mapping

The bamboo containers need a better passwd mapping
per agent to set a proper home directory, otherwise
ssh tasks may fail.

Resolves: #85582
Releases: master, 8.7, 7.6
Change-Id: I42b59df7512dd5bd6e00c2c07eee9441cf1aa28c
Reviewed-on: https://review.typo3.org/57620
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
8 months ago[TASK] Run tests on new bamboo infrastructure 05/57605/5
Christian Kuhn [Sun, 15 Jul 2018 21:23:57 +0000 (23:23 +0200)]
[TASK] Run tests on new bamboo infrastructure

A new bamboo agent infrastructure has been deployed that
significantly changes how tests are executed: The agent
docker containers are now "stupid" and no longer bundle
specific php versions or daemons. Instead, they can run
own containers to start needed daemons for specific jobs
and execute needed php commands in ad-hoc containers that
provide the required php version.
Daemons needed for single jobs are defined in a
docker-compose.yml file provided by core itself.
This docker-compose.yml file can not be used directly for
local test execution since it has to fiddle quite a bit
with docker volume mounts, networks and executing users
that is specific to the bamboo environment.
However, another yml file can be added later to ease local
test execution in a similar way.
The patch rewrites the bamboo plan pre-merge and nightly
specs of core master to use the new infrastructure and brings
a couple of minor changes to tests that rely on a running
memcached or redis to retrieve the daemon host from an
environment variable.

Patch for core v7.

Change-Id: I65777eeee6e28fca5b3d3d979498293cc91a77af
Resolves: #85563
Resolves: #36934
Releases: 7.6
Reviewed-on: https://review.typo3.org/57605
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
8 months ago[BUGFIX] Avoid PHP warning when using Phar archive with open_basedir 96/57596/2
Oliver Hader [Fri, 13 Jul 2018 14:45:43 +0000 (16:45 +0200)]
[BUGFIX] Avoid PHP warning when using Phar archive with open_basedir

Including files from Phar archives (e.g. "phar://file.phar/autoload.php")
does not work properly with having PHP setting open_basedir defined. The
reason for that is, that TYPO3's custom PharStreamWrapper tries to find
the appropriate base Phar file using file_exists() calls internally. In
case those files are not part of the open_basedir restriction - which is
the case for everything prefixed with the "phar://" scheme - a PHP
warning is shown.

Resolves: #85547
Releases: master, 8.7, 7.6
Change-Id: I72fdd7f0c016c0a8b1ed56a82b6b4042cac4d930
Reviewed-on: https://review.typo3.org/57596
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
8 months ago[TASK] Set TYPO3 version to 7.6.31-dev 74/57574/2
Oliver Hader [Thu, 12 Jul 2018 11:02:43 +0000 (13:02 +0200)]
[TASK] Set TYPO3 version to 7.6.31-dev

Change-Id: I2263cb37e5395eb48d7d07908dd52c3f3d48c55c
Reviewed-on: https://review.typo3.org/57574
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
8 months ago[RELEASE] Release of TYPO3 7.6.30 73/57573/2 7.6.30 TYPO3_7-6-30 v7.6.30
Oliver Hader [Thu, 12 Jul 2018 11:01:19 +0000 (13:01 +0200)]
[RELEASE] Release of TYPO3 7.6.30

Change-Id: Ief75740d3b83ebcef47da97800743e64677079f0
Reviewed-on: https://review.typo3.org/57573
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
8 months ago[SECURITY] Explicitly deny object deserialization 42/57542/2
Oliver Hader [Thu, 12 Jul 2018 09:31:33 +0000 (11:31 +0200)]
[SECURITY] Explicitly deny object deserialization

Resolves: #85385
Releases: master, 8.7, 7.6
Security-Commit: 8cd7fa85f5b60c508aaac3184101008ba2e8df7f
Security-Bulletin: TYPO3-CORE-SA-2018-002
Change-Id: I2494702e67a180fff36173645b8478a12680b870
Reviewed-on: https://review.typo3.org/57542
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
8 months ago[SECURITY] Mitigate phar stream wrapper 41/57541/2
Christian Kuhn [Thu, 12 Jul 2018 09:31:21 +0000 (11:31 +0200)]
[SECURITY] Mitigate phar stream wrapper

SoftReferenceIndex throws exceptions on phar streams
LegacyLinkNotationConverter throws exceptions on phar streams

Resolves: #85385
Releases: master, 8.7, 7.6
Security-Commit: 0311b6c0cc7fed584f59f34adba5b693e75797d8
Security-Bulletin: TYPO3-CORE-SA-2018-002
Change-Id: Ic57514e1bcdb30ec612a39bcb3c49287cc0c5330
Reviewed-on: https://review.typo3.org/57541
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
8 months ago[SECURITY] Introduce PHP stream wrapper for phar:// protocol 40/57540/2
Oliver Hader [Thu, 12 Jul 2018 09:31:14 +0000 (11:31 +0200)]
[SECURITY] Introduce PHP stream wrapper for phar:// protocol

This custom stream wrapper for the phar:// protocol overrides
PHP's native handling. In case Phar bundles shall be loaded from
a valid directory, the custom wrapper falls back to the native PHP
wrapper in order to invoke Phar-related actions.

In case the location is not trustworthy, an according exception
is thrown. The custom stream wrapper is registered in the beginning
of TYPO3's bootstrap class.

Truested locations are those in typo3conf/ext/* - anything else is
denied and not considered as trustworthy.

Releases: master, 8.7, 7.6
Resolves: #85385
Security-Commit: 86f79d23a2c198fb3054b1d1f9414226f955c66d
Security-Bulletin: TYPO3-CORE-SA-2018-002
Change-Id: I8c6499ca8dea31bdfc7ed9fba0b479b4a7715f4a
Reviewed-on: https://review.typo3.org/57540
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
8 months ago[SECURITY] Deny authentication bypass using blowfish/md5 encryption 39/57539/2
Oliver Hader [Thu, 12 Jul 2018 09:31:06 +0000 (11:31 +0200)]
[SECURITY] Deny authentication bypass using blowfish/md5 encryption

Using password hashing methods that are related by class inheritance
can lead to authentication bypass by just knowing a valid username.

Resolves: #84703
Releases: master, 8.7, 7.6
Security-Commit: 9183f7c5d84544c0b9464119d0ebe0951998c61c
Security-Bulletin: TYPO3-CORE-SA-2018-001
Change-Id: I2271f300e4a4956fa85b7d35fa1f48245e00d6c4
Reviewed-on: https://review.typo3.org/57539
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
8 months ago[BUGFIX] Scheduler: Show correct description for ipAnonymization-task 09/57509/2
Stefan Neufeind [Mon, 9 Jul 2018 08:15:13 +0000 (10:15 +0200)]
[BUGFIX] Scheduler: Show correct description for ipAnonymization-task

Resolves: #85512
Releases: master, 8.7, 7.6
Change-Id: I4077fe7481063feb97014048580c3fb1b1ca5e2a
Reviewed-on: https://review.typo3.org/57509
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
8 months ago[BUGFIX] Disable edit of file metadata without translation 68/56568/2
Łukasz Uznański [Mon, 27 Nov 2017 10:15:00 +0000 (11:15 +0100)]
[BUGFIX] Disable edit of file metadata without translation

This avoids an error in case file metadata is edited through a file
reference and there is no file metadata translation for the current
language.

Resolves: #76262
Resolves: #82178
Releases: master, 8.7, 7.6
Change-Id: Ifecf659637773c5f3773fc3439b09df9c030cb3f
Reviewed-on: https://review.typo3.org/56568
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Alexander Stehlik <alexander.stehlik@gmail.com>
Tested-by: Alexander Stehlik <alexander.stehlik@gmail.com>
Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Rudy Gnodde <rgn@windinternet.nl>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
8 months ago[BUGFIX] Fix "orderBy" in DatabaseQueryProcessor example 73/57473/2
Daniel Siepmann [Wed, 4 Jul 2018 15:26:25 +0000 (17:26 +0200)]
[BUGFIX] Fix "orderBy" in DatabaseQueryProcessor example

Releases: master, 8.7, 7.6
Resolves: #85473
Change-Id: Ic0ac284bb8f02c7275e17bde67e79bb20a7fd919
Reviewed-on: https://review.typo3.org/57473
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
8 months ago[BUGFIX] Adjust Headline of documentation file 47/57447/3
Anja [Thu, 28 Jun 2018 17:20:43 +0000 (19:20 +0200)]
[BUGFIX] Adjust Headline of documentation file

With the correct delimiter, the category feature for the documentation
file can be properly retrieved and does not get sorted into its
own, exclusive category.

Change-Id: I228c46377190c3d1bd0eb5459df8d63975a6895b
Resolves: #85422
Releases: master, 8.7, 7.6
Reviewed-on: https://review.typo3.org/57447
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
9 months ago[TASK] Add .ddev to ignore 08/57308/2
Harry [Thu, 21 Jun 2018 09:08:44 +0000 (11:08 +0200)]
[TASK] Add .ddev to ignore

Resolves: #85324
Releases: master, 8.7, 7.6
Change-Id: I90461715f59cd74c72571151f3e37cb4ee374b7f
Reviewed-on: https://review.typo3.org/57308
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
9 months ago[TASK] Set TYPO3 version to 7.6.30-dev 91/57191/2
Oliver Hader [Mon, 11 Jun 2018 17:21:48 +0000 (19:21 +0200)]
[TASK] Set TYPO3 version to 7.6.30-dev

Change-Id: Ia6dec22dfca3c560f939c8eb0f84ee5fc2b34310
Reviewed-on: https://review.typo3.org/57191
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
9 months ago[RELEASE] Release of TYPO3 7.6.29 90/57190/2 7.6.29 TYPO3_7-6-29 v7.6.29
Oliver Hader [Mon, 11 Jun 2018 17:20:21 +0000 (19:20 +0200)]
[RELEASE] Release of TYPO3 7.6.29

Change-Id: Icd51d163b2245b27ca487cb4e0106dd33e69bdf5
Reviewed-on: https://review.typo3.org/57190
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
9 months ago[BUGFIX] Fix broken additional fields for garbarge collection task 65/57165/3
Frank Naegler [Thu, 7 Jun 2018 09:41:17 +0000 (11:41 +0200)]
[BUGFIX] Fix broken additional fields for garbarge collection task

The new IpAnonymizationAdditionalFieldProvider introduced the same
JavaScript variable which breaks the garbage collection task.
The JavaScript initialization has been removed and the field provider
simplified.

Resolves: #85068
Releases: master, 8.7, 7.6
Change-Id: Ibb307ee37d6fea33a721373bdc50bbbd3fee1453
Reviewed-on: https://review.typo3.org/57165
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
9 months ago[BUGFIX] Fix use of Selectbox in rtehtmlarea on OSX 49/56849/4
Frederik Holz [Thu, 3 May 2018 13:01:55 +0000 (15:01 +0200)]
[BUGFIX] Fix use of Selectbox in rtehtmlarea on OSX

Currently on OSX using chrome, it is not possible to use select boxes of
the rte, because they instantly close again.
Chrome and Safari have issues using on click events on select boxes, so
changing it to "on change" fixes it.

Resolves: #83379
Related: #84479
Releases: 7.6
Change-Id: I037e5640229e3f7b4619e1d00e1d92701aa195fb
Reviewed-on: https://review.typo3.org/56849
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <no-reply@typo3.com>
9 months ago[BUGFIX] PHP 7 Reflection error for default value 72/56972/5
Daniel Siepmann [Tue, 15 May 2018 12:46:55 +0000 (14:46 +0200)]
[BUGFIX] PHP 7 Reflection error for default value

In PHP 7, under some circumstances the exception is not caught
as expected.
Therefore we use a check (as already done in ReflectionService.php).

Releases: 8.7, 7.6
Resolves: #85011
Change-Id: I41d58c3dbb508a7b17b4534ebd1c5ca79914af94
Reviewed-on: https://review.typo3.org/56972
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Daniel Siepmann <daniel.siepmann@typo3.org>
Tested-by: Daniel Siepmann <daniel.siepmann@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Tested-by: Mona Muzaffar <mona.muzaffar@gmx.de>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
10 months ago[BUGFIX] Show SQL errors during extension installation 97/54497/4
Nicole Cordes [Sun, 29 Oct 2017 19:30:12 +0000 (20:30 +0100)]
[BUGFIX] Show SQL errors during extension installation

This patch shows collected SQL errors that occurred during an extension
installation as flash message.

Resolves: #82245
Releases: 7.6
Change-Id: Ifdfd738045022109ce33b33846e9673898077fc2
Reviewed-on: https://review.typo3.org/54497
Reviewed-by: Alexander Opitz <opitz.alexander@googlemail.com>
Tested-by: Alexander Opitz <opitz.alexander@googlemail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
10 months ago[TASK] Set TYPO3 version to 7.6.29-dev 37/57037/2
Oliver Hader [Tue, 22 May 2018 13:53:48 +0000 (15:53 +0200)]
[TASK] Set TYPO3 version to 7.6.29-dev

Change-Id: I2ca4c227a409a45cfbc2f197c4412c01b02eaeb0
Reviewed-on: https://review.typo3.org/57037
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
10 months ago[RELEASE] Release of TYPO3 7.6.28 36/57036/2 7.6.28 TYPO3_7-6-28 v7.6.28
Oliver Hader [Tue, 22 May 2018 13:52:39 +0000 (15:52 +0200)]
[RELEASE] Release of TYPO3 7.6.28

Change-Id: I60423ab35e9b213f49b6054296f8a2ea1ada5858
Reviewed-on: https://review.typo3.org/57036
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[BUGFIX] Add SYS/ipAnonymization to DefaultConfiguration 29/57029/4
Andreas Fernandez [Tue, 22 May 2018 09:59:57 +0000 (11:59 +0200)]
[BUGFIX] Add SYS/ipAnonymization to DefaultConfiguration

Resolves: #85060
Related: #84053
Releases: master, 9.2, 8.7, 7.6
Change-Id: I04dba093dc8e423adbf75e2198c31e5c013864cb
Reviewed-on: https://review.typo3.org/57029
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[BUGFIX] getTreeList must return comma-separated list 26/57026/2
Guido Schmechel [Tue, 13 Mar 2018 20:22:03 +0000 (21:22 +0100)]
[BUGFIX] getTreeList must return comma-separated list

While retrieving the list with begin as argument for a
recursive call, getTreeList builds the comma-separated list
correctly.

Resolves: #83328
Releases: master, 8.7, 7.6
Change-Id: I643477dd5c0cbfb67532dd96eb0b479e0cb532b8
Reviewed-on: https://review.typo3.org/57026
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
10 months ago[TASK] Anonymize token in Exception handlers 64/56964/3
Mathias Schreiber [Wed, 21 Mar 2018 07:01:00 +0000 (08:01 +0100)]
[TASK] Anonymize token in Exception handlers

Log entries no longer contain specific tokens.
Instead, they are replaced with `--AnonymizedToken—`.

Resolves: #84502
Releases: master, 8.7, 7.6
Change-Id: I42a8127cdccc904e8bbb82b5ea74b0e3d012586f
Reviewed-on: https://review.typo3.org/56964
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
10 months ago[FEATURE] Add scheduler task to anonymize IP addresses of tables 25/56925/6
Georg Ringer [Thu, 19 Apr 2018 11:36:03 +0000 (13:36 +0200)]
[FEATURE] Add scheduler task to anonymize IP addresses of tables

IP anonymizing improves the privacy of users and required as part of
the GDPR.

Resolves: #84781
Releases: master, 8.7, 7.6
Change-Id: Idd938136bed8f29e86b5e3e541c9fb8c9afd48ff
Reviewed-on: https://review.typo3.org/56925
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
10 months ago[BUGFIX] Drop undesired backslashes from Scheduler base tasks docs 30/56930/2
Mathias Brodala [Tue, 8 May 2018 09:57:39 +0000 (11:57 +0200)]
[BUGFIX] Drop undesired backslashes from Scheduler base tasks docs

Releases: master, 8.7, 7.6
Resolves: #84947
Change-Id: I4d81174497158b411c291ee51b331c1d3652e4a1
Reviewed-on: https://review.typo3.org/56930
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
10 months ago[!!!][TASK] Use no-cookie domain for youtube by default 54/56954/3
Georg Ringer [Mon, 7 May 2018 12:44:15 +0000 (14:44 +0200)]
[!!!][TASK] Use no-cookie domain for youtube by default

Improve the privacy of users by using the no-cookie domain of youtube
by default and just use youtube.com if explicitly set.

Resolves: #84843
Releases: master, 8.7, 7.6
Change-Id: I01472f93e32c2011b5494c4670d07f29348016c3
Reviewed-on: https://review.typo3.org/56929
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-on: https://review.typo3.org/56954

10 months ago[BUGFIX] Enforce int for timestamp on DateTime mapping 15/56915/2
Nicole Cordes [Thu, 10 May 2018 16:53:41 +0000 (18:53 +0200)]
[BUGFIX] Enforce int for timestamp on DateTime mapping

This patch ensures using an integer value for turning a timestamp
to a DateTime object as otherwise a PHP error is thrown.

Resolves: #84962
Releases: master, 8.7, 7.6
Change-Id: I18e82c8f91f42c29c4014985a1ad11671b5a31f4
Reviewed-on: https://review.typo3.org/56915
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
11 months ago[FEATURE] Make indexed_search ready for GDPR 85/56785/2
Georg Ringer [Mon, 16 Apr 2018 08:46:57 +0000 (10:46 +0200)]
[FEATURE] Make indexed_search ready for GDPR

To be compatible with the GDPR, 2 new features are added to
the indexed_search extension:

- Make the index_stat_search table part of the garbage collector task
- Make the IP tracking configurable

Resolves: #84740
Releases: master, 8.7, 7.6
Change-Id: I8e1bcd937a3d4095fb1a048064e82845ff1a5344
Reviewed-on: https://review.typo3.org/56737
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Reviewed-on: https://review.typo3.org/56785
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
11 months ago[FEATURE] Add API to anonymize IP addresses 18/56718/8
Georg Ringer [Tue, 27 Feb 2018 04:28:57 +0000 (05:28 +0100)]
[FEATURE] Add API to anonymize IP addresses

Add an API to anonymize IP addresses.
The core uses this API to anonymize all IP addresses before
storing them. E.g. when logging.

This a necessary tool in order to comply with data and privacy
protections laws.

Resolves: #84053
Releases: master, 8.7, 7.6
Change-Id: Id45ee94696dee4fa2293e1226f2076883f6b9ade
Reviewed-on: https://review.typo3.org/56718
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
11 months ago[TASK] Set TYPO3 version to 7.6.28-dev 00/56700/2
Oliver Hader [Tue, 17 Apr 2018 08:10:54 +0000 (10:10 +0200)]
[TASK] Set TYPO3 version to 7.6.28-dev

Change-Id: I442f2c40d720fe80561efa576d3fcbc7926509cd
Reviewed-on: https://review.typo3.org/56700
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
11 months ago[RELEASE] Release of TYPO3 7.6.27 99/56699/2 7.6.27 TYPO3_7-6-27 v7.6.27
Oliver Hader [Tue, 17 Apr 2018 08:09:34 +0000 (10:09 +0200)]
[RELEASE] Release of TYPO3 7.6.27

Change-Id: I49d55a037a92edbb111becd23072d75d4e729237
Reviewed-on: https://review.typo3.org/56699
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
11 months ago[BUGFIX] Keep parameters in link browser’s upload form 96/56596/4
Andreas Fernandez [Fri, 6 Apr 2018 16:18:32 +0000 (18:18 +0200)]
[BUGFIX] Keep parameters in link browser’s upload form

Any given attribute stored in the `P` parameter is kept and attached to
the return URL of the upload form.

Resolves: #83923
Releases: master, 8.7, 7.6
Change-Id: Id6ff93f0a30691f7bde84275128a34eb479499de
Reviewed-on: https://review.typo3.org/56596
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
11 months ago[TASK] Add hook to upload methods in GeneralUtility 91/56591/2
Frank Naegler [Fri, 6 Apr 2018 15:07:17 +0000 (17:07 +0200)]
[TASK] Add hook to upload methods in GeneralUtility

Resolves: #84600
Releases: master, 8.7, 7.6
Change-Id: I3f4698e892c98aadb41d3e6ba4f1e974a2ca479d
Reviewed-on: https://review.typo3.org/56591
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
11 months ago[BUGFIX] Catch Exception while extracting metadata 40/56540/2
rickymk [Tue, 29 Aug 2017 11:18:10 +0000 (16:48 +0530)]
[BUGFIX] Catch Exception while extracting metadata

Catch InsufficientFileAccessPermissionsException while extracting
metadata. Reason for this exception could be that the file extension is
not allowed by the ['BE']['fileDenyPattern'] setting.

This patch makes sure that the indexer doesn't break and is able to
extract the other files from storage.

Resolves: #82060
Release: master, 8.7, 7.6
Change-Id: I37950aa70f4f59b388c6b9203e1922708ad07b71
Reviewed-on: https://review.typo3.org/56540
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
11 months ago[BUGFIX] Add conflicts with broken sf/finder versions 49/56549/3
Helmut Hummel [Wed, 4 Apr 2018 12:59:25 +0000 (14:59 +0200)]
[BUGFIX] Add conflicts with broken sf/finder versions

A regression was introduced in symfony/finder
https://github.com/symfony/symfony/pull/26337

This caused PackageManager to not find any core packages
any more in case they were symlinked.

Composer command (after adding conflict):
composer update --lock

Resolves: #84601
Releases: 7.6, 8.7, master
Change-Id: I914c3b3c4a6c12375ebd9fe5442c3f7ff407de72
Reviewed-on: https://review.typo3.org/56549
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
11 months ago[BUGFIX] Unify version/release in Documentation/Settings.cfg 81/56481/2
Sybille Peters [Thu, 29 Mar 2018 13:31:25 +0000 (15:31 +0200)]
[BUGFIX] Unify version/release in Documentation/Settings.cfg

Resolves: #83480
Releases: master, 8.7, 7.6
Change-Id: I87f3d692b4422b2e998076b2ef09ee65c85b8bba
Reviewed-on: https://review.typo3.org/56481
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
12 months ago[TASK] Set TYPO3 version to 7.6.27-dev 24/56424/2
Oliver Hader [Thu, 22 Mar 2018 11:19:33 +0000 (12:19 +0100)]
[TASK] Set TYPO3 version to 7.6.27-dev

Change-Id: I9158aa79f8f38716bea88bdd6263cc68eaa7f58f
Reviewed-on: https://review.typo3.org/56424
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
12 months ago[RELEASE] Release of TYPO3 7.6.26 23/56423/2 7.6.26 TYPO3_7-6-26 v7.6.26
Oliver Hader [Thu, 22 Mar 2018 11:17:38 +0000 (12:17 +0100)]
[RELEASE] Release of TYPO3 7.6.26

Change-Id: I2bef408cc019c014b3962fe963533d5ab4ebc55b
Reviewed-on: https://review.typo3.org/56423
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
12 months agoRevert "[BUGFIX] Simulate submit button for rsaauth form submit" 96/56396/2
Oliver Hader [Wed, 21 Mar 2018 10:53:09 +0000 (11:53 +0100)]
Revert "[BUGFIX] Simulate submit button for rsaauth form submit"

This reverts commit 1bd63f45ba90eeb6b52e435546bcd7b97a8deaa6.

This change caused a regression which basically affected users of Mozilla
Firefox - details are described in issue #84503. Besides that the initial
bug report address the frontend part, changing backend login behavior was
not required in order for the bug fix.

Releases: master, 8.7, 7.6
Resolves: #84503
Reverts: #76120
Change-Id: I45fe6086afa48eed71be635e8cf4a1f3fa138ab2
Reviewed-on: https://review.typo3.org/56396
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
12 months ago[BUGFIX] Respect automaticInstallation setting in extension manager 61/56361/2
Nicole Cordes [Sun, 11 Mar 2018 17:05:00 +0000 (18:05 +0100)]
[BUGFIX] Respect automaticInstallation setting in extension manager

Prevent the automatic installation of new extensions if the setting
was disabled.

Resolves: #84125
Releases: master, 8.7, 7.6
Change-Id: Ic554e8870543b2f15079f7adfb1ddc2517bfc2b5
Reviewed-on: https://review.typo3.org/56361
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
12 months ago[TASK] Set TYPO3 version to 7.6.26-dev 37/56137/2
Oliver Hader [Tue, 13 Mar 2018 12:59:03 +0000 (13:59 +0100)]
[TASK] Set TYPO3 version to 7.6.26-dev

Change-Id: Id1f1f992ac62eea7a6bb974a952afa47cf588b8b
Reviewed-on: https://review.typo3.org/56137
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
12 months ago[RELEASE] Release of TYPO3 7.6.25 36/56136/2 7.6.25 TYPO3_7-6-25 v7.6.25
Oliver Hader [Tue, 13 Mar 2018 12:57:28 +0000 (13:57 +0100)]
[RELEASE] Release of TYPO3 7.6.25

Change-Id: Ib657e4c5f8f3d6107da0534e3b4674d467afdf22
Reviewed-on: https://review.typo3.org/56136
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
12 months ago[TASK] Add missing documentation files and correct errors 33/56133/2
Christian Kuhn [Tue, 13 Mar 2018 12:05:11 +0000 (13:05 +0100)]
[TASK] Add missing documentation files and correct errors

Resolves: #84242
Releases: master, 8.7, 7.6
Change-Id: I049c053dee291e7c31dbf5c81aacde0619d0f244
Reviewed-on: https://review.typo3.org/56133
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
12 months ago[BUGFIX] Simulate submit button for rsaauth form submit 04/56104/6
Nicole Cordes [Sat, 28 May 2016 17:12:38 +0000 (19:12 +0200)]
[BUGFIX] Simulate submit button for rsaauth form submit

This patch adds the name and value of the first submit button found in a
form to the input field used to send the form.

RsaEncryptionWithLib.min.js created with:
../../../../../../Build/node_modules/uglify-js/bin/uglifyjs \
RsaLibrary.js RsaEncryption.js > RsaEncryptionWithLib.min.js

Resolves: #76120
Releases: master, 8.7, 7.6
Change-Id: I3f0fdc7e933267689114d5bcf62d3fcfe2db5146
Reviewed-on: https://review.typo3.org/56104
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
12 months ago[BUGFIX] Properly HTML encode site name in page module 87/56087/2
Helmut Hummel [Fri, 9 Mar 2018 21:14:09 +0000 (22:14 +0100)]
[BUGFIX] Properly HTML encode site name in page module

Resolves: #84191
Releases: master, 8.7, 7.6
Change-Id: Id0f2da6f77b3c01293478329503dc922ccd7e72c
Reviewed-on: https://review.typo3.org/56087
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
12 months ago[BUGFIX] Do not check HTTP referrer anymore 19/55819/3
Benni Mack [Tue, 20 Feb 2018 07:50:59 +0000 (08:50 +0100)]
[BUGFIX] Do not check HTTP referrer anymore

Under certain circumstances some browsers do not set the HTTP referrer
anymore due to privacy reasons. Hence, checking the referrer breaks
functionality.

Resolves: #83768
Releases: master, 8.7, 7.6
Change-Id: Ia8f882e07a9e2091ceb38aee814badb97403250d
Reviewed-on: https://review.typo3.org/55819
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
12 months ago[BUGFIX] Unset internal properties of processed file on delete 06/53506/3
Helmut Hummel [Mon, 20 Mar 2017 18:28:12 +0000 (19:28 +0100)]
[BUGFIX] Unset internal properties of processed file on delete

When a processed file is deleted because it needs reprocessing, set the
internal deleted property to true and unset its properties as well, as
they are stale anyway.

This is important as in the later processing it is checked whether the
current object is persisted (which it is not anymore) and an SQL update
is triggered, which then fails leading to another processing run in
subsequent requests.

When unsetting the internal properties a new row will be inserted
in the same request.

Resolves: #80359
Releases: 7.6, 8.7, master
Change-Id: I39eec59ed4ac071883ff97eab7018d1ede92fb95
Reviewed-on: https://review.typo3.org/53506
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
12 months ago[TASK] Synchronize RST files 12/56012/2
Christian Kuhn [Mon, 5 Mar 2018 12:43:41 +0000 (13:43 +0100)]
[TASK] Synchronize RST files

* Various .rst file index fixes, NotScanned usually does not make
  sense on Important- and Feature- files.
* Add a missing extension scanner config
* Sync 7* and 8* folders to other core branches

Resolves: #84141
Releases: master, 8.7, 7.6
Change-Id: Ifc19d774d45395cb30bd51f50d9121af409f48bb
Reviewed-on: https://review.typo3.org/56012
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
12 months ago[TASK] Filter duplicate cache commands from cacheQueue 87/55587/2
Simon Schmidt [Wed, 7 Feb 2018 15:55:59 +0000 (16:55 +0100)]
[TASK] Filter duplicate cache commands from cacheQueue

remove multiple calling for clear_cachecmd with the same page id

Resolves: #83797
Related: #82930
Releases: 7.6
Change-Id: I5740a33d3cf5dd5c7ccbe7166b9d0ba3e9ddeaee
Reviewed-on: https://review.typo3.org/55587
Reviewed-by: Daniel Klockenkaemper <dk@marketing-factory.de>
Tested-by: Daniel Klockenkaemper <dk@marketing-factory.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Guido Schmechel <littlegee@web.de>
Tested-by: Guido Schmechel <littlegee@web.de>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
12 months ago[TASK] Put commit hooks into Build/git-hooks directory 74/55974/2
Sybille Peters [Wed, 14 Feb 2018 09:41:20 +0000 (10:41 +0100)]
[TASK] Put commit hooks into Build/git-hooks directory

* commit-msg hook: change wiki link to link to official contribution guide
* commit-msg hook: rebase with original source
* commit-msg hook: add Change-Id on last line after footer
* pre-commit hook: check if staged php files conform to coding guidelines
* Build/Scripts/cglFixMyCommit.sh: extended
  parameters to be used by new pre-commit hook

Resolves: #83891
Releases: master, 8.7, 7.6
Change-Id: I6d00aa32ef3f9517d88e90c40059c7f73d7f6cfe
Reviewed-on: https://review.typo3.org/55974
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
12 months ago[BUGFIX] Avoid renumbering array keys on writing configuration 44/55944/2
Helmut Hummel [Wed, 28 Feb 2018 12:41:49 +0000 (13:41 +0100)]
[BUGFIX] Avoid renumbering array keys on writing configuration

Renumbering array keys, even if all keys are integer
is a destructive operation.
Doing so at least breaks our logging configuration,
which uses LogLevel constants as array keys and these constants
are defined as integer.

Therefore this pure visual optimization is removed
when writing LocalConfiguration.php

At a later point we might consider deprecating this
method, which at least has a wrong method name
(mentions "numeric", while it meanwhile uses "int" checks).
As this method performs a destructive operation,
its usefulness is limited.

Resolves: #82304
Releases: master, 8.7, 7.6
Change-Id: I8d252428f3e27379e4377d30af0fdfd5e5d8719d
Reviewed-on: https://review.typo3.org/55944
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
12 months ago[BUGFIX] Catch exception editing record with deleted relation 52/55752/2
Andreas Fernandez [Wed, 24 Jan 2018 15:50:17 +0000 (16:50 +0100)]
[BUGFIX] Catch exception editing record with deleted relation

Editing a record with a deleted related record leads to an uncaught
DatabaseRecordException. This patch catches the exception and
ignores such records, but logs a warning.

Due to possible errors occurring with certain DBMS (e.g. MySQL
strict) columns may require a default value now in TCA.

Resolves: #83412
Releases: master, 8.7, 7.6
Change-Id: I5adaf385443350ce245dd83da6e5f1a16d9c9afb
Reviewed-on: https://review.typo3.org/55752
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Sascha Rademacher <sascha.rademacher+typo3@gmail.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
12 months ago[BUGFIX] Correctly handle identical arrays in arrayDiffAssocRecursive 25/55925/2
Markus Klein [Tue, 27 Feb 2018 14:57:58 +0000 (15:57 +0100)]
[BUGFIX] Correctly handle identical arrays in arrayDiffAssocRecursive

Add a new test to make sure that identical input arrays also deliver
an empty result as difference.

Resolves: #84067
Releases: master, 8.7, 7.6
Change-Id: Ia16ca9560094c4ae42eb69cac9e09cd4bef7dc4e
Reviewed-on: https://review.typo3.org/55925
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
12 months ago[BUGFIX] Show error message when hiding page from context menu 05/55905/2
Tymoteusz Motylewski [Mon, 26 Feb 2018 12:51:58 +0000 (13:51 +0100)]
[BUGFIX] Show error message when hiding page from context menu

Renamed key in the response to match what is expected
in actions.js evaluateResponse method.

Releases: 8.7, 7.6
Resolves: #82282
Change-Id: I4528963aded3a8203ab144c8353fc0509aa8a1e7
Reviewed-on: https://review.typo3.org/55905
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
12 months ago[TASK] Update readme copyright date to 2018 98/55898/2
Guido Schmechel [Sat, 24 Feb 2018 08:35:34 +0000 (09:35 +0100)]
[TASK] Update readme copyright date to 2018

Releases: master, 8.7, 7.6
Resolves: #84028

Change-Id: Ia6094c57c976ecf6e89b1d99aca0a1b12684e0b2
Reviewed-on: https://review.typo3.org/55898
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
13 months ago[BUGFIX] Don't download language packs of not loaded extensions 64/55864/2
Christian Kuhn [Wed, 21 Feb 2018 23:05:49 +0000 (00:05 +0100)]
[BUGFIX] Don't download language packs of not loaded extensions

The backend language module struggles with downloading
language packs of existing, but not loaded extensions
and fetchess old (non core version specific) packs
for core extensions.
This is hard to solve on a bugfix level for v7 and v8,
and in general it does not make much sense to have
language packs of not loaded extensions lying around
in typo3conf/l10n.
The patch ignores fetching of language packs for
not loaded extensions, it easily applies to all
maintained core versions.

Change-Id: I9ad885012a572368f7946f1027d870ee09550034
Resolves: #83406
Releases: master, 8.7, 7.6
Reviewed-on: https://review.typo3.org/55864
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Michael Stucki <michael.stucki@typo3.org>
Tested-by: Michael Stucki <michael.stucki@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
13 months ago[TASK] Extend untangleFilesArray function test in RequestBuilder 11/55811/2
Joshua Westerheide [Sat, 11 Nov 2017 16:42:05 +0000 (17:42 +0100)]
[TASK] Extend untangleFilesArray function test in RequestBuilder

Check for cases where the files array is nested more complex or
keywords (e.g. "error") are used as field names.

Run `curl -F "d0[]=@d12.txt" -F "d0[d1][d2][d3]=@d12.txt"
-F "error=@error_file.txt" localhost:8080` against a custom
php script to generate the testing $_FILES array.

Resolves: #82976
Releases: master, 8.7, 7.6
Change-Id: I51fb9da7c87871b6bb1e8ac4de317973f307dd49
Reviewed-on: https://review.typo3.org/55811
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
13 months ago[TASK] Change the label for scheduler "Save and create" 07/55807/2
Tomas Norre Mikkelsen [Thu, 15 Feb 2018 13:10:50 +0000 (14:10 +0100)]
[TASK] Change the label for scheduler "Save and create"

The label for the "Save and create new document" in the scheduler module,
will be change to a more appropriate label "Save and create new task"

Resolves: #83920
Releases: master, 8.7, 7.6
Change-Id: Ic4d6ad9d4598aafbc16c03b5bc50789451f6cdaf
Reviewed-on: https://review.typo3.org/55807
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
13 months ago[BUGFIX] Make it possible to translate selectMultipleSideBySide 75/55675/2
Manuel Selbach [Thu, 8 Feb 2018 17:51:43 +0000 (18:51 +0100)]
[BUGFIX] Make it possible to translate selectMultipleSideBySide

For the default language it was possible to view the field, but on
translating the dataset, the following exception is thrown:
'PHP Warning: Invalid argument supplied for foreach() in
backend/Classes/Form/Element/SelectMultipleSideBySideElement.php line 66'

As the defaultLanguageRow keeps to be "unparsed", the $selectedItems
could be a comma separated string within the method
TYPO3\CMS\Backend\Form\Element\SelectMultipleSideBySideElement::renderReadOnly
if the TCA configuration of a field is set to 'defaultAsReadonly'.

Resolves: #77155
Releases: master, 8.7, 7.6
Change-Id: Id9380fe3761e683352166565ed1a7e56f5e64190
Reviewed-on: https://review.typo3.org/55675
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
13 months ago[BUGFIX] Access Close.html from Resources/Public/Html/ 93/54993/3
Stephan Großberndt [Fri, 8 Dec 2017 14:38:44 +0000 (15:38 +0100)]
[BUGFIX] Access Close.html from Resources/Public/Html/

Clicking the close button in a editing popup accesses Close.html in
Resources/Public/Html/ which is a folder accessible by a web user
instead of Resources/Private/Templates/ which lead to a HTTP 403 error
on closing the popup.

Releases: master, 8.7, 7.6
Resolves: #83258
Related: #68108
Change-Id: Ibe7e328936240df436a3c9585e53122f1577dc6e
Reviewed-on: https://review.typo3.org/54993
Reviewed-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
13 months ago[TASK] Block access to .typoscript files 26/55626/2
Tymoteusz Motylewski [Fri, 9 Feb 2018 09:14:24 +0000 (10:14 +0100)]
[TASK] Block access to .typoscript files

As .typoscript is the preferred file ending for TypoScript files,
this should be reflected in the .htaccess access rules as well.

Change-Id: If894d831afb5fd7e3ed1c098023111b82cde124f
Resolves: #83703
Releases: 7.6
Reviewed-on: https://review.typo3.org/55626
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Reiner Teubner <rteubner@me.com>
Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
13 months ago[BUGFIX] Do not rawurlencode record titles using label_alt and type=group 83/54483/3
Oliver Hader [Tue, 6 Feb 2018 21:55:11 +0000 (22:55 +0100)]
[BUGFIX] Do not rawurlencode record titles using label_alt and type=group

Do not rawurlencode the label_alt part references of record titles if
they are of type=group as this leads to duplicate encoding.

Resolves: #78995
Releases: 7.6
Change-Id: I9a445745415080856adfbf51c4a87820a8e77375
Reviewed-on: https://review.typo3.org/54483
Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
13 months ago[BUGFIX] Allow users without delete permissions to drag pages in page tree 35/55535/2
Tymoteusz Motylewski [Thu, 7 Dec 2017 13:46:48 +0000 (14:46 +0100)]
[BUGFIX] Allow users without delete permissions to drag pages in page tree

BE users without delete rights can now drag-drop pages in the page tree.
The drag - delete area is not shown.

Resolves: #25135
Releases: 8.7, 7.6
Change-Id: Icc82675a783f19ae72b6d00ac2809ad76b93dd67
Reviewed-on: https://review.typo3.org/55535
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
13 months ago[TASK] Set TYPO3 version to 7.6.25-dev 74/55574/2
Oliver Hader [Tue, 6 Feb 2018 10:55:13 +0000 (11:55 +0100)]
[TASK] Set TYPO3 version to 7.6.25-dev

Change-Id: I74d839719a841d19b23241af87c1f5cfbc012d7f
Reviewed-on: https://review.typo3.org/55574
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
13 months ago[RELEASE] Release of TYPO3 7.6.24 73/55573/2 7.6.24 TYPO3_7-6-24 v7.6.24
Oliver Hader [Tue, 6 Feb 2018 10:53:43 +0000 (11:53 +0100)]
[RELEASE] Release of TYPO3 7.6.24

Change-Id: I58a85b55724c2a4072a7ceec900cab685a0a834b
Reviewed-on: https://review.typo3.org/55573
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
13 months ago[BUGFIX] Replace calls to the deprecated PHP function each() 70/55570/4
Reiner Teubner [Wed, 31 Jan 2018 14:30:21 +0000 (15:30 +0100)]
[BUGFIX] Replace calls to the deprecated PHP function each()

This patch replaces the calls to the PHP function each() as it is
marked as deprecated in PHP 7.2. Additionally it adds unit tests for
QueryGenerator::getSubscript().

Resolves: #83737
Releases: master, 8.7, 7.6
Change-Id: Ie61a6d44fcdbd4ce6105a6c185085a3a68866fd8
Reviewed-on: https://review.typo3.org/55570
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
13 months ago[BUGFIX] Invalid session token on creating content element in admin panel 90/55490/2
Oliver Hader [Mon, 29 Jan 2018 15:43:45 +0000 (16:43 +0100)]
[BUGFIX] Invalid session token on creating content element in admin panel

When creating a new content element in the frontend using the according
button in the "editing" section of the admin panel, the request to the
TYPO3 backend is rejected due to an invalid XSRF session token:

Validating the security token of this form has failed.
Please reload the form and submit it again.

The reason is, that the URL after issue #70055 looks like the following
"token=<hash>id=<id>" instead of "token=<hash>&id=<id>" - the id became
part of the XSRF session token.

Resolves: #83719
Releases: master, 8.7, 7.6
Change-Id: Ibdd252b2e59d9e8de78bb0be14a95e0789dc0d17
Reviewed-on: https://review.typo3.org/55490
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>