This project is mirrored from https://git.typo3.org/typo3/typo3.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Last successful update .
  1. 23 Apr, 2021 2 commits
  2. 22 Apr, 2021 2 commits
  3. 21 Apr, 2021 1 commit
  4. 20 Apr, 2021 5 commits
  5. 16 Apr, 2021 3 commits
    • Oliver Bartsch's avatar
      [BUGFIX] Reload page module after deleting content · 5afe6003
      Oliver Bartsch authored and Benni Mack's avatar Benni Mack committed
      The page module is now being reloaded when
      deleting a content element via the context menu.
      
      Side note: Since there are a lot of functionalities
      in the module, e.g. translation, it isn't sufficient to
      just remove the element from DOM, like it's done in
      recordlist.
      The whole module needs to be reloaded / reinitialized.
      
      Resolves: #91394
      Releases: master, 10.4
      Change-Id: Ibd9dc853ddb356574a0f426244decb6455f54b44
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68727
      
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
      Tested-by: Jochen's avatarJochen <rothjochen@gmail.com>
      Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Reviewed-by: Jochen's avatarJochen <rothjochen@gmail.com>
      Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      5afe6003
    • Oliver Bartsch's avatar
      [TASK] Improve multi-factor authentication view · 03bbd188
      Oliver Bartsch authored and Benni Mack's avatar Benni Mack committed
      Following improvements are done:
      
      * Reduce margin-top of the MFA provider title
      * The bottom border of card-body is changed to
      a top border of card-footer to prevent the border
      from being shown without a card-footer
      * A new class `card-mfa` is added to the outer card
      container to allow individual styling of the MFA view
      
      Additionally this also fixes the custom styling options,
      as these were still applied to the `panel` class, which
      was however replaced by `card` during the bootstrap 5
      migration.
      
      Resolves: #93913
      Releases: master
      Change-Id: I4e7ff6e30b77f71b0d5823f5202062410ebddf88
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68771
      
      Tested-by: Jochen's avatarJochen <rothjochen@gmail.com>
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
      Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Reviewed-by: Jochen's avatarJochen <rothjochen@gmail.com>
      Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      03bbd188
    • Benni Mack's avatar
      [FEATURE] Use SVG Trees in Record Selector · b0b36436
      Benni Mack authored and Benjamin Franzke's avatar Benjamin Franzke committed
      This change adds the SVG-based page tree in the
      record selector and the Page Link picker, replacing
      decade-old clumsy HTML code for generating trees.
      
      This replacement not only unifies the user experience
      across the navigation trees and the Element
      Browser / Link Pickers making the whole look + feel
      very consistent.
      
      It also allows to finally use all the features built
      in the SVG trees:
      
      * A filter across the tree built on the browser and automatic
        refreshing
      * collapse + expand and post-loading is now built with the
        same AJAX endpoints as the navigation components, making
        the general loading much faster
      * Temporary Mount Points now look exactly the same as in the
        navigation area.
      * Keyboard navigation
      * The Content Area inside the Record Selector and the Link
        Pickers is replaced via AJAX calls
      
      Especially the last feature makes it a breeze to use
      the new trees to select items much faster.
      
      All existing features, such as directly selecting a page
      or link to a page within the tree is added as so-called
      SVG-tree "actions" in the right corner when hovering,
      avoiding the additional "play" icon in the tree.
      
      Custom support for Element Browser "mount points" is also
      kept and included.
      
      The SVG tree is added to the following components:
      
      * Database Browser / Record Selector (e.g. choosing storagePid in plugins)
      * File Browser / Record Selector (e.g. selecting an image in the plugin)
      * Folder Browser / Record Selector
      * Link Picker for Pages / Content Elements ("link to a page")
      * Link Picker for Files ("link to a file")
      * Link Picker for Folders ("link to a folder")
      * Link Picker for Records (e.g. news record)
      
      All link picker functionality is available for typolink fields (e.g. tt_content.header_link)
      and when linking inside the Rich Text Editor.
      
      Some technical details under-the-hood:
      * The trees are now built as SVG tree / LIT elements
      * All Element Browser / Link Picker trees are named "Browsable...Tree"
      * The AJAX endpoints for fetching data are used
      * The Page Tree now uses a different configuration URL with a "?readonly=1" parameter, with the main difference to initialize EB mountpoints instead
      * Within the tree: The SVG tree actions is a separate container for elements on the right-hand of the tree
      * The GET parameter "contentOnly" represents to only load parts of the HTML (the content area) when fetching from AJAX
      
      Resolves: #73176
      Resolves: #92430
      Releases: master
      Change-Id: I5ef9534076bd6fa297b51c0ed9e90af91035be80
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67687
      
      Reviewed-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
      Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
      Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
      Tested-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
      Tested-by: Jonas Eberle's avatarJonas Eberle <flightvision@googlemail.com>
      Tested-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
      Tested-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
      Tested-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
      b0b36436
  6. 13 Apr, 2021 1 commit
  7. 12 Apr, 2021 1 commit
  8. 09 Apr, 2021 2 commits
  9. 08 Apr, 2021 2 commits
  10. 07 Apr, 2021 2 commits
  11. 05 Apr, 2021 1 commit
  12. 02 Apr, 2021 1 commit
  13. 01 Apr, 2021 1 commit
  14. 31 Mar, 2021 1 commit
  15. 30 Mar, 2021 1 commit
  16. 29 Mar, 2021 1 commit
    • Oliver Bartsch's avatar
      [BUGFIX] Fix descriptions of selectCheckBox items · 02c42d8a
      Oliver Bartsch authored and Richard Haeser's avatar Richard Haeser committed
      With #91008 the grouping and sorting feature was
      introduced to the TCA select type. As a consequence,
      the select items array key for the help text changed
      from `3` to `4`.
      
      The SelectCheckBox now correctly checks the `4`
      key for the presence of a description.
      
      In v11 the absence of a title value, which is common
      in this scenario, did furthermore lead to TypeError
      on rendering the popover. This is fixed by assigning
      an empty string as default value on initialization of
      the popover options. Otherwise this option would be
      initialized as 'undefined' and then trigger the
      TypeError on sanitizing.
      
      Additionally the TCA properties special=table,
      special=exclude and special=custom are adjusted to
      add the correct value as help text to the items array.
      The value is now added directly as string, as there
      is no need to define the array while only providing
      the description.
      
      As a drive-by-change, the itemsProcFuncs of the
      dashboard and the MFA component do now also add
      the description for their access list field. This
      is done because the dashboard initially defined the
      description already but had to remove it again due
      to this bug, see: #91152. The MFA component also
      just hadn't added it because the bug hadn't been
      resolved at that time.
      
      Resolves: #93331
      Resolves: #92383
      Releases: master, 10.4
      Change-Id: Ie96bcabea88b377490c24b0e60cfca8337e9ec52
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68616
      
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
      Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
      Tested-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
      Reviewed-by: default avatarJulian Mair <julian.mair94@gmail.com>
      Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
      Reviewed-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
      02c42d8a
  17. 25 Mar, 2021 1 commit
  18. 24 Mar, 2021 3 commits
  19. 23 Mar, 2021 1 commit
  20. 22 Mar, 2021 2 commits
  21. 19 Mar, 2021 1 commit
  22. 18 Mar, 2021 3 commits
  23. 16 Mar, 2021 2 commits
    • Christian Kuhn's avatar
      [TASK] Disable PHP 8 functional testing · 3e2b42b5
      Christian Kuhn authored and Daniel Goerz's avatar Daniel Goerz committed
      The recent extbase related class schema revert
      introduced a warning within functional PHP 8
      tests leading to test fails.
      Run the mariadb functionals with PHP 7.4 instead
      of PHP 8 for the moment again.
      Additionally a minor type hint from one of the
      recent security patches is added in ext:form
      area to make phpstan happy again.
      
      Related: #93745
      Resolves: #93751
      Releases: master
      Change-Id: Idac9c953d7029c3f67d6d1060354edfa5fa972dc
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68463
      
      Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
      Tested-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
      Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
      Reviewed-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
      3e2b42b5
    • Oliver Hader's avatar
      [SECURITY] Mitigate directly accessible file upload in form framework · 57b5b68f
      Oliver Hader authored and Oliver Hader's avatar Oliver Hader committed
      File handling implementation in `UploadedFileReferenceConverter` of
      `ext:form` creates files in `/fileadmin/user_uploads/` whenever some
      Extbase controller is (implicitly) dealing with `FileReference` models,
      unless particular implementations assign specific type converters or
      register type converters having a higher processing priority.
      
      As a side-effect this could lead to by-passing mime-type validators,
      allowing to plant cross-site scripting and other malicious binaries
      to public accessible `/fileadmin/` storage. PHP files and similar are
      blocked since `fileDenyPattern` rule is active in any case.
      
      This change makes the usage of `UploadedFileReferenceConverter` more
      specific in the scope of processing contact forms with `ext:form`
      
      * use random folder names for files, `.../form_abcde12345/image.png`
      * removes `UploadedFileReferenceConverter` from being used implicitly
        by other Extbase implementations dealing with `FileReference` models
      
      `PseudoFileReference` has been introduced to limit properties being
      serialized to `uid` (in case it's a real file reference) or `uidLocal`
      (in case it's a transient reference, pointing to a file).
      
      Direct URLs to uploaded files are substituted by `fileDump` eID script
      now, enforcing corresponding FAL mime-type and denying the web server
      from guessing/interpreting a different mime-type based on file suffix.
      
      A unique form `__session` value has been introduce, serving as seed
      to derive for instance mentioned folder names for uploaded files. In
      addition to that, form `__state` is only parsed when having been
      submitted via expected `FormFrontendController::performAction`.
      
      Resolves: #92136
      Releases: master, 11.1, 10.4, 9.5
      Change-Id: I7c33803443a68d6b3c895ec74da802a70bd390c1
      Security-Bulletin: TYPO3-CORE-SA-2021-002
      Security-References: CVE-2021-21355
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68435
      
      Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
      Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
      57b5b68f