This project is mirrored from https://git.typo3.org/typo3/typo3.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
- 26 Jul, 2021 1 commit
-
-
Oliver Bartsch authored
This fixes inconsistency in the display of the grid columns between the fluid based page module and PageLayoutView. * Proper distinction between unassigned and unused columns * State describing classes, such as "restricted" and "hidden" are now added correctly * Access restricted columns do not longer display elements previously added to this column * Column titles are now correct * TSconfig option "hideRestrictedCols" is respected * TSconfig option "colPosList" does now work correctly * All used labels are now translatable * No more cross dependencies for labels Resolves: #94602 Related: #93829 Related: #93313 Releases: master Change-Id: I1d1e641722d57657169e16e92ddd501aab04bc72 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70013 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
- 25 Jul, 2021 1 commit
-
-
Smaller images must not be blown up in visual size if smaller than 400x590px. Resolves: #94475 Releases: master, 10.4 Change-Id: I8ef7e084a55d41778d6a71ff50cdc3125bcb176f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69909 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Daniel Haupt <mail@danielhaupt.de> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Daniel Haupt <mail@danielhaupt.de> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
- 23 Jul, 2021 2 commits
-
-
Christian Kuhn authored
With all non-legacy usages of ObjectManager being gone, this final patch adds a series of @deprecation annotations throughout the core, adapts some comments, and finally adds a trigger_error() to ObjectManager->get(). Resolves: #94619 Related: #90803 Releases: master Change-Id: Iaa65f7dee4e5aa9eb4e2c217e76105b0263dc6dc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70054 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Fix undefined array keys in form, core and indexed_search for the frontend and in extensionmanager. Resolves: #94613 Releases: master Change-Id: I96230feb46f33c9a606a72f765bc79e19d8b28dd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70024 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- 22 Jul, 2021 13 commits
-
-
The reset link, sent in the plain text version of the PasswordReset functionality is not longer be encoded as this makes the link unusable. Resolves: #94589 Releases: master, 10.4 Change-Id: Ie464140bb68f5ac703540d1eba094f19cf2ee299 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69967 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
When using CKEditor with autolinking plugin enabled (e.g. simply typing www.typo3.org in the RTE) https:// is now used by default when a link is generated. This change reflects the "secure-first" approach by using https:// by default, however users can still manually change this to http://. More than 90% of the web now serve via HTTPS (also see https://transparencyreport.google.com/https) Resolves: #90336 Releases: master Change-Id: I38e4034915f66fd1f169bc96f27026a6427de156 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69923 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
When using an array as data for a log entry placeholder, it must be imploded as otherwise the placeholder would not be resolved by AbstractWriter->interpolate(). Additionally, the exception is now correctly added to the log message string in PhpErrorLogWriter again. Resolves: #94594 Related: #94315 Releases: master Change-Id: I0aa79e511fd164a75e974547057477479234c25b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69978 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
docker-compose.yml is now working with v2.0.0beta. Restored old behavior to retrieve the actual CORE_ROOT path using "realpath" which also works on MacOS. Resolves: #94612 Releases: master, 10.4, 9.5 Change-Id: I62ab40870e285b3533a259105dac241e3c4a6af2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70023 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Since #57082 the language columns, typically `sys_language_uid`, are defined with the new TCA type "language" instead of type "select". Since this was previously not properly handled, BackendUtility::getProcessedValue() just returned the records' field value instead of the language title. This is now fixed by adding an additional "case" for TCA type "language". Resolves: #94610 Releases: master Change-Id: I89297e679393cb8eb0765a51fb6a7eebc4e12f7c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70022 Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
This finishes removal of regular extbase ObjectManager usages throughout the core: All left over places are fallback situations if extensions don't provide proper service definitions. Most places are casual replacements, many of them have been prepared with previous patches. Some places like Query and QueryResult still need special handling: The patch introduces some 'ForwardCompatible' interfaces implemented by core to otherwise OM-fallback if extensions didn't catch up yet. This avoids expensive runtime reflection in potentially often-called areas. When this patch is merged, a final patch can be done, including a ReST with some dedicated transition tips and the ultimate ObjectManager deprecation. Resolves: #94451 Related: #90803 Related: #92238 Releases: master Change-Id: Ic53f3bf6a04d15052680a953c76d19182a2e5e87 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69676 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
To further clean up ext:beuser and allow more refactoring of the extension, the BackendUser model no longer extends the ext:extbase base BackendUser model. The patch is a straight merge of the lower class for now and further patches will follow. Resolves: #94614 Releases: master Change-Id: I79978cdae8538ce04b15bc703ad0eefc415f6d27 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70025 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
When no scheme is given using f:uri.external or f:link.external fluid view helpers, they now fall back to https instead of http. Resolves: #94615 Releases: master Change-Id: I33ce251d4f38cd504d163dd91f70fbe753952f2d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70026 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
The class logs a deprecation in __construct(), but the @deprecated annotation is missing. Unit and functional tests of QueryGenerator are moved now and a PHP8 related patch that has been done to core QueryGenerator is now merged into lowlevel QueryGenerator, too. Resolves: #94587 Related: #92129 Releases: master Change-Id: Ibb59c6bf576c6589a1cbb654ebd4773065b3e8c2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69962 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
This change replaces all query results from the database from fetchColumn() to fetchOne(), as this is the new API used in Doctrine DBAL. This change is one of a few to prepare for Doctrine DBAL 3.0 compatibility. Resolves: #94605 Releases: master Change-Id: Ia9ca2bbb7b2c16a230c5946941cc3023203f494d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69917 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
Issue #92815 introduced a regression which triggered an endless recursion in case of a validation error. A bit longer explanation: Given there is an extbase controller action with an argument whose properties have to validated, extbase maps the incoming data of the request onto the internally handled arguments object which then performs the validation on all given arguments. In case of an error, extbase tries to redirect to the referring request aka the current request with an updated set of arguments. The idea is to remove all arguments of the current request to not trigger the same validation error again on the next try. There was a condition in the past which eventually led to the overriding of current arguments which was refactored wrong. The solution is to make the arguments of the ForwardResponse null by default and have the same null check like before. Releases: master Resolves: #94457 Change-Id: I1701001ce0cf55df79b2ed896d69a08659a2902b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70020 Tested-by:
core-ci <typo3@b13.com> Tested-by:
waldhacker <hello@waldhacker.dev> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
waldhacker <hello@waldhacker.dev> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Fix a PHP Warning on custom auth services that have no service subtype "processLoginDataBE". Resolves: #94599 Releases: master Change-Id: I5046236b659674cebc761861ccf668c9bb226dc5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70012 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
A rather obvious TCA access scenario. Resolves: #94611 Releases: master Change-Id: Ie4ac8c7d1978e89de28076e0d036db1930c51149 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70021 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
- 21 Jul, 2021 5 commits
-
-
The "Manage Language Packs" modal now displays the inactive languages correct. This was previously overridden by bootstraps "table-striped" functionality. Resolves: #94584 Releases: master Change-Id: Ib464d9daaea8156fd9f80dca96fe50bee3f61992 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69966 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
Legacy Extbase ObjectManager has a symfony DI compiler pass that registers all DI registered "Foo"Interface aliases via registerImplementation in Extbase container, too. This however only works if the target is a class. The Psr/Container/ContainerInterface is a magic 'service_container' alias, though. In turn, ObjectManager fails to inject Psr/Container/ContainerInterface. The patch adds this interface explicitly and adds a functional test to make sure it works. We target that patch to both v11 and v10 to simplify the transition from ObjectManager to symfony based DI. Resolves: #94608 Related: #90803 Related: #94453 Releases: master, 10.4 Change-Id: I282240548d8d8c571314dd433653dc30d1e0dad4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70017 Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
This change fixes a variable error to use "activeFolder" instead of "selectedFolder". Resolves: #94579 Releases: master Change-Id: I855c89a51f080136f713c1df035e5882fe652910 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69918 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Resolves: #94573 Releases: master, 10.4 Change-Id: I62c96e78accb7a10b0da384bdd9d92a1ecab58c1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69911 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Helmut Hummel <typo3@helhum.io> Tested-by:
Lina Wolf <112@linawolf.de> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
Lina Wolf <112@linawolf.de>
-
Since #93892, clearing the search field did not longer submit the form. This is now fixed by adding a dedicated JS module, listening on the browsers "search" event. When using the search in the Record selector, the search options dropdown is now not longer cut off, in case no search results are present. Additionally, the functionality to toggle the search field in the recordlist module is now moved into the Recordlist JS module, as it does not belong to EXT:backend and furthermore does not require a dedicated JS module. Resolves: #94463 Resolves: #94557 Releases: master Change-Id: I504a27fc6cb3d3689555169ac3e39813e2029544 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69830 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- 20 Jul, 2021 8 commits
-
-
Oliver Bartsch authored
Both, DatabaseRecordList as well as the ContextMenu feature the "Show" button to preview a content element on its parent page. However, in case the parent page is a "no view doktype" (e.g. sys folder), those buttons lead to a 404 error. This is now fixed by properly checking whether a content elements' parent page can be viewed. If not, the button is no longer shown. Resolves: #93718 Releases: master, 10.4 Change-Id: I2ad48ee7e44d06f569496c4bed2bbd172791b86c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69959 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
When having the debug logging activated for the authentication process, sensitive data is not being logged anymore. This change * removes password from being logged * hashes the cookie value processed for logging Resolves: #93925 Releases: master, 11.3, 10.4, 9.5 Change-Id: I8c610a72014de571ef52b4430c43f8d149b273d9 Security-Bulletin: CORE-SA-2021-012 Security-References: CVE-2021-32767 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69994 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
The column names, defined in backend layouts, were not properly encoded at some places and therefore led to a XSS vulnerability. The issue is addressed by properly encoding user input. Resolves: #93683 Releases: master, 11.3, 10.4, 9.5, 8.7 Change-Id: I787cee9f56a30aeaf69294412c8d5198a144e31c Security-Bulletin: CORE-SA-2021-011 Security-References: CVE-2021-32669 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69993 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Properly encodes error messages to be used in HTML output in "EXT:lowlevel" Query Generator and Query View components. Resolves: #93868 Releases: master, 11.3, 10.4, 9.5 Change-Id: I05812ac7c1cded39edbf10d50bb4dc0fd8faf577 Security-Bulletin: CORE-SA-2021-010 Security-References: CVE-2021-32668 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69992 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
The `viewpage` module contains a preset selection, where users can select different browser viewports. Since the corresponding preset labels, configurable via TSconfig, had not been encoded properly, is was vulnerable to XSS. The issue is addressed by properly encoding the labels. Resolves: #93702 Releases: master, 11.3, 10.4, 9.5 Change-Id: Ia22c5ab4332816614dd07a93d7e739d9fc1d8bac Security-Bulletin: CORE-SA-2021-009 Security-References: CVE-2021-32667 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69991 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
* uses stream filter to enclose multi-line content * adds three choosable strategies dealing with control literals + TYPE_REMOVE_CONTROLS - removes control literals (default) + TYPE_PREFIX_CONTROLS - prefixes control literal sequence with `'` + TYPE_PASSTHROUGH - nothing, passthrough data The default strategy is `TYPE_REMOVE_CONTROLS` when invoking `\TYPO3\CMS\Core\Utility\CsvUtility::csvValues`. Resolves: #94271 Releases: master, 11.3, 10.4, 9.5 Change-Id: I2568a0c2dfa6d4636e211e97d66a513984532cc9 Security-Bulletin: TYPO3-PSA-2021-002 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69974 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Helmut Hummel authored
Releases: master Resolves: #94592 Change-Id: I0616e362b598beb49859f5e78a3f2636f6cdf73f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69969 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Helmut Hummel <typo3@helhum.io>
-
FunctionalTestCase loads these core extensions by default: core, backend, frontend, extbase, install, recordlist, fluid Functional tests do not need to set these explicitely in $coreExtensionsToLoad. The patch cleans this up. Resolves: #94591 Releases: master Change-Id: I038cea486c20edc5262dc6a575ed965c876bdc88 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69968 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
- 19 Jul, 2021 6 commits
-
-
Prevent a possible TypeError in TableController by casting the input argument to string. Resolves: #94446 Releases: master, 10.4 Change-Id: I208123f542ca6cf34db51889138fb626da0deb41 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69831 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Upgrade JavaScript packages chart.js, codemirror and ckeditor4 addressing known and disclosed vulnerabilities. * chart.js: Prototype Pollution https://app.snyk.io/vuln/SNYK-JS-CHARTJS-1018716 * codemirror: Regular Expression DoS (ReDoS) https://app.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 * ckeditor4: Cross-Site Scripting https://app.snyk.io/vuln/SNYK-JS-CKEDITOR4-1303090 Executed command: ``` cd Build; nvm use; yarn upgrade chart.js codemirror ckeditor4 ``` Resolves: #94583 Releases: master, 10.4, 9.5 Change-Id: I56c1948f5785f4ecf9f51998f006825a952280bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69956 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Christian Kuhn authored
We have a decent test coverage of view helpers, especially those within ext:fluid. This is an important asset and we're sure all main functionality works. Most of the tests rely on ViewHelperBaseTestcase from the testing framework. This class prepares the main mocking of view helper dependencies. Reading the code it becomes obvious that this approach is kinda unfortunate: View helpers are part of a bigger system - they have some general dependencies like the rendering context, the request and render children. This leads to a mocking party in many unit tests, making the test goal hard to understand and follow. The mock preparations and assumptions of internal handling actively block further separation of concern patches within ext:fluid since the ViewHelperBaseTestcase breaks all the time. The patch refactors all unit tests that extend ViewHelperBaseTestcase towards functional tests: Most of them simply create a StandaloneView, feed a template string for the specific view helper and string compare the render result. Some FE related VH tests additionally set up a full frontend and retrieve a rendered fluid view as sub request. This makes the tests much easier to read, follow and understand. The functional tests are now good examples to show the various features of single VH's. Change-Id: I6c5d4eeb0c79ba66a18398a5623a591381a6d707 Resolves: #94580 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69857 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
A second test is marked skipped until an upstream patch is merged and released. Resolves: #94582 Related: #94565 Related: #94492 Releases: master, 10.4, 9.5 Change-Id: Ia899c47a80bba60840f011766b816af90e160498 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69924 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Resolves: #94581 Releases: master Change-Id: Id0e4fdce83f04a0c5a5060fb62832f6e93409eb3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69921 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Henrik Elsner <helsner@dfau.de> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
Resolves: #94571 Releases: master Change-Id: Ic84bf7ba69ef5b020f91661ff5387ef4b62f34f2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69905 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
- 16 Jul, 2021 4 commits
-
-
Add fallback for undefined array keys in EXT:frontend, EXT:indexed_search, EXT:core. This fixes frontend rendering of a basic site package including all available content elements. Resolves: #94546 Releases: master Change-Id: I051f2d6d0b2278394e95af8eb26be11b3f4aa9a7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69819 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
The "fileFolder" configuration options, available for TCA columns of type "select" are used to fill the select field with predefined files (images / icons). Nowadays this is frequently used to make a corporate icon set available for editors. In multi site installations however, those icon sets usually differ from site to site. Therefore, the AbstractItemProvider is now extended to allow overriding those settings with TSconfig (TCEFORM). Furthermore, to streamline the TCA configuration and to be in line with the corresponding overrides, the "fileFolder" TCA configuration options are moved into a dedicated sub array "fileFolderConfiguration" and the properties are renamed to be consistent with other TCA options. * fileFolder => folder * fileFolder_extList => allowedExtensions * fileFolder_recursions => depth A TCA migration is in place. Resolves: #94406 Releases: master Change-Id: I621198523edfd328ad68d692d9194017c445406f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69832 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
The PermissionController was previously handled via extbase, even though no pure Extbase-related feature (validation, type-converting, persistence) was used. Furthermore a combination of non-extbase arguments and extbase-prefixed arguments was used, leading to a couple of GeneralUtility::_GP() usages. To clean up the controller, it is now not longer registered as extbase module, while keeping the module name "system_BeuserTxPermission" for backwards-compatibility reasons. Furthermore, is the PermissionAjaxController, used for inline updates in the tree view, moved into the PermissionController. This allowed to streamline and clean up its only endpoint. Besides the clean up, some things got improved, e.g. the shortcut button does now also take the current action into account and all used labels can now be translated. Resolves: #94564 Releases: master Change-Id: Ic03e341df5b69aa154be1a5b737df2eecc433e55 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69893 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
This patch removes an empty h2 tag in the scheduler module and also removes an unnecessary margin-bottom which visually looked like an empty table row. Furthermore is the main template structure now also rendered using the already existing standalone view instance. Resolves: #94567 Releases: master Change-Id: I74b2ba00c52a4c92d506e8cde21493320b073e1e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69897 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-