This project is mirrored from https://git.typo3.org/typo3/typo3.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
- 21 Jul, 2021 2 commits
-
-
Resolves: #94573 Releases: master, 10.4 Change-Id: I62c96e78accb7a10b0da384bdd9d92a1ecab58c1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69911 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Helmut Hummel <typo3@helhum.io> Tested-by:
Lina Wolf <112@linawolf.de> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
Lina Wolf <112@linawolf.de>
-
Since #93892, clearing the search field did not longer submit the form. This is now fixed by adding a dedicated JS module, listening on the browsers "search" event. When using the search in the Record selector, the search options dropdown is now not longer cut off, in case no search results are present. Additionally, the functionality to toggle the search field in the recordlist module is now moved into the Recordlist JS module, as it does not belong to EXT:backend and furthermore does not require a dedicated JS module. Resolves: #94463 Resolves: #94557 Releases: master Change-Id: I504a27fc6cb3d3689555169ac3e39813e2029544 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69830 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- 20 Jul, 2021 8 commits
-
-
Oliver Bartsch authored
Both, DatabaseRecordList as well as the ContextMenu feature the "Show" button to preview a content element on its parent page. However, in case the parent page is a "no view doktype" (e.g. sys folder), those buttons lead to a 404 error. This is now fixed by properly checking whether a content elements' parent page can be viewed. If not, the button is no longer shown. Resolves: #93718 Releases: master, 10.4 Change-Id: I2ad48ee7e44d06f569496c4bed2bbd172791b86c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69959 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
When having the debug logging activated for the authentication process, sensitive data is not being logged anymore. This change * removes password from being logged * hashes the cookie value processed for logging Resolves: #93925 Releases: master, 11.3, 10.4, 9.5 Change-Id: I8c610a72014de571ef52b4430c43f8d149b273d9 Security-Bulletin: CORE-SA-2021-012 Security-References: CVE-2021-32767 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69994 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
The column names, defined in backend layouts, were not properly encoded at some places and therefore led to a XSS vulnerability. The issue is addressed by properly encoding user input. Resolves: #93683 Releases: master, 11.3, 10.4, 9.5, 8.7 Change-Id: I787cee9f56a30aeaf69294412c8d5198a144e31c Security-Bulletin: CORE-SA-2021-011 Security-References: CVE-2021-32669 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69993 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Properly encodes error messages to be used in HTML output in "EXT:lowlevel" Query Generator and Query View components. Resolves: #93868 Releases: master, 11.3, 10.4, 9.5 Change-Id: I05812ac7c1cded39edbf10d50bb4dc0fd8faf577 Security-Bulletin: CORE-SA-2021-010 Security-References: CVE-2021-32668 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69992 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
The `viewpage` module contains a preset selection, where users can select different browser viewports. Since the corresponding preset labels, configurable via TSconfig, had not been encoded properly, is was vulnerable to XSS. The issue is addressed by properly encoding the labels. Resolves: #93702 Releases: master, 11.3, 10.4, 9.5 Change-Id: Ia22c5ab4332816614dd07a93d7e739d9fc1d8bac Security-Bulletin: CORE-SA-2021-009 Security-References: CVE-2021-32667 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69991 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
* uses stream filter to enclose multi-line content * adds three choosable strategies dealing with control literals + TYPE_REMOVE_CONTROLS - removes control literals (default) + TYPE_PREFIX_CONTROLS - prefixes control literal sequence with `'` + TYPE_PASSTHROUGH - nothing, passthrough data The default strategy is `TYPE_REMOVE_CONTROLS` when invoking `\TYPO3\CMS\Core\Utility\CsvUtility::csvValues`. Resolves: #94271 Releases: master, 11.3, 10.4, 9.5 Change-Id: I2568a0c2dfa6d4636e211e97d66a513984532cc9 Security-Bulletin: TYPO3-PSA-2021-002 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69974 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Helmut Hummel authored
Releases: master Resolves: #94592 Change-Id: I0616e362b598beb49859f5e78a3f2636f6cdf73f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69969 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Helmut Hummel <typo3@helhum.io>
-
FunctionalTestCase loads these core extensions by default: core, backend, frontend, extbase, install, recordlist, fluid Functional tests do not need to set these explicitely in $coreExtensionsToLoad. The patch cleans this up. Resolves: #94591 Releases: master Change-Id: I038cea486c20edc5262dc6a575ed965c876bdc88 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69968 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
- 19 Jul, 2021 6 commits
-
-
Prevent a possible TypeError in TableController by casting the input argument to string. Resolves: #94446 Releases: master, 10.4 Change-Id: I208123f542ca6cf34db51889138fb626da0deb41 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69831 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Upgrade JavaScript packages chart.js, codemirror and ckeditor4 addressing known and disclosed vulnerabilities. * chart.js: Prototype Pollution https://app.snyk.io/vuln/SNYK-JS-CHARTJS-1018716 * codemirror: Regular Expression DoS (ReDoS) https://app.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 * ckeditor4: Cross-Site Scripting https://app.snyk.io/vuln/SNYK-JS-CKEDITOR4-1303090 Executed command: ``` cd Build; nvm use; yarn upgrade chart.js codemirror ckeditor4 ``` Resolves: #94583 Releases: master, 10.4, 9.5 Change-Id: I56c1948f5785f4ecf9f51998f006825a952280bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69956 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Christian Kuhn authored
We have a decent test coverage of view helpers, especially those within ext:fluid. This is an important asset and we're sure all main functionality works. Most of the tests rely on ViewHelperBaseTestcase from the testing framework. This class prepares the main mocking of view helper dependencies. Reading the code it becomes obvious that this approach is kinda unfortunate: View helpers are part of a bigger system - they have some general dependencies like the rendering context, the request and render children. This leads to a mocking party in many unit tests, making the test goal hard to understand and follow. The mock preparations and assumptions of internal handling actively block further separation of concern patches within ext:fluid since the ViewHelperBaseTestcase breaks all the time. The patch refactors all unit tests that extend ViewHelperBaseTestcase towards functional tests: Most of them simply create a StandaloneView, feed a template string for the specific view helper and string compare the render result. Some FE related VH tests additionally set up a full frontend and retrieve a rendered fluid view as sub request. This makes the tests much easier to read, follow and understand. The functional tests are now good examples to show the various features of single VH's. Change-Id: I6c5d4eeb0c79ba66a18398a5623a591381a6d707 Resolves: #94580 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69857 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
A second test is marked skipped until an upstream patch is merged and released. Resolves: #94582 Related: #94565 Related: #94492 Releases: master, 10.4, 9.5 Change-Id: Ia899c47a80bba60840f011766b816af90e160498 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69924 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Resolves: #94581 Releases: master Change-Id: Id0e4fdce83f04a0c5a5060fb62832f6e93409eb3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69921 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Henrik Elsner <helsner@dfau.de> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
Resolves: #94571 Releases: master Change-Id: Ic84bf7ba69ef5b020f91661ff5387ef4b62f34f2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69905 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
- 16 Jul, 2021 5 commits
-
-
Add fallback for undefined array keys in EXT:frontend, EXT:indexed_search, EXT:core. This fixes frontend rendering of a basic site package including all available content elements. Resolves: #94546 Releases: master Change-Id: I051f2d6d0b2278394e95af8eb26be11b3f4aa9a7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69819 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
The "fileFolder" configuration options, available for TCA columns of type "select" are used to fill the select field with predefined files (images / icons). Nowadays this is frequently used to make a corporate icon set available for editors. In multi site installations however, those icon sets usually differ from site to site. Therefore, the AbstractItemProvider is now extended to allow overriding those settings with TSconfig (TCEFORM). Furthermore, to streamline the TCA configuration and to be in line with the corresponding overrides, the "fileFolder" TCA configuration options are moved into a dedicated sub array "fileFolderConfiguration" and the properties are renamed to be consistent with other TCA options. * fileFolder => folder * fileFolder_extList => allowedExtensions * fileFolder_recursions => depth A TCA migration is in place. Resolves: #94406 Releases: master Change-Id: I621198523edfd328ad68d692d9194017c445406f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69832 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
The PermissionController was previously handled via extbase, even though no pure Extbase-related feature (validation, type-converting, persistence) was used. Furthermore a combination of non-extbase arguments and extbase-prefixed arguments was used, leading to a couple of GeneralUtility::_GP() usages. To clean up the controller, it is now not longer registered as extbase module, while keeping the module name "system_BeuserTxPermission" for backwards-compatibility reasons. Furthermore, is the PermissionAjaxController, used for inline updates in the tree view, moved into the PermissionController. This allowed to streamline and clean up its only endpoint. Besides the clean up, some things got improved, e.g. the shortcut button does now also take the current action into account and all used labels can now be translated. Resolves: #94564 Releases: master Change-Id: Ic03e341df5b69aa154be1a5b737df2eecc433e55 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69893 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
This patch removes an empty h2 tag in the scheduler module and also removes an unnecessary margin-bottom which visually looked like an empty table row. Furthermore is the main template structure now also rendered using the already existing standalone view instance. Resolves: #94567 Releases: master Change-Id: I74b2ba00c52a4c92d506e8cde21493320b073e1e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69897 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
SVG sanitizer test dataset entity.svg is causing segmentation fault in certain scenarios - which might be related to libxml2 before version 2.9.12. Unfortunately, investigations did not reveal any further details other than libxml2. As a result `entity.svg` test dataset, which is causing this problem is skipped until https://github.com/darylldoyle/svg-sanitizer/pull/53 is merged and released in the upstream library. Resolves: #94565 Releases: master, 10.4, 9.5 Change-Id: I8375954dad64e3955f88122fa51dca7f796d077b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69894 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Markus Klein <markus.klein@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
- 15 Jul, 2021 1 commit
-
-
Added fallback for undefined array keys in backend, core, recycler, impexp, scheduler and linkvalidator Resolves: #94542 Releases: master Change-Id: Ieeda20879f1906c9e9a743e0377767cfce8dec09 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69813 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- 14 Jul, 2021 3 commits
-
-
Also this patch assures the filter auto submitting is working in case no redirects were found. Resolves: #94560 Releases: master Change-Id: I26157a13857976d9a4a3a31627790156f5b6cad2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69852 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
To keep its context, an upgrade wizard's description is now rendered in the confirmation step. All possibly exising HTML is removed and line breaks get converted to <br> tags. Resolves: #94514 Releases: master, 10.4 Change-Id: Ic0e5a75b996ea21427d40ff573715c8c153db867 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69767 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Nikita Hovratov <nikita.h@live.de> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Nikita Hovratov <nikita.h@live.de> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
The Redirects module is extended for a new filter option "Never hit". When used, the list is filtered for redirects, which were never hit before. This is especially handy for editors managing large sites, while the "automatic redirect generation on slug change" is enabled. The redirect demand already features the property "maxHits", which however was previously only used for the CLI command and is now also used for the new filter option. Resolves: #94489 Releases: master Change-Id: Ied510109de1c6bfb651ea0b8fdec0cfecbfab43a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69823 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- 13 Jul, 2021 8 commits
-
-
Resolves: #94556 Releases: master, 10.4, 9.5 Change-Id: I0a0515ec84408c4914a93d704e635f40ce90b22e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69827 Tested-by:
Helmut Hummel <typo3@helhum.io> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Resolves: #94554 Releases: master, 10.4, 9.5 Change-Id: I30ad916b71adaa7db97b40584f7d65453936ec87 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69824 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Susanne Moog <look@susi.dev> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Susanne Moog <look@susi.dev> Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de>
-
Resolves: #94548 Releases: master Change-Id: Idcfbf496e3d572744310024ce96675ece3514c48 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69822 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Benni Mack authored
When editing the metadata of a file, the file is now resolved in FormEngine, similar to what editors see in the file list module. In addition, the MetaInformation object now contains a proper fileResource property, so the existing file can be reused instead of being fetched again. Resolves: #94520 Releases: master Change-Id: I30dc8c8475264044a65f80bef1470028b319be82 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69797 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Benni Mack authored
Change-Id: I3380d28e1da80e182f073ce7ed38c893c7ffdc9a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69821 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Benni Mack authored
Change-Id: Icc6e6e01c230ea991a44c49908dd687cd54a867e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69820 Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Benni Mack authored
This reverts commit 5932bdbd. from https://review.typo3.org/c/Packages/TYPO3.CMS/+/69680 This change breaks regular forwarding of actions where the original request actually had arguments, which are now lost. See https://review.typo3.org/c/Packages/TYPO3.CMS/+/69680 Change-Id: I1e671bb1c61ed37c82f5cda513c2699c39280ad7 Resolves: #94547 Reverts: #94457 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69779 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
The menu was removed because it contained only already existing buttons (clear clipboard) or buttons that do not belong to the clipboard (delete, export) which made the clipboard overly complicated. Removed red color (danger) from clear all button, because this is a non destructive operation and added width/height for preview images so SVG images are displayed as expected in the clipboard. In addition, the "move/copy" selector is now a radio button, which finally works properly again. Resolves: #94507 Releases: master Change-Id: Ie9d98b13fa3075f6f8d297754576e3c20fd69b85 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69798 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- 12 Jul, 2021 7 commits
-
-
This change introduces behavior of extension `t3g/svg-sanitizer` into the TYPO3 core. Sanitizing SVG data is actually done by external package `enshrined/svg-sanitize` by Daryll Doyle. The following aspects are introduced: + handle `GeneralUtility::upload_copy_move` invocations + handle FAL action events `file-add`, `file-replace`, `set-content` + provide upgrade wizard, sanitizing all SVG files in storages that are using `LocalDriver` Custom usage: ``` $sanitizer = new \TYPO3\CMS\Core\Resource\Security\SvgSanitizer(); $sanitizer->sanitizeFile($sourcePath, $targetPath); $svg = $sanitizer->sanitizeContent($svg); ``` Basically this change enforces following public service announcements concerning SVG files, to enhance these security aspects per default: + https://typo3.org/security/advisory/typo3-psa-2020-003 + https://typo3.org/security/advisory/typo3-psa-2019-010 Resolves: #94492 Releases: master, 10.4, 9.5 Change-Id: I42c206190d8a335ebaf77b7e5d57b383e3bcbae1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69809 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
For legacy reasons storage resolving in file abstraction layer still supports using identifiers like `/fileadmin/img.png` instead of `1:/img.png` (given, that `1:` corresponds to `fileadmin/` storage). To resolve the "best matching storage", existing storage paths are analyzed - however this did not work in the following cases: + identifier like `/fileadmin/img.png` on storage using relative base-path like `fileadmin/` + identifier using absolute path on storage with relative base-path + identifier using relative path on storage with absolute base-path Resolves: #94519 Releases: master, 10.4, 9.5 Change-Id: Id8663b3e7fc40d777288bd498d2250e528f4f4af Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69793 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Added fallback value for array undefined keys for filelist as well as for impexp because it is part of the current clipboard fuctionality. Introduced new tests for clipboard and file upload. Resolves: #94509 Releases: master Change-Id: Ibed7c53f49665c4502aaa05dbe78f468d354f3a1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69771 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Benni Mack authored
Due to the change of scalable SVG icons the tree actions for selecting actions in the Page Selector / File Selector were not rendered again. This change fixes the issue by properly using a SVG inside another SVG again, just like with icons of the actual tree. Resolves: #94545 Releases: master Change-Id: I7bfae2e422adce6fd07eed46a26e8ab9767f12a6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69814 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
With the release of TYPO3 v11.3, Changelog documentation is no longer expected in master, but in 11.3 folder. Resolves: #94532 Releases: master Change-Id: I04808715808e6ac66e8a032e2809fc1d4d44109c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69807 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Oliver Bartsch authored
When fetching available shortcuts for a user, also permissions are checked by the ShortcutRepository. However previously a lot of use-cases were missed and the implemented checks were more or less faulty, especially when it comes to non-admin users. Therefore, three main topics are now handled properly: * Evaluation of record edit permissions for shortcuts, targeting the record_edit route * Evaluation of page access permissions for every shortcut not targeting the file list * Proper distinction between shortcuts for file list and the ones for other modules, since both use the "id" argument, while for the file list, this is a string (combined identifier), and for the rest, this is an integer (the requested page id or the records' pid) Resolves: #89530 Resolves: #93516 Releases: master, 10.4 Change-Id: Ib18eaf506886627360c58857f0160d008e130368 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69758 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-
Oliver Bartsch authored
The Extbase ImageService contains a helper method `getImage()`. This method tries to find an image in a couple of different ways, depending on the given input arguments. To improve the usability, the exception messages are now dedicated to their corresponding try. As a side effect, the method is now also more readable as it now uses guard clauses and also contains a couple of code comments. Resolves: #94518 Releases: master, 10.4 Change-Id: I31d94eb89dd58a01d7911907ca82a256a0ba7cf3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69792 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Jochen <rothjochen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de>
-