This project is mirrored from Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Last successful update .
  1. 23 Apr, 2021 1 commit
    • Benjamin Franzke's avatar
      [TASK] Update to Lit v2-rc1 · d0da616d
      Benjamin Franzke authored
      Lit is the umbrella term for the next major
      lit-html (v2) and lit-element (v3) versions.
      Therefore we will refer to these components as
      *Lit* in TYPO3 from now on as well.
      These two libraries also have been migrated into
      a single entry point module named `lit`.
      It is officially described as:
      > The main module exports the core pieces needed for component
      > development: LitElement, html, css, and the most
      lit-html v2 and lit-element v3 are mostly compatible
      to the previous major versions. Main changes are
       * Deprecation of the `lit-element` entry point in
         favor of the new `lit` module
       * @internalProperty changed to @state
       * shadow css declaration via static property
         instead of static getter method
       * The CSSResult type declaration is gone
       * Directive (currently unused in TYPO3) API has changed
      Related testing framework change is:
      Commands used:
        rm -rf typo3/sysext/core/Resources/Public/JavaScript/Contrib/{@lit,lit-element,lit-html,lit}/
        yarn add lit@^2.0.0-rc.1 lit-html@^2.0.0-rc.2 lit-element@^3.0.0-rc.1
        yarn add --dev rollup@^2.32.0 @rollup/plugin-replace
        grunt build
        git add typo3/sysext/core/Resources/Public/JavaScript/Contrib/{@lit,lit-element,lit-html,lit}/
        composer require --dev typo3/testing-framework:^6.8.1
        composer require --dev typo3/testing-framework:^6.8.1 \
          --no-update --working-dir=typo3/sysext/core
      Resolves: #93965
      Releases: master
      Change-Id: I9b659d851e6ad9dc3cc649bd40aab886b86fb0f8
      Tested-by: Oliver Hader's avatarOliver Hader <>
      Tested-by: default avatarTYPO3com <>
      Tested-by: core-ci's avatarcore-ci <>
      Tested-by: Benni Mack's avatarBenni Mack <>
      Tested-by: Benjamin Franzke's avatarBenjamin Franzke <>
      Reviewed-by: Oliver Hader's avatarOliver Hader <>
      Reviewed-by: Benni Mack's avatarBenni Mack <>
      Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <>
  2. 30 Mar, 2021 1 commit
  3. 25 Mar, 2021 1 commit
  4. 24 Mar, 2021 1 commit
  5. 16 Mar, 2021 1 commit
    • Oliver Hader's avatar
      [SECURITY] Mitigate directly accessible file upload in form framework · 57b5b68f
      Oliver Hader authored and Oliver Hader's avatar Oliver Hader committed
      File handling implementation in `UploadedFileReferenceConverter` of
      `ext:form` creates files in `/fileadmin/user_uploads/` whenever some
      Extbase controller is (implicitly) dealing with `FileReference` models,
      unless particular implementations assign specific type converters or
      register type converters having a higher processing priority.
      As a side-effect this could lead to by-passing mime-type validators,
      allowing to plant cross-site scripting and other malicious binaries
      to public accessible `/fileadmin/` storage. PHP files and similar are
      blocked since `fileDenyPattern` rule is active in any case.
      This change makes the usage of `UploadedFileReferenceConverter` more
      specific in the scope of processing contact forms with `ext:form`
      * use random folder names for files, `.../form_abcde12345/image.png`
      * removes `UploadedFileReferenceConverter` from being used implicitly
        by other Extbase implementations dealing with `FileReference` models
      `PseudoFileReference` has been introduced to limit properties being
      serialized to `uid` (in case it's a real file reference) or `uidLocal`
      (in case it's a transient reference, pointing to a file).
      Direct URLs to uploaded files are substituted by `fileDump` eID script
      now, enforcing corresponding FAL mime-type and denying the web server
      from guessing/interpreting a different mime-type based on file suffix.
      A unique form `__session` value has been introduce, serving as seed
      to derive for instance mentioned folder names for uploaded files. In
      addition to that, form `__state` is only parsed when having been
      submitted via expected `FormFrontendController::performAction`.
      Resolves: #92136
      Releases: master, 11.1, 10.4, 9.5
      Change-Id: I7c33803443a68d6b3c895ec74da802a70bd390c1
      Security-Bulletin: TYPO3-CORE-SA-2021-002
      Security-References: CVE-2021-21355
      Tested-by: Oliver Hader's avatarOliver Hader <>
      Reviewed-by: Oliver Hader's avatarOliver Hader <>
  6. 12 Mar, 2021 1 commit
  7. 25 Feb, 2021 1 commit
  8. 13 Feb, 2021 1 commit
  9. 12 Feb, 2021 1 commit
  10. 09 Feb, 2021 1 commit
  11. 08 Feb, 2021 1 commit
    • Benni Mack's avatar
      [TASK] Clean up Drag&Drop Handling in PageTree · 85c7264b
      Benni Mack authored and Georg Ringer's avatar Georg Ringer committed
      The PageTree components for the navigation area consists of:
      * PageTreeElement (container for rendering the navigation area w. toolbar + dragdrop + tree)
      * PageTreeToolbar (uses DnD for creating new items)
      * PageTree (JS, subclass of SvgTree)
      * PageTreeDragDrop
      This patch aims to rework the "PageTreeDragDrop" javascript file
      by moving separate logic into separate classes (as much as possible)
      and into a more stable API, being a first part.
      PageTreeDragDrop is a mixed code class currently,
      and is now split up in various separate classes:
      * DragDropHandler (interface)
      * ToolbarDragHandler -> used as the Toolbar Draggable Handler for new pages
      * PageTreeNodeDragHandler => used for moving/copying and deleting existing pages/nodes
      * PageTreeDragDrop now acts as a simple wrapper for d3-drag but still has some shared state
      For Future Reference:
      It is still up to decide on how to further decouple the code.
      Idea 1: Putting the d3-drag initialization into the right
      place and avoiding cross-dependencies. In general "initializeDragForNode"
      would also be handled via events, and all options / settings would be
      moved into the PageTreeDragDrop class.
      Ideally the PageTreeDragDrop contains the status of the
      current drag+drop action (position, node etc), so the PageTree
      would not know of anything itself.
      Idea 2: Another possibility is to use the current "PageTreeDragDrop"
      as a generic "TreeDragDropManager" because it does not
      contain any Page-Tree specific code anymore, but could be carried
      on later-on.
      The current change is already a good step as it moves all code
      to TypeScript and minimizes injection via constructors (except
      for the Tree itself).
      Resolves: #93446
      Releases: master
      Change-Id: Ibd7a067c1e6a821b138a8cc2971ec8133392b600
      Tested-by: default avatarTYPO3com <>
      Tested-by: Andreas Fernandez's avatarAndreas Fernandez <>
      Tested-by: Georg Ringer's avatarGeorg Ringer <>
      Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <>
      Reviewed-by: Georg Ringer's avatarGeorg Ringer <>
  12. 06 Feb, 2021 1 commit
  13. 02 Feb, 2021 1 commit
  14. 01 Feb, 2021 1 commit
  15. 21 Dec, 2020 1 commit
    • Benjamin Franzke's avatar
      [TASK] Update bootstrap javascript to 5.0.0-beta1 · 27881b60
      Benjamin Franzke authored and Benni Mack's avatar Benni Mack committed
      Bootstrap v5 – introduced in #92616 – was added with CCS from beta1 but
      JavaScript from alpha2. bootstrap.bundle.js was manually wrapped
      into a AMD closure, and because bootstrap 5.0.0-beta1 contains alot of
      changes regarding data tags, it couldn't be updated in the initial
      Bootstrap is now bundled using rollup using the ES6 sources in order
      to allow for automatic updates through `grunt build`.
      popperjs – previously bundled into bootstrap distributed files –
      is now added as dependency. The bootstap ES6 sources, that we now use
      through rollup, do not bundle this external dependency (for good reasons).
      Dependency added with:
         yarn add @popperjs/core
      Further adaptions contained in this change to ensure beta1 compatibility:
      a) Carousel "item" to "carousel-item" class migration
      b) $.fn.modal(options) does no longer imply $.fn.modal('show')
      c) Fix panels, both JS and CSS (card-group can't be used here)
      d) All bootstrap data- tags are migrated to data-bs-.
         Migrated with
         # renderes a sed substition with the help of a nested sed from all the
         # data-bs attributes that where changed in the twbs/bootstrap commit
         git grep -l data- | xargs sed -i $( \
              curl -s \
     | \
              sed 's/data-bs-[a-z-]*/\n&\n/g' | grep "data-bs-[a-z-]" | \
              sort | uniq | \
              sed 's/data-bs-\(.*\)\([^a-z-]\|$\)/ -e s\/data-\1\\\([^a-z-]\\\)\/data-bs-\1\\1\/g -e s\/data('"'"'\1'"'"')\/data('"'"'bs-\1'"'"')\/g/g' \
         # Revert false positives from the above auto-replacement
         git checkout -- typo3/sysext/core/Documentation/Changelog/ \
              typo3/sysext/backend/Classes/Form/Container/FlexFormContainerContainer.php \
              Build/Sources/TypeScript/backend/Resources/Public/TypeScript/LiveSearch.ts \
              Build/Sources/TypeScript/backend/Resources/Public/TypeScript/FormEngineFlexForm.ts \
              Build/Sources/TypeScript/install/Resources/Public/TypeScript/Module/Settings/ExtensionConfiguration.ts \
         (cd Build && grunt build)
      Resolves: #93126
      Resolves: #93123
      Resolves: #93132
      Related: #92616
      Releases: master
      Change-Id: Ie194d0f87d2c60df7b9e8a6de4893cfaaea55356
      Tested-by: default avatarTYPO3com <>
      Tested-by: default avatarMartin Kutschker <>
      Tested-by: Christian Kuhn's avatarChristian Kuhn <>
      Tested-by: Benni Mack's avatarBenni Mack <>
      Reviewed-by: default avatarMartin Kutschker <>
      Reviewed-by: Christian Kuhn's avatarChristian Kuhn <>
      Reviewed-by: Benni Mack's avatarBenni Mack <>
  16. 20 Dec, 2020 1 commit
    • Matthias Stegmann's avatar
      [FEATURE] Introduce Bootstrap v5 for TYPO3 Backend · 793fc121
      Matthias Stegmann authored and Benni Mack's avatar Benni Mack committed
      This changes removes the frontend framework
      Bootstrap 3, and adds Bootstrap 5 beta 1 (we
      expect Bootstrap 5 final by the time we release TYPO3 v11 LTS).
      Bootstrap v3 is not supported by the Bootstrap
      team any longer, so an update is critical for TYPO3 Core.
      Bootstrap v5 adds a few accessibility improvements
      as well as flexbox for rendering
      containers and grids throughout TYPO3 Backend.
      All JS components are not bound to jQuery anymore,
      and have been reworked.
      A lot of HTML/CSS changes happened, which we
      slowly migrate (and not in a huge change)
      to TYPO3's templates, in order to keep
      this change managable.
      A legacy CSS/SCSS file is added to
      keep some backwards-compatibility classes
      to ease the migration for extension developers
      who have built their own backend modules.
      Key features of Bootstrap 5:
      * "rem" instead of "px" is used by default
      * CSS variables are introduced
      * Improved bootstrap focus outline styling (buttons / inputs / links)
      * Simplified grid functionality
      * use new button color mixin to increase contrast:
        Primary, Success and Warning Button color is now dark instead of white
      EXT:styleguide was used as a basis for
      upgrading to keep compatibility as much
      as possible, but more changes will be coming
      in the next few minor releases.
      Resolves: #92616
      Releases: master
      Change-Id: Iec989f39649b5460b055ec879199faf38e424f2b
      Tested-by: default avatarTYPO3com <>
      Tested-by: Benjamin Franzke's avatarBenjamin Franzke <>
      Tested-by: Oliver Hader's avatarOliver Hader <>
      Tested-by: Oliver Bartsch's avatarOliver Bartsch <>
      Tested-by: Benni Mack's avatarBenni Mack <>
      Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <>
      Reviewed-by: Oliver Hader's avatarOliver Hader <>
      Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <>
      Reviewed-by: Benni Mack's avatarBenni Mack <>
  17. 18 Dec, 2020 1 commit
  18. 13 Nov, 2020 1 commit
  19. 04 Nov, 2020 1 commit
  20. 16 Oct, 2020 1 commit
  21. 26 Sep, 2020 1 commit
  22. 25 Sep, 2020 5 commits
  23. 04 Sep, 2020 1 commit
  24. 15 Aug, 2020 1 commit
  25. 09 Aug, 2020 1 commit
  26. 31 May, 2020 1 commit
  27. 12 May, 2020 1 commit
  28. 21 Apr, 2020 1 commit
  29. 17 Apr, 2020 1 commit
  30. 03 Apr, 2020 1 commit
  31. 30 Mar, 2020 1 commit
  32. 22 Feb, 2020 4 commits
  33. 21 Feb, 2020 1 commit