Commit 0228e371 authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[SECURITY] Upgrade typo3fluid/fluid to v2.6.10

Change-Id: Ie2adfafff4ab57cac9426d9a5784b794f459ea7c
Resolves: #92829
Releases: master
Security-Bulletin: TYPO3-CORE-SA-2020-009
Security-References: CVE-2020-26216
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66662


Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent 0127c68c
......@@ -77,7 +77,7 @@
"typo3/cms-composer-installers": "^2.0 || ^3.0",
"typo3/phar-stream-wrapper": "^3.1.6",
"typo3/symfony-psr-event-dispatcher-adapter": "^1.0 || ^2.0",
"typo3fluid/fluid": "^2.6.8 || ^3"
"typo3fluid/fluid": "^2.6.10 || ^3"
},
"require-dev": {
"composer-runtime-api": "^2.0",
......
......@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "623e92bcc3b988f9bd6a4d7926440a90",
"content-hash": "445e3ab9b036557e6e8221ae41d3655e",
"packages": [
{
"name": "cogpowered/finediff",
......@@ -3981,16 +3981,16 @@
},
{
"name": "typo3fluid/fluid",
"version": "2.6.9",
"version": "2.6.10",
"source": {
"type": "git",
"url": "https://github.com/TYPO3/Fluid.git",
"reference": "ba05e165bb4fd1302edf3f0280a149992e8c79be"
"reference": "f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/TYPO3/Fluid/zipball/ba05e165bb4fd1302edf3f0280a149992e8c79be",
"reference": "ba05e165bb4fd1302edf3f0280a149992e8c79be",
"url": "https://api.github.com/repos/TYPO3/Fluid/zipball/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc",
"reference": "f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc",
"shasum": ""
},
"require": {
......@@ -4018,9 +4018,9 @@
"description": "The TYPO3 Fluid template rendering engine",
"support": {
"issues": "https://github.com/TYPO3/Fluid/issues",
"source": "https://github.com/TYPO3/Fluid/tree/2.6"
"source": "https://github.com/TYPO3/Fluid/tree/2.6.10"
},
"time": "2020-02-03T10:46:43+00:00"
"time": "2020-11-16T21:38:14+00:00"
},
{
"name": "webmozart/assert",
......
......@@ -23,7 +23,7 @@
"typo3/cms-core": "11.0.*@dev",
"typo3/cms-fluid": "11.0.*@dev",
"typo3/cms-frontend": "11.0.*@dev",
"typo3fluid/fluid": "^2.6.8 || ^3",
"typo3fluid/fluid": "^2.6.10 || ^3",
"psr/http-message": "^1.0",
"psr/http-server-handler": "^1.0",
"psr/http-server-middleware": "^1.0",
......
......@@ -61,7 +61,7 @@
"typo3/cms-composer-installers": "^2.0 || ^3.0",
"typo3/phar-stream-wrapper": "^3.1.6",
"typo3/symfony-psr-event-dispatcher-adapter": "^1.0 || ^2.0",
"typo3fluid/fluid": "^2.6.8 || ^3"
"typo3fluid/fluid": "^2.6.10 || ^3"
},
"require-dev": {
"codeception/codeception": "^4.0",
......
......@@ -52,10 +52,10 @@ class EscapeChildrenRenderingStandaloneTest extends FunctionalTestCase
'{ft:escapeChildrenEnabledAndEscapeOutputDisabled(content: \'<strong>Bla</strong>\')}',
'<strong>Bla</strong>'
],
'EscapeChildrenEnabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does encode variable value (encoded before passed to VH)' =>
'EscapeChildrenEnabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does not encode variable value' =>
[
'{ft:escapeChildrenEnabledAndEscapeOutputDisabled(content: \'{settings.test}\')}',
'&lt;strong&gt;Bla&lt;/strong&gt;'
'<strong>Bla</strong>'
],
'EscapeChildrenEnabledAndEscapeOutputDisabled: Tag syntax with nested inline syntax and children rendering, does not encode variable value' =>
[
......@@ -93,10 +93,10 @@ class EscapeChildrenRenderingStandaloneTest extends FunctionalTestCase
'{ft:escapeChildrenDisabledAndEscapeOutputDisabled(content: \'<strong>Bla</strong>\')}',
'<strong>Bla</strong>'
],
'EscapeChildrenDisabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does encode variable value (encoded before passed to VH)' =>
'EscapeChildrenDisabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does not encode variable value' =>
[
'{ft:escapeChildrenDisabledAndEscapeOutputDisabled(content: \'{settings.test}\')}',
'&lt;strong&gt;Bla&lt;/strong&gt;'
'<strong>Bla</strong>'
],
'EscapeChildrenDisabledAndEscapeOutputDisabled: Tag syntax with nested inline syntax and children rendering, does not encode variable value' =>
[
......
......@@ -52,10 +52,10 @@ class EscapeChildrenRenderingTest extends FunctionalTestCase
'{ft:escapeChildrenEnabledAndEscapeOutputDisabled(content: \'<strong>Bla</strong>\')}',
'<strong>Bla</strong>'
],
'EscapeChildrenEnabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does encode variable value (encoded before passed to VH)' =>
'EscapeChildrenEnabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does not encode variable value' =>
[
'{ft:escapeChildrenEnabledAndEscapeOutputDisabled(content: \'{settings.test}\')}',
'&lt;strong&gt;Bla&lt;/strong&gt;'
'<strong>Bla</strong>'
],
'EscapeChildrenEnabledAndEscapeOutputDisabled: Tag syntax with nested inline syntax and children rendering, does not encode variable value' =>
[
......@@ -93,10 +93,10 @@ class EscapeChildrenRenderingTest extends FunctionalTestCase
'{ft:escapeChildrenDisabledAndEscapeOutputDisabled(content: \'<strong>Bla</strong>\')}',
'<strong>Bla</strong>'
],
'EscapeChildrenDisabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does encode variable value (encoded before passed to VH)' =>
'EscapeChildrenDisabledAndEscapeOutputDisabled: Inline syntax with argument in quotes, does not encode variable value' =>
[
'{ft:escapeChildrenDisabledAndEscapeOutputDisabled(content: \'{settings.test}\')}',
'&lt;strong&gt;Bla&lt;/strong&gt;'
'<strong>Bla</strong>'
],
'EscapeChildrenDisabledAndEscapeOutputDisabled: Tag syntax with nested inline syntax and children rendering, does not encode variable value' =>
[
......
......@@ -22,7 +22,7 @@
"symfony/dependency-injection": "^4.4 || ^5.0",
"typo3/cms-core": "11.0.*@dev",
"typo3/cms-extbase": "11.0.*@dev",
"typo3fluid/fluid": "^2.6.8 || ^3"
"typo3fluid/fluid": "^2.6.10 || ^3"
},
"conflict": {
"typo3/cms": "*"
......
......@@ -25,7 +25,7 @@
"symfony/console": "^4.4 || ^5.0",
"typo3/cms-backend": "11.0.*@dev",
"typo3/cms-core": "11.0.*@dev",
"typo3fluid/fluid": "^2.6.8 || ^3"
"typo3fluid/fluid": "^2.6.10 || ^3"
},
"conflict": {
"typo3/cms": "*"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment