Commit 6d10d94c authored by Michael Stucki's avatar Michael Stucki
Browse files

* Release of TYPO3 3.8.1

* Many other changes, see ChangeLog for details


git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_3-8@868 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 1782bfb7
2005-11-14 Michael Stucki <michael@typo3.org>
* Release of TYPO3 3.8.1
2005-11-12 Michael Stucki <michael@typo3.org>
* Added a helpful warning if config.baseURL=1 was found
2005-11-09 Michael Stucki <michael@typo3.org>
* Backported a fix for wrong image negation in Install Tool (patch written by Bernhard Kraft)
2005-11-09 Rupert Germann <rupi@gmx.li>
* fix for function getBorderAttr: closes bugs 1360 and 1461
* Fix for function getBorderAttr: closes bugs 1360 and 1461
2005-11-08 Michael Stucki <michael@typo3.org>
* Added a fix for broken image-alignment in Mozilla browsers (written by Martin Kutschker)
* Backported a fix for (part of) bug 1312 (DB problem in showpic.php, patch written by Bernhard Kraft)
* Made a change that disables the shift-reload feature if there is no be_user
* Fixed a cross-site scripting issue in showpic.php. Many thanks to Martin Klaus who provided a fix for this.
* !!! Disabled the config.baseURL=1 feature. baseURL needs to be a string value, otherwise it will not work (security reasons)!
* Fixed the encryptionKey auto-generation in the Install Tool: The 32 first characters were always the same. Thanks to Jochen Weiland.
* When editing a file in the Install Tool, the backup is no longer renamed to filename.php~ but filename_bak.php (could be viewed in clear-text otherwise). Thanks to Lars Houmark for reporting this.
2005-09-19 Martin Kutschker <martin.t.kutschker@blackbox.net>
* Fixed bug #1287: Detect Opera as Netscape3
* Fixed bug #1287: GEMNU Rollover doesn't work in Opera
2005-09-18 Michael Stucki <michael@typo3.org>
......
************************************************************************
CHANGES & IMPROVEMENTS in TYPO3 3.8.1
(for technical details see ChangeLog)
************************************************************************
Compatibility:
--------------
Enhancements
=============
* New property value: $TYPO3_CONF_VARS['SYS']['displayErrors']=2 will only enable the display_errors PHP directive if the devIPmask matches the current clients IP address. (Michael Stucki)
Fixes
======
* GMENU_LAYERS, TMENU_LAYERS and image rollovers now work with Opera browsers
(Martin Kutschker <martin.t.kutschker@blackbox.net>)
* The "addQueryString" property for typolinks is finally working (Michael Stucki)
* The new parameter "config.disableImgBorderAttr" will finally do what the name says (Rupert Germann)
* "forceReturnPath" did not work in t3lib_htmlmail because the variable was named wrong (Michael Stucki)
* GEMNU Rollover did not work in Opera (Martin Kutschker)
* Fixed broken image-alignment in Mozilla browsers (Martin Kutschker)
* Fixed database problems with showpic.php (Bernhard Kraft)
* Image alignment above/below text of text w/image elements now work with Firefox browsers
(Martin Kutschker <martin.t.kutschker@blackbox.net>)
Compatibility
==============
Security:
---------
* GMENU_LAYERS and TMENU_LAYERS and image rollovers now work with Opera browsers (Martin Kutschker)
* A debug script exposed system information provided by phpinfo()
For details, see http://typo3.org /teams/security/security-bulletins/typo3-20050725-1/
(Michael Stucki <michael@typo3.org>)
Security
=========
* !!! config.baseURL=1 will no longer work. baseURL needs to be set to a string value. See upcoming security report for more information. (Michael Stucki)
* A cross-site scripting issue in showpic.php was fixed (Martin Klaus)
* Shift-reload no longer works if there is no be_user (Kasper Skrhj)
* Install Tool: When editing a file (e.g. localconf.php), the backup was renamed to filename.php~ (could be viewed in clear-text). This has been fixed, however you are adviced to remove/rename such files if you find them on your server. (Lars Houmark / Michael Stucki)
* A debug script exposed system information provided by phpinfo(). For details, see http://typo3.org /teams/security/security-bulletins/typo3-20050725-1/ (Michael Stucki)
* The encryptionKey auto-generation in the Install Tool did not work correctly: The 32 first characters were always the same. Very theoretical risk. (Jochen Weiland)
......@@ -1066,9 +1066,29 @@ class tslib_cObj {
$tablecode.='</tr>'; // ending row
}
if ($c) {
// Table-tag is inserted
$i=$contentPosition;
$table_align = (($i==16) ? 'align="'.$align.'"' : '');
switch ($contentPosition) {
case '0': // above
case '8': // below
switch ($align) { // These settings are needed for Firefox
case 'center':
$table_align = 'margin-left: auto; margin-right: auto';
break;
case 'right':
$table_align = 'margin-left: auto; margin-right: 0px';
break;
default: // Most of all: left
$table_align = 'margin-left: 0px; margin-right: auto';
}
$table_align = 'style="'.$table_align.'"';
break;
case '16': // in text
$table_align = 'align="'.$align.'"';
break;
default:
$table_align = '';
}
// Table-tag is inserted
$tablecode = '<table'.($tableWidth?' width="'.$tableWidth.'"':'').' border="0" cellspacing="0" cellpadding="0" '.$table_align.' class="imgtext-table">'.$tablecode;
if ($editIconsHTML) { // IF this value is not long since reset.
$tablecode.='<tr><td colspan="'.$colspan.'">'.$editIconsHTML.'</td></tr>';
......@@ -2549,7 +2569,15 @@ class tslib_cObj {
if ($conf['title']) {$params.='&title='.rawurlencode($conf['title']);}
if ($conf['wrap']) {$params.='&wrap='.rawurlencode($conf['wrap']);}
$md5_value = md5($imageFile.'|'.$conf['width'].'|'.$conf['height'].'|'.$conf['effects'].'|'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
$md5_value = md5(
$imageFile.'|'.
$conf['width'].'|'.
$conf['height'].'|'.
$conf['effects'].'|'.
$conf['bodyTag'].'|'.
$conf['title'].'|'.
$conf['wrap'].'|'.
$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
$params.= '&md5='.$md5_value;
$url = $GLOBALS['TSFE']->absRefPrefix.'showpic.php?file='.rawurlencode($imageFile).$params;
......@@ -6355,7 +6383,7 @@ class tslib_cObj {
// removes all pages which are not visible for the user!
$listArr = $this->checkPidArray($listArr);
if (count($listArr)) {
$query.=' AND '.$table.'.pid IN ('.implode(',',$GLOBALS['TYPO3_DB']->cleanIntArray($listArr)).')';
$query.=' AND '.$table.'.pid IN ('.implode(',',$GLOBALS['TYPO3_DB']->cleanIntArray($listArr)).')';
$pid_uid_flag++;
} else {
$pid_uid_flag=0; // If not uid and not pid then uid is set to 0 - which results in nothing!!
......
......@@ -1502,8 +1502,10 @@
function headerNoCache() {
$disableAcquireCacheData = FALSE;
if (strtolower($_SERVER['HTTP_CACHE_CONTROL'])==='no-cache' || strtolower($_SERVER['HTTP_PRAGMA'])==='no-cache') {
$disableAcquireCacheData = TRUE;
if ($this->beUserLogin) {
if (strtolower($_SERVER['HTTP_CACHE_CONTROL'])==='no-cache' || strtolower($_SERVER['HTTP_PRAGMA'])==='no-cache') {
$disableAcquireCacheData = TRUE;
}
}
// Call hook for possible by-pass of requiring of page cache (for recaching purpose)
......
......@@ -125,8 +125,20 @@ class TSpagegen {
$GLOBALS['TSFE']->debug = ''.$GLOBALS['TSFE']->config['config']['debug'];
// Base url:
if ($GLOBALS['TSFE']->config['config']['baseURL']) {
$GLOBALS['TSFE']->baseUrl = (intval($GLOBALS['TSFE']->config['config']['baseURL']) ? t3lib_div::getIndpEnv('TYPO3_SITE_URL') : $GLOBALS['TSFE']->config['config']['baseURL']);
if ($GLOBALS['TSFE']->config['config']['baseURL']) {
if ($GLOBALS['TSFE']->config['config']['baseURL']==='1') {
// Depreciated property, going to be dropped.
$error = 'Depreciated Typoscript property was found in this template: "config.baseURL="1"
You need to change this value to the URL of your website root, otherwise TYPO3 will not work!
See <a href="http://wiki.typo3.org/index.php/TYPO3_3.8.1" target="_blank">wiki.typo3.org/index.php/TYPO3_3.8.1</a> for more information.';
$GLOBALS['TSFE']->printError(nl2br($error));
exit;
} else {
$GLOBALS['TSFE']->baseUrl = $GLOBALS['TSFE']->config['config']['baseURL'];
}
$GLOBALS['TSFE']->anchorPrefix = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'),strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
}
......
......@@ -138,7 +138,16 @@ class SC_tslib_showpic {
}
// Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters
$md5_value = md5($this->file.'|'.$this->width.'|'.$this->height.'|'.$this->effects.'|'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
$md5_value = md5(
$this->file.'|'.
$this->width.'|'.
$this->height.'|'.
$this->effects.'|'.
$this->bodyTag.'|'.
$this->title.'|'.
$this->wrap.'|'.
$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
if ($md5_value!=$this->md5) {
die('Parameter Error: Wrong parameters sent.');
}
......@@ -174,8 +183,9 @@ class SC_tslib_showpic {
$img->tempPath = $this->alternativeTempPath;
}
// Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
$GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
// Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
$GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
$GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db);
if (strstr($this->width.$this->height, 'm')) {$max='m';} else {$max='';}
......
......@@ -853,22 +853,19 @@ REMOTE_ADDR was '".t3lib_div::getIndpEnv("REMOTE_ADDR")."' (".t3lib_div::getIndp
$save_to_file = $this->INSTALL["FILE"]["name"];
if (@is_file($save_to_file)) {
$save_to_file_md5 = md5($save_to_file);
if (isset($this->INSTALL["FILE"][$save_to_file_md5]) && t3lib_div::isFirstPartOfStr($save_to_file,$EDIT_path."") && substr($save_to_file,-1)!="~") {
if (isset($this->INSTALL['FILE'][$save_to_file_md5]) && t3lib_div::isFirstPartOfStr($save_to_file,$EDIT_path.'') && substr($save_to_file,-1)!='~' && !strstr($save_file,'_bak')) {
$this->INSTALL["typo3conf_files"] = $save_to_file;
$save_fileContent = $this->INSTALL["FILE"][$save_to_file_md5];
if ($this->INSTALL["FILE"]["win_to_unix_br"]) {
$save_fileContent = str_replace(chr(13).chr(10),chr(10),$save_fileContent);
}
$backupFile = $this->getBackupFilename($save_to_file);
if ($this->INSTALL["FILE"]["backup"]) {
if (@is_file($save_to_file."~")) unlink($save_to_file."~");
rename($save_to_file,$save_to_file."~");
$this->contentBeforeTable.='Backup written to <strong>'.$save_to_file.'~</strong><BR>';
} else {
if (@is_file($save_to_file."~")) {
unlink($save_to_file."~");
$this->contentBeforeTable.='Backup REMOVED! (<strong>'.$save_to_file.'~</strong>)<BR>';
}
if (@is_file($backupFile)) { unlink($backupFile); }
rename($save_to_file,$backupFile);
$this->contentBeforeTable.='Backup written to <strong>'.$backupFile.'</strong><BR>';
}
t3lib_div::writeFile($save_to_file,$save_fileContent);
......@@ -912,9 +909,11 @@ REMOTE_ADDR was '".t3lib_div::getIndpEnv("REMOTE_ADDR")."' (".t3lib_div::getIndp
//--></style>
';
$backupFile = $this->getBackupFilename($this->INSTALL['typo3conf_files']);
$fileContent = t3lib_div::getUrl($this->INSTALL["typo3conf_files"]);
$this->contentBeforeTable.= '<form action="'.$this->action.'" method="POST">
'.(substr($this->INSTALL["typo3conf_files"],-1)!="~"?'<input type="submit" name="TYPO3_INSTALL[SAVE_FILE]" value="Save file">&nbsp;':'').'<input type="submit" name="_close" value="Close">
$this->contentBeforeTable.= '<form action="'.$this->action.'" method="POST">'.(substr($this->INSTALL['typo3conf_files'],-1)!='~' && !strstr($this->INSTALL['typo3conf_files'],'_bak') ? '
<input type="submit" name="TYPO3_INSTALL[SAVE_FILE]" value="Save file">&nbsp;' : '').'
<input type="submit" name="_close" value="Close">
<BR>File: '.$this->INSTALL["typo3conf_files"].'
<BR>MD5-sum: '.md5($fileContent).'
<BR>
......@@ -923,8 +922,8 @@ REMOTE_ADDR was '".t3lib_div::getIndpEnv("REMOTE_ADDR")."' (".t3lib_div::getIndp
'.($this->allowFileEditOutsite_typo3conf_dir?'<input type="hidden" name="TYPO3_INSTALL[FILE][EDIT_path]" value="'.$this->INSTALL["FILE"]["EDIT_path"].'">':'').'
<input type="hidden" name="TYPO3_INSTALL[FILE][prevMD5]" value="'.md5($fileContent).'">
<textarea rows="30" name="TYPO3_INSTALL[FILE]['.md5($this->INSTALL["typo3conf_files"]).']" wrap="off"'.$this->formWidthText(48,"width:98%;height:80%","off").'>'.t3lib_div::formatForTextarea($fileContent).'</textarea><BR>
<input type="checkbox" name="TYPO3_INSTALL[FILE][win_to_unix_br]" value="1"'.(TYPO3_OS=="WIN"?"":" CHECKED").'> Convert windows linebreaks (13-10) to unix (10)<BR>
<input type="checkbox" name="TYPO3_INSTALL[FILE][backup]" value="1"'.(@is_file($this->INSTALL["typo3conf_files"]."~") ? " CHECKED":"").'> Make backup copy (else remove any backup copy, prepended by "~")<BR>
<input type="checkbox" name="TYPO3_INSTALL[FILE][win_to_unix_br]" value="1"'.(TYPO3_OS=="WIN"?"":" checked").'> Convert Windows linebreaks (13-10) to Unix (10)<BR>
<input type="checkbox" name="TYPO3_INSTALL[FILE][backup]" value="1"'.(@is_file($backupFile) ? ' checked' : '').'> Make backup copy (rename to '.basename($backupFile).')<BR>
'.
'</form>';
}
......@@ -2019,7 +2018,7 @@ From sub-directory:
if ($this->mode!="123") {
$out.=$this->wrapInCells("Site name:", '<input type="text" name="TYPO3_INSTALL[localconf.php][sitename]" value="'.htmlspecialchars($GLOBALS["TYPO3_CONF_VARS"]["SYS"]["sitename"]).'">');
$out.=$this->wrapInCells("", "<BR>");
$out.='<script type="text/javascript" src="../md5.js"></script><script type="text/javascript">function generateEncryptionKey(key) {time=new Date(); key=MD5(key)+MD5(time.getMilliseconds().toString());while(key.length<66){key=key+MD5(key)};return key;}</script>';
$out.='<script type="text/javascript" src="../md5.js"></script><script type="text/javascript">function generateEncryptionKey(key) {time=new Date(); key=MD5(time.getMilliseconds().toString());while(key.length<66){key=key+MD5(key)};return key;}</script>';
$out.=$this->wrapInCells("Encryption key:", '<a name="set_encryptionKey" /><input type="text" name="TYPO3_INSTALL[localconf.php][encryptionKey]" value="'.htmlspecialchars($GLOBALS["TYPO3_CONF_VARS"]["SYS"]["encryptionKey"]).'"><br /><input type="button" onclick="document.forms[\'setupGeneral\'].elements[\'TYPO3_INSTALL[localconf.php][encryptionKey]\'].value=generateEncryptionKey(document.forms[\'setupGeneral\'].elements[\'TYPO3_INSTALL[localconf.php][encryptionKey]\'].value);" value="Generate random key">');
$out.=$this->wrapInCells("", "<BR>");
......@@ -2840,6 +2839,12 @@ From sub-directory:
if (!@is_file($overlay)) die("Error: ".$overlay." was not a file");
if (!@is_file($mask)) die("Error: ".$mask." was not a file");
if ($imageProc->maskNegate) {
$outmask = $imageProc->tempPath.$imageProc->filenamePrefix.t3lib_div::shortMD5($imageProc->alternativeOutputKey."mask").".gif";
$imageProc->imageMagickExec($mask, $outmask, '-negate');
$mask = $outmask;
}
$output = $imageProc->tempPath.$imageProc->filenamePrefix.t3lib_div::shortMD5($imageProc->alternativeOutputKey."combine1").".jpg";
$imageProc->combineExec($input,$overlay,$mask,$output);
$fileInfo = $imageProc->getImageDimensions($output);
......@@ -2854,6 +2859,13 @@ From sub-directory:
if (!@is_file($input)) die("Error: ".$input." was not a file");
if (!@is_file($overlay)) die("Error: ".$overlay." was not a file");
if (!@is_file($mask)) die("Error: ".$mask." was not a file");
if ($imageProc->maskNegate) {
$outmask = $imageProc->tempPath.$imageProc->filenamePrefix.t3lib_div::shortMD5($imageProc->alternativeOutputKey."mask2").".gif";
$imageProc->imageMagickExec($mask, $outmask, '-negate');
$mask = $outmask;
}
$output = $imageProc->tempPath.$imageProc->filenamePrefix.t3lib_div::shortMD5($imageProc->alternativeOutputKey."combine2").".jpg";
$imageProc->combineExec($input,$overlay,$mask,$output);
$fileInfo = $imageProc->getImageDimensions($output);
......@@ -4768,6 +4780,23 @@ A:hover {color: #000066}
}
return $wTags;
}
/**
* Return the filename that will be used for the backup.
* It is important that backups of PHP files still stay as a PHP file, otherwise they could be viewed un-parsed in clear-text.
*
* @param string Full path to a file
* @return string The name of the backup file (again, including the full path)
*/
function getBackupFilename($filename) {
if (preg_match('/\.php$/', $filename)) {
$backupFile = str_replace('.php', '_bak.php', $filename);
} else {
$backupFile = $filename.'~';
}
return $backupFile;
}
}
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/install/mod/class.tx_install.php']) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment