- 28 Jul, 2020 4 commits
-
-
Change-Id: Ic4ba46adc43796678c8038c2628732d902061e7f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65131 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Change-Id: I7f9c4687b86d5fb7d206f390d278afcb5346aeee Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65130 Tested-by:
-
Cryptographic hashes being calculated from and for query parameters must only be used for a specific use-case or scope in order to avoid resulting hashes being ambiguous. Resolves: #91689 Releases: master, 10.4, 9.5 Change-Id: I59ca16fe71e27195b98a822607aab564425d248d Security-Bulletin: TYPO3-CORE-SA-2020-008 Security-References: CVE-2020-15098 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65125 Tested-by:
-
The file deny pattern is applied to public eID API to mitigate the possibility to retrieve configuration stored in PHP files (like for instance typo3conf/LocalConfiguration.php). Resolves: #91754 Releases: master, 10.4, 9.5 Change-Id: Iaba30dcf9c7c90e2d78507c6c72a420ea53198a1 Security-Bulletin: TYPO3-CORE-SA-2020-007 Security-References: CVE-2020-15099 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65124 Tested-by:
-
- 27 Jul, 2020 6 commits
-
-
The extensionScannerRstFileReferences check expects rstFiles listed in first level of the configuration array. ConstructorArgumentMatcher puts them in the second level. Thus, no files are found during the check, indicated by PHP warnings. The rstFiles given to ConstructorArgumentMatcher have never been checked due to this incompatibility. Resolves: #91866 Relates: #90722 Releases: master, 10.4, 9.5 Change-Id: I36abbef7e1eb5af372a8655d4a3d593f298fa404 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65118 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
-
This patch removes a lot of either unused or superfluous CSS code. Some stuff seems to have travelled in time to stay present, e.g. a star hack for IE or code affecting ExtJS which was removed in v9. The class `form-field-inputlink-explanation` was in use but has been removed nevertheless as it had no effect since we have Bootstrap in place. Resolves: #91867 Releases: master, 10.4 Change-Id: Idc2dd3fa46d393024abce80b46f796f3de867ee2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65103 Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
-
This patch fixes the SQL query retrieving the failed login attempts which was broken due to a missing GROUP BY statement on PostgreSQL and MySQL when using strict mode. Additionally the performance has been improved by reversing the order of query executions: The failed attempts are now only retrieved if more than $max allowed failures have been recorded. Resolves: #91649 Releases: master, 10.4, 9.5 Change-Id: I1778e74cd4fc820d7fd330794b61f068babb9206 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65099 Tested-by:
-
Remove an outdated reference to the user agent in the description of [FE][lockIP] and [FE][lockIPv6]. Session locking is not based on the user agent anymore. Resolves: #91869 Releases: master, 10.4, 9.5 Change-Id: I4f5f5e42571ef02fff78d6e2cc3511b0a42e719e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65101 Tested-by:
-
This patch adds the current selected value in the parents selectbox if no uid is set in its data attributes. This ensures that the value is removed from the option list on adding the inline element. Resolves: #91863 Releases: master, 10.4 Change-Id: I9adb35208dbf4f80db12b766ff273aaa27927a6d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65098 Tested-by:
-
Benni Mack authored
If adding a message to the TimeTracker (for admin panel) in the ErrorHandler fails, that error fails silently now. This can happen when e.g. instanstiating logging fails due to file permission errors. Resolves: #84654 Releases: master, 10.4 Change-Id: Iba0949539d3b8c315f9d16335e62da59be0adc11 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65097 Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
- 26 Jul, 2020 1 commit
-
-
Helmut Hummel authored
Currently the dev dependency ocramius/package-versions does not work with Composer 2. To overcome this, Composer published an API compatible package which can be used as replacement. This does not affect any published package. It is only a preparation to be able to switch to Composer 2 for testing and packaging. composer req --dev composer/package-versions-deprecated --no-update composer up typo3/class-alias-loader typo3/cms-composer-installers composer/package-versions-deprecated ocramius/package-versions Releases: 10.4, master Resolves: #91864 Change-Id: I943cb07486f444c1d971afcde37c0d5fe2becd13 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65086 Tested-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
-
- 25 Jul, 2020 3 commits
-
-
This patch fixes the SQL query retrieving the statistics in the indexed_search backend module for pages containing subpages when using PostgreSQL by making sure the IN clause only contains a plain int array instead of a multidimensional one (which MySQl appears to cope with without issues surprisingly). Resolves: #91659 Releases: master, 10.4, 9.5 Change-Id: Ic64e7da033299a4406559c39f9f341c645b95eba Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65095 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
-
Prior to this patch routes were processed in reverse definition order. Routes defined last came first. Depending on the existence of variable defaults this behavior produced a couple of unexpected results. first: routePath: '/route/{a}/{b}' second: routePath: '/route/{c}' defaults: c: '0' The example above, processed in reverse order and having parameters `a` and `b` given, still resulted in `second` route being used since the missing parameter `c` was defined by corresponding variable default. This change adjusts the order of routes depending on given parameters, completeness of a route (when all parameters are given, even defaults). Sorting is adjusted based on the following criteria: * default routes (e.g. `/my-page`) - processed later * static routes (e.g. `/my-page/list`) - processed later * all variables are given (complete) - processed earlier (e.g. parameters `a` and `b` are given for route `/route/{a}/{b}`) * all mandatory variables are given (complete) - processed earlier * less missing variable defaults - processed earlier * less variable defaults amount - processed earlier Tests in class `RouteSorterTest` provide more examples & details. Resolves: #90924 Releases: master, 10.4, 9.5 Change-Id: I26f56e6905472a501ff487295da23b3bc3b5c77e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65040 Tested-by: -
This fixes an issue that has been in the core "since ever": Have a localized page with localized records on it. If the page localization is deleted (for instance via list module), its localized records are NOT marked as deleted. They are not shown anymore since the localized page record is gone, but they're still there. If later a localization of this page with the same sys_language_uid is created again, the records magically reappear. The patch changes DataHandler->deleteSpecificPage() to delete localized records of localized pages correctly for the sys_language_uid in question if the table is localization aware. An edge case within workspace is handled to suppress the cascading delete while swapping pages. Resolves: #90447 Releases: master, 10.4, 9.5 Change-Id: Iea44deeea929f165c717d17e6b997ff6bb829847 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65093 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
- 24 Jul, 2020 2 commits
-
-
The famous runTests.sh script misses an example on how to run a filtered set of tests only in a given test file. This comes in handy, when the wanted method name is not unique in the set of tests. By adding an example to the help text of the script, users can run only their wanted test more easily. Resolves: #91856 Releases: master, 10.4, 9.5 Change-Id: I2cf5c6f3e8d29ed9505bc52b10be3e22c65e0842 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65031 Tested-by:
-
This patch adds the missing css class to get the "add new relation" button for IRRE selector fields working again. Resolves: #91839 Releases: master, 10.4 Change-Id: I1cb3ff34db608eb826f4e351850bf78f2bbe4e27 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65030 Tested-by:
-
- 23 Jul, 2020 3 commits
-
-
Since #89555 versioned records do not have pid=-1 set anymore, but the uid of the live page or live placeholder record. The translation modal of the page module to create records for a translated page now shows records twice. Solution is to use the correct database restriction to suppress retrieval of versioned records of the translation source, those are handled via BackendUtility::workspaceOL() already. Resolves: #91851 Related: #89555 Releases: master, 10.4 Change-Id: Ia5262d3b25687c96f68389f5e8b49ec287c094e6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65029 Tested-by:
-
When creating an own backend module with a table list from be.tablelist viewhelper, controlpanel buttons can be displayed if needed. Resolves: #91843 Releases: master, 10.4 Change-Id: I08696176e45650f0167327aacbccccf5f477fab3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65028 Tested-by:
-
Page tree will fetch just 2 levels of pages plus pages which are expanded on the initial load. Next levels are fetched on demand via Ajax when expanding the node. Search work server side now (hit enter). To clear search, click on "x" button. If you select a page when filtering, it's kept selected after removing the filter. Releases: master, 10.4, 9.5 Resolves: #88943 Resolves: #88098 Resolves: #88259 Change-Id: Ie83839ce801c509f24c1e2c1dc516bce9599d55e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65026 Tested-by:
Richard Haeser <richard@maxserv.com> Reviewed-by:
-
- 21 Jul, 2020 3 commits
-
-
Since phpdocumentor/reflection-docbloc 5.2.x a tag is required to implement also the phpDocumentor\Reflection\DocBlock\Tags\Formatter\Tag interface. This patch implements the tag interface for the Null_ tag defined in Extbase. Resolves: #91832 Releases: master, 10.4 Change-Id: Idb836dc3f8816a5c2c40d429a61dcda1cd27fd7f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65025 Tested-by:
Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: -
Andreas Fernandez authored
Due to a naming mismatch in the refactoring during #87724 it was tried to render information boxes based on the parent container element. The code is adjusted now to reference the correct object in the rendering loop. Resolves: #91831 Related: #87724 Releases: master, 10.4 Change-Id: Ib80f0f04a9e7ce164be1cd6717fd105d3339b269 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65024 Tested-by:
-
Indenting in .rst files caused blocks to be rendered as quotes. Resolves: #91821 Releases: master, 10.4, 9.5 Change-Id: I23b29037e5220ba1d72271b79995a8220a528139 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65022 Tested-by:
-
- 20 Jul, 2020 2 commits
-
-
The search field has now an own class to apply css before the wrapper gets rendered. The extension list table columns have now explicit widths. This ensures the view is not slightly changing after initial JavaScript operations. Resolves: #91732 Releases: master, 10.4 Change-Id: Ic9ce327cfa6b5e415974792ee33896540e5a3de6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65021 Tested-by:
-
The field size is increased to decimal(2,1) to be able to store the value 1.0 zero in MariaDB databases. Resolves: #91736 Releases: master, 10.4 Change-Id: I72aa5e5a1f23673f6912b2f042c9d9364fd9855f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65020 Tested-by:
-
- 17 Jul, 2020 3 commits
-
-
Resolves: #91819 Releases: master, 10.4 Change-Id: I8f43397f3366e66f08ca2dad7bcfd290e0769c58 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65019 Tested-by:
-
The newest versions are to be on top, to comply to the order given to older versions. Releases: master, 10.4 Resolves: #91816 Change-Id: Id4fb2444cad7078accd65aa76549a5dc65e92d4e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65018 Tested-by:
-
Inline JavaScript used in the backend paginate widget is replaced by data-attribute instructions handled by `GlobalEventHandler` module. Resolves: #91804 Releases: master, 10.4 Change-Id: I230b2e3c550be6ca1089da9bcbe9ace752a29db7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65053 Tested-by:
-
- 15 Jul, 2020 4 commits
-
-
Left-hand module menu and top toolbar are refreshed using inline JavaScript when e.g. an extension is de-/activated in extension manager or users switch their backend language in setup module. A new module `ImmediateActionElement` is introduced that implements the Custom HTML Element `<typo3-immediate-action action="…">`. The element immediately dispatches the action passed via the action attribute once attached to the DOM. We therefore drop the (currently unused) data-dispatch-immediately attribute which was introduced in #91015, as we opt for a more streamlined custom HTML element implementation now. Resolves: #91191 Releases: master, 10.4 Change-Id: I2724c51da3ea9aea0556ac63e834368e48866dd4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65035 Reviewed-by:
-
* streamline variable names * streamline method names * preparation for additions in the future Resolves: #91805 Releases: master, 10.4 Change-Id: Iaa16cfcbcda7adbd48838a498f2f459d97f4ef18 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65043 Tested-by:
-
Removed the dependency on EXT:about by adding translations for the General Information widget to EXT:dashboard itself. Releases: master, 10.4 Resolves: #91399 Change-Id: I8b84e334e3aa814947722846ca73b799f9a1a19e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65017 Tested-by:
-
This patch fixes the SQL query inserting index_rel records on PostgreSQL by making sure an integer instead of a float is inserted in the freq column (which is defined as smallint). Resolves: #91660 Releases: master, 10.4, 9.5 Change-Id: Id994bce0ca89105f03446c5fe13516774b0a16a0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65015 Tested-by:
-
- 13 Jul, 2020 1 commit
-
-
Releases: master, 10.4 Resolves: #91791 Change-Id: Id26b4288a7e7eff902a3c31431635dcf0950b5da
-
- 09 Jul, 2020 1 commit
-
-
When rendering child elements of a tabs, not only the rendered HTML is collected from these child elements, but also hidden fields HTML, assets and a lot more. Therefore it is crucial to merge the child results regardless of whether the "html" property is empty. Releases: master, 10.4, 9.5 Resolves: #91636 Relates: #89094 Change-Id: If169bd6486d3001466464462b29788b94fbb0943
-
- 07 Jul, 2020 4 commits
-
-
Oliver Hader authored
Change-Id: I8c4f215628d6527b6c213c041872cd81334f3d5e
-
Oliver Hader authored
Change-Id: If3b84863fcb7fcf36c7e20618a846a8670b8f297
-
The new RteHtmlParser->transformTextForPersistence() method expects a string value. Before this patch the given value was simply passed without checking its type or casting it. However, if "null" is handed in (by e.g. a translated record which expects null), null is now kept. Resolves: #91749 Releases: master, 10.4 Change-Id: I9db872ca73dcf2bbfc2ac2d0b67d45ca3ffd4c5e
-
Andreas Fernandez authored
Instead of generating the URL to the backend login, the URI of the current request is now used for the referrer check in backend login. This fixes a redirect issue with password recovery links opened via email. The anchor-based reload detection has been replaced with a localStorage-based solution as browsers don't trigger a new request if the target location is already loaded, but only an achor is appended to the URL. Resolves: #91442 Releases: master, 10.4, 9.5 Change-Id: I577bdd8ce75c94f864852f812c0b8ad66f0d5634
-
- 30 Jun, 2020 3 commits
-
-
FileReferences objects contain references to File objects which itself contain service dependencies (e.g. event dispatcher) which are not seralizable. This leads to problems for instance when having a multi-step form containing file uploads where file reference objects are being serialized. Resolves: #91196 Releases: master, 10.4 Change-Id: I7650186adc5c61528e1a1adcf06b8d6cf67a55cd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64975 Tested-by:
-
The doc comments for DataHandler::clear_cacheCmd() contained outdated information on how to clear the system caches. Resolves: #91720 Releases: master, 10.4 Change-Id: I42cb2aebecc7ef2eb45b0070e3fff19a199b9651 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64974 Tested-by:
-
To allow uncached plugins to provide a different page title, page title providers must be also be called after uncached plugins are rendered. To not loose the state of page title providers that are called for cached entires, the state of page title providers is stored in cache as well and provided for the second title generation process after uncached objects are rendered. Resolves: #91233 Releases: master, 10.4, 9.5 Change-Id: I277551d9a58781c0d130c27b346bcbbc209266fd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64972 Tested-by:
-
