1. 07 Dec, 2011 2 commits
    • Benni Mack's avatar
      [BUGFIX] Localization: Editing in TCEforms shows unstyled original value · 48a8cabe
      Benni Mack authored
      When editing a translated record in the TCEforms backend, the original
      language label is shown below, in a green box. The green box is
      definitively from the old skin (3.x) and should be changed.
      
      Change-Id: I9a85f1daac7b41a1a6d1e3cd9663c67abc917c44
      Resolves: #28012
      Releases: 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/7123
      Reviewed-by: Georg Ringer
      Tested-by: Georg Ringer
      48a8cabe
    • Georg Ringer's avatar
      [BUGFIX] Use trimExplode() for pageOverlayFields · c96adc16
      Georg Ringer authored
      Currently explode() is used for pageOverLayFields which requires a list
      without any whitespaces. Using t3lib_div::trimExplode() improves
      the usability for integrators and reduces possibilities of not working
      configurations
      
      Change-Id: I65ba837ac2bb8370de6e79e6c7cef820afc9063d
      Resolves: #28916
      Releases: 4.4, 4.5, 4.6
      Reviewed-on: http://review.typo3.org/7132
      Reviewed-by: Georg Ringer
      Tested-by: Georg Ringer
      c96adc16
  2. 29 Nov, 2011 1 commit
    • Marco Bresch's avatar
      [BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module · e13b2b9a
      Marco Bresch authored
      Fix XSS at column 'workspace membership'.
      
      How to test:
      * choose a workspace title like "<b>test</b>"
      * assign a user as member to the workspace
      * select the BE-module "Admin Tools->User Admin"
      * select the checkbox "Workspace membership"
      * press update
      * take a look at column "Workspace membership"
      
      Change-Id: I7036eb070d94beb73c539091135b188f588e171d
      Fixes: #32040
      Releases: 4.7, 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/6961
      Reviewed-by: Georg Ringer
      Tested-by: Georg Ringer
      e13b2b9a
  3. 22 Nov, 2011 3 commits
  4. 18 Nov, 2011 1 commit
    • Francois Suter's avatar
      [BUGFIX] Log date picker broken · 6c161c59
      Francois Suter authored
      The date picker in the Admin Tools > Log when selecting a user-defined
      time range is broken. Adapt it to new skinning API for the JS to act
      on it properly again.
      
      Change-Id: I26e34b312bf411b20bb8671278a6099e45accbe1
      Resolves: #31450
      Releases: 4.7, 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/6396
      Reviewed-by: Tomita Militaru
      Reviewed-by: Francois Suter
      Tested-by: Francois Suter
      6c161c59
  5. 17 Nov, 2011 1 commit
  6. 09 Nov, 2011 1 commit
  7. 04 Nov, 2011 1 commit
    • Markus Klein's avatar
      [BUGFIX] Options checkboxes are hidden in BE admin user form · 9259b6e3
      Markus Klein authored
      The options field is hidden in the BE user form if the user is admin.
      This is a problem if the admin has assigned groups with db_mounts,
      as the default value for the options is to mount also the group's mounts,
      which is undesired for most instances.
      
      Change-Id: Ie1931a9531acf073e18548c56d454e958c22b531
      Fixes: #30492
      Releases: 4.7, 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/6529
      Reviewed-by: Markus Klein
      Tested-by: Markus Klein
      Reviewed-by: Georg Ringer
      Tested-by: Georg Ringer
      9259b6e3
  8. 26 Oct, 2011 1 commit
    • Helmut Hummel's avatar
      [BUGFIX] Make extbase modules appear in access lists · fbc26e37
      Helmut Hummel authored
      When registering an extbase backend module, it should be possible to
      grant permissions to it for users in the access list backend user groups.
      
      Add the missing API calls to enable this for extbase modules.
      
      Change-Id: Ie856c061da1139f4e9c790ee8a4ce1a88033487f
      Releases: 4.4
      Fixes: #24122
      Reviewed-on: http://review.typo3.org/6354
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      Reviewed-by: Helmut Hummel
      Tested-by: Helmut Hummel
      fbc26e37
  9. 24 Oct, 2011 2 commits
    • Laurent Cherpit's avatar
      [BUGFIX] TCA: Suggest wizard doesn't work in wizard_edit popup · 5eafe807
      Laurent Cherpit authored and Xavier Perseguers's avatar Xavier Perseguers committed
      When suggest wizard is used in a form open from the wizard_edit
      popup wizard, javascript cannot access to "top.TS.PATH_typo3" value.
      
      Change-Id: I344001893718ea4c5b2a54b77cc602f76eaa98fd
      Resolves: #28930
      Related: #23789
      Releases: 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/6251
      Reviewed-by: Xavier Perseguers
      Tested-by: Xavier Perseguers
      5eafe807
    • Steffen Gebert's avatar
      [BUGFIX] Check for rsaauth being usable · a4b4a547
      Steffen Gebert authored and Xavier Perseguers's avatar Xavier Perseguers committed
      The Extension Manager shows the results of some checks in the
      Configuration section of the extension "saltedpasswords", whether
      "rsaauth" is loaded and whether it is enabled.
      
      However, it lacks a check for "rsaauth" being really able to work.
      If "rsaauth" fails, tell the user that OpenSSL extension is not available
      or not working correctly.
      
      Change-Id: Ie68b0f7dca4ceef9752cec44b1ff651e77f5f1d8
      Resolves: #31178
      Releases: 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/6268
      Reviewed-by: Xavier Perseguers
      Tested-by: Xavier Perseguers
      a4b4a547
  10. 23 Oct, 2011 1 commit
  11. 22 Oct, 2011 1 commit
    • Helmut Hummel's avatar
      [BUGFIX] Improve check for started session in rsaauth · b3d6973e
      Helmut Hummel authored
      Checking if the superglobal $_SESSION is an array is not reliable.
      Change the check to use session_id() which is an empty string
      if the session has not been started.
      
      Change-Id: Iac913beee5af40d28c17ade6a8bfa17df4da2374
      Resolves: #30270
      Releases: 4.3, 4.4, 4.5, 4.6
      Reviewed-on: http://review.typo3.org/6189
      Reviewed-by: Helmut Hummel
      Tested-by: Helmut Hummel
      b3d6973e
  12. 19 Oct, 2011 1 commit
  13. 18 Oct, 2011 1 commit
    • Markus Klein's avatar
      [BUGFIX] date expects parameter 2 to be long, string given · fea80ec1
      Markus Klein authored
      Any zero length string value is replaced with the current timestamp.
      (Just like the default value for the second parameter of date/gmdate.)
      
      Change-Id: I0d4cef574028668b0736c8a13db0687f0be62b0e
      Fixes: #30931
      Releases: 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/5971
      Reviewed-by: Simon Schaufelberger
      Tested-by: Simon Schaufelberger
      Reviewed-by: Jigal van Hemert
      Tested-by: Jigal van Hemert
      fea80ec1
  14. 10 Oct, 2011 1 commit
  15. 05 Oct, 2011 1 commit
  16. 04 Oct, 2011 2 commits
  17. 19 Sep, 2011 1 commit
    • Helmut Hummel's avatar
      [BUGFIX] Don't unnecessarily start PHP session · 3e1cd735
      Helmut Hummel authored
      Because of an information disclosure problem in the backend login
      we moved the session_start() in t3lib_userauth in a place which caused
      unwanted side effects with 3rd party extensions.
      
      Revert that change to avoid compatibility and performance problems
      and instead send no cache headers earlier in t3lib_userauth
      to also fix the information disclosure.
      
      Releases: 4.3, 4.4, 4.5, 4.6
      Resolves: #29274
      Related: #24456, #28694
      
      Change-Id: I87226a21d9b1955773ceb3c377fa1b4c9938e6b2
      Reviewed-on: http://review.typo3.org/5071
      Reviewed-by: Helmut Hummel
      Tested-by: Helmut Hummel
      3e1cd735
  18. 18 Sep, 2011 1 commit
  19. 14 Sep, 2011 3 commits
  20. 12 Sep, 2011 1 commit
  21. 09 Sep, 2011 1 commit
    • Dmitry Dulepov's avatar
      [BUGFIX] FE session transfer is broken · a8a33f76
      Dmitry Dulepov authored
      The fix for #M13740 (revision 3a3a8d81) breaks FE session
      transfer across top level domains.
      
      Method tslib_fe::initFEuser() checks if there is a special
      URL parameter named FE_SESSION_KEY. If that exists, it sets
      $_COOKIE[$this->fe_user->name] to the passed session value.
      This is very useful when using RealURL's feature to make
      different language domains but use the same user for all
      domains (multilanguage countries like Switzerland
      or Belgium love that). However this is broken by using
      $_SERVER['HTTP_COOKIE'] for FE session cookie. tslib_fe
      has to be adjusted to set the same cookie.
      
      Change-Id: I029c555a35d95895fc9aecf82c6f649df6fd4ca4
      Resolves: #27740
      Releases: 4.4, 4.5, 4.6
      Reviewed-on: http://review.typo3.org/3035
      Reviewed-by: Stefan Neufeind
      Reviewed-by: Dmitry Dulepov
      Tested-by: Dmitry Dulepov
      a8a33f76
  22. 04 Sep, 2011 1 commit
  23. 30 Aug, 2011 1 commit
    • Stanislas Rolland's avatar
      [BUGFIX] Incorrect behaviour of style selector in RTE · 6177f8c9
      Stanislas Rolland authored
      When all classes allowed on an element have been assigned to a single
      element, the block/text style selector becomes disabled. It is then not
      possible to remove the assigned classes from this element.
      
      Change-Id: I22db8b9d15214aa9fbbebb636bc8deb9e03b138a
      Resolves: #27801
      Releases: 4.4, 4.5, 4.6
      Reviewed-on: http://review.typo3.org/4576
      Reviewed-by: Stanislas Rolland
      Tested-by: Stanislas Rolland
      6177f8c9
  24. 29 Aug, 2011 1 commit
    • Markus Klein's avatar
      [BUGFIX] HTMLparser, treat fixAttrib.unset as boolean · b670ca82
      Markus Klein authored
      HTMLparser_tags fixAttrib.unset is documented to be boolean, but is
      currently treated as string.
      This patch corrects for the expected behavior.
      
      Change-Id: I716580d9a6fa9b5909f53e870afb4029a28598af
      Resolves: #29246
      Releases: 4.6, 4.5, 4.4, 4.3
      Reviewed-on: http://review.typo3.org/4645
      Reviewed-by: Markus Klein
      Tested-by: Markus Klein
      Reviewed-by: Jigal van Hemert
      Tested-by: Jigal van Hemert
      b670ca82
  25. 24 Aug, 2011 1 commit
    • Georg Ringer's avatar
      [BUGFIX] exec_SELECTcountRows returns string · 40668212
      Georg Ringer authored
      PHPdoc states that return value is either FALSE if
      something strange happened or integer with the count of
      records.
      
      MySql returns strings, so an intval is needed to have integers
      
      Change-Id: Ic831b59eaacaa40124e6688d81cb97a1c0b7fbb1
      Resolves: #29169
      Releases: 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/4569
      Reviewed-by: Susanne Moog
      Tested-by: Susanne Moog
      40668212
  26. 21 Aug, 2011 2 commits
  27. 16 Aug, 2011 2 commits
  28. 12 Aug, 2011 2 commits
    • Oliver Hader's avatar
      [BUGFIX] Unit tests for tslib_content query arguments fail · becd370b
      Oliver Hader authored
      Since security fixes in July 2011 introduced a better encoding of URL
      arguments, checks in the unit tests have to be modified as well.
      
      Change-Id: Ibc958c3c51d0b4f3dacfff3ca1e4638783e1b143
      Resolves: #28946
      Releases: 4.6, 4.5, 4.4
      Reviewed-on: http://review.typo3.org/4286
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      becd370b
    • Helmut Hummel's avatar
      [BUGFIX] Maintain compatibility with changed headline rendering · 1c946cb6
      Helmut Hummel authored
      If the fontTag property is set and the dataWrap property is set to the
      default value, replace the dataWrap with the fontTag property value and
      disable insertData on this level (if set).
      
      This is to retain compatibility with versions before 4.5.4 while
      compatibility with modified templates (before and after 4.5.4) is still
      provided.
      
      Change-Id: I6f05005e30c63ec2cf81eed1d9adeeb4f9828e82
      Resolves: #28847
      Related: #26876
      Releases: 4.5, 4.4, 4.3
      Reviewed-on: http://review.typo3.org/4282
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      Reviewed-by: Michael Stucki
      Tested-by: Michael Stucki
      1c946cb6
  29. 11 Aug, 2011 1 commit
  30. 03 Aug, 2011 1 commit