Skip to content
GitLab
Switch branch/tag
  1. 07 Dec, 2011 2 commits
    • Benni Mack's avatar
      [BUGFIX] Localization: Editing in TCEforms shows unstyled original value · 48a8cabe
      Benni Mack authored 
      When editing a translated record in the TCEforms backend, the original
language label is shown below, in a green box. The green box is
definitively from the old skin (3.x) and should be changed.

Change-Id: I9a85f1daac7b41a1a6d1e3cd9663c67abc917c44
Resolves: #28012
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/7123
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
      48a8cabe
    • Georg Ringer's avatar
      [BUGFIX] Use trimExplode() for pageOverlayFields · c96adc16
      Georg Ringer authored 
      Currently explode() is used for pageOverLayFields which requires a list
without any whitespaces. Using t3lib_div::trimExplode() improves
the usability for integrators and reduces possibilities of not working
configurations

Change-Id: I65ba837ac2bb8370de6e79e6c7cef820afc9063d
Resolves: #28916
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/7132
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
      c96adc16
  3. 29 Nov, 2011 1 commit
    • Marco Bresch's avatar
      [BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module · e13b2b9a
      Marco Bresch authored 
      Fix XSS at column 'workspace membership'.

How to test:
* choose a workspace title like "<b>test</b>"
* assign a user as member to the workspace
* select the BE-module "Admin Tools->User Admin"
* select the checkbox "Workspace membership"
* press update
* take a look at column "Workspace membership"

Change-Id: I7036eb070d94beb73c539091135b188f588e171d
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6961
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
      e13b2b9a
  5. 22 Nov, 2011 3 commits
  7. 18 Nov, 2011 1 commit
    • Francois Suter's avatar
      [BUGFIX] Log date picker broken · 6c161c59
      Francois Suter authored 
      The date picker in the Admin Tools > Log when selecting a user-defined
time range is broken. Adapt it to new skinning API for the JS to act
on it properly again.

Change-Id: I26e34b312bf411b20bb8671278a6099e45accbe1
Resolves: #31450
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6396
Reviewed-by: Tomita Militaru
Reviewed-by: Francois Suter
Tested-by: Francois Suter
      6c161c59
  9. 17 Nov, 2011 1 commit
  11. 09 Nov, 2011 1 commit
  13. 04 Nov, 2011 1 commit
    • Markus Klein's avatar
      [BUGFIX] Options checkboxes are hidden in BE admin user form · 9259b6e3
      Markus Klein authored 
      The options field is hidden in the BE user form if the user is admin.
This is a problem if the admin has assigned groups with db_mounts,
as the default value for the options is to mount also the group's mounts,
which is undesired for most instances.

Change-Id: Ie1931a9531acf073e18548c56d454e958c22b531
Fixes: #30492
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6529
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
      9259b6e3
  15. 26 Oct, 2011 1 commit
    • Helmut Hummel's avatar
      [BUGFIX] Make extbase modules appear in access lists · fbc26e37
      Helmut Hummel authored 
      When registering an extbase backend module, it should be possible to
grant permissions to it for users in the access list backend user groups.

Add the missing API calls to enable this for extbase modules.

Change-Id: Ie856c061da1139f4e9c790ee8a4ce1a88033487f
Releases: 4.4
Fixes: #24122
Reviewed-on: http://review.typo3.org/6354
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
      fbc26e37
  17. 24 Oct, 2011 2 commits
    • Laurent Cherpit's avatar
      [BUGFIX] TCA: Suggest wizard doesn't work in wizard_edit popup · 5eafe807
      Laurent Cherpit authored and Xavier Perseguers's avatar Xavier Perseguers committed 
      When suggest wizard is used in a form open from the wizard_edit
popup wizard, javascript cannot access to "top.TS.PATH_typo3" value.

Change-Id: I344001893718ea4c5b2a54b77cc602f76eaa98fd
Resolves: #28930
Related: #23789
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6251
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
      5eafe807
    • Steffen Gebert's avatar
      [BUGFIX] Check for rsaauth being usable · a4b4a547
      Steffen Gebert authored and Xavier Perseguers's avatar Xavier Perseguers committed 
      The Extension Manager shows the results of some checks in the
Configuration section of the extension "saltedpasswords", whether
"rsaauth" is loaded and whether it is enabled.

However, it lacks a check for "rsaauth" being really able to work.
If "rsaauth" fails, tell the user that OpenSSL extension is not available
or not working correctly.

Change-Id: Ie68b0f7dca4ceef9752cec44b1ff651e77f5f1d8
Resolves: #31178
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6268
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
      a4b4a547
  19. 23 Oct, 2011 1 commit
  21. 22 Oct, 2011 1 commit
    • Helmut Hummel's avatar
      [BUGFIX] Improve check for started session in rsaauth · b3d6973e
      Helmut Hummel authored 
      Checking if the superglobal $_SESSION is an array is not reliable.
Change the check to use session_id() which is an empty string
if the session has not been started.

Change-Id: Iac913beee5af40d28c17ade6a8bfa17df4da2374
Resolves: #30270
Releases: 4.3, 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/6189
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
      b3d6973e
  23. 19 Oct, 2011 1 commit
  25. 18 Oct, 2011 1 commit
    • Markus Klein's avatar
      [BUGFIX] date expects parameter 2 to be long, string given · fea80ec1
      Markus Klein authored 
      Any zero length string value is replaced with the current timestamp.
(Just like the default value for the second parameter of date/gmdate.)

Change-Id: I0d4cef574028668b0736c8a13db0687f0be62b0e
Fixes: #30931
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/5971
Reviewed-by: Simon Schaufelberger
Tested-by: Simon Schaufelberger
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
      fea80ec1
  27. 10 Oct, 2011 1 commit
  29. 05 Oct, 2011 1 commit
  31. 04 Oct, 2011 2 commits
  33. 19 Sep, 2011 1 commit
    • Helmut Hummel's avatar
      [BUGFIX] Don't unnecessarily start PHP session · 3e1cd735
      Helmut Hummel authored 
      Because of an information disclosure problem in the backend login
we moved the session_start() in t3lib_userauth in a place which caused
unwanted side effects with 3rd party extensions.

Revert that change to avoid compatibility and performance problems
and instead send no cache headers earlier in t3lib_userauth
to also fix the information disclosure.

Releases: 4.3, 4.4, 4.5, 4.6
Resolves: #29274
Related: #24456, #28694

Change-Id: I87226a21d9b1955773ceb3c377fa1b4c9938e6b2
Reviewed-on: http://review.typo3.org/5071
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
      3e1cd735
  35. 18 Sep, 2011 1 commit
  37. 14 Sep, 2011 3 commits
  39. 12 Sep, 2011 1 commit
  41. 09 Sep, 2011 1 commit
    • Dmitry Dulepov's avatar
      [BUGFIX] FE session transfer is broken · a8a33f76
      Dmitry Dulepov authored 
      The fix for #M13740 (revision 3a3a8d81) breaks FE session
transfer across top level domains.

Method tslib_fe::initFEuser() checks if there is a special
URL parameter named FE_SESSION_KEY. If that exists, it sets
$_COOKIE[$this->fe_user->name] to the passed session value.
This is very useful when using RealURL's feature to make
different language domains but use the same user for all
domains (multilanguage countries like Switzerland
or Belgium love that). However this is broken by using
$_SERVER['HTTP_COOKIE'] for FE session cookie. tslib_fe
has to be adjusted to set the same cookie.

Change-Id: I029c555a35d95895fc9aecf82c6f649df6fd4ca4
Resolves: #27740
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/3035
Reviewed-by: Stefan Neufeind
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
      a8a33f76
  43. 04 Sep, 2011 1 commit
  45. 30 Aug, 2011 1 commit
    • Stanislas Rolland's avatar
      [BUGFIX] Incorrect behaviour of style selector in RTE · 6177f8c9
      Stanislas Rolland authored 
      When all classes allowed on an element have been assigned to a single
element, the block/text style selector becomes disabled. It is then not
possible to remove the assigned classes from this element.

Change-Id: I22db8b9d15214aa9fbbebb636bc8deb9e03b138a
Resolves: #27801
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/4576
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland
      6177f8c9
  47. 29 Aug, 2011 1 commit
    • Markus Klein's avatar
      [BUGFIX] HTMLparser, treat fixAttrib.unset as boolean · b670ca82
      Markus Klein authored 
      HTMLparser_tags fixAttrib.unset is documented to be boolean, but is
currently treated as string.
This patch corrects for the expected behavior.

Change-Id: I716580d9a6fa9b5909f53e870afb4029a28598af
Resolves: #29246
Releases: 4.6, 4.5, 4.4, 4.3
Reviewed-on: http://review.typo3.org/4645
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
      b670ca82
  49. 24 Aug, 2011 1 commit
    • Georg Ringer's avatar
      [BUGFIX] exec_SELECTcountRows returns string · 40668212
      Georg Ringer authored 
      PHPdoc states that return value is either FALSE if
something strange happened or integer with the count of
records.

MySql returns strings, so an intval is needed to have integers

Change-Id: Ic831b59eaacaa40124e6688d81cb97a1c0b7fbb1
Resolves: #29169
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/4569
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
      40668212
  51. 21 Aug, 2011 2 commits
  53. 16 Aug, 2011 2 commits
  55. 12 Aug, 2011 2 commits
    • Oliver Hader's avatar
      [BUGFIX] Unit tests for tslib_content query arguments fail · becd370b
      Oliver Hader authored 
      Since security fixes in July 2011 introduced a better encoding of URL
arguments, checks in the unit tests have to be modified as well.

Change-Id: Ibc958c3c51d0b4f3dacfff3ca1e4638783e1b143
Resolves: #28946
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/4286
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
      becd370b
    • Helmut Hummel's avatar
      [BUGFIX] Maintain compatibility with changed headline rendering · 1c946cb6
      Helmut Hummel authored 
      If the fontTag property is set and the dataWrap property is set to the
default value, replace the dataWrap with the fontTag property value and
disable insertData on this level (if set).

This is to retain compatibility with versions before 4.5.4 while
compatibility with modified templates (before and after 4.5.4) is still
provided.

Change-Id: I6f05005e30c63ec2cf81eed1d9adeeb4f9828e82
Resolves: #28847
Related: #26876
Releases: 4.5, 4.4, 4.3
Reviewed-on: http://review.typo3.org/4282
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Michael Stucki
Tested-by: Michael Stucki
      1c946cb6
  57. 11 Aug, 2011 1 commit
  59. 03 Aug, 2011 1 commit