GitLab

Change-Id: I7147fc137eb3df320e6e4f68ec13a98abbc02e70
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69105

Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

This change keeps the type parameter (e.g. ?type=13) even
if PageTypeDecorator is used when building URLs but "13" is not
part of the map in the site configuration.

A test is added in order to make sure this functionality
will not break (again), see
https://review.typo3.org/c/Packages/TYPO3.CMS/+/62383
for the original fix without tests.

Resolves: #87104
Related: #87817
Related: #88836
Releases: master, 10.4, 9.5
Change-Id: Ic7f82bfa9f28f971162e1af1b557188f61446462
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69116

Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Function getScriptPath is not implemented. PHPDoc block of function
getPathInfo points to getScriptName.

Resolves: #94095
Releases: master, 10.4, 9.5
Change-Id: I6329cff8ace4a3b5562e6d2d568dbed6d69c0ae5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69113

Tested-by: core-ci <typo3@b13.com>
Tested-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>

This change addresses a flaw when resolving ancestor ids of 1:n
relationships - resolving `l10n_source` pointer always was `0`.

Besides that now only non-empty `l10n_parent` or `l10n_source` are
returned as integer. Otherwise `null` is returned and signals that
a corresponding ancestor could not be resolved at all.

Scenario `localizeParentContentChainLanguageSynchronizationSource` of
`DataHandling\IRRE\ForeignField\Modify\ActionTest` was given already,
however `l10n_source` fields were missing in their TCA.

Resolves: #86141
Releases: master, 10.4, 9.5
Change-Id: Ia0e3d9accd5c1998f4fd971861262c158cc8f838
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69031

Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

For consistency in the filterNumericIds method of DataMapProcessor,
there should only be one result be returned. This patch removes the
second parameter to invert the methods behaviour.

Back-porting to TYPO3 v9.5 as well, for code consistency.

Resolves: #86138
Releases: master, 9.5
Change-Id: I89bd4949e75818a26dd23c0884ccc0cf41401804
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69033

Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

If an argument on a plugin namespace is not an array,
Extbase failed hard with an type error exception.

Resolves: #91040
Releases: master, 10.4, 9.5
Change-Id: Ib613081aeb99232f1254a431fec57f15bb88b1c0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68988

Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

With shallow cloning as done by gitlab-ci, composer
needs a hint which version a branch is derived from.
The patch sets according environment variables in the
testing containers for v10 and v9 min/max stages as
done with composer install based on composer.lock file
already.

Resolves: #94051
Releases: 10.4, 9.5
Change-Id: I288a4070a74175bc11706541551c28fee2deb0ae
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68986

Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch fixes a regression introduced by change
https://review.typo3.org/c/Packages/TYPO3.CMS/+/65126 which lead to
an HTTP 500 exception instead of returning HTTP 404 by making sure
that FileDumpController->isFileValid() is not called with NULL as
parameter.

Resolves: #92957
Related: #91754
Releases: master, 10.4, 9.5
Change-Id: I824606867063f421f1a6fdfde4788846ddcc41a7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68897

Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

gerrit voting and slack nightly reporting is now done
with a gitlab webhook instead of a CI stage.

Change-Id: I6498c41229cb3b6a9178d2a91dbbfbb657034cce
Resolves: #94035
Releases: master, 10.4, 9.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68958

Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Jobs are sometimes stuck, for instance when they run
into infinite loops. With the default job timeout of
one hour and a default retry, it takes two hours until
those report negative.
Jobs are usually done in less than 15 minutes. We now
set the timeout to generous 30 minutes, a pipeline with
a stuck job will thus report after one hour, latest.

Resolves: #94033
Related: #94001
Releases: master, 10.4, 9.5
Change-Id: I80c26783f5ff0a5900c849d84f57c77e22ca4f63
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68955

Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

RelationHandler cannot handle vanilla uids, pass 0 instead to correctly parse defVals for MM-relations in TCA type=group

Resolves: #93289
Releases: master, 10.4, 9.5
Change-Id: I5258bbc5ef164fc9ed2d14ed1062b54e1f9eec92
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68871

Tested-by: core-ci <typo3@b13.com>
Tested-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>

By default, gitlab passes all artifacts from previous
stages to each job. Thus, the negative-vote job was not
executed in case previous jobs with artifacts failed.

Since those jobs don't need artifacts anyways, not
downloading them solves the issue.

See: https://docs.gitlab.com/ee/ci/yaml/README.html#dependencies

Change-Id: Id38354949ddc7b9f059dc4203208b4e949568b2d
Resolves: #94013
Releases: master, 10.4, 9.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68867

Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

If the user does not have "edit" permission, she will not be able to see
the "Copy" action in the content menu. Since copy operation is read-
only, this action should be allowed. This fix will allow copying
without "edit" permissions.

The fix is contributed by the University of Basel.

Resolves: #92708
Releases: master, 10.4, 9.5
Change-Id: I018442e148ba1b4e9801a778bd5a00f433b9d0e0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68865

Tested-by: core-ci <typo3@b13.com>
Tested-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>

With the CI migration from bamboo to gitlab being finished,
the bamboo test plan setup can be dropped from core.

Resolves: #93994
Releases: master, 10.4, 9.5
Change-Id: I8f3d5beda8b296e268c2da5eddead6a542f5d418
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68885

Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

When a HMAC of a submitted form is invalid, TYPO3 throws
a BadRequestException which is logged to sys_log and logfiles.
Those invalid HMAC validation errors occur when the values
of the hidden fields tx_extension[__trustedProperties]
(extbase) or tx_form_formframework[form-id][__state] (ext:form)
are manipulated.

Since a TYPO3 site owner has no reasonable possibility to
prevent tampered form submissions and in order to keep logs
clean from errors due to illegal requests, the exceptions
are now not logged any more.

Resolves: #93667
Related: #90134
Releases: master, 10.4, 9.5
Change-Id: Icc9b209b29c9624c03e6b4e6689b8242a02ef349
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68857

Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Logs written via the logging API now include the correct
remote address instead of the marker ###IP###.

Additionally, some actions were logged twice, this is
streamlined.

Resolves: #93693
Resolves: #93943
Releases: master, 10.4, 9.5
Change-Id: I7d420046f5cff605383ce330784821644d9b9fac
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68801

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>

If a form upload is configured to save files within
"1:/user_upload/test/" (saveToFileMount: '1:/user_upload/test/'),
an upload will be saved within
"1:/user_upload/test/form_<random>/file.png".
Lateron, the DeleteUploadsFinisher delete
"1:/user_upload/test/form_<random>/file.png".
If "1:/user_upload/test/form_<random>/" is emty, this folder will be
deleted too.
This patch prevents the DeleteUploadsFinisher from trying to delete the
top level upload folder "1:/user_upload/test/".

Resolves: #93805
Releases: master, 10.4, 9.5
Change-Id: Ifd2fbf7cf7d5c94186ca27684d1baa92c898ba0f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68636

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The given example does not work and is replaced by a working example.
Doctrine will add ASC as fallback sorting if no sorting direction is
given, leading to an invalid SQL.

Resolves: #93795
Releases: master, 10.4, 9.5
Change-Id: I69f594b4e0ec65586d53ee7f1348c987234a4d19
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68538

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>

Update copyright year to 2021

Resolves: #93769
Releases: master, 10.4, 9.5
Change-Id: Iec3214352aca9df579a3a1574eaf61222a6d2689
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68513

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Change-Id: Ie042f704d3fb5ec7558a47139ba2214c4aeff8b8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68498

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: Ic96a203889dffd2800f2b5fd39767a824350c8fe
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68497

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

One of the recent security patches missed a class
import in v9. v10 and v11.1 are not affected and
phpstan would have found such an issue in >v10, too.

Related: #92136
Resolves: #93752
Releases: 9.5
Change-Id: Ia80514b1e3e503393bc44583344ece245fe33662
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68465

Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Change-Id: Ia9b588e1b14854150e6978a8759b7565ef2edf82
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68457

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I763cd8dcbd4e4bfbc702c9257eeea9ccbaa8db2b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68455

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The content element preview for menus displays the
menu type label along with the record title of the
defined pages and categories. Since the output was
not properly encoded, this led to a XSS vulnerability
in the page module.

The issue is addressed by properly encoding user input.

Note: Because of a bug in `PreviewRenderer`, the
vulnerable code was most likely not executed in any
TYPO3 installation after v8.6.0.

Resolves: #93664
Releases: master, 11.1, 10.4, 9.5
Change-Id: I56ec17f5f07ff4d7c28f2241e0c9eeee9affd71f
Security-Bulletin: TYPO3-CORE-SA-2021-008
Security-References: CVE-2021-21370
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68417

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

`AbstractUserAuthentication::$uc['moduleSessionID']` still stored plain
session identifier, which has been replaced by corresponding HMAC.

Resolves: #93359
Releases: master, 11.1, 10.4, 9.5
Change-Id: I920b8d3b364c249d2ec3a6deb42e141e5a1b8ff7
Security-Bulletin: TYPO3-CORE-SA-2021-006
Security-References: CVE-2021-21339
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68416

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

To prevent DoS attacks by using page-based error handling, the
content of the error page is now cached, this prevents fetching
the content of the error pages again and again.

Resolves: #88824
Releases: master, 11.1, 10.4, 9.5
Change-Id: I6dea5200dc710a182b66deedfbeb2110ea829117
Security-Bulletin: TYPO3-CORE-SA-2021-005
Security-References: CVE-2021-21359
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68415

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Form editors which provide only a limited set of allowed values
(like single-select or multi-select form editors) now validate the
submitted values against the set of allowed values (configured within
the form setup).

Resolves: #93581
Releases: master, 11.1, 10.4, 9.5
Change-Id: Iae0a34c20cacdbcfc4eff9c4b1add966c1657010
Security-Bulletin: TYPO3-CORE-SA-2021-003
Security-References: CVE-2021-21357
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68414

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

File handling implementation in `UploadedFileReferenceConverter` of
`ext:form` creates files in `/fileadmin/user_uploads/` whenever some
Extbase controller is (implicitly) dealing with `FileReference` models,
unless particular implementations assign specific type converters or
register type converters having a higher processing priority.

As a side-effect this could lead to by-passing mime-type validators,
allowing to plant cross-site scripting and other malicious binaries
to public accessible `/fileadmin/` storage. PHP files and similar are
blocked since `fileDenyPattern` rule is active in any case.

This change makes the usage of `UploadedFileReferenceConverter` more
specific in the scope of processing contact forms with `ext:form`

* use random folder names for files, `.../form_abcde12345/image.png`
* removes `UploadedFileReferenceConverter` from being used implicitly
  by other Extbase implementations dealing with `FileReference` models

`PseudoFileReference` has been introduced to limit properties being
serialized to `uid` (in case it's a real file reference) or `uidLocal`
(in case it's a transient reference, pointing to a file).

Direct URLs to uploaded files are substituted by `fileDump` eID script
now, enforcing corresponding FAL mime-type and denying the web server
from guessing/interpreting a different mime-type based on file suffix.

A unique form `__session` value has been introduce, serving as seed
to derive for instance mentioned folder names for uploaded files. In
addition to that, form `__state` is only parsed when having been
submitted via expected `FormFrontendController::performAction`.

Resolves: #92136
Releases: master, 11.1, 10.4, 9.5
Change-Id: I7c33803443a68d6b3c895ec74da802a70bd390c1
Security-Bulletin: TYPO3-CORE-SA-2021-002
Security-References: CVE-2021-21355
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68413

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

A missing check in GeneralUtility::sanitizeLocalUrl() resulted in
an url starting with `//` to be considered as a local url.

This change ensures, that urls starting with `//` are not considered
local. Corresponding unit tests are fixed and extended, since they
need a full environment to process correctly.

Resolves: #92891
Releases: master, 11.1, 10.4, 9.5
Change-Id: I41eb16776742b3e0d2cffd064dd0408e4faa7c78
Security-Bulletin: TYPO3-CORE-SA-2021-001
Security-References: CVE-2021-21338
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68412

Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The wiki.typo3.org is marked as deprecated and gets
replaced soon by docs.typo3.org permanently. Replace
all wiki links by actual documentation links.

Resolves: #93677
Releases: master, 10.4, 9.5
Change-Id: Ib1bc42a6f2192580581499a9a0c1deb8d21ae2e0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68372

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Update from 4.15.0 to 4.16.0 to use the latest bugfix release
which also includes security related fixes of 4.15.1 in plugins which
are not used by TYPO3.

Changelog: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md

Executed commands:

cd Build
yarn add ckeditor4@^4.16.0
yarn build

Resolves: #92885
Releases: master, 10.4, 9.5
Change-Id: Ief6b1d9248da201fb9078697362e81131f5426fc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68355

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Marco Bresch <marco.bresch@starfinanz.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

FileReferences objects contain references to File
objects which itself contain service dependencies
(e.g. event dispatcher) which are not seralizable.

This leads to problems for instance when having
a multi-step form containing file uploads where
file reference objects are being serialized.

For TYPO3 v9.5 there is no direct exception, but serialized
data still contained lots of superfluous information. That's
why this change is back-ported to v9.5 as well.

Resolves: #91196
Releases: master, 10.4, 9.5
Change-Id: I7650186adc5c61528e1a1adcf06b8d6cf67a55cd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68341

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Correctly initialize environment (host, script-name, ...) in test cases.
Adjustments to test cases of #87391 have been back-ported to TYPO3 v9.

Resolves: #93707
Releases: 9.5
Change-Id: I39083726fe77b13f715f03d4eb712e14a18be0c3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68344

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

`FrontendLoginControllerTest` environment (host, script-name, ...) is
not initialized and cleaned up properly. Implementation in TYPO3 v10 is
different and does not rely on `GeneralUtility::getIndpEnv` anymore.
That's why it's just targeted for TYPO3 v9.

Resolves: #93705
Releases: 9.5
Change-Id: Ib22f162d95cef91d28800bdf059ee71a7d706e30
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68343

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The reference to 85829 was broken.
It linked to 9.5 while the actual change was made in 9.4.
Therefore the link is adjusted to link to the actual existing file.

We use the :doc: syntax to allow sphinx to properly build the URL from
relative file path.

Resolves: #93641
Releases: master, 10.4, 9.5
Change-Id: Ia7755110b67ee4ff2efd3755cc5037d1f8e35f29
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68131

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Each jobs will have one more run in case it fails in the first.
This will prevent pipeline failures due to recoverable test
run failures.

Resolves: #93603
Releases: master, 10.4, 9.5
Change-Id: Ia054973d1f2a336727ef9d483041f1f48147c375
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68145

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Adapt testing related docker-compose.yml to properly
work with xdebug 3.0. This is packaged in the testing
container images already and is the only version
compatible with PHP 8.

To spice up developers life, xdebug 3.0 drops important
config options in a non b/w compatible way, introduces
new ones, where some of them overwrite others, and does
further stuff like changing the default step debugger
port for no apparent reason.

Since xdebug can be such a pain, runTests.sh comes with
-x option, so it (hopefully) 'just works' for devs using
the script in testing context. The setup of course breaks
with xdebug 3.0 and is fixed with the patch.

As single advantage, it is now easier to disable xdebug,
so the 'prepared php.ini file without xdebug' hack in
the test container images can be dropped.

Change-Id: Id5810a5a6d988bfe5e814a6781d12d93baa97972
Resolves: #93599
Releases: master, 10.4, 9.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68142

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

* Test relies on xdebug, which is not available on CI, this
  test is never executed there.
* Since the low level API header() is tested, the test
  additionally needs to fork a php process to do it's thing.
  This is ugly for a unit test.
* Turning the test into a functional test won't improve the
  situation since the response emitting is not done with
  functional sub requests.
* The skip logic breaks with xdebug 3.0 using xdebug.mode=off.

Resolves: #93598
Releases: master, 10.4, 9.5
Change-Id: Ibab9452bdcbc83228c1445db1a92b42db54dc192
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68136

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #93592
Releases: master, 10.4, 9.5
Change-Id: If851b9264d7d9e3b2a18df49d2c445f034aa5a80
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68119

Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>