1. 22 Oct, 2014 2 commits
  2. 04 Apr, 2014 1 commit
    • Oliver Hader's avatar
      [TASK] Integrate default README.txt · c4def092
      Oliver Hader authored and Oliver Hader's avatar Oliver Hader committed
      This file is a modified and updated version like it has been
      releases with every package in the past. Since these files have
      been taken from git.typo3.org/TYPO3CMS/Distributions/Base.git,
      which is target to be cleaned up, the file is explicitely put
      to old branches as well.
      
      Resolves: #57656
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      Change-Id: I3b696895deaf03b2f630e12f1bd7b17b649b985c
      Reviewed-on: https://review.typo3.org/29174
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      c4def092
  3. 27 May, 2013 6 commits
  4. 08 May, 2013 2 commits
  5. 09 Apr, 2013 1 commit
  6. 05 Apr, 2013 1 commit
  7. 01 Apr, 2013 1 commit
  8. 15 Mar, 2013 1 commit
  9. 07 Mar, 2013 5 commits
  10. 06 Mar, 2013 6 commits
    • Helmut Hummel's avatar
      [BUFIX] External URL regression by jumpurl security fix · bcfb45e6
      Helmut Hummel authored
      With the jumpurl security fix, pages of type
      'Link to external URL' throw a jumpurl
      hash exception if called in the frontend. This typically
      happens if a HMENU renders such page links.
      
      The patch adapts the TSFE logic to write the required
      hash dynamically to _GET to make the jumpurl check happy
      that is called later on within the same process if
      calling such a 'external url' link.
      
      Change-Id: Ie73cd9710929c72aad4e75543f90c8618797997b
      Fixes: #46071
      Related: #28587
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      Reviewed-on: https://review.typo3.org/18766
      Reviewed-by: Wouter Wolters
      Tested-by: Wouter Wolters
      Reviewed-by: Helmut Hummel
      Tested-by: Helmut Hummel
      bcfb45e6
    • TYPO3 Release Team's avatar
      [TASK] Set TYPO3 version to 4.6.18-dev · 06705a69
      TYPO3 Release Team authored
      Change-Id: I6fbdee5980c7e84242c84157be61f091b2495da5
      Reviewed-on: https://review.typo3.org/18744
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      06705a69
    • TYPO3 Release Team's avatar
      [RELEASE] Release of TYPO3 4.6.17 · 27143364
      TYPO3 Release Team authored
      Change-Id: I257db407a3a3c6f058c67eb1caf82702f32b4004
      Reviewed-on: https://review.typo3.org/18743
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      27143364
    • TYPO3 Release Team's avatar
      [TASK] Raise submodule pointer · 425ff87c
      TYPO3 Release Team authored
      Change-Id: I3ad560328f2e37de97809a2b5bd6da2347ae3d43
      Reviewed-on: https://review.typo3.org/18737
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      425ff87c
    • Felix Oertel's avatar
      [SECURITY] SQL Injection Possibility in Extbase · 8ed7a3f9
      Felix Oertel authored and Oliver Hader's avatar Oliver Hader committed
      The Extbase persistence layer is vulnerable to SQL injection
      due to improper sanitation of submitted arguments on relations
      of the many-to-many type.
      
      Fixes: #46057
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      Change-Id: Ie5c9cf4a54260db937975edef61d464ddc808475
      Security-Commit: 51d177c795d9c3f62a72b33b26f76220c6957108
      Security-Bulletin: TYPO3-CORE-SA-2013-001
      Reviewed-on: https://review.typo3.org/18729
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      8ed7a3f9
    • Franz G. Jahn's avatar
      [SECURITY] Open redirection with jumpurl · da32bbb4
      Franz G. Jahn authored and Oliver Hader's avatar Oliver Hader committed
      jumpurl allows redirect to any given URL. A hash on the url
      is now required to know if the jumpurl has been created
      by the system or by the outside.
      
      The hook "jumpurlRedirectHandler" can be used to allow
      redirects without hash or to custom redirects.
      
      Fixes: #28587
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      Change-Id: I63da18b1963ec50cd95dd49d1669c9873b7bab54
      Security-Commit: 7d8f970aeb512e1a3d3da23308edbbcb324d57de
      Security-Bulletin: TYPO3-CORE-SA-2013-001
      Reviewed-on: https://review.typo3.org/18728
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      da32bbb4
  11. 14 Feb, 2013 6 commits
  12. 09 Feb, 2013 1 commit
    • Stefan Neufeind's avatar
      [BUGFIX] Tx_Fluid_ViewHelpers_Be_Buttons_IconViewHelper broken · c3ac1513
      Stefan Neufeind authored and Marc Bastian Heinrichs's avatar Marc Bastian Heinrichs committed
      It seems as the sprite keys in
      $GLOBALS['TBE_STYLES']['spriteIconApi']['iconsAvailable']
      have changed with TYPO3 4.6 and this change was not reflected in
      the experimental backend IconViewHelper, so the old key are not
      longer valid and new ones cant be used because of the allowedIconArray.
      
      I removed the "securityCheck" and the allowedIconArray, because the validity
      of the icon name is checked again in t3lib_iconWorks::getSpriteIcon
      against the iconAvailable array.
      
      Change-Id: I72116e82a4ab1c703816dd6fb79e547cc1e6a9ed
      Fixes: #31320
      Releases: 1.4, 4.7
      Reviewed-on: https://review.typo3.org/13616
      Reviewed-by: Marc Bastian Heinrichs
      Tested-by: Marc Bastian Heinrichs
      c3ac1513
  13. 08 Feb, 2013 3 commits
    • Christian Kuhn's avatar
      [BUGFIX] Skip a SelectViewHelperTest on Mac · 36126b71
      Christian Kuhn authored
      The optionsAreSortedByLabelIfSortByOptionLabelIsSetAndLocaleEqualsUtf8
      test always fails on Mac OSX caused by a bug in the C libraries on
      BSD/OSX. Skip the test if PHP_OS is Darwin.
      
      Fixes: #45291
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      
      Change-Id: I79087ec91a2da60d0e5c44bb0fedfaf11f3508bc
      Reviewed-on: https://review.typo3.org/18139
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      36126b71
    • Christian Kuhn's avatar
      [TASK] Raise submodule pointer · 81ac8ac2
      Christian Kuhn authored
      Change-Id: Ia1a8b6d23f13731bda46bc566c4b4d3682044234
      Reviewed-on: https://review.typo3.org/18131
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      81ac8ac2
    • Christian Kuhn's avatar
      [BUGFIX] Unit test fails with broken timezone · d9778e8b
      Christian Kuhn authored
      Commit 87eba80ea3d785 introduced tests that set the default
      timezone. This fails due to a typo "Europa" -> "Europe"
      Additionally, one of the tests is splitted to using a data
      provider.
      
      Change-Id: I893201b8dc0180a458a65f6fd65c9f2104f3e980
      Fixes: #45285
      Related: #12769
      Related: #43363
      Related: #9174
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      Reviewed-on: https://review.typo3.org/18128
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      Reviewed-by: Daniel Hürtgen
      Tested-by: Daniel Hürtgen
      d9778e8b
  14. 07 Feb, 2013 2 commits
    • Leon Dietsch's avatar
      [BUGFIX][Cache][PDO] Duplicate cache entry possible · 57756d5c
      Leon Dietsch authored and Christian Kuhn's avatar Christian Kuhn committed
      An identifier must be unique in the database. If some entry is set(),
      the PdoBackend removes any entry with a given identifier if the cache
      entry exists already. The remove() call is encapsulated with has(),
      but has() returns FALSE if a cache entry is expired, so entries with
      expired lifetime are not removed properly.
      This leads to a \PDOException because of duplicate identifier.
      
      The patch removes the check to has(), so set() will also remove
      expired cache entries with this identifier before creating a new one.
      
      Change-Id: Ife4e35223394805fc6d9e0b820a5d42789133f7b
      Fixes: #34129
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      Reviewed-on: https://review.typo3.org/18102
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      57756d5c
    • Anja Leichsenring's avatar
      [BUGFIX] Date ViewHelper not using configured Timezones · b4578c00
      Anja Leichsenring authored and Wouter Wolters's avatar Wouter Wolters committed
      The date viewhelper does not respect the configured timezone.
      After the default timezone is set during Bootstrap, it is enough to
      retrieve the setting from environment.
      
      Additional a condition tests the proper format of timestamps and adds
      the '@' if it is missing.
      
      For the formatted output with '%' strftime function is added, too.
      
      Fixes: #12769
      Fixes: #43363
      Fixes: #9174
      Releases: 4.5, 4.6, 4.7, 6.0, 6.1
      Change-Id: I782b4ec00537519768335da9ba32822a42108ea1
      Reviewed-on: https://review.typo3.org/18091
      Reviewed-by: Wouter Wolters
      Tested-by: Wouter Wolters
      b4578c00
  15. 06 Feb, 2013 1 commit
  16. 04 Feb, 2013 1 commit
    • Marco Bresch's avatar
      [BUGFIX] Catchable fatal error when using the swap button · 69fdf3fa
      Marco Bresch authored and Christian Kuhn's avatar Christian Kuhn committed
      An error message is coming up if you push the swap button (double arrow).
      The swap is realy done but you have to address the record once
      again in the list or page view, because a error message
      is still shown in the working frame on the right.
      
      To reproduce this error select a page with multiple versions in a page or
      list module in live workspace. You find the version module in the top of
      right frame. Press the 'Version Management' button. Now you get the swap
      button in front of each version.
      
      Fixes: #42948
      Releases: 6.1, 6.0, 4.7, 4.6, 4.5
      
      Change-Id: I45b3e691932782d6e4085c989b1fe0809b5a34ab
      Reviewed-on: https://review.typo3.org/16489
      Reviewed-by: Bart Dubelaar
      Reviewed-by: Dan Untenzu
      Tested-by: Dan Untenzu
      Reviewed-by: Oliver Hader
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      69fdf3fa