1. 12 Dec, 2020 1 commit
  2. 10 Dec, 2020 2 commits
  3. 04 Dec, 2020 2 commits
  4. 09 Nov, 2020 2 commits
  5. 14 Oct, 2020 1 commit
    • Christian Kuhn's avatar
      [!!!][TASK] Drop 'recursive delete' backend user setting · f3e221a2
      Christian Kuhn authored and Benni Mack's avatar Benni Mack committed
      The 'you can not delete pages that have sub pages' user
      settings restriction has been annoying ever since. Users
      who actually want to delete a full tree were annoyed by
      this flag if they did not had it and had to rely on an
      administrator action to actually give it to them, and
      had to delete pages on a one-by-one base meanwhile.
      Clever admins thus often enabled that flag by default.
      
      It was meant as a feature to prevent casual users from
      commiting accidential harm to a site tree. There are
      better ways to achieve this goal however: Admins
      can set proper access rights for important key pages
      preventing editors from deleting them. Furthermore,
      a better 'prevent editors from doing harm in live'
      way is available by using the workspaces extension. And,
      in case of accidental deletion, admins can always
      resurrect full page trees using the recycler extension.
      
      The patch drops the 'recursive delete' option from
      specific user settings and always allows deleting
      pages including sub pages.
      
      Resolves: #92560
      Releases: master
      Change-Id: I8401edc10daece7f83d0c5f85f99129616fac957
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66136
      
      
      Tested-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
      Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      f3e221a2
  6. 07 Oct, 2020 1 commit
  7. 04 Aug, 2020 1 commit
  8. 05 Jun, 2020 1 commit
  9. 01 Jun, 2020 1 commit
  10. 30 May, 2020 1 commit
  11. 29 May, 2020 2 commits
  12. 14 Apr, 2020 1 commit
  13. 25 Feb, 2020 1 commit
  14. 31 Dec, 2019 1 commit
    • Benni Mack's avatar
      [TASK] Clean up Page Permission handling in DataHandler · 248ea1d5
      Benni Mack authored and Oliver Hader's avatar Oliver Hader committed
      TYPO3's page permissions are based on five fields and a bitset.
      
      - perms_userid
      - perms_groupid
      - perms_user
      - perms_group
      - perms_everybody
      
      For permissions of a page there is
      - show page ("show")
      - edit page properties ("edit page")
      - edit page contents / records ("edit content")
      - delete page ("delete")
      - create new subpages ("new")
      
      In addition, these can be pre-set globally or via PageTSconfig.
      
      The DataHandler currently uses a mix between strings and integers
      for defining these values.
      
      A new PagePermissionAssembler class builds together the page permissions
      now, allowing to thin out certain parts of DataHandlers responsibility.
      
      The following properties and methods are now deprecated:
      - DataHandler->defaultPermissions
      - DataHandler->pMap
      - DataHandler->setTSconfigPermissions()
      - DataHandler->assemblePermissions()
      
      The methods
      - DataHandler->doesRecordExist()
      - DataHandler->recordInfoWithPermissionCheck()
      should only be called with integers as permission argument in the future.
      
      Resolves: #90019
      Releases: master
      Change-Id: I3724cb8661fe2b7cc5e1f8ab34d17dd4fa68c11b
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62763
      
      
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
      Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
      248ea1d5
  15. 06 Dec, 2019 1 commit
    • Benni Mack's avatar
      [TASK] Remove reqCHash functionality for plugins · f305de58
      Benni Mack authored and Frank Nägler's avatar Frank Nägler committed
      Since TYPO3 v10.0, all links generated by TYPO3 contain
      a cHash if
      - there are arguments that are not mapped within the routing
      - there are arguments that are not explicitly "excluded" from cHash (e.g. fbclid)
      - there are arguments that are not internal (L,id,MP).
      
      The PageArgumentValidator middleware now always evaluates the
      arguments properly at every request and decides to disable
      caching or throw a 404, if an incoming request does not have
      a cHash or an invalid cHash.
      
      Through the middleware, any plugin is automatically checked
      for the cHash, and it does not matter anymore for plugins,
      so it does not matter for integrators or template authors as well
      as cHash is managed internally by TYPO3 Core now (with no way
      to disable it, for security reasons).
      
      All functionality regarding cHash that can be dropped:
      - CacheHashEnforcer and Extbase option
      - TSFE->reqCHash() can be marked as deprecated
      - the option within PiBased Plugins is now irrelevant as well.
      
      This change jointly decouples cHash evaluation from any other
      part than Url Generation (= PageRouter) and Resolver (PageArgumentValidator),
      finally streamlining all logic of cHash functionality.
      
      Resolves: #89868
      Releases: master
      Change-Id: I7a694fbc95fa1ea4dc85b12a94b0a06b3722fd11
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62267
      
      
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
      Tested-by: Frank Nägler's avatarFrank Nägler <frank.naegler@typo3.org>
      Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
      Reviewed-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
      Reviewed-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
      Reviewed-by: Frank Nägler's avatarFrank Nägler <frank.naegler@typo3.org>
      f305de58
  16. 21 Nov, 2019 1 commit
  17. 11 Sep, 2019 1 commit
  18. 26 Aug, 2019 1 commit
  19. 22 Jul, 2019 1 commit
  20. 19 Jul, 2019 3 commits
  21. 13 Jul, 2019 1 commit
  22. 28 Jun, 2019 1 commit
  23. 30 May, 2019 1 commit
    • Benni Mack's avatar
      [!!!][TASK] Remove Frontend Track User functionality · 8300dd31
      Benni Mack authored and Andreas Fernandez's avatar Andreas Fernandez committed
      The functionality "ftu" ("Frontend Track User"), which allows
      to send the session through GET parameter within the site
      has been removed.
      
      It was used to hand in a session via `config.ftu = 1` and
      the GET parameter "ftu=a-32-character-string", which then
      started a session which was added to any link generated.
      
      This way, sessions could _have_ been transferred across
      domains but only if cookies would not be activated by
      the browser, which is unreliable.
      
      In order to pave the way to modern standards (OTP
      or JWT), this functionality is removed, as the ftu functionality
      has some flaws, conceptually and security wise.
      
      Removed public properties
      * AbstractUserAuthentication->get_name
      * AbstractUserAuthentication->getFallBack
      * AbstractUserAuthentication->getMethodEnabled
      * AbstractUserAuthentication->get_URL_ID
      * TypoScriptFrontendController->getMethodUrlIdToken
      
      Removed TypoScript:
      * config.ftu = 1
      
      Removed TYPO3_CONF_VARS
      * $TYPO3_CONF_VARS[FE][get_url_id_token]
      
      GET Parameter "ftu" has no special meaning anymore.
      
      Resolves: #88458
      Releases: master
      Change-Id: I664be44228b2180909f6abfda8acfcd5fe36aa5a
      Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60840
      
      
      Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
      Tested-by: default avatarTYPO3com <noreply@typo3.com>
      Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
      Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
      Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
      8300dd31
  24. 31 Jan, 2019 1 commit
  25. 18 Jan, 2019 1 commit
  26. 17 Jan, 2019 1 commit
  27. 14 Jan, 2019 1 commit
  28. 07 Jan, 2019 1 commit
  29. 30 Dec, 2018 1 commit
  30. 23 Dec, 2018 1 commit
  31. 20 Dec, 2018 2 commits
    • Christian Kuhn's avatar
      [!!!][TASK] Remove deprecated code from impexp extension · 659d081f
      Christian Kuhn authored and Anja Leichsenring's avatar Anja Leichsenring committed
      Resolves: #87244
      Releases: master
      Change-Id: I85282bdddc61df62fad1234406b05b73923407be
      Reviewed-on: https://review.typo3.org/59243
      
      
      Tested-by: default avatarTYPO3com <no-reply@typo3.com>
      Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
      Reviewed-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
      Tested-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
      659d081f
    • Benni Mack's avatar
      [!!!][TASK] Remove deprecated code related to TSFE · 09632eef
      Benni Mack authored and Anja Leichsenring's avatar Anja Leichsenring committed
      The following code related to TSFE has been removed:
      
      PHP classes:
      * TYPO3\CMS\Core\PageTitle\AltPageTitleProvider
      * TYPO3\CMS\Frontend\Page\ExternalPageUrlHandler
      * TYPO3\CMS\Frontend\Page\PageGenerator
      * TYPO3\CMS\Frontend\Page\EidUtility
      
      PHP interfaces:
      * TYPO3\CMS\Frontend\Http\UrlHandlerInterface
      
      Methods that have been marked as protected
      * tempPageCacheContent()
      * realPageCacheContent()
      * setPageCacheContent()
      * clearPageCacheContent_pidList()
      * setSysLastChanged()
      * contentStrReplace()
      
      Dropped TSFE methods
      * mergingWithGetVars()
      * connectToDB()
      * initFEuser()
      * checkAlternativeIdMethods()
      * initializeBackendUser()
      * getPageShortcut()
      * pageUnavailableAndExit()
      * pageNotFoundAndExit()
      * checkPageUnavailableHandler()
      * pageUnavailableHandler()
      * pageNotFoundHandler()
      * pageErrorHandler()
      * makeCacheHash()
      * initTemplate()
      * handleDataSubmission()
      * initializeRedirectUrlHandlers()
      * redirectToExternalUrl()
      * checkPageForMountpointRedirect()
      * checkPageForShortcutRedirect()
      * redirectToCurrentPage()
      * processOutput()
      * sendCacheHeaders()
      * sendHttpHeadersDirectly()
      * storeSessionData()
      * previewInfo()
      * hook_eofe()
      * addTempContentHttpHeaders()
      * setCSS()
      * getUniqueId()
      * readLLfile()
      * getLLL()
      * initLLvars()
      * convPOSTCharset()
      * convertCharsetRecursivelyToUtf8()
      * domainNameMatchesCurrentRequest()
      * getDomainDataForPid()
      * getDomainNameForPid()
      
      Dropped TSFE properties
      * activeUrlHandlers
      * page_cache_reg1
      * siteScript
      * loginUser
      * gr_list
      * beUserLogin
      * workspacePreview
      * ADMCMD_preview_BEUSER_uid
      * showHiddenPage
      * showHiddenRecords
      * debug
      * MP_defaults
      * sys_language_uid
      * sys_language_mode
      * sys_language_content
      * sys_language_contentOL
      * altPageTitle
      * lang
      
      TSFE Properties now marked as protected
      * loginAllowedInBranch
      * loginAllowedInBranch_mode
      * cacheTimeOutDefault
      * cacheContentFlag
      * cacheExpires
      * isClientCachable
      * no_cacheBeforePageGen
      * tempContent
      * pagesTSconfig
      * pageCacheTags
      * uniqueCounter
      * uniqueString
      * pageAccessFailureHistory
      
      TSFE Method Signature changes
      * calculateLinkVars now 1st parameter is required
      * preparePageContentGeneration now 1st parameter is required
      4th Parameter of TSFE->__construct() now unused
      
      Removed TypoScript
      * config.typolinkCheckRootline
      * config.titleTagFunction
      * config.USERUID_substToken
      * config.USERNAME_substToken
      
      Hooks
      $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['tslib_fe-PostProc']
      
      Database fields:
      * index_phash.data_page_reg1
      
      Resolves: #87235
      Releases: master
      Change-Id: Id95bb0ccb30852fd115fb9da7754fa2e64374a41
      Reviewed-on: https://review.typo3.org/59226
      
      
      Tested-by: default avatarTYPO3com <no-reply@typo3.com>
      Reviewed-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
      Tested-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
      Reviewed-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
      Tested-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
      09632eef
  32. 19 Dec, 2018 2 commits