Commits · e286dd99008612ad5de25693899cdfbf5b8f87c6 · typo3 / typo3

27 May, 2013 1 commit
- [TASK] Merge submodule dbal into core · e286dd99
  Thomas Maroschik authored May 27, 2013
  
  e286dd99
24 May, 2012 2 commits

[BUGFIX] Message about missing db credentials is misleading · b7790f5d

Chris topher authored Aug 28, 2011 and

Stefan Galinski committed May 24, 2012

If persistent connections are not allowed by MySQL the error message
"Can only select database if username/password/host is correctly set
first." is shown. Add an explanation that
$TYPO3_CONF_VARS['SYS']['no_pconnect'] must be set to 1, if persistent
connections are not allowed.

Change-Id: I1fbe73d84f5a3626f6be32fa6ef4f2721a617b33
Fixes: #29245
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/7113
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Sebastian Fischer
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski

b7790f5d

[BUGFIX] Skip t3lib_divTest::fixPermissionsSetsGroup on MacOS · ecb5ed61

Oliver Klee authored Jul 09, 2011 and

Stefan Galinski committed May 24, 2012

This test makes use of posix_getegid which on Mac OS always returns -1,
thus making it useless for getting the effective group ID.

Change-Id: I754a0e192b8b9b20a9475c56bf17a9738aa3fa19
Resolves: #28017
Releases: 4.6, 4.5, 4.4, 4.3
Reviewed-on: http://review.typo3.org/7124
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Philipp Gampe
Reviewed-by: Georg Grossberger
Tested-by: Georg Grossberger
Reviewed-by: Oliver Klee
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski

ecb5ed61

17 Apr, 2012 3 commits

[TASK] Set TYPO3 version to 4.4.16-dev · 41799595

TYPO3 v4 Release Team authored Apr 17, 2012

Change-Id: I3993b065b557e6024ae43cf6a3345f4282a6492c
Reviewed-on: http://review.typo3.org/10571
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

41799595

[RELEASE] Release of TYPO3 4.4.15 · 5a58c677

TYPO3 v4 Release Team authored Apr 17, 2012

Change-Id: I27b6756698e0653d665a59172ab1b70b05e3f02e
Reviewed-on: http://review.typo3.org/10570
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

5a58c677

[SECURITY] XSS in exception handler · bdcd2d5a

Oliver Klee authored Apr 17, 2012 and

Oliver Hader committed Apr 17, 2012

Change-Id: I8a8bc19e6ae4e25466570f5c376e018200306730
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Fixes: #34348
Security-Review: http://review.typo3.org/10313
Security-Commit: de5adb6d314831bafab690af27520d296f853640
Security-Bulletin: TYPO3-CORE-SA-2012-002
Reviewed-on: http://review.typo3.org/10565
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

bdcd2d5a

05 Apr, 2012 2 commits

[BUGFIX] Context menu of page translation doesn't work in languages view · 4cf56f42

Andreas Wolf authored Aug 29, 2011

For a page with translations, the clickmenu is not shown for these
translations in the page module, view "languages". This comes from a
missing table name in the clickmenu link generation call.

Change-Id: I8f63349bd66d02eddf0c48bf6223f9504aa6e43e
Resolves: #27052
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/4663
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

4cf56f42

[BUGFIX] Error when editing a record with additionalPreviewLanguage and an deleted l18n_parent · 5f920368

Andreas Wolf authored Sep 01, 2011

The behaviour that causes the error (translated elements are not deleted
when deleting parent) is fixed in recent TYPO3 versions; it is better to
do that additional check anyways (for old installations).

Change-Id: I4daf02f6b60daf2c1a1f7daad1683001deda40e5
Resolves: #17910
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/6211
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

5f920368

28 Mar, 2012 10 commits

[TASK] Set TYPO3 version to 4.4.15-dev · caef7538

TYPO3 v4 Release Team authored Mar 28, 2012

Change-Id: I6478cd2389441452b95eb5a7bd890d4b3cea42e4
Reviewed-on: http://review.typo3.org/10031
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

caef7538

[RELEASE] Release of TYPO3 4.4.14 · 6d33e3c6

TYPO3 v4 Release Team authored Mar 28, 2012

Change-Id: I60c80742e77c66b23f5ff57f93ca33985921c755
Reviewed-on: http://review.typo3.org/10028
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

6d33e3c6

[SECURITY] XSS possibility in RemoveXSS · 593ac07a

Andreas Wolf authored Mar 28, 2012

RemoveXSS fails to properly remove non printable characters, especially
zero-byte (\x00) chars.

Change-Id: Idfd0cdb4a9a27c27d86db9c4339c7227ffe6ae16
Fixes: #30188
Security-Review: http://review.typo3.org/5841
Security-Commit: dd560e6b831ee6825687dd594ddf1702012a6ecd
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10002
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

593ac07a

[SECURITY] XSS in show item · 1113205d

Christian Kuhn authored Mar 28, 2012

Change-Id: I74b66e63015571472c1c3930067abd015991c5d6
Fixes: #29397
Security-Review: http://review.typo3.org/5857
Security-Commit: c3f1e88586a15b67c2fc2ba49ed45cb521cd1478
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10001
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

1113205d

[!!!][SECURITY] XSS in filelink element · c3899f62

Georg Ringer authored Mar 28, 2012

Add escaping to description and file name of file link content element.
Warning: There is no longer HTML possible in description!

Change-Id: Ie9de8b12d52a4ccf95eacae4352490aa43e95756
Fixes: #25246
Security-Review: http://review.typo3.org/5838
Security-Commit: e543cb17ed7ef9d478e2c933a102fe656eb0964e
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10000
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

c3899f62

[SECURITY] XSS for extension meta data in About module · 19893163

Oliver Klee authored Mar 28, 2012

Change-Id: Ice808f1a8f5ef2ddc1c48dbb6e55dac26f4c4942
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Fixes: #30969
Security-Commit: 254542e63e81ae5ce0754cd3a4ed08e7be7e7bbd
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/9999
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

19893163

[SECURITY] Missing escaping in scheduler · c9613b3e

Georg Ringer authored Mar 28, 2012

A proper escaping is missing for field "frequency"
Sanitize submitted uid

Change-Id: Id811514d4dba2c3732bbbc4b03decdea1a9719ca
Fixes: #24474
Security-Commit: 6305b094b7f165e24ed3748ce6ec3dbf2a85b750
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/9998
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

c9613b3e

[SECURITY] XSS in BE file list · b3027ffe

Christian Kuhn authored Mar 28, 2012

Change-Id: I77b3c33e07a6ee6695c15566c14c7cb67053f587
Fixes: #30940
Security-Commit: a395345b246dd1aedb79890de03d6428f98a4b80
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/9997
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

b3027ffe

[SECURITY] Missing escaping for sys_notes · 331cbc19

Georg Ringer authored Mar 28, 2012

sys_notes misses an escaping in info module, not in
page/list module

Change-Id: I302b3c4cdb13e5e1aafb7f35608a9484d59854f9
Fixes: #22748
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: b58d50c11bc6014bb54477ad13ad3bb775c72464
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/9996
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

331cbc19

[SECURITY] Information disclosure showing DB name · 2ed674ad

Georg Ringer authored Mar 28, 2012

By accessing a cli script in the frontend, it is possible
that the DB name is shown.

Change-Id: Ib99342fbc80859c1963ab342ff2f07642db3c1aa
Fixes: #29060
Security-Commit: e5d79402eddb1e23b437344a72c91ad5ffb0d022
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/9995
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

2ed674ad

25 Mar, 2012 1 commit

[BUGFIX] Tooltips for items in groupfields are not moved · 22e73d38

Jigal van Hemert authored Mar 25, 2012

In groupfields the title attribute of options must also be handled
when moving items.

Change-Id: I5ef76f6648a3e62140ef8984dd7a8b1e8de9bcd8
Fixes: #35176
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/9863
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

22e73d38

12 Mar, 2012 1 commit

[BUGFIX] Send no-cache headers in t3lib_userauth · f2b9f516

Alexander Stehlik authored Apr 01, 2011

Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I823f72c143d9e5666db2426a5818b96a76d4c39f
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/6699
Reviewed-by: Georg Grossberger
Tested-by: Georg Grossberger
Reviewed-by: Sebastian Fischer
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

f2b9f516

07 Mar, 2012 1 commit

[TASK] Update copyright year to 2012 · bfa30d2c

Ernesto Baschny authored Mar 07, 2012

Change-Id: Ie3b58bca2de4db7a56b79fd0c07e926876941d53
Resolves: #34600
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/9443
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny

bfa30d2c

06 Mar, 2012 1 commit

[BUGFIX] cmpIPv4: prevent E_NOTICE, cleanup compare, testcases · 02223a12

Stefan Neufeind authored Jun 06, 2011

Cleanup for an E_NOTICE on exploding the bitmask.
Replaced (correct working, but "unreadable") strcmp().
Add testcases.

Change-Id: Idc28b66ce714ec26fc6cab68576e440f76421b4c
Resolves: #27230
Releases: 4.3, 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/7131
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

02223a12

18 Feb, 2012 1 commit

[BUGFIX] getAllowedItems called with one parameter too much · 61df41fd

Stefan Neufeind authored Feb 17, 2012

getAllowedItems() is called with two parameters. However
the second one is not in the function-definition and not used.

Change-Id: I69cd3c4362c36adc3e6f1e2bc1ae1ba7bfb38c77
Fixes: #34030
Releases: 4.4, 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/9088
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland

61df41fd

24 Jan, 2012 2 commits

[TASK] Set TYPO3 version to 4.4.14-dev · e2aa8171

TYPO3 v4 Release Team authored Jan 24, 2012

Change-Id: I25d69f3737a35a3f3cca7136ab55508b4db94e85
Reviewed-on: http://review.typo3.org/8668
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

e2aa8171

[RELEASE] Release of TYPO3 4.4.13 · 420bed12

TYPO3 v4 Release Team authored Jan 24, 2012

Change-Id: I632a05b9ea6d86d0598e1c3e21fe9c8f59c53313
Reviewed-on: http://review.typo3.org/8667
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

420bed12

18 Jan, 2012 1 commit

[BUGFIX] md5.js fails with non-ascii-characters · cb73697e

Stefan Neufeind authored Oct 10, 2011

Current implementation of md5.js only considers a very
limited range of characters.
The implementation from webtoolkit.info uses correct
unicode-representation.

Change-Id: Ib7b983340f2fd82698fd48967c0be61a8fc822b8
Releases: 4.4, 4.5, 4.6
Resolves: #22328
Reviewed-on: http://review.typo3.org/5692
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

cb73697e

14 Jan, 2012 1 commit

[BUGFIX] alt_doc.php uses deleted alternative page languages for translations · 765ca577

Marcus Krause authored Oct 28, 2011

The backend script alt_doc.php even considers deleted
pages_language_overlay records when determining in which language a
record can be/is localized.

This patch improves method documentation and applies
t3lib_BEfunc::deleteClause() on the respective database query.

Change-Id: Ibea4e3f8cd5ec9d104d52091e66d69faf48bea9d
Fixes: #31379
Releases: 4.3, 4.4, 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/6373
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Simon Schaufelberger
Tested-by: Simon Schaufelberger
Reviewed-by: Stefan Neufeind
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

765ca577

20 Dec, 2011 1 commit

[BUGFIX] Add SQL-comparator <> to SQL parser · 4f53d36d

Xavier Perseguers authored Dec 20, 2011

Comparator != was supported before.
But <> is ANSI SQL and therefore should be
supported as well.

Change-Id: I56e86bfda550036e31d5bec4e8430c47ff0b9b56
Fixes: #32626
Releases: 4.4, 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/7418
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers

4f53d36d

19 Dec, 2011 1 commit

[BUGFIX] Invalid query part on menu rendering · 1f4e1fc3

Oliver Hader authored Nov 06, 2011

Each page can have a target defined, which can also be a
typeNum that gets added to the generated URL. Now if RealURL
is used, the "&type=" part will be just added to the final
URL which looks like "page.html&type=1". A question mark
is missing here to get a valid query part.

Change-Id: I5404dde8963f2d5fea6a7e680cbe0f1d1f709d86
Fixes: #31622
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6960
Reviewed-by: Stefan Neufeind
Reviewed-by: Simon Schaufelberger
Tested-by: Simon Schaufelberger
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

1f4e1fc3

18 Dec, 2011 1 commit

[BUGFIX] @charset must be lowercase in CSS · 5e7a860f

Markus Klein authored Nov 29, 2011

CSS files must comply to http://www.w3.org/TR/CSS21/syndata.html#charset
which requires @charset to be
"the 10 characters '@charset "' (lowercase, no backslash escapes)".
Also the CSS compressor looks for the lowercase version.

Change-Id: Ie63eea0c4b6ed5089ea3e8d5291271c627674e24
Fixes: #32163
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/7351
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

5e7a860f

16 Dec, 2011 1 commit

[BUGFIX] Random miscalculations in ImageTTFBBox · ee28ebcc

Albrecht Koehnlein authored Jul 13, 2011

ImageTTFBBox() randomly returns incorrect negative values. Repeat the operation
a number of time if this happens to try to find the correct values.

Change-Id: Iec726a3ddbafdb6d2024257e01e63071b566e150
Fixes: #21054
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/7120
Reviewed-by: Philipp Gampe
Reviewed-by: Simon Schaufelberger
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

ee28ebcc

07 Dec, 2011 2 commits

[BUGFIX] Localization: Editing in TCEforms shows unstyled original value · 48a8cabe

Benni Mack authored Jul 09, 2011

When editing a translated record in the TCEforms backend, the original
language label is shown below, in a green box. The green box is
definitively from the old skin (3.x) and should be changed.

Change-Id: I9a85f1daac7b41a1a6d1e3cd9663c67abc917c44
Resolves: #28012
Releases: 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/7123
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

48a8cabe

[BUGFIX] Use trimExplode() for pageOverlayFields · c96adc16

Georg Ringer authored Aug 16, 2011

Currently explode() is used for pageOverLayFields which requires a list
without any whitespaces. Using t3lib_div::trimExplode() improves
the usability for integrators and reduces possibilities of not working
configurations

Change-Id: I65ba837ac2bb8370de6e79e6c7cef820afc9063d
Resolves: #28916
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/7132
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

c96adc16

29 Nov, 2011 1 commit

[BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module · e13b2b9a

Marco Bresch authored Nov 23, 2011

Fix XSS at column 'workspace membership'.

How to test:
* choose a workspace title like "<b>test</b>"
* assign a user as member to the workspace
* select the BE-module "Admin Tools->User Admin"
* select the checkbox "Workspace membership"
* press update
* take a look at column "Workspace membership"

Change-Id: I7036eb070d94beb73c539091135b188f588e171d
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6961
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

e13b2b9a

22 Nov, 2011 4 commits

[TASK] Set TYPO3 version to 4.4.13-dev · f60971a4

TYPO3 v4 Release Team authored Nov 22, 2011

Change-Id: I87c8c5c848353c9f0f71a9aaf15f63bd353b8120
Reviewed-on: http://review.typo3.org/6857
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

f60971a4

[RELEASE] Release of TYPO3 4.4.12 · 83da6ac7

TYPO3 v4 Release Team authored Nov 22, 2011

Change-Id: I5ff0d2c0a39593d64dc2cd183dc9b5b27fd56ee0
Reviewed-on: http://review.typo3.org/6856
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

83da6ac7

[TASK] Raise submodule pointer · 14d08b9c

TYPO3 v4 Release Team authored Nov 22, 2011

Change-Id: Ia90ea04d65ced0756ce6f6c74e598f48bd234849
Reviewed-on: http://review.typo3.org/6848
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

14d08b9c

[TASK] Raise version to 1.1.9 · 2616bf07

Xavier Perseguers authored Nov 22, 2011

Raise extension version number for TYPO3 4.4.12 and update md5 checksums.

Change-Id: Ie8466dda913e8d9ccc7adbed9506c7a32bad5f25
Releases: 4.4

2616bf07

21 Nov, 2011 1 commit

[TASK][!!!] Replaces die() calls with RuntimeException · 628110fe

Xavier Perseguers authored Nov 21, 2011

Unify the way exceptions are reported by throwing a RuntimeException
instead of calling die(). In some cases, die() discloses the full
script path. This information should be explicitly removed as it is
implicitly part of the Exception's stack trace anyway.

Change-Id: Ic5840ebf15b591b541ddc29276acf2d1075da8e0
Resolves: #31826
Branches: 4.7, 4.6, 4.5, 4.4, 4.3

628110fe

18 Nov, 2011 1 commit

[BUGFIX] Log date picker broken · 6c161c59

Francois Suter authored Oct 31, 2011

The date picker in the Admin Tools > Log when selecting a user-defined
time range is broken. Adapt it to new skinning API for the JS to act
on it properly again.

Change-Id: I26e34b312bf411b20bb8671278a6099e45accbe1
Resolves: #31450
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6396
Reviewed-by: Tomita Militaru
Reviewed-by: Francois Suter
Tested-by: Francois Suter

6c161c59