1. 19 Jan, 2015 1 commit
  2. 15 Jan, 2015 1 commit
  3. 17 Dec, 2014 1 commit
  4. 10 Dec, 2014 3 commits
  5. 08 Dec, 2014 1 commit
  6. 27 Nov, 2014 2 commits
  7. 19 Nov, 2014 1 commit
  8. 15 Nov, 2014 1 commit
  9. 13 Nov, 2014 1 commit
  10. 03 Nov, 2014 1 commit
  11. 31 Oct, 2014 1 commit
  12. 23 Oct, 2014 1 commit
  13. 22 Oct, 2014 5 commits
  14. 14 Oct, 2014 1 commit
  15. 23 Sep, 2014 2 commits
  16. 20 Sep, 2014 2 commits
  17. 23 Aug, 2014 1 commit
  18. 08 Jul, 2014 3 commits
  19. 29 Jun, 2014 2 commits
    • Helmut Hummel's avatar
      [TASK] Improve travis notifications to channels · 021526a7
      Helmut Hummel authored
      By default travis notifies on each build when
      posting to channels (irc, slack)
      We can reduce the number of notifications by only
      posting successful builds when it previously failed.
      Additionally encrypt the API token for posting to slack.
      
      Releases: 6.3, 6.2, 6.1, 6.0, 4.7, 4.5
      Change-Id: I882d34903c972201454e6cc5b9041393e3bd3661
      Reviewed-on: https://review.typo3.org/31226
      Reviewed-by: Helmut Hummel
      Tested-by: Helmut Hummel
      021526a7
    • Michael Stucki's avatar
      [TASK] Update Travis CI notification settings · 4f13b3a3
      Michael Stucki authored
      Notify on Slack and IRC, remove email notification.
      
      Resolves: #59838
      Releases: 6.3, 6.2, 4.5
      Change-Id: Ic4dacd5c7b6b4e6e2b8cfa92ae7976b666209747
      Reviewed-on: https://review.typo3.org/31209
      Reviewed-by: Nicole Cordes
      Reviewed-by: Michael Stucki
      Tested-by: Michael Stucki
      4f13b3a3
  20. 23 Jun, 2014 1 commit
    • Markus Klein's avatar
      [BUGFIX] AbstractBackendViewHelper uses namespaces · 64a43cae
      Markus Klein authored
      Namespaces are not supported in PHP 5.2.x, hence one must not
      prefix a class name with backslash.
      
      Regression fix to #54748.
      
      Resolves: #59825
      Releases: 4.5
      Change-Id: Ideb2cef1c5e2ec0d2ac3328ebd4f318a161d368a
      Reviewed-on: https://review.typo3.org/31084
      Tested-by: Sebastian Sommer
      Tested-by: Steffen Mächtel
      Reviewed-by: Markus Klein
      Tested-by: Markus Klein
      64a43cae
  21. 05 Jun, 2014 1 commit
  22. 03 Jun, 2014 1 commit
    • Markus Klein's avatar
      [BUGFIX] Fix double ? in eID url for encryption key · 4fbb2504
      Markus Klein authored
      The AJAX url for retrieving a new encryption key contains
      two question marks. This causes the request to fail.
      
      Fix this by removing the superflous ? from the parameters.
      
      Resolves: #59034
      Releases: 6.1, 4.7, 4.5
      Change-Id: Iab3833f50a48b71b25cf0205f7eb8d6b57dd859a
      Reviewed-on: https://review.typo3.org/30543
      Reviewed-by: Markus Klein
      Tested-by: Markus Klein
      4fbb2504
  23. 22 May, 2014 6 commits
    • Markus Klein's avatar
      [BUGFIX] Wrong HTML in locallang_csh_pages.xlf · 418e3130
      Markus Klein authored and Christian Kuhn's avatar Christian Kuhn committed
      lang/4.5/locallang_csh_pages.xlf contains invalid
      HTML structure a <p> tag should actually be a <b> tag.
      
      Resolves: #58936
      Releases: 6.2, 6.1, 4.5
      Change-Id: Id37d424296628202d8d434e0cf9cafd8529da2c3
      Reviewed-on: https://review.typo3.org/30331
      Reviewed-by: Christian Kuhn
      Tested-by: Christian Kuhn
      418e3130
    • Marc Bastian Heinrichs's avatar
      [BUGFIX] SoftReferenceIndex support for more values in class attribute · 81e31f18
      Marc Bastian Heinrichs authored
      The SoftReferenceIndex parses and rebuilds typolink tags, but the
      support for more than one value in class attribute is missing, because
      the values don't get enclosed with quotes on rebuilding.
      This leads to lost classes in typolinks in exports from impexp.
      
      Resolves: #58484
      Releases: 6.2, 6.1, 4.5
      Change-Id: I12ed3be7f5be36254bcee57fcb24bf2a10f92f46
      Reviewed-on: https://review.typo3.org/29853
      Reviewed-by: Markus Klein
      Tested-by: Markus Klein
      81e31f18
    • TYPO3 Release Team's avatar
      [TASK] Set TYPO3 version to 4.5.35-dev · dd2d0ad3
      TYPO3 Release Team authored
      Change-Id: Iffabf254620824d1d0b7a42e239576bd3aa73791
      Reviewed-on: https://review.typo3.org/30309
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      dd2d0ad3
    • TYPO3 Release Team's avatar
      [RELEASE] Release of TYPO3 4.5.34 · 67deb70e
      TYPO3 Release Team authored
      Change-Id: I296aa228d3d9ffda43cf99a41d3ac36d8b93f439
      Reviewed-on: https://review.typo3.org/30308
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      67deb70e
    • Helmut Hummel's avatar
      [SECURITY] Add trusted HTTP_HOST configuration · 55d5f385
      Helmut Hummel authored and Oliver Hader's avatar Oliver Hader committed
      TYPO3 uses the values of HTTP_HOST in several
      places without validating them. This could
      lead to a situation where links are generated
      using the host part from HTTP_HOST.
      Since HTTP_HOST headers are user input and
      can be spoofed by an attacker, it leads
      into several potential and actual security issues.
      To address this, a configuration option for
      trusted hosts is added, which is evaluated every
      time getIndpEnv('HTTP_HOST') is called.
      The configuration option is
      $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern']
      and can contain either a regular expression or the
      value "SERVER_NAME"
      To properly output the exception message in case
      the trustedHostPattern does not match,
      we need to adapt the exception handlers slightly
      to not log information in this case and to actually
      show the message even in production context to not
      confuse admins on what is currently going wrong.
      To not break all existing installations, the default
      pattern is set to 'SERVER_NAME' which allows all
      HTTP_HOST values matching the SERVER_NAME (and
      optionally the SERVER_PORT if a port is specified
      in the HTTP_HOST value).
      This will secure all installation which use properly
      configured name based virtual hosts, but leaves
      installations where the web server is not bound
      to a specific host name still in an insecure state.
      Fixes: #30377
      Releases: 6.2, 6.1, 6.0, 4.7, 4.5
      Security-Bulletin: TYPO3-CORE-SA-2014-001
      
      Change-Id: Id210212e6fbd186a273f92b340d5060e9c6f900d
      Reviewed-on: https://review.typo3.org/30275
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      55d5f385
    • Marc Bastian Heinrichs's avatar
      [SECURITY] XSS in (old) extension manager information function · efb098b2
      Marc Bastian Heinrichs authored and Oliver Hader's avatar Oliver Hader committed
      Needs to be fixed also in 6.x, but the affected function is not
      used anymore.
      
      Change-Id: Iae077221a4a8ef8f3aacaeb9d679cc68e97799bd
      Fixes: #54111
      Fixes: #54113
      Releases: 6.2, 6.1, 6.0, 4.7, 4.5
      Security-Commit: 6b746d50d9ee4fbf2eff3e3e4c0699100be983a2
      Security-Bulletin: TYPO3-CORE-SA-2014-001
      Reviewed-on: https://review.typo3.org/30274
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      efb098b2