In index.php AND typo3/sysext/cms/tslib/index_ts.php
(which will be included in index.php) the constant
PATH_thisScript is defined.

The definition in typo3/sysext/cms/tslib/index_ts.php
is obsolete, because this will be checked via
if(!defined(...)).

Change-Id: I3ffc0639d61f76bb6c72a96fb4fd2908e38a0268
Fixes: #35003
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9739
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Due to a superfluous displayCondition the field for actual insertion of
HTML5-video-sources is not shown correctly.

Change-Id: I8cd43b9dba4b97a286ec24641fd4812577beaf43
Fixes: #35433
Releases: 4.7,6.0
Reviewed-on: http://review.typo3.org/10226
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

In index.php AND typo3/sysext/cms/tslib/index_ts.php
(which will be included in index.php) the constant
PATH_site is defined.

The definition in typo3/sysext/cms/tslib/index_ts.php
is obsolete, because this will be checked via if(!defined(...)).

See also #35003

Change-Id: Ia0a967f562a2a58655b9db0419654c36e7092a05
Fixes: #35017
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9753
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

In index.php AND typo3/sysext/cms/tslib/index_ts.php
(which will be included in index.php) the constant
PATH_tslib is defined.

The definition in typo3/sysext/cms/tslib/index_ts.php
is obsolete, because this will be checked via if(!defined(...)).

In index.php, if PATH_tslib is empty the script will die immediately.
After that check, PATH_tslib will be used to include index_ts.php

See also #35003 and #35017

Change-Id: I6b86c3bdb071af06b2c64b8cbbc977e9387408c8
Fixes: #35019
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9754
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

For every parameter the same code for overlaying Flexform value
over the value given in TypoScript is done.

Furthermore for every file the same url-processing is done.

Remove these code duplication by extracting these things to
external functions for a better readability and maintainability.

Change-Id: I2a614cc1d60f28c3ef4189e74fa3f4dea91fa85f
Resolves: #35440
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/10219
Tested-by: Anja Leichsenring
Reviewed-by: Oliver Klee
Reviewed-by: Anja Leichsenring
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Due to the usage of an undefined variable, the value of
an field within the flexform cannot resolved correctly.
As an result any displayCondition of an FlexForm sheet looking
at a field value (FIELD:*:=:value) evaluates to false.

Change-Id: I31bf3af8b61981d7fde9e3d0f1c6dbc01118d14a
Fixes: #35436
Releases: 6.0,4.7
Reviewed-on: http://review.typo3.org/10107
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Dominik Mathern
Tested-by: Dominik Mathern
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-on: http://review.typo3.org/10221

With HTML5 video many new options are added to the media element
flexform. This results in a very hard to read form.

Restructure the fields into tabs and use display conditions
to hide unneeded fields depending on the selected media type.

Change-Id: I1a25a17506541a3461bcd83d320a395bad3f8195
Fixes: #35433
Releases: 6.0,4.7
Reviewed-on: http://review.typo3.org/10109
Reviewed-by: Dominik Mathern
Tested-by: Dominik Mathern
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-on: http://review.typo3.org/10223

Label for attribute is invalid for XHTML. Changing it to a hard coded
value solves the problem. In case custom styling or Javascript breaks
the whole template can be replaced.

Change-Id: I41008125706f51104ff5ddf16786f0d7a71cf2af
Fixes: #18901
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/7514
Reviewed-by: Oliver Klee
Reviewed-by: Sebastian Michaelsen
Tested-by: Sebastian Michaelsen
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Change-Id: I99863cca2d9e8b2add3292a8570cefb03a960af1
Resolves: #35822
Releases: 6.0
Reviewed-on: http://review.typo3.org/10210
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Moves the form submit button to docheader.
Also adds a section divided between settings and reset actions.

Change-Id: I433853d3587b082e51c7c855f9461e9c861e28d5
Release: 4.7, 4.8
Fixes: #632
Reviewed-on: http://review.typo3.org/9789
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Oliver Klee
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Moves save and cancel button in new/edit to the docHeader.

Change-Id: I5fd6b927e233c0deefe13c0885ad6ebfe946a41c
Fixes: #35104
Releases: 4.7, 6.0
Reviewed-on: http://review.typo3.org/10116
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Every extension needs an icon, impexp too

Change-Id: I925aba612e49c392f30368136089c640a2b8198f
Fixes: #35257
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9955
Reviewed-by: Philipp Gampe
Reviewed-by: Andy Grunwald
Tested-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Change-Id: I1d61119394d00417a9a033f25146fc0d5096d853
Resolves: #34772
Releases: 6.0
Reviewed-on: http://review.typo3.org/9729
Tested-by: Philipp Gampe
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Use the preferred syntax for implode()

Change-Id: Id5db3a209903978979eba971f7f53180a850289a
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #34695
Reviewed-on: http://review.typo3.org/10192
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

The call to getDynTabMenu had one parameter too much. Removing it
restores the normal functionality that the first tab is selected
by default.

Change-Id: I24eac1c343b662b2757c2c69ec1dd749b5ece344
Releases: 6.0, 4.7
Fixes: #35694
Reviewed-on: http://review.typo3.org/10157
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

The ext_tables.php of t3editor does overwrite parts of tt_content's TCA
without first loading it; this leads to errors if the ext_tables.php
cache is included before the TCA is properly loaded.

Change-Id: I54c19a2c6bc3e0b847ffa0bf19991a5936c0cba1
Resolves: #35495
Releases: 4.7, 6.0
Reviewed-on: http://review.typo3.org/10114
Reviewed-by: Stefan Neufeind
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Introduces a hook in tx_form_View_Wizard_Wizard. This hook
allows extending the wizard interface by loading extending
resources. The hook is executed after all other resources have
been loaded and just before content rendering.

Use it by adding your function to the array
$TYPO3_CONF_VARS['EXTCONF']['form']['hooks']['renderWizard']

Change-Id: I4fc22d5044d2808a9dbdb5ea9b256c2427987030
Resolves: #34711
Releases: 6.0
Reviewed-on: http://review.typo3.org/9559
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

Changes the regular expression used to validate the string into a
unicode-aware character-class and adds two testcases for this.

Change-Id: I247437d9e722c4656ddab0dd2e2ef6a960837cff
Fixes: #35296
Releases: 4.5, 4.7, 6.0
Reviewed-on: http://review.typo3.org/10066
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

Changes the regular expression used to validate the string into a
unicode-aware character-class and adds two tests for this.

Change-Id: I8cb83376ec3a029a0729cf950d385518746904b4
Fixes: #35284
Releases: 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/10065
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

Do not offer update for extensions with state "excludeFromUpdates"

Change-Id: Ic3aaf85a64fe23f5aede42a7949f4137d468675f
Fixes: #35126
Releases: 4.8, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9827
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Sebastian Fischer
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski

Add escaping to description and file name of file link content element.
Warning: There is no longer HTML possible in description!

Change-Id: Id9da65e927080db4e548811f9a82e0cf7e88e214
Fixes: #25246
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/7236
Security-Commit: a4006c10b5ac505a951131bbe3166a4271c62268
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10038
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

By accessing a cli script in the frontend, it is possible
that the DB name is shown.

Change-Id: Iac35d41ec7953fe14311b3bb619cc137389566fc
Fixes: #29060
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/9936
Security-Commit: 4953abf5d8e3c5eeeb60f5a8dcd919985f063ab3
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10037
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: Ia6a5d5d6d350eee0a440a4ce8299f2a483bed58d
Fixes: #29397
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/9935
Security-Commit: 582a55d38d48c24d6e04fc7d213f0d74644ab689
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10036
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

sys_notes misses an escaping in info module

Change-Id: If420168807f609709a767c7fb1d6a4d504d277f8
Fixes: #22748
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 31c4fdb3c3c9fe9d1a28fd13ca69f8b97d15459e
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10035
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

A proper escaping is missing for field "frequency"
Sanitize submitted uid

Change-Id: I882d167f55b813f7f20beba48ee09792acec4935
Fixes: #24474
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 68a9d5c2de0b6d466373cdde07fef03161bfa2de
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10034
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: I772490b260eb06e714ec57cdf75a6166f53eaea1
Fixes: #30940
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: dbed57cf912b792ae694ce4c6092a1900da9904b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10033
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Some values from the backend layout configuration
are not properly escaped

Change-Id: Id08f8f21d5c429e05e5de938e46eb2532855f5a6
Fixes: #29536
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: d34ae5f174a0fc5242323909771a6fbf21ef785b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10032
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

RemoveXSS fails to properly remove non printable characters, especially
zero-byte (\x00) chars.

Change-Id: I7005a7fbea98f224eab10cc639d6008d56adb2f6
Fixes: #30188
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 5c4076c527bb91f1232ed490eff779f78f89402b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10030
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: Id625eb9cc310f979899b3bd81d6eb43740825368
Reviewed-on: http://review.typo3.org/9989
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

Method t3lib_TCEmain::getPreviousLocalizedRecordUid() checks for the
"closest" localized record. For content elements it does this per
column, but actually fails because the "colPos" field is not among
the available fields. It must be added to the selection.

Change-Id: I2cd1ca612671aa8ff74599ccf7dd343ae6d86fa8
Fixes: #35260
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9891
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Philipp Gampe
Reviewed-by: Wouter Wolters
Reviewed-by: Francois Suter
Tested-by: Francois Suter

This Fix Replaces 3 occurences of new t3lib_install with
t3lib_div::makeInstance('t3lib_install')

Change-Id: I59c3366de1d7326c8da899d7f48a6125149c6b1f
Fixes: #35272
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9896
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

t3lib_collection_AbstractRecordCollection::getItemUidList() has
a method argument that is not used. The purpose is to have a
combination of table name and uid on demand.

Change-Id: I53f6aa0f87ea87db20d0e2d95cf5b4f5e2bdea81
Fixes: #35277
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9899
Reviewed-by: Dmitry Dulepov
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Introduces processDatamap_beforeStart hook to t3lib_TCEmain
which can be used to individually initialize or pre-filter
the datamap array.

Change-Id: I1862bfe0ecb3e3a1de8ae789a50f9eb6cfd9071b
Resolves: #35161
Releases: 4.7, 6.0
Reviewed-on: http://review.typo3.org/9817
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

t3lib_collection_StaticRecordCollection::loadContents() tries to
access class t3lib_TcaRelationService which is not available in
the TYPO3 Core. The accordant dependent feature request was
pending for master (see #32148). Since the TcaRelationService
was dropped for 4.7, this fix uses plain MM queries to get the
desired results.

Change-Id: I72fa5f7dc0fcf269ef00f9ec17bff6dd5bd95173
Fixes: #33942
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9028
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Change-Id: I14e2ab3e462556ee2d6181660a3aedd506cc4b53
Releases: 6.0
Reviewed-on: http://review.typo3.org/9907
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

When creating a new page node via drag'n'drop shortcuts in pagetree,
the TCAdefaults.pages array from page TsConfig is now being respected.
This allows to preset certain field values for new pages.

Change-Id: I21c2f84951699469b00a745b62d2a95fb114809e
Fixes: #25021
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9747
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Stefan Neufeind
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

A few places in t3lib_iconWorks use variables as arrays without
checking if they are actually arrays. This leads to warnings in
the syslog.

Change-Id: Ibd14796dae648195a630d520ab18d5f8689076f0
Fixes: #24248
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9851
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Oliver Klee
Reviewed-by: Markus Klein
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

In groupfields the title attribute of options must also be handled
when moving items.

Change-Id: I82f8d3fabdda8e882087e80d3d8361a9be1b9c51
Fixes: #35176
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/9855
Reviewed-by: Markus Klein
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

This option in the User Settings is totally useless, as there aren't
any troubles with modern browsers and this feature anymore.

Change-Id: I27f1796b8e787aec9a673eaf3220115054711000
Resolves: #24584
Releases: 4.8
Reviewed-on: http://review.typo3.org/7334
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

This happens for the mkdirSetsGroupOwnershipOfCreatedDirectory() test in
t3lib_divTest.

Solution, just skip the test if the function does not exists.

Also do same safety check for posix_getegid() as done some tests above.

Change-Id: I18cbebc0b22ae5a7318673ed8abd2bd01003ba57
Fixes: #33718
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/8867
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert