- Oct 08, 2024
-
-
Oliver Hader authored
Resolves: #104343 Releases: main, 13.3, 12.4, 11.5 Change-Id: Ie9cd7bec43782282a142ad0911029579442734fd Security-Bulletin: TYPO3-CORE-SA-2024-011 Security-References: CVE-2024-34537 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86494 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Sven Jürgens authored
The API code snippet is related to 'DatePicker' and not to 'AdvancedPassword', probably due to a copy&paste mistake. Releases: main, 12.4, 11.5 Resolves: #105207 Change-Id: Icb57f4f053c8ce86e093bcdfd0f836145c692602 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86474 Tested-by:
Garvin Hicking <gh@faktor-e.de> Tested-by:
core-ci <typo3@b13.com> Reviewed-by:
-
- Oct 07, 2024
-
-
Stefan Bürk authored
Resolves: #105196 Releases: main, 13.3, 12.4, 11.5 Change-Id: I681c2d284097e3e0af604f991e12c7e0fbc76472 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86473 Reviewed-by:
Stefan Bürk <stefan@buerk.tech> Tested-by:
-
- Oct 05, 2024
-
-
Benjamin Franzke authored
Uses correct `base` and `locale` assignments in site configuration. Resolves: #105202 Releases: main, 12.4, 11.5 Change-Id: I872a61574f5858fd6b6269bb829bbdb43f2a56eb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86428 Tested-by:
-
- Oct 01, 2024
-
-
Oliver Bartsch authored
The rst validation is adjusted to allow one to two whitespaces between the ".." and the "import" / "index" keywords to support existing files as well as newly generated (rst helper tool) ones. Resolves: #105176 Releases: main, 12.4, 11.5 Change-Id: I566b49990e894ea19692011fe6027591df289ad7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86326 Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
-
SZChimp authored
The extra comma documented in the query will result in invalid SQL syntax, and has now been fixed. Releases: main, 12.4, 11.5 Resolves: #105168 Change-Id: I2241b2eb00c5f61875a940a77ddbb83e4ff212f7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86324 Tested-by:
-
- Sep 30, 2024
-
-
Benjamin Franzke authored
We can not deprecate a constant and use it at the same time. We basically traded a deprecated constant with a new deprecated constant. Therefore this intermediate constant (added without being released yet in #105155) is removed again and replaced by a plain value. It's too likely that this constant is used by 3rd party code (or dependencies like typo3/testing-framework), which then makes it hard to remove this constant again (despite being deprecated). Also defining an own constant – that looks like an official PHP constant – into the global space, has caused immediate confusions which we want to avoid by using a scalar value + comment. The reason (possible 3rd party extensions that may still trigger this error) why this is kept (and not just removed) is also added to all usages now. Releases: main, 12.4, 11.5 Resolves: #105165 Related: #105155 Change-Id: Ia7526c7d5027f2d0f91cddf4fb2967ef57e9526a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS...
-
- Sep 29, 2024
-
-
Stefan Bürk authored
Note that this change addresses three different issues, which need to be done in one step, otherwise none of isolated patches would get a +1 CI verification: * Alignment for changed `$escape` parameter handling of CSV related methods, which must be avoided with PHP versions below 8.4.0-beta5, but is required as of PHP 8.4.0-RC1. * This `$escape` issue needs to be addressed directly in the `typo3/testing-framework` and thus needs a raised dependency directly. * PHP 8.4.0.0-RC1 also deprecated the `E_STRICT` constant, which needs to be addressed directly. With [1] the `$escape` parameter for the following method calls * `str_getcsv()` * `fputcsv()` * `fgetcsv()` must be provided as a 1 character long value. Omitting and using the default value will emit a PHP deprecation [2] warning as of PHP 8.4.0-RC1, for example: str_getcsv(): the $escape parameter must be provided as its default value will change To mitigate this, PHP recommends follow...
-
- Sep 19, 2024
-
-
Helmut Hummel authored
Otherwise the PHP object is transformed to an empty JS object instead of a string containing the actual URI Resolves: #105036 Releases: main, 12.4, 11.5 Change-Id: I083524291d5e86869e3989a4836d2321a133c36f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86186 Tested-by:
Andreas Kienast <akienast@scripting-base.de> Tested-by:
-
- Sep 15, 2024
-
-
Ayke Halder authored
This makes FileClipboardCest check if the content-iframe is reloaded before clicking on a button to open a dropdown-menu. Before this change the button click and opening of the dropdown-menu did sporadically happen in the old iframe-content - and before the iframe-reload. As soon as the iframe reloads, the popup-menu is closed again. The subsequent click on a dropdown-menu-entry therefore fails. Resolves: #104714 Related: #104585 Related: #104702 Releases: main, 12.4, 11.5 Change-Id: Id7fd4d993ab563ab530e8c26f741a4ed0cbeb95d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86097 Tested-by:
-
Stefan Bürk authored
This change adds a integration check which scans for spaces in file and folder names which would otherwise lead to issues on some systems. Resolves: #104923 Related: #104922 Related: #104868 Releases: main, 12.4, 11.5 Change-Id: I8560ebcfae6f959289b3e64ae8292e08e4e7e036 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86094 Tested-by:
-
- Sep 11, 2024
-
-
Stefan Froemken authored
Add missing "App" node to example in Changelog of notification actions. Resolves: #104903 Releases: main, 12.4, 11.5 Change-Id: Icc88a55c731c7f5b517740673c24acd21b83fa12 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85957 Tested-by:
Andreas Kienast <a.fernandez@scripting-base.de> Tested-by:
-
- Sep 10, 2024
-
-
Andreas Kienast authored
The package `mime-db` received some updates since its introduction, hence it is now updated to its latest version. Executed commands: cd Build npm install --save-dev mime-db@^1.53.0 ./Scripts/generateMimeTypes.php Resolves: #104743 Releases: main, 12.4, 11.5 Change-Id: I756eed3e8d1a6b02f7b2f855dc63623a0c97245e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85980 Tested-by:
-
- Sep 06, 2024
-
-
Lina Wolf authored
This fixes the rendering warnings due to duplicate anchors and provides more structure in general. Also utilize API docs referencing for FQCNs. Resolves: #104712 Releases: main, 12.4, 11.5 Change-Id: I4e088dacec80a44d7c6e24ebb07582cbe84f72a2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85753 Reviewed-by:
Lina Wolf <112@linawolf.de> Tested-by:
Benjamin Franzke <ben@bnf.dev> Tested-by:
-
- Sep 05, 2024
-
-
Garvin Hicking authored
Backport of #104694 for TYPO3 11.5 with PHP 7.4 introduced an example that was not lintable. This patch addresses that and removes PHP 8 language syntax features from the example code. Resolves: #104826 Related: #104694 Releases: 11.5 Change-Id: I390a05e6ffad948a32cd1d12134f3e7c0fdc7049 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85895 Tested-by:
Chris Müller <typo3@brotkrueml.dev> Reviewed-by:
Torben Hansen <derhansen@gmail.com> Reviewed-by:
-
- Sep 04, 2024
-
-
serbelanalog authored
This patch shows an example for the frontend login how to get a redirect when an unauthorized visitor tries to access a restricted page. In this case, a 403 ErrorHandler can perform a redirect with special parameters, that a properly configured felogin plugin can utilize to redirect back to. Resolves: #104694 Related: #101252 Releases: main, 12.4, 11.5 Change-Id: Ia2c6723621304b8b3de366590c1be905572b00d1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85817 Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
-
Garvin Hicking authored
The module "EditModule" was removed with #87498, but the documentation reference remained. Instead of using this module as an example, instead "CacheModule" is referenced, since it addresses similar demonstration purposes. Backports are needed for proper documentation rendering. Resolves: #104802 Related: #87498 Releases: main, 12.4, 11.5 Change-Id: Iab25eec9aec9765f1c71f439c00ca34975d7e8a1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85873 Tested-by:
-
- Aug 27, 2024
-
-
Till Hörner authored
Resolves: #104749 Releases: main, 12.4, 11.5 Change-Id: I0285dbeb8cabd4dc338797b6b47d3312ca2b9bb3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85762 Tested-by:
-
Stefan Bürk authored
This change upgrades the version of the used `typo3/core-testing-php84` image [1], which uses PHP8.4 beta3 now along a new version of composer (2.7.8). [1] https://git.typo3.org/typo3/CI/testing-infrastructure/-/commit/bd98c246f5f8e5e91ee835212122998ffa5a1298 Resolves: #104748 Releases: main, 12.4, 11.5 Change-Id: I6555332a05e5809e30381c3a6b363a84c0150815 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85759 Reviewed-by:
-
- Aug 26, 2024
-
-
Philipp Kuhlmay authored
This sets the correct code-block caption definitions for the YAML and PHP code blocks so they will be rendered correctly. Resolves: #104716 Releases: main, 12.4, 11.5 Change-Id: Ic1ecc908c5e84f0c72180e4402296a78211263b3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85756 Tested-by:
-
- Aug 22, 2024
-
-
Ayke Halder authored
The FileClipboardCest waits for a button to become 'enabled' before clicking it. Disabled buttons use `class="disabled"` with CSS `pointer-events: none`. This might not be handled properly by `$I->waitForElementClickable()`. Resolves: #104702 Related: #104585 Releases: main, 12.4, 11.5 Change-Id: If0677eb445207612f43b624c2889d7ef6651ae71 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85737 Tested-by:
-
Lina Wolf authored
A broken backport for #103298 introduced some not properly resolved changes. This patch removes the wrongly merged blocks and further adjusts indentation and class schemes for the 11.5 context. Releases: 11.5 Resolves: #104671 Related: #103298 Change-Id: I9471144476424e2e72adca6b02a58e12d3503f6d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85697 Tested-by:
Sandra Erbel <erbel@analog.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
-
- Aug 20, 2024
-
-
Oliver Bartsch authored
Resolves: #104639 Releases: main, 12.4, 11.5 Change-Id: I74a0cd9e856283d26a382582cc5d6b8e99887cd4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85699 Tested-by:
-
- Aug 14, 2024
-
-
Garvin Hicking authored
The change in #97498 introduced a specific handling for ENUM/SET definitions in MariaDB systems. The check may be performed with a NULL value instead of a string, which can result in a PHP type mismatch error. Due to other refactoring, the issue does not exist in main (v13), but only affects v12 and v11. Resolves: #104621 Related: #97498 Releases: 12.4, 11.5 Change-Id: Ia28aae519b1aebcabe9a5f5c620124dfd22edc6a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85468 Tested-by:
-
- Aug 13, 2024
-
-
Oliver Hader authored
Change-Id: I923ac886427a99eb9a3d7d50799e7e1f4aba2fcd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85605 Tested-by:
-
Oliver Hader authored
Change-Id: I69b661793f76067cda23b460d1a1aac1bd0896bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85604 Tested-by:
-
- Aug 10, 2024
-
-
Christian Kuhn authored
idn_to_ascii() must not be called with empty string in PHP 8.4. Resolves: #104587 Related: #104513 Releases: main, 12.4, 11.5 Change-Id: I649d157cca3dadbe237e20eb440b071a1885db71 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85581 Reviewed-by:
Jasmina Ließmann <minapokhalo+typo3@gmail.com> Tested-by:
-
Christian Kuhn authored
Wait for the drop down to be ready before clicking around on it. Resolves: #104585 Releases: main, 12.4, 11.5 Change-Id: I9fa86d99b02c74bcc0f9efebce8fc4c2f8e54af5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85579 Tested-by:
-
- Aug 09, 2024
-
-
Christian Kuhn authored
Wait for the modal body iframe being there before switching to it. This is mainly an issue in v11 where the modal takes more time server side and webdriver is 'too quick' switching to it. We still sanitize all branches. Resolves: #104577 Releases: main, 12.4, 11.5 Change-Id: Ida09f1945daae3d0fb396f1e495e91ed5042454a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85565 Tested-by:
-
- Aug 07, 2024
-
-
Garvin Hicking authored
If an invalid record in `sys_be_shortcuts` is stored like this: ``` INSERT INTO sys_be_shortcuts (userid,route,arguments) VALUES (1,'record_edit','[]'); ``` then the backend cannot be accessed anymore due to PHP errors due to unguarded array key access of the "arguments" contents. This patch guards the array key access to prevent such a situation, so an invalid shortcut can be deleted from the menu. Database records like this might happen for migrated older installations. Resolves: #104496 Releases: main, 12.4, 11.5 Change-Id: I350e620eb403e53d1828cf5dedaab633ba00db55 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85464 Tested-by:
-
- Aug 06, 2024
-
-
Oliver Hader authored
composer/composer as dev dependency got a security release relevant for monorepo. We should raise to it. > composer req --dev composer/composer:^2.2.24 Resolves: #104556 Releases: main, 12.4, 11.5 Change-Id: Ib9b81a942456f1ac78445f27b4b0b198ff204e2d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85541 Tested-by:
-
Christian Kuhn authored
Resolves: #104557 Releases: main, 12.4, 11.5 Change-Id: I1bea6d74fc444007c8787e0a642c86b35a7ccb90 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85538 Reviewed-by:
-
Stefan Bürk authored
Doctrine DBAL retrieves for MariaDB `ENUM()` and `SET()` field default values quotes with single quotes, which leads to an endless field change reporting recursion in the database analyzer. The default value is now trimmed to ensure a working field compare within the extending `TYPO3\CMS\Core\Database\Schema\Comparator` class. Note that TYPO3 v13 (main) may reveal the same issue but is shadowed due to the general `ENUM()` and `SET()` type field issue since Doctrine DBAL 4, reported in #104413. That needs a change on its own for main only. Resolves: #97498 Related: #104413 Releases: 12.4, 11.5 Change-Id: I51b79a7f63db43cca2724958b0355a496a49fd33 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85460 Tested-by:
-
- Aug 03, 2024
-
-
Mathias Bolt Lesniak authored
SiteResolving will now correctly interpret a temporary ID of a new page (e.g., "NEW12345678ABCDEF") as an invalid ID and try to infer the site using `$result['effectivePid']`. This makes it possible to access site configuration properties within the TCA also on pages that have yet to be created. Resolves: #103573 Releases: main, 12.4, 11.5 Change-Id: I174e71e084e96b24ebe721ad0336a3dd1a8115d9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85458 Reviewed-by:
-
- Jul 31, 2024
-
-
Markus Sommer authored
Resolves: #104513 Releases: main, 12.4, 11.5 Change-Id: I73d4d5eac80e3bd637fa2fabd7b1d1948daf357c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85430 Tested-by:
-
- Jul 29, 2024
-
-
Thomas Hohn authored
In the RestoreRegisterContentObject::render method a call to array_pop is performed. The result is assigned to the variable $frontendController->register which has type array. However array_pop can return null, this patch add's a null coalesce operator to ensure that correct type. Resolves: #104495 Releases: main, 12.4, 11.5 Change-Id: I46efce10e4322ff3cd39b5a0eeafd1f768644e38 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85359 Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
- Jul 26, 2024
-
-
Christian Kuhn authored
PHP 8.4 support requires new guzzle versions. v13 sets requirements to PHP 8.4 compatible guzzle libraries versions, so v13 can not ship with libraries lower than that. This drops guzzle/promises v1 support, which has been re-added to v12 for backwards compatible reasons, and v13 inherited this. It should be fair to drop guzzle/promises v1 in v13 now. v12 and v11 will only "composer u" to the versions below, but not require them, so non-composer releases will package compatible library versions, while composer instances have the option to update when needed. > composer u guzzlehttp/guzzle guzzlehttp/promises guzzlehttp/psr7 Resolves: #104488 Releases: main, 12.4, 11.5 Change-Id: I43a4e56f9fbb3bb00d77eb198161350e72a51da4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85395 Tested-by:
-
Christian Kuhn authored
Brings PHP 8.4 fixes. "composer req" in v13, "composer u" in v12 and v11. > composer u typo3/html-sanitizer Resolves: #104483 Releases: main, 12.4, 11.5 Change-Id: I3c5dfb7eb1b76bc13ef0d784e87138360bfbdd61 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85392 Tested-by:
-
- Jul 25, 2024
-
-
Stefan Bürk authored
This change raises the core-testing-php84 image version to use PHP 8.4.0 alpha2. [1] https://git.typo3.org/typo3/CI/testing-infrastructure/-/commit/abd0b88dd70d0053359b08584d66df17540f177d Resolves: #104480 Releases: main, 12.4, 11.5 Change-Id: Ife69d5fdb82f4243547fab5998b4a1ba0123bafc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85357 Tested-by:
-
Christian Kuhn authored
phpstan "bleeding edge config" enables a feature that reduces memory usage significantly. We don't switch to "bleeding edge" per se, but enable that single toggle for now. phpstan does not do this by default since it may be breaking for existing rules, which is not a problem in our case. > rm -rf .cache/phpstan/; Build/Scripts/runTests.sh -s phpstan Before locally: 10.99 GB After locally: 5.82 GB Before CI: 15.15 GB After CI: 9.49 GB Numbers vary depending mainly on available number of CPUs: My local machine has less CPUs than CI - we *may* tune phpstan a bit further in this area, later. Resolves: #104476 Related: #104475 Releases: main, 12.4, 11.5 Change-Id: I32ca9a36b752ad52e8ac5fd433c3f929f86843af Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85378 Tested-by:
-
