- Jul 07, 2020
-
-
Andreas Fernandez authored
Instead of generating the URL to the backend login, the URI of the current request is now used for the referrer check in backend login. This fixes a redirect issue with password recovery links opened via email. The anchor-based reload detection has been replaced with a localStorage-based solution as browsers don't trigger a new request if the target location is already loaded, but only an achor is appended to the URL. Resolves: #91442 Releases: master, 10.4, 9.5 Change-Id: I577bdd8ce75c94f864852f812c0b8ad66f0d5634
-
- Jun 30, 2020
-
-
Benjamin Franzke authored
FileReferences objects contain references to File objects which itself contain service dependencies (e.g. event dispatcher) which are not seralizable. This leads to problems for instance when having a multi-step form containing file uploads where file reference objects are being serialized. Resolves: #91196 Releases: master, 10.4 Change-Id: I7650186adc5c61528e1a1adcf06b8d6cf67a55cd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64841 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
-
Christian Eßl authored
The doc comments for DataHandler::clear_cacheCmd() contained outdated information on how to clear the system caches. Resolves: #91720 Releases: master, 10.4 Change-Id: I42cb2aebecc7ef2eb45b0070e3fff19a199b9651 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64944 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
Helmut Hummel authored
To allow uncached plugins to provide a different page title, page title providers must be also be called after uncached plugins are rendered. To not loose the state of page title providers that are called for cached entires, the state of page title providers is stored in cache as well and provided for the second title generation process after uncached objects are rendered. Resolves: #91233 Releases: master, 10.4, 9.5 Change-Id: I277551d9a58781c0d130c27b346bcbbc209266fd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64934 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
-
- Jun 29, 2020
-
-
Benni Mack authored
If a "fileExtension" is given in the Image Processing of FAL (e.g. via Fluid ViewHelper setting "fileExtension='png'"), then a SVG image is now converted to the target file extension as well. This might be important for various use cases when dealing with SVGs Resolves: #75191 Releases: master, 10.4 Change-Id: I82fd2e7cccf15f845a7624a8dc9135bb06eaf145 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63611 Tested-by:
-
Benjamin Franzke authored
Do not swap the global singleton instance, as that would only update new classes that are retrived though GeneralUtlity::makeInstance). Existing ones (cached in already initialized classes, or initialized via the symfony DI container would not be updated). Releases: master, 10.4 Resolves: #91316 Related: #87402 Related: #88179 Change-Id: Ibcd4ecd3418dd047861b83685a6664e391a8f66b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64419 Tested-by:
Helmut Hummel <typo3@helhum.io> Tested-by:
-
Andreas Fernandez authored
nprogress is used to indicate activity when a collapsed IRRE node is about to get loaded. In case of FlexForms the id attribute may contain a dot which is not an issue if handled correctly. However, nprogress doesn't treat this value as an id, but rather as a full CSS selector which causes issues and breaks loading the IRRE node. To work around this issue, the id of the container used to render the progress bar is now MD5 hashed. Resolves: #91585 Releases: master, 10.4 Change-Id: I893d0cf24ea0f384d9ffff4d84f83b0fa35341b7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64783 Tested-by:
-
Oliver Klee authored
Some system extensions use functions like libxml_disable_entity_loader which are provided by ext-libxml. To make sure these methods are available, this PHP extension needs to be required. Used composer command: composer require ext-libxml:"*" Also add the extension as required in the install tool. Releases: master,10.4 Resolves: #91069 Change-Id: Ib98d4aba4a9071f48e2fb370382f61130115daad Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64204 Tested-by:
-
Benni Mack authored
When the userTSconfig options.defaultUserFolder = 1:/my-folder/ does not exist, Backend users now fall back to the first selected user folder. A test is added to show that the fallback to the default storage works. Resolves: #86815 Releases: master, 10.4 Change-Id: Ia88a9020adb4ba522e10e3a6059189500d9a407f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64552 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
Andreas Fernandez authored
The JavaScript modules now utilize the native String.prototype.trim function to trim whitespaces off string where jQuery's trim was used before. Resolves: #91683 Releases: master, 10.4 Change-Id: I5c7a25e508e7e052339f2969a5725593e110a3a1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64932 Tested-by:
-
- Jun 26, 2020
-
-
Daniel Goerz authored
Always loading the alias loader is required in order to allow extensions to provide class aliases in non Composer mode. Also update the class alias loader to latest version with: composer up typo3/class-alias-loader By doing so, we can remove the additional composer dumpautoload in test suite, which only was required because the alias loader update requires a two step operation. Resolves: #91692 Releases: master Change-Id: Ie70ae295d14a5a813e294ae22a4e1bf10c8f0a5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64933 Tested-by:
-
- Jun 22, 2020
-
-
Benni Mack authored
The og:image and twitter:image meta tags are not resized. If an editor puts a 5000 pixel wide image in a field, it does not get resized, and if it is large enough (in size + MB) it doesn't get picked up everywhere. For this reason, we'll limit the image width to 2000 Resolves: #91687 Releases: master, 10.4 Change-Id: Iec7b185c37b3685f523a0debebf90dbc7025bbc6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64909 Tested-by:
Richard Haeser <richard@maxserv.com> Tested-by:
David Steeb <david.steeb@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
- Jun 21, 2020
-
-
Helmut Hummel authored
Currently \TYPO3\CMS\Core\Imaging\ImageManipulation\Area objects are serialized in processing configuration, therefore we must allow this class during unserializing the configuration. Resolves: #91675 Related: #91571 Releases: master, 10.4, 9.5 Change-Id: I8976754abed62e3c9a6205988176b5a1f0220e50 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64907 Tested-by:
-
- Jun 20, 2020
-
-
Andreas Fernandez authored
The JavaScript functions TBE_EDITOR.fieldChanged_fName` and its legacy alias `TBE_EDITOR_fieldChanged_fName` used to extract the table name, field name and uid from the incoming field name have been removed. As a drive-by bugfix, the undefined variables `TBE_EDITOR_setHiddenContent` and `TBE_EDITOR.setHiddenContent` have been removed as well. Resolves: #91578 Releases: master Change-Id: I528fde709367d5d474b846f347a3770d15b1a227 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64678 Tested-by:
-
Andreas Fernandez authored
Some modules have been rewritten to not use jQuery in the past. However, there was still a dependency due to missing `ready` handling. Since recent changes TYPO3 is capable of such handling and enables to remove jQuery completely from some modules. Resolves: #91598 Releases: master Change-Id: I23fa63f9090eee8abc49cd1993df27bec12d92e2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64832 Tested-by:
-
- Jun 19, 2020
-
-
Benni Mack authored
The current workspace preview middleware runs at a point after the Page ID (and PageArguments) has been resolved by the URL already. This means a workspace preview with a preview user (and not a backend user) does not work, as the user is registered too late in the Middleware workflow. In order to restore the functionality, the preview user is now created BEFORE the PageResolver middleware, and does everything (incl. sending the preview cookie, which is now attached to the response, and not done during processing of the request). However, as the webmount of the current page ID needs to be registered, a second middleware is added which runs before TSFE->determineId() but after the PageResolver and PageArgumentValidator middlewares. Resolves: #91662 Releases: master, 10.4 Change-Id: Ic0108d2cd468f3ecf84e5a0e06c0fd5329046606 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64900 Tested-by:
-
- Jun 14, 2020
-
-
Daniel Siepmann authored
A wrong label was used when using "Fluid based page module". This resulted in "[]" instead of "[Hidden]" for records with hidden headline. This is fixed by using the proper label reference. Resolves: #91628 Releases: master, 10.4 Change-Id: I7749cbf4441335f8493eadbb9386d95835dff9a9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64850 Tested-by:
Björn Jacob <bjoern.jacob@tritum.de> Tested-by:
-
- Jun 09, 2020
-
-
Oliver Hader authored
Overriding route requirements with `.+` allows to have slashes in route parameters. This is different to Symfony's default behavior not allowing slashes here at all. However, when having multiple route parameters it can lead to resolving false-positive routes like shown in the following example: routePath: '{first}/{second}' URI: https://example.com/first/second/third resolves to parameters + first: 'first/second' + second: 'third' This change passes existing TYPO3 route `requirements` and uses pattern `.+` only for those parameters not having a definition - both applies to parameters using `aspects` only. Besides that tests in `EnhancerLinkGeneratorTest` mixed internal argument values with URL parameters (`100` <=> `hundred`) are were "wrong" before. Resolves: #91246 Releases: master, 10.4, 9.5 Change-Id: Ic1fe15790cc16dd52c624cd3be9ed060ae9b9d69 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64654 Tested-by:Stephan Großberndt <stephan.grossberndt@typo3.org> Tested-by:
Manuel Selbach <manuel_selbach@yahoo.de> Reviewed-by:
-
- Jun 08, 2020
-
-
Simon Gilli authored
Setting up backend layouts with colPos not set will show the content of column 0 because of an excplicit cast of the colPos. This patch checks if colPos is set and if not skips the assignment of records. Resolves: #91176 Releases: master, 10.4 Change-Id: I75d9818c4330bb8a4d9a7a60130a547167a83e58 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64305 Tested-by:
-
Oliver Hader authored
Direct hash comparison is replaced by cryptographic-safe `hash_equals`. Changes in this patch set basically don't have much impact regarding security aspects. This is a preparation for starting with RIPS scanner. Resolves: #91565 Releases: master, 10.4, 9.5 Change-Id: I5666e586b6b6b462f7864a597139763fd2cd2f98 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64668 Tested-by:
-
- Jun 07, 2020
-
-
Markus Klein authored
Use only the body and the content-type header of the internal sub-request. Everything else of the sub-request can be discarded. Resolves: #91582 Related: #81644 Releases: master, 10.4 Change-Id: I393acb340c04b3c7aa0cde1e1de1df9fcc92ca7a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64672 Tested-by:
Johannes Kasberger <johannes.kasberger@reelworx.at> Tested-by:
-
- Jun 05, 2020
-
-
Benni Mack authored
TypoScriptFrontendController has had functionality to dynamically load JavaScript and CSS code, also in non-cacheable (USER_INT) content. This has been largely superseded via the AssetCollector API and PageRenderer API which is built in a way to deal with non-cacheable and cacheable content with proper method calls. For this reason, the legacy functionality is removed: * TSFE->setJS (used via TSFE->setJS('openpic') in core) * TSFE->additionalJavaScript * TSFE->additionalCSS * TSFE->JSCode * TSFE->inlineJS Although all methods and properties have been marked as internal in TYPO3 v10, a Breaking RST is still added. Resolves: #91563 Releases: master Change-Id: I167dae29e3daa5e1d5ad4c6848dcc49fbfec3183 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64660 Tested-by: -
Benni Mack authored
In order to reduce the amount of accessing globals in the future, and especially TYPO3_REQUEST which was born because of missing structure of TYPO3 Core, the currrent request object is now handed in (optionally) to methods, to work directly with them in TSFE context. Resolves: #91568 Releases: master, 10.4 Change-Id: I760dbd70c9748d69c669bc6f65d65d20dd8ab530 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64662 Tested-by:
Frank Nägler <frank.naegler@typo3.org> Reviewed-by:
-
Benni Mack authored
PageRenderer does not need to care about the actual content. Instead of re-running everything in PageRenderer, ModuleTemplate only calls PageRenderer->render() once. This simplifies the PageRenderer logic and adds a bit of performance improvements. Resolves: #91584 Releases: master Change-Id: I2397f43a4e26f40bb885b21a67ae7a503349a614 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64735 Tested-by:
Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
-
Benni Mack authored
This leaves TYPO3 to only handle "XLF" files for language labels natively. Resolves: #91482 Related: #91473 Releases: master Change-Id: Ibf2d0f087e333ab4874c614880022186634e3dbc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64631 Tested-by:
Benjamin Franzke <bfr@qbus.de> Tested-by:
-
Christian Toffolo authored
Resolves: #91550 Releases: master, 10.4, 9.5 Change-Id: I1de1eadbac4b4973250bba2dbf887efb19df872d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64628 Tested-by:
Jonas Eberle <flightvision@googlemail.com> Tested-by:
Tomas Norre Mikkelsen <tomasnorre@gmail.com> Reviewed-by:
-
Oliver Hader authored
Internal components using `unserialize` are enforced to disallow classes in their internal state representation. This is a preparation for starting with RIPS scanner. Resolves: #91571 Releases: master, 10.4, 9.5 Change-Id: I3a5026e34a381e79817b46025d81083b2bc5b290 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64778 Tested-by:
-
Nicole Cordes authored
This patch ensures the linkText is returned and used if the target page is not available in the current language. Resolves: #90182 Releases: master, 10.4 Change-Id: Ifed1921ff42746582dd5abab93fafe7a29c12233 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63016 Reviewed-by:
-
- Jun 04, 2020
-
-
Oliver Hader authored
This is a preparation for starting with RIPS scanner. Resolves: #91566 Releases: master, 10.4, 9.5 Change-Id: I6f994cec9c977242c278963c8aa55cb138bdabe2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64669 Tested-by:
Alexander Schnitzler <git@alexanderschnitzler.de> Tested-by:
-
Henri Nathanson authored
This fixes encoding issues in paths with URL-encoded spaces and other characters when indexed_search translates indexable file URLs into local paths. Resolves: #91586 Releases: master, 10.4, 9.5 Change-Id: Id20034137556f5705ee34b3adcca6250c77d83f2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64772 Tested-by:
-
Benni Mack authored
The cObject "TEMPLATE" in TypoScript is now removed. It only had little use without a given "FILE" cObject. TEMPLATE works on a marker-basis, and was promoted 15 years ago as "Modern Template Building". However, it has been superseded since TYPO3 v7 with FLUIDTEMPLATE. Resolves: #91562 Releases: master Change-Id: I328d56a11f879f329572ea6d2dbf991a945891ba Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64661 Tested-by:
-
Benni Mack authored
Common URLs like typo3.org, tools.ietf.org or php.net are nowadays available as HTTPS, however some places in TYPO3 still use http:// as reference. This should be streamlined to resemble https:// everywhere. Resolves: #91581 Releases: master, 10.4 Change-Id: I76b5211f7e14cab0c6d190059d2be761bc664b53 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64733 Tested-by:
-
- Jun 03, 2020
-
-
Tymoteusz Motylewski authored
Filter out pages user has no access to on query time in page tree. This patch reintroduce a change which was reverted with https://review.typo3.org/c/Packages/TYPO3.CMS/+/64369 Resolves: #91221 Related: #90880 Related: #91348 Releases: master, 10.4, 9.5 Change-Id: Id90752c331bc6fc12b0d3a7d047adacf08cb7804 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64346 Tested-by:
Uwe Trotzek <trotzek@citeq.de> Tested-by:
-
Oliver Bartsch authored
The plugin configuration of felogin is moved to the common used "Plugin" tab, to unify the position through the core. Resolves: #91416 Releases: master, 10.4 Change-Id: Ibbf26be6787795021e7ba6a0d3138bbf18121087 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64500 Tested-by:
-
Alexander Schnitzler authored
The property injection with non-public properties had been deprecated with #82975 and has been forgotten to be removed until now. With this patch only public properties can be used for extbase dependency injection. Releases: master Resolves: #90799 Change-Id: I21d4b8bcdd07a20ba9ad7ebd87465cc291572bba Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63821 Tested-by:
-
Nikita Hovratov authored
It is possible for values returned by stdWrap to be of type int. RequestHandler->generateMetaTagHtml() expects meta tag values to be of type string. In order to avoid php errors, return values are now casted to strings. Resolves: #91533 Releases: master, 10.4, 9.5 Change-Id: I642d5fe0189955e26689a6cf65cdbe23255356a2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64656 Tested-by:
-
Benni Mack authored
PageRepository->fixVersioningPid() needs "t3ver_wsid" and "t3ver_oid" to resolve a version, otherwise previewing in workspace context takes another SQL query per page slug candidate. Resolves: #91556 Releases: master, 10.4, 9.5 Change-Id: Ie95365fe76cd2e6e502324c5dbe145651795cff1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64657 Tested-by:
-
- Jun 02, 2020
-
-
Benni Mack authored
In change https://git.typo3.org/Packages/TYPO3.CMS.git/commit/e6e40cd214acc8581729ef9f6e98c5d9324ec11c of bugfix #90656 the title attribute of the result was changed to always be added, which should only be added when the title is not empty. Resolves: #91506 Related: #90656 Releases: master, 10.4 Change-Id: Ie267f89b5ae82daeb036c820391099f06bfccbaf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64653 Tested-by:
-
Benni Mack authored
All code that is using the constant TYPO3_MODE is hard to test, as this needs to be encapsulated into various places. All testing framework places run with TYPO3_MODE=FE which makes it impossible to even consider making parts of the testing framework compatible running a pure Frontend-based request in the future. On top, the constant covers up cross-dependency between core dependencies (whereas $GLOBALS[TSFE]->fe_user is actually a dependency to EXT:frontend). Another testing-helper in Extbase's EnvironmentService allows to switch within Extbase to simulate Frontend behaviour. Resolves: #91521 Releases: master, 10.4 Change-Id: I85a34029e399b40d0780f907480f9059bfdb0edb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64598 Tested-by:
-
Oliver Hader authored
Scalar values sent via HTTP query parameters to FileSystemNavigationFrameController are using `json_encode` instead of `unserialize`. The parameter stream is still secured with an HMAC before being deserialized. Resolves: #91548 Releases: master, 10.4, 9.5 Change-Id: I57be68aac1787bdc27f2bbae40f8d71b1b33f79f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64624 Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
