Calling a site using http://example.org/index.php/invalid/ leads to
~/index.php/whatever/ being used as internal script path, which causes
errors or internal side-effects.

This behavior seems to occur only on web-servers using Apache with
PHP-CGI or PHP-FPM, using PHP setting `cgi.fix_pathinfo = 1`.

In case `cgi.fix_pathinfo` is enabled, the current script name is
retrieved from `$_SERVER['SCRIPT_FILENAME']` instead.

Resolves: #97543
Releases: main, 11.5, 10.4
Change-Id: Ia5f6b705253d42d4fc409b90b21d0363c4b97974
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74505


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

composer v2 is no longer an experimental feature of
Docker Desktop for MacOS/Windows. Broken composer v2
error message should be updated to give proper actual
information how to disable it correctly.

Resolves: #97489
Releases: main, 11.5, 10.4
Change-Id: I7c4199e5d3d3c47bbadba8210cc96b0385ab6fcc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74456


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>

When uploading new assets to the filelist,
the metadata (e.g. width and height) are
automatically extracted from the corresponding
files. This does not work for online media files,
e.g. a YouTube video. Therefore, the corresponding
services' oembed API is used to retrieve the
related metadata.

YouTube however changed their oembed API recently
to always set a width of "200" and a height of "113"
by default. This is obviously far too small for any
use case.

Since YouTube is following the oembed specification
(https://oembed.com/#section2.2), it's possible to
provide the "maxwidth" and "maxheight" parameters
to the oembed URL. This way YouTube returns
meaningful values for width and height.

Actually a similar change was already done to
the Vimeo integration in #85176. Vimeo however
supports the custom "width" parameter, which is
not mentioned in the specification and also not
supported by YouTube.

Resolves: #97481
Related: #85176
Releases: main, 11.5, 10.4
Change-Id: If902cf17b12fc510592a48828d8304fad42e2bfa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74454


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Add script to 'Build/Scripts/runTests.sh' to clean build and
test related files and folders to get fast a clean state.
Local instance related files are untouched and kept intact.

Added commands:

> Build/Scripts/runTests.sh -s clean
> Build/Scripts/runTests.sh -s cleanBuild
> Build/Scripts/runTests.sh -s cleanCache
> Build/Scripts/runTests.sh -s cleanTests

Resolves: #97355
Releases: main, 11.5, 10.4
Change-Id: I05c9dd966f4703315474e369dad52b1a40881c60
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74400


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Over time dangling local anonymous docker volumes
pollutes local docker environments and consuming
space on core contributors discs.

This patch additionally removes dangling, unused
anonymous local docker volumes when updating core
testing images are requested with:

> Build/Scripts/runTests.sh -u

Resolves: #97361
Releases: main, 11.5, 10.4
Change-Id: I6b25a88a9ff119035eea7d5efd6c415bd490a3eb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74306


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Having a CODE_OF_CONDUCT.md document that links to the TYPO3 code
of conduct provides users who view the project source on GitHub
easy, direct access to the full text.

Releases: main, 11.5, 10.4
Resolves: #97376
Change-Id: I6509b402a5229cbd926ce42b4fd6a1c0e60e0fc2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74300


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Lina Wolf <112@linawolf.de>

- align README.rst, Index.rst, Includes.txt, Includes.rst.txt,
  Settings.cfg
- add genindex.rst, Sitemap.rst
- remove outdated Targets.rst
- reference manual's start page with :doc:`<manual>:Index`

Adding the custom label `start` to the beginning of the manual's
Index.rst is redundant. Use :doc:`<manual>:Index` instead of
:ref:`<manual:start>` to refer to it.

- replace :ts: with :typoscript: text role

The ambiguous :ts: text role has been removed to
not confuse the writer with typescript and typoscript.

- rename Includes.txt to Includes.rst.txt
- align reST validator at Build/Scripts/validateRstFiles.php
- remove outdated encoding note

- fix rendering warnings of EXT:core
- fix rendering warnings of EXT:fluid_styled_content
- fix rendering warnings of EXT:form
- fix rendering warnings of EXT:linkvalidator
- fix rendering warnings of EXT:lowlevel
- fix rendering warnings of EXT:rte_ckeditor

See https://docs.typo3.org/m/typo3/docs-how-to-document/main/en-us/GeneralConventions/FileStructure.html for further details.

Resolves: #97258
Releases: main, 11.5, 10.4
Change-Id: I791c905d294a1eb71bd30ff2260f68be2b22f41e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74233


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Lina Wolf <112@linawolf.de>

The CropViewHelper does not have a "length" argument, but the
"maxCharacters" argument is mandatory. From the context it is clear that
the wrong argument was accidentally used here and that this needs to be
renamed.

Releases: main, 11.5, 10.4
Resolves: #97362
Change-Id: I4e8b443f48006024a5949a143f50ed309cdd3d9c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74294


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Change-Id: I947cde3378f0d3ca02ef59c35cc7b0e18b85e751
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74273


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: Ib8848fca36837bde9b0f0dc528e44e4ee2fde0af
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74272


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The check for doing the functional test splitting
script and running the selected chunk used similar
but different minimum chunk value to check against.
Thus the splitting script has not been executed in
all chunk execution contexts.

This patch uses now exactly the same check in the
'Build/Scripts/runTests.sh' like it is defined in
the corresponding docker-compose service config.

Furthermore all previous created functional split
files are now removed to avoid leftovers, which
occured if re-run has lower chunksize defined.

Example which is now properly fixed:

> Build/Scripts/runTests.sh -s functional -c 1/1

Example with partial part files from previous run:

> Build/Scripts/runTests.sh -s functional -c 1/10
> Build/Scripts/runTests.sh -s functional -c 1/8

Resolves: #97283
Releases: main, 11.5, 10.4
Change-Id: Id3a0d1c85540b4e7e46aaea69cf2d96839e8e72e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74194


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch applies the new documentation standards to the .editorconfig.

Resolves: #97302
Releases: main, 11.5, 10.4
Change-Id: I798b355f71dfa7ba8ac20ad424105e99a5c870cc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74141


Tested-by: core-ci <typo3@b13.com>
Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Lina Wolf <112@linawolf.de>

When core functional tests started to heavily rely
on CSV based import- and assertion files, we found
that editing such .csv files in Microsoft Excel leads
to warnings if the number of columns is not identical
for each row.

Script checkIntegrityCsvFixtures.php has then been
established to verify all rows of .csv fixture files
have the same amount of fields per file, and has been
enabled as CI job to ensure all existing fixture
files follow this.

Nowadays, this restriction feels archaic: Devs actively
working with these CSV files typically edit them in
an IDE like PhpStorm directly and don't use Excel for
this anymore. The PhpStorm plugin "Rainbox CSV" also
helps by coloring these files and other alternatives
like libreoffice do not have this 'all rows must have
same number of colums' restriction.

The patch drops the script, the runTests.sh usage and
the CI calls. This has the additional advantage that
line breaks for single fields are now possible, which
will further improve handling and readability of field
values in upcoming patches.

Resolves: #97274
Related: #83943
Releases: main, 11.5, 10.4
Change-Id: I2b4c2afc98c8471bccae1afb15e055182b563ee7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74131


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

In accordance with the core code base, "libs" in
"includeJSFooterlibs" must be lowercase.

Releases: main, 11.5, 10.4
Resolves: #97251
Change-Id: I0b1d25d6f22254cf7d3747cf66ab0c7e2e611628
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74133


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Recent CKEditor4 v4.18.0 addressed several vulnerabilities:
* CVE-2022-24728 (XSS via attributes & comments)
* CVE-2022-24729 (reDoS via Dialog Plugin API)
* see https://ckeditor.com/cke4/release/CKEditor-4.18.0 for details

Mentioned known vulnerabilities are not considered relevant for the
TYPO3 backend user interface. By-passing CKEditor's XSS protection
allows to persist malicious markup in database fields, which is
mitigated during frontend rendering by typo3/html-sanitizer.

That's why this issue is handled as regular bugfix.

Executed commands:
  cd Build/
  nvm use
  yarn add ckeditor4@^4.18.0
  rm -r ../typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Contrib/
  yarn exec grunt build

Resolves: #97239
Releases: main, 11.5, 10.4
Change-Id: I3be12120c316b334e7efd237d0300e6d3cd165a8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74058


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

Recent guzzlehttp/psr7 versions address vulnerability CVE-2022-24775.
Mentioned known vulnerability is not considered relevant for the
TYPO3 core. That's why this issue is handled as regular bugfix.

Commands executed:
  composer req guzzlehttp/psr7:^1.8.5
  composer req guzzlehttp/psr7:^1.8.5 \
    -d typo3/sysext/core --no-update

Resolves: #97240
Releases: main, 11.5, 10.4
Change-Id: I915b5620140912ecf1e0dc5bc887f4cc25ffb85a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74061


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The confirmation password, required for accessing
the install tool through the backend, now uses the
autocomplete attribute to prevent password managers
from initiating a "change password" workflow.

Resolves: #92969
Releases: master, 10.4
Change-Id: I27bc81e7ebaa9684b4e15c7208841ca5e3a4338d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73998


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Resolves: #91204
Releases: 10.4
Change-Id: I68be95cc7517d505ef555ab321119f539c956603
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73858


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Change-Id: Ie878e940ba6365fd72649a25e23d26e06c0db365
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73853


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Change-Id: I06ed4c4b1242374d5792bcf96585fc2dae9eb728
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73852


Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

The ExpressionLanguageResolver should be generic and not
implement some TypoScript related logic.

Therefore the check for "ELSE" expression is moved to
AbstractConditionMatcher

Dead code is removed on the go.

Resolves: #97077
Releases: 10.4, 11.5, main
Change-Id: Ic5037b46c65ffb80f2f5b242e671e2454922171c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73838


Tested-by: core-ci <typo3@b13.com>
Tested-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Helmut Hummel <typo3@helhum.io>

When ext:felogin is configured to redirectMode "getpost,login",
the extension does always redirect to a page configured in
TS/Flexform although a valid redirect URL is provided using
`return_url` or `redirect_url` GET parameter. Root cause of the
problem is the wrong assignment of the fluid variable
`redirectURL`, which should be used for GET/POST redirect urls
only.

This patch ensures, that the fluid variable `redirectURL`
is assigned either with GET data from `return_url` or
`redirect_url` if available.

Resolves: #92068
Releases: main, 11.5, 10.4
Change-Id: Iae3ba5c4345b26a1cf9d52801c6d101c5986dbb4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73785


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

DefaultSanitizerBuilder for HTML sanitizer creates a new behavior
for each invocation which is superfluous and can be cached in memory.

Resolves: #96862
Releases: main, 11.5, 10.4
Change-Id: I4a6710524a1f2f1256c8aa7694ceaa56a627a07f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73460


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Install tool has been trying to connect to the database before
checking if a bare minimum of configuration is given to. This has
been done to decide if the database connect step needs to be shown.

Starting with php8.1 this fails hard and the step is not shown,
thus an installation cannot be finished.

This patch change the checking order and checks for the bare minimum of
configuration first, before try to connect to the database.

Build/Scripts/runTests.sh -s acceptanceInstall -p 8.1 -d sqlite
Build/Scripts/runTests.sh -s acceptanceInstall -p 8.1 -d mariadb
Build/Scripts/runTests.sh -s acceptanceInstall -p 8.1 -d mysql

Resolves: #95545
Releases: master, 10.4
Change-Id: I9923198b26f86e44fd6c1f6655195faa0c79895e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73652


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

Change-Id: Iaf5eac9530f91a647c1702ff2f0800488cdee1c7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73640


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: If64bef86e6414801ec81cd622d4a59c80b5a43ff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73639


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Recent release of enshrined/svg-sanitize addressed a XSS vulnerability.

The main purpose of having this library in TYPO3 is to protect against
user submitted images that contains markup - which is possible with
SVG files. In most TYPO3 scenarios these files would be stored in
https://example.org/fileadmin/evil.svg and can be fetched directly.

However, recent update for CVE-2022-23638 of the svg-sanitizer library
seems to address the usage of inline SVG, used in an embedded HTML
context, see https://github.com/darylldoyle/svg-sanitizer/issues/71

Resolves: #96901
Releases: main, 11.5, 10.4
Change-Id: Iacbaf4b9c9725dee9c12df3646fc1131b7ed93ed
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73628


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

For unknown reasons the /ajax/login/refresh
route has never been used (all the way back to v6),
to request a session timeout update.

Instead the route /ajax/login/timedout, *without* the
skipSessionUpdate=1 parameter has been used to
refresh an existing session.

With the introduction of configurable route parameters
in #81409 this inconsistency wasn't noticed and the
skipSessionUpdate parameter has been moved into the
route-configuration, which meant /ajax/login/timedout was
always called with skipSessionUpdate=1,
even as result of the "Stay logged in" button, where
a session update was intended.

Use the dedicated /ajax/login/refresh route
in order to actually refresh the session.

Releases: main, 11.5, 10.4
Resolves: #96978
Related: #81409
Change-Id: I6e7ac78fdfae49fa07ac6b75d64dd1c381ad7e2b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73625


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Recent pdo_sqlsrv 5.10.0 force SSL enabled
connections with valid certificates. We can't
supply these in CI right now.

The patch removes active functional testing with
this DBMS on CI, but keeps the rest of the
infrastructure in runTests.sh and friends.

This is a quick fix to get v11 and v10 green
again. We could pick this up again if we find
a solution for the certificate issue.

Resolves: #96974
Releases: 11.5, 10.4
Change-Id: I0af99c52ae447ae6974d21236a862179e9b40dd6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73614


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Our LICENSE.txt files contain a custom header
mentioning details of a 3rd party library.

The patch resets LICENSE.txt files to the
default GPLv2 version [1] and moves the 3rd party
credits to the backend about module, which
already lists other credits. This obeys the
authors whish to set a link to his work.

The default LICENSE.txt files have the additional
advantage that services like github should
recognize the project as GPLv2 licensed project.

[1] https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

Resolves: #96837
Releases: main, 11.5, 10.4
Change-Id: I63a4cd286ea3714667688d12347034b9ae67f276
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73447


Tested-by: core-ci <typo3@b13.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

Change-Id: I46b6ad09eacc8e7da38743607d3537323108d36d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73348


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I63603e8a8511b2599b20ee1d1065e7cca730e6b9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73347


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Due to a bug, the class properties did not override
properly using alternative names as the TYPO3-internal
"mergeRecursiveWithOverrule" was used in the wrong order.

This patch now uses "array_replace_recursive" and adds the
child properties at the very end.

Resolves: #87566
Releases: main, 11.5, 10.4
Change-Id: I91799cfb6c2effb8440bd099502ae801c9a69d15
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73087


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Under some circumstances, e.g. in a translations
only page module, a given $languageId (in this case
the default `0`) is not part of the $siteLanguages
array, since this only contains languages, allowed
for the user.

To fix a null pointer exception, we check whether
the SiteLanguage exists, before accessing it.

Resolves: #96600
Releases: 10.4
Change-Id: I2897edbf932075645a0c00dddb441b7eaa098708
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73102


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

When previewing pages a null pointer exception
is triggered in the frontend RequestHandler, in
case $GLOBALS['LANG'] does not exist. This
is the case when no user object exists (or is
not a FrontendBackendUserAuthentication).

This is now fixed by creating the LanguageService
with the corresponding factory and no longer relying
on $GLOBALS['LANG'].

Additionally, another possible null pointer is
fixed in the factory, since createFromUserPreferences()
allows NULL for the first parameter "$user"
but previously did not check the provided
value before accessing.

Resolves: #96590
Releases: main, 11.5, 10.4
Change-Id: I160a9dae9131973d681b392ee713d1fadcb9a24b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73095


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

The created reports.xml when running acceptance tests
is used for nothing in CI and just uploaded as artifact
along with the other reports. When ac tests fail, the
generally useful file is reports.html together with the
screenshots. Creating the xml file is skipped now.

Users who still want to create the xml file when running
the acceptanc test suite can do so by adding the "extra"
argument to runTests.sh:
> Build/Scripts/runTests.sh -s acceptance -e '--xml reports.xml'

Resolves: #96557
Releases: main, 11.5, 10.4
Change-Id: Ic385e307bb48702bc9269e42960fc76f1aa0be41
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73050


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Doctrine uses mixed type for most of their method arguments in
QueryBuilder. Since TYPO3 core uses variadic arguments for some
methods in the wrapping QueryBuilder, argument types have been
streamlined to match the ones in the concrete QueryBuilder
instance from Doctrine.

Resolves: #96507
Related: #96457
Releases: main, 11.5, 10.4
Change-Id: I834240f764feac7af9fba7db0d45aaf4927abb2e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73010


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The change for issue #94357 introduced handling for `event/` URLs,
and accidentally modified handling for `video/` URLs as well. As a
result, the `video/` IDs were incorrectly resolved containing a
leading slash.

Resolves: #96509
Releases: main, 11.5, 10.4
Change-Id: I5623ff59dac44a699877e4e5a2e91707f72a407e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72969


Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I9afad25a88555d3a89610b63ab0afd21e1284304
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72957


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I52bd2fc97d0e1a24ad393bc6b2fb4597fb5f73be
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72956


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>