- May 26, 2020
-
-
Benni Mack authored
This change removes deprecated hooks and methods from TSFE related to output: * TSFE->isOutputting() * TSFE->processContentForOutput() * TSFE->settingLocale() * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['hook_eofe'] * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['pageIndexing'] * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['isOutputting'] * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['tslib_fe-contentStrReplace'] * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['contentPostProc-output'] Resolves: #91476 Releases: master Change-Id: I2711924dce00ad2cd1ec9a236d8fde9da0105a65 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64583 Tested-by:
Wouter Wolters <typo3@wouterwolters.nl> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
-
Benni Mack authored
This change removes all triggers ("SlotReplacement classes") to Signals that were used until TYPO3 v10 LTS. The SignalSlot Dispatcher still stay for the time being, but it is unused in TYPO3 Core now. Resolves: #91474 Related: #91473 Releases: master Change-Id: I08867cb5837f605e52a067457a91f40288556fab Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64578 Tested-by:Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Benni Mack authored
Used composer command: composer req "friendsoftypo3/phpstan-typo3:^0.3.0" --dev Resolves: #91494 Releases: master Change-Id: I94cc5fe935dd3c48c570cf630d34c0754fcd6d5b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64581 Tested-by:
-
Thomas Pronold authored
In order to avoid accidentally committing a FIRST_INSTALL for developers starting to contribute to TYPO3 Core and using Core git repository for its basis local development setup, the FIRST_INSTALL file is ignored from git. Resolves: #91119 Releases: master, 10.4, 9.5 Change-Id: Iad459240bbc8a68892f03adf547373bc608f6a90 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64239 Tested-by:
Josef Glatz <josefglatz@gmail.com> Tested-by:
-
Benni Mack authored
This change reflects the master branch to be targeted to v11. Testing framework is raised as well to support v11. This also means that all bugfixes now need to target "master, 10.4" or "master, 10.4, 9.5" for critical bugfixes. All features go into master branch again. Resolves: #91469 Releases: master Change-Id: Ife0f9d0fcf5ff13d55acb89dee5138e0e0b781e9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64573 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
- May 25, 2020
-
-
Oliver Hader authored
Resolves: #91471 Releases: master, 10.4, 9.5 Change-Id: Ib008a46cc2edb368fed3fc937858f1f3870938b5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64575 Tested-by:
-
Tymoteusz Motylewski authored
Also fix misleading comment about permissions. Resolves: #91454 Releases: 9.5, master Change-Id: I1a399f1be613f007440bf542441bee60f53e49e0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64557 Tested-by:
Richard Haeser <richard@maxserv.com> Tested-by:
Tymoteusz Motylewski <t.motylewski@gmail.com> Reviewed-by:
-
Andreas Fernandez authored
Deleting an extension in Extension Manager doesn't make much sense in a Composer-based installation. For this reason, the removal of extensions is prohibited now. Resolves: #91456 Releases: master, 9.5 Change-Id: Ia96cf2741fd749d9f50540366351c8b576cac96b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64568 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Simon Gilli <typo3@gilbertsoft.org> Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
- May 22, 2020
-
-
Benni Mack authored
The PSR-14 event "AfterFileCopiedEvent" in FAL now also has the possibility to return the newly created file and the identifier. Resolves: #91373 Releases: master Change-Id: I08a01a0424e37fe2f010d2894d41a14628bdc950 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64478 Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Tested-by:
Susanne Moog <look@susi.dev> Reviewed-by:
-
chris authored
If the TypoScript variable `plugin.tx_felogin_pi1.replyTo` was set to an email address, it triggered the following error: `Symfony\\Component\\Mime\\Exception\\InvalidArgumentException: An address can be an instance of Address or a string (\"array\") given)` Releases: master Resolves: #91458 Change-Id: I4179d42025d0373cd1d7c0938a83ec0c90e25465 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64559 Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
-
Benjamin Franzke authored
Git converts CRLF to LF when plaintext files are staged. The existing copies of the rte_ckeditor Contrib/* sources have therefore already been converted to LF by git [1]. Initially these files had been copied as CRLF from the ckeditor4 sources in node_modules by grunt npmcopy. Now, when `yarn build` is executed, the copy operation is performed again, which means the files are reverted back to CRLF. Git therefore needs to perform the CRLF to LF conversion again. (Which itself needs to be triggered by the developer by staging the changed files) We do now mimic git`s autocrlf behaviour and replace CRLF by LF in the files copied from ckeditor Contrib/* folders to prevent the files from clobbering the `git status` or `git diff` output. By passing `encoding: null` to the grunt.file.copy options we ensure that binary files will be copied as is. Also configure *.svg files to be checked out as LF on all platforms (namely windows) like we do for other plaintext files as well. This ensures svg files do not show up (in windows) as changed because their original from node_modules was stored as LF. *.patch is added as patching jquery on windows would fail otherwise. [1] https://git-scm.com/docs/gitattributes#_end_of_line_conversion Resolves: #91374 Releases: master, 9.5 Change-Id: I2977a6d44f96f6593152bfe698ba5d35f32b131f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64481 Tested-by:
-
Helmut Hummel authored
The point of repeatable update wizards is that they are not marked executed and thus always checked for possible updates. They therefore must not be marked executed during installation. Resolves: #91211 Releases: master, 9.5 Change-Id: Ic4e98b95711433705f77899d664cc7cf2c7a42ba Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64326 Reviewed-by:
-
Stefan Froemken authored
Activating "showHiddenFilesAndFolders" in BE User settings shows hidden files and folders also when navigating through the files in filelist module. Resolves: #91309 Releases: master, 9.5 Change-Id: I8f04b43a2cc0df93b6e77290caed2b33c6951e44 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64424 Tested-by:
-
Susanne Moog authored
Resolves: #91457 Releases: master Change-Id: I29009a9498b050942e34a27815acdf996e6f0539 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64558 Tested-by:
-
Oliver Bartsch authored
Resolves: #91459 Relates: #91302 Releases: master Change-Id: Ic4af3247d7557a6c12a8d538e85795c507eab69a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64561 Tested-by:
-
Oliver Bartsch authored
With the removal of `selicon_field_path` in #87937 also the automatic record type icon mapping was removed. As a result the record icon of a select item based on `foreign_table` is not resolved anymore. In addition, the `selectIcons` list is therefore no longer displayed. The previous functionality is now restored. Resolves: #91302 Relates: #87937 Releases: master Change-Id: If62f4ba65ef54ec2345131f6c117ce4336e76c4c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64560 Tested-by:
-
- May 21, 2020
-
-
Tymoteusz Motylewski authored
To highlight difference between BackendUtility::BEgetRootLine() and RootlineUtility->get() Resolves: #91455 Releases: 9.5, master Change-Id: I63d7ca395d5a052d29d718316474b69d6519ebc9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64554 Tested-by:
-
Oliver Bartsch authored
Resolves: #91345 Releases: master Change-Id: I54ab67e85b3bf24b06916b674765ed22fb5de76c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64508 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
-
Andreas Fernandez authored
If an action in the Install Tool is executed that is related to an inline module or an interactable module (a.k.a "modal"), its trigger button(s) get now properly disabled and enabled to avoid executing the same actions consecutively while any request is still pending. Resolves: #91076 Releases: master Change-Id: I9a61063819f21a33ac8ede644fa8f998212b342b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64207 Tested-by:
Jonas Eberle <flightvision@googlemail.com> Tested-by:
-
Markus Klein authored
When initializing the configuration for a cache any existing configuration under its old name (cache_ prefixed) is applied as an additive override now. This ensures that basic configuration like groups are preserved and not removed with the formerly correct way to adjust cache-config. Resolves: #91306 Releases: master Change-Id: Ic862f80263f410688d2dffb7c13948c1c40488a3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64407 Tested-by:
Johannes Kasberger <johannes.kasberger@reelworx.at> Tested-by:
-
- May 20, 2020
-
-
Benni Mack authored
The documentation for lowlevel commands are optimized so they make more sense: * Nightly checks are run with a --dry-run command * cleanup:versions info is removed (the command is gone) * Checks have a --dry-run command Resolves: #88874 Releases: master, 9.5 Change-Id: If82ab67f7aec48c1b533e84d70ecdadc94e528bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64530 Reviewed-by:
Tobias Gaertner <tobias.gaertner@benaja-websolutions.com> Reviewed-by:
-
Helmut Hummel authored
Set the current page id early, so that PageTS is fetched from the correct page instead of id 0. Releases: 9.5, master Resolves: #91445 Change-Id: I95a50b6c9d45be54291f27828d9f35cb62b3b4dd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64553 Reviewed-by:
Daniel Siepmann <coding@daniel-siepmann.de> Reviewed-by: Thomas Hohn Reviewed-by:
Helmut Hummel <typo3@helhum.io> Tested-by:
-
- May 19, 2020
-
-
Oliver Hader authored
Change-Id: I22eb57766cd6ddd8aa31447ccd374e52920c2010 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64529 Tested-by:
-
Oliver Hader authored
Change-Id: Ifd8e3cc62c5b0a27b0bc938e5dbc8cb136a1d07c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64528 Tested-by:
-
Helmut Hummel authored
When saving a record on a page that is not part of a site, the slug field of this record, despite being set to "uniqueInSite" is not checked for uniqueness, as it is assumed unique enough. This assumption needs to be applied as well when resolving the record, instead of assuming the resolved record is not part of the current site. Releases: master, 9.5 Resolves: #91438 Change-Id: I347909b9b4caa523de3ad8e5d84c465e5d57b052 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64520 Reviewed-by:
-
Thomas Hohn authored
Re-added `$this->where_groupAccess` to init method. Resolves: #91429 Releases: master, 9.5 Change-Id: Ibd9b169e8d11e358023d8cfbd2085995769d16cc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64516 Tested-by:
-
Riny van Tiggelen authored
The old tx_realurl_pathcache does not have a uid field, but uses the field cache_id. The order-by now uses a different field depending on the table. Resolves: #90957 Releases: master, 9.5 Change-Id: I5efc62cb8a7cc1d96a503043d268fdacb3564e4b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64085 Reviewed-by:
-
- May 18, 2020
-
-
Oliver Hader authored
With TYPO3-CORE-SA-2020-006 (SSRF via XSS) a strict referrer handling has been introduced to avoid the install tool being called from other non same-origin locations. In case a HTTP referrer header was empty the system tried to refresh the view - otherwise the request was denied completely. Changes of issue #91396 using refresh-always are applied as well. Resolves: #91433 Related: #91396 Releases: master, 9.5 Change-Id: I2a570da4f2a933e709d653b54f1d53d5055ef3f7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64519 Tested-by:
-
Andreas Fernandez authored
The generated cache identifier may get very long in case a page has many frontend groups configured and may exceeds the limit of the caching frontend (which is 250 characthers per definition in FrontendInterface::PATTERN_ENTRYIDENTIFIER). To bypass this issue, the group list is hashed now. Resolves: #91413 Related: #91208 Releases: master, 9.5 Change-Id: Id44ae862eb5d45afbd49dc3f833c101c6acb5f5b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64512 Tested-by:
Frank W Blank <blank@wiro-consultants.com> Tested-by:
-
Benjamin Franzke authored
The PSR-11 container instance was not cleared upon serialization which caused an exception when Closures in the container where tried to be serialized. __wakeup() does already contain code to reset the container instance, therefore we only need to clear the entire object manager properties in __sleep(). Releases: master Resolves: #91398 Related: #88689 Change-Id: I58202752577b58cd882d13f471af1e045c9a4187 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64489 Tested-by:
Alexander Schnitzler <git@alexanderschnitzler.de> Tested-by:
-
Oliver Hader authored
Resolves: #91417 Releases: master, 9.5 Change-Id: I690cf19965310cdb8612dca3b34f751aafb4c550 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64502 Reviewed-by:
-
Alexander Schnitzler authored
While introducing the fully qualified controller class names in the extbase plugin configuration the originally used setter \TYPO3\CMS\Extbase\Mvc\Request::setControllerObjectName() has no longer been used to guess extension name, subpackage key and controller name from the class name since all that information is known. Said setter has been kept nevertheless and it was overlooked that it was still used by fluid widgets. This leads to property \TYPO3\CMS\Extbase\Mvc\Request::$controllerObjectName being empty in widget requests which then leads to an exception when trying to create a ClassSchema for the controller object name "". To fix this, the widget request is now created with the controller object name as constructor argument. Releases: master Resolves: #91418 Change-Id: I6abcdb8c68e831459228cc35c3263cec83d16f67 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64505 Tested-by:
-
Alexander Schnitzler authored
The ReflectionService usually doesn't get serialized by users directly but since Extbase has an unclean dependency chain, the serialization of the ReflectionService is triggered in user land code when serializing a LazyObjectStorage e.g. Since it's no problem to implement a clean serialization and unserialization of the ReflectionService it is implemented with this patch and will no longer cause any troubles. There is just one thing to mention. The ReflectionService usually comes with a cache which cannot be restored during wakeup of the serialized service. It's unlikely but it's possible that the absense of the cache can cause a performance hit. Releases: master, 9.5 Resolves: #91404 Change-Id: I8c64968f0f329528c9f578ba0ef76437ada40ac0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64494 Tested-by:
-
Oliver Hader authored
TYPO3-CORE-SA-2020-005 caused side-effects on Fluid AJAX widgets which unfortunatelly support any class instance to be temporarily stored in the current user-session. With mentioned change to address an insecure deserialization vulnerability it was limited to items that could be JSON-serialized. This limitation is removed again by switching back to `unserialize()`, but using an encryption-key-based HMAC signature on the payload. Due to its architecture there is no better approach available. This partially reverts commit e4fb92a8. Resolves: #91382 Releases: master, 9.5 Change-Id: I68cbd15e7df2f536180f174fa63cf27f8a19cfcd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64501 Tested-by:
Jonas Götze <jonnsn@gmail.com> Tested-by:
-
Resolves: #91411 Releases: master Change-Id: If9850f683e1f6e72e62fcfdb41802430d1888f69 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64510 Reviewed-by:
-
Oliver Hader authored
With TYPO3-CORE-SA-2020-006 (SSRF via XSS) a strict referrer handling has been introduced to avoid the TYPO3 backend being called from other non same-origin locations. In case a HTTP referrer header was empty the system tried to refresh the view - otherwise the request was denied completely. It turned out that this scenario was probably too strict, disabling feature `security.backend.enforceReferrer` was the only work-around for site administrators. This change adds new options for handling referrers in backend routes: * refresh-empty (existed already): refresh in case referrer is empty * refresh-same-site: refresh in case referrer is on same site, like `https://example.org/?eID=auth` calling `https://example.org/typo3/` * refresh-always: refresh always in case there is not valid referrer TYPO3's main backend route is using `refresh-always` now to be more relaxed on handling same-site and cross-site referrers as well. The term "refreshing" relates to trigger a reload in the browser to get the referrer of the current location. This still block direct CSRF/SSRF requests since the refreshing HTML instructions are delivered back to the client. Besides that, cross-site requests are covered by the `same-site` cookie policy, and existing CSRF tokens. Resolves: #91396 Releases: master, 9.5 Change-Id: Ib3756671fa60c6f41ba992d0e645f03da1730d19 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64492 Tested-by:
-
Andreas Fernandez authored
The PasswordRecovery template misses a layout which results in an empty HTML part being rendered. This patch adds the layout and renders our marvellous HTML mails again. The plaintext part missed the layout as well, which caused to miss some additional information available in the mails. Resolves: #91412 Related: #90729 Releases: master Change-Id: Ic883aefa5ae88783d0c74d2c7843d1e8445461ab Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64498 Tested-by:
Annett Jähnichen <jaehnichen@webit.de> Tested-by:
-
- May 17, 2020
-
-
ayacoo authored
Releases: master Resolves: #91395 Change-Id: If1c5c896c519aa5cf5ff35072bb101f718f8cdcb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64488 Tested-by:
-
- May 15, 2020
-
-
jdoe-dev authored
The namespaces for the PSR-14 events are not working. Removed /Login - path since this is not existing. Releases: master Resolves: #91411 Change-Id: I25209c739f1f55b8c375a9f58ad4ce551344ae5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64497 Tested-by:
-
Andreas Fernandez authored
When a null placeholder checkbox is changed, the linked form field is now marked as "changed", which triggers the confirmation when leaving the form while being unsaved. Resolves: #91351 Releases: master, 9.5 Change-Id: I1b3ac08223a4a4c588a980abe70f22ff9814b13f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64444 Tested-by:
Xavier Perseguers <xavier@typo3.org> Tested-by:
-
