The form extension uses iconv_strlen to determine
the string length, which fails when this method
is not present in PHP.

Use the CharsetConverter class instead.

Fixes: #42990
Releases: 6.0

Change-Id: Ibf7e82c85bd808f036c7d0715f55d6f1f9e5b8d5
Reviewed-on: http://review.typo3.org/16449
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I19bf442d362fc1ba7dd2df2d5d7e55c592222e27
Reviewed-on: http://review.typo3.org/16447
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The reports module to show the main typo3.org TER repository
extension list status and the security state of loaded and
existing extensions was not implemented with the new
extension manager.
The patch adds the missing reports.

Resolves: #39914
Releases: 6.0

Change-Id: Ib26dad4d798829ee96d900a80311aa28bb021c2c
Reviewed-on: http://review.typo3.org/16446
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The configuration of an extension can make use of
labels and those are not translated in a select box.

Therefore use LANG->sL()

Change-Id: I12c09b3cf0b68e5f5f0f1d03ac5f78dd89d7bbde
Fixes: #42931
Releases: 6.0
Reviewed-on: http://review.typo3.org/16437
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

Change-Id: Ia90500734c71095c82f774ac6c0acd16ce28f096
Resolves: #42253
Releases: 6.0
Reviewed-on: http://review.typo3.org/16224
Reviewed-by: Philipp Gampe
Reviewed-by: Tomasz Krawczyk
Tested-by: Tomasz Krawczyk
Reviewed-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The labels for the options of the settings "Hashing method for the
backend|frontend" are missing because the class names of the
salt methods, which changed in previous commits, are part of the
language key for the labels.

Change the language key generation to use the class name without
the prepended namespace and add the corresponding language key in the
actual language file.

Fixes: #42832
Releases: 6.0

Change-Id: I1ae96bd90bf153f0379159e1695701ecf5f9f004
Reviewed-on: http://review.typo3.org/16369
Tested-by: Philipp Gampe
Reviewed-by: Philipp Gampe
Reviewed-by: Tilo Baller
Tested-by: Tilo Baller
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Paths to the class files and class names for the user functions used
in the extension configuration of EXT:saltedpasswords are wrong, since
they were moved and namespaced.

Thus opening the extension configuration in extension manager fails
with a fatal error, because the required class files can not be loaded.

Load the right classes.

Fixes: #42829
Releases: 6.0

Change-Id: I9e9dd6f3f8ceacf0196971db91f108d7dc963bcd
Reviewed-on: http://review.typo3.org/16368
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Mattias Nilsson
Reviewed-by: Tilo Baller
Tested-by: Tilo Baller
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

t3lib_iconWorks::imagecopyresized was refactored
in #26660. Unfortunatelly that change introduced
a regression. Parameter names were changed in
the method definition, but not inside this method.

This change makes parameter names consistent.

Change-Id: I819da83ea059ecc7d17348c12ca64b37fac6dae0
Fixes: #39563
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/13488
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

The logos have been changed to match the new CI,
but were cut out sloppily.

Exchange the most prominent logos with proper ones.

Fixes: #42850
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Id5ac815b8c2b381bef89f9e152345fd29a822bf6
Reviewed-on: http://review.typo3.org/16391
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I68301629737a66a76332e59b3ccd674bb7d05722
Reviewed-on: http://review.typo3.org/16387
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Change-Id: Id506e3479c6b48526b7a9cdfdd211bc33c1a61d6
Reviewed-on: http://review.typo3.org/16386
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Currently extensions with "suggests" contraint in ext_emconf.php
fail to install in Extension Manager with exception
"suggestwas not a valid dependency type.".

Example (taken from EXT:saltedpasswords ext_emconf.php):
    'constraints' => array(
        [...]
        'suggests' => array(
            'rsaauth' => ''
        )
    ),

NOTE: This patch does not implement the missing handling
for suggested extensions.

Fixes: #42594
Releases: 6.0

Change-Id: I326de368508c5c9a350d7b7e84b07f3bc1582437
Reviewed-on: http://review.typo3.org/16367
Reviewed-by: Francois Suter
Tested-by: Francois Suter
Reviewed-by: Oliver Hader
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The current translation handling does not respect
subfolders in the zip file during extraction.
This leads to partly missing translations as the
translation files were not in the correct folder
structure.

Create the folder structure during zip file extraction
and improve the path calculation so that path traversal
is not possible any more.

Fixes: #42840
Releases: 6.0

Change-Id: I9e03622879f38d294b2487c63e9ced0ba40d8142
Reviewed-on: http://review.typo3.org/16381
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Tested-by: Oliver Hader
Reviewed-by: Oliver Hader

The current implementation in the TYPO3 backend does not allow
to store NULL values, only empty strings or zero as number are
allowed.
Since the overlay behavior of FAL takes e.g. the description
property from the original file object an empty value in the
disposal (the referenced file) cannot be defined to be blank,
thus not clearing the original file description.

For this case we need a new behavior to allow NULL values in
the storage and to handle that in the backend view.

This feature is enabled by adding "null" to the eval list of
the TCA configuration of a field, example:

'columns' => array(
  'title' => array(
    'config' => array(
      'type' => 'text',
      'eval' => 'null',
    )
  )
)

Besides that, of course the database field definition needs to
be updated to support NULL values.

Change-Id: Ib5cd0e34e34d084df7ba3380ae81e5240bcf76d6
Resolves: #41773
Releases: 6.0
Reviewed-on: http://review.typo3.org/15458
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

This patch enables IRRE fields in flexform. They can be used
identically to the TCA.

FlexForm segments are separated by a new divider "---" to
easily have the possiblity to recognize and parse them when
handline the IRRE object identifiers.

Besides that a new remapping level for FlexForms has been
introduced to the DataHandler to update accordant FlexForm
references after all child records have been written.

Unit tests have been extended to check the new additions to
the accordant object identifiers and form names. This is
important to any processing of IRRE in the form view.

Change-Id: Icadb89c2e496a5f1ad7de298ebee06d144475a11
Resolves: #18957
Releases: 6.0
Reviewed-on: http://review.typo3.org/13968
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Kai Vogel
Tested-by: Kai Vogel
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

On case sensitive file systems the SUViewHelper
cannot be found, as the file is named SUViewHelper.php
and the class SuViewHelper.

Rename both file and class to match and to be more
speaking.

Resolves: #42826
Releases: 6.0

Change-Id: I19c0b7c39b77ba2d7b192a989e5d45b2b7d4a2c7
Reviewed-on: http://review.typo3.org/16366
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The TypoScript Object "FILES" has been changed to be aware
of translations in the meantime. Anyhow the Content Element
uploads does not benefit from that, as it hardcodes the uid
of the related element and therefore the automatic logic
recognizing translations does not work.

Remove the affected line of TypoScript.

Change-Id: Ia70272a2d646c2d29eca311c44dc6a0706d1778c
Releases: 6.0
Fixes: #40607
Reviewed-on: http://review.typo3.org/16363
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

If a custom content element is created by using
an extension and the ext is removed, an empty content
element is rendered in the page module.

Now the same warning is shown as if a non existent
plugin is rendered

Change-Id: Ib98ff3fdf17d7383b51e6c108854a2fc34d5def4
Resolves: #42510
Releases: 6.0
Reviewed-on: http://review.typo3.org/16223
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Wouter Wolters
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

A list of default categorized tables is put within the Install Tool
for now, since we don't have a dedicated BE module for category

Change-Id: I1b620652a09ae9712cbd5cd38a8bed8ab8605b6e
Resolves: #38716
Releases: 6.0
Reviewed-on: http://review.typo3.org/12674
Reviewed-by: Fabien Udriot
Tested-by: Fabien Udriot
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Change-Id: Ia33701578c100bb67beb66d010f76208d9c16457
Reviewed-on: http://review.typo3.org/16338
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

During namespacing the SEARCHRESULT content object,
which had two classes, has been messed up.

Combine both classes into one.

Resolves: #42806
Releases: 6.0

Change-Id: If757121be3dc5c93d215dfbb958090ed39a7f507
Reviewed-on: http://review.typo3.org/16337
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

During namespacing the OTABLE content object
which had of two classes has been messed up.

Combine both classes into one.

Resolves: #42805
Releases: 6.0

Change-Id: Ibc7a076cc6c9aa5fe3e3cfeff0dbb3db95ea5a2b
Reviewed-on: http://review.typo3.org/16336
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Releases: 6.0

Change-Id: I0f8863ae6e711f1da710b39f7644f24212ad41ef
Reviewed-on: http://review.typo3.org/16330
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

All abstract classes should be start with an Abstract
prefix in the class name.

Adjust the abstract task class to this naming convention.

Resolves: #42803
Releases: 6.0

Change-Id: Ibef1d71f1d3a6aa3683331464b33118b88b1ec01
Reviewed-on: http://review.typo3.org/16329
Reviewed-by: Steffen Ritter
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Update the version number in system extensions which
have been forgotten.

Resolves: #42728
Releases: 6.0
Change-Id: I05089f5f0706f3df685bccc68ab8915620f90609
Reviewed-on: http://review.typo3.org/16235
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Michael Klapper
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

This patch fixes the SQL injection possibilities in the record
history view as well as fixing XSS possibilities. The submitted
GET/POST data gets sanitized now besides that.

Change-Id: Ia92b5f7a2244412f87d9affdd73d2e0a6f7076ef
Fixes: #42696
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: a386933537b6193d3a3d7173721c5b3b961a7f0d
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16307
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Properly html encode the label of tree nodes.

Fixes: #42774
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I56b823bdd7ac8f4e8d533604cc91eb99e3bcd808
Security-Commit: b1b0b68d026795d04721f73c436eab2de72285d9
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16306
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

The method getFuncCheck creates an URL from input variables and puts
it in JavaScript context without properly encoding them.

This might lead to XSS if the input variables come from untrusted source.

Fixes: #42776
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ia312e96791bc23460462c2374c0d08f47f762447
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16305
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Releases: 6.0

Change-Id: I490683562533dfbfaa34310a04f7682cde91f0d2
Reviewed-on: http://review.typo3.org/16294
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I2e83cbd81b729242404f0fc8ef553f663ae87073
Reviewed-on: http://review.typo3.org/16290
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Since #37868 the backend comes with hardcoded favicon.
This should be configurable like logo_login to brand
the backend for certain projects and for better usability
when working with multiple projects.

Change-Id: Icc0f9c3f764c92a39ea46b5af749d57e2d2b30dc
Resolves: #39947
Releases: 6.0
Reviewed-on: http://review.typo3.org/13906
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Change-Id: I3c3078b6e69f937d4383eb8677dbd60f249d2c8d
Releases: 6.0
Reviewed-on: http://review.typo3.org/16276
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

File records are stored in PID 0. In TYPO3 non-admins do not
have access to anything stored in PID 0. As FAL won't work
without granting access to file-meta-data for non-admins,

A new TCA control configuration allows to ignore those
permission restrictions for sys_file and sys_file_reference:

* TCA/<table>/ctrl/security/ignoreWebMountRestriction
  Allows users to access records that are not in their
  defined web-mount and by-passes this restriction..
* TCA/<table>/ctrl/security/ignoreRootLevelRestriction
  Allows users (non-admins) to access records that are
  stored on the root-level (page-id 0) and by-passes this
  restriction.

Change-Id: If92b07b0ba63a0d544a337ddf4f55973fafcd345
Fixes: #39805
Releases: 6.0
Reviewed-on: http://review.typo3.org/13658
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Stefan Neufeind
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Resolves: #42731
Releases: 6.0

Change-Id: Icd08c7e9d1bb9f014ce77aae697e804aa4e17625
Reviewed-on: http://review.typo3.org/16238
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Links to files or folders in pre-FAL RTE-content should be transformed
to FAL-compliant on way to RTE, whenever possible, otherwise they are
viewed as external links.
FAL-related attributes should also be added to images, whenever
possible, on way to the RTE.

Change-Id: I17e649986a57865fee738575be058c53ac30a50d
Releases: 6.0
Fixess: #36827
Reviewed-on: http://review.typo3.org/10984
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: If99bd9fb5357a39660f44a79f88cdd22528be3d8
Resolves: #39957
Releases: 6.0
Reviewed-on: http://review.typo3.org/13952
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Change-Id: I1fca2b537f134b57f3161d6ae636c6d9e67012e0
Resolves: #17198
Releases: 6.0
Reviewed-on: http://review.typo3.org/15103
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

* Change order of table-heads to reflect scribble better
* Include link to all version of extensions as arrow
* Move details of author into description and hide for now
* Move loading mask on extension table

Resolves: #42327
Releases: 6.0

Change-Id: I9e042f972a77e09482a5eeab429214bb13108f71
Reviewed-on: http://review.typo3.org/15916
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The basic information in IRRE are the repeatable triples of
table-uid-field. This test ensures to have a working separation
of stable and unstable segments available.

Change-Id: Ie0a0e87faf4c4e7a41fb6aed01af6610f12b1c7f
Resolves: #42702
Releases: 6.0
Reviewed-on: http://review.typo3.org/16209
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Currently the tca tree uses its own DataProvider
which makes sense but this is not extendable.
Adding 3 additional lines would make it possible
to use a custom provider.

Needed e.g. in EXT:news to be able to render a tca tree
with some BE user/-group restrictions ...

Change-Id: Idc9bee2ede810e930c17a31ed08688b5654759ff
Resolves: #42447
Releases: 6.0
Reviewed-on: http://review.typo3.org/15980
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer