- Feb 01, 2019
-
-
Benni Mack authored
TYPO3 uses $GLOBALS['LANG'] directly in some places, but since TYPO3 v7, new code started to use a short hand protected method "getLanguageService" in order to get IDE code completion and better analysis of code. This patch replaces all left-over places of $GLOBALS['LANG'] and encapsulates this into a short-hand method to streamline TYPO3 Core's code base. Resolves: #87571 Releases: master Change-Id: Ie15e320713fe65d40552a19e0a517d5739abbb41 Reviewed-on: https://review.typo3.org/59578 Tested-by:
TYPO3com <noreply@typo3.com> Reviewed-by:
Mona Muzaffar <mona.muzaffar@gmx.de> Tested-by:
Andreas Wolf <andreas.wolf@typo3.org> Reviewed-by:
Frank Naegler <frank.naegler@typo3.org> Tested-by:
-
Alexander Schnitzler authored
- Use strict type mode - Use type hints whereever possible Releases: master Resolves: #87595 Change-Id: If59546093176c5a7725725aad8e619de70fd43cd Reviewed-on: https://review.typo3.org/59590 Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Felix Döring <Felix.Doering@3m5.de> Reviewed-by:
André Schließer <andy.schliesser@gmail.com> Tested-by:
Mathias Brodala <mbrodala@pagemachine.de> Tested-by:
-
Alexander Schnitzler authored
- Use strict type mode - Use type hints whereever possible Releases: master Resolves: #87603 Change-Id: I3430b59e93133d9b19d6520d3fd7cca83c0fdb49 Reviewed-on: https://review.typo3.org/59598 Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
-
Alexander Schnitzler authored
- Use strict type mode - Use type hints whereever possible Releases: master Resolves: #87608 Change-Id: I3fc153c68bb29aa85517965c6d4d8414d25af35b Reviewed-on: https://review.typo3.org/59602 Reviewed-by:
-
Alexander Schnitzler authored
The following methods used controller aliases: - \TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin - \TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerModule This means, that while configuring plugins or modules, a list of controllers (and their actions) had to be provided, so they could be registered as available controllers for said plugin or module. The controller name used for the registration, was kind of an alias for that controller. It was the class name without the namespace and without the "Controller" suffix. By a certain convention a proper class name could be derived from that alias. All this was necessary back then when TYPO3 didn't have a proper autoloader and when the class location was derived from the class name. These circumstances do not exist any more and since it's only important that a controller class exists, the registration of plugins must now use the fully qualified controller class name as array key. The former syntax \TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin( 'TYPO3.CMS.IndexedSearch', 'Pi2', ['Search' => 'form,search,noTypoScript'], ['Search' => 'form,search'] ); has to be converted to \TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin( 'IndexedSearch', 'Pi2', [ \TYPO3\CMS\IndexedSearch\Controller\SearchController::class => 'form,search,noTypoScript' ], [ \TYPO3\CMS\IndexedSearch\Controller\SearchController::class => 'form,search' ] ); Please note, that not only the controller configuration changed. The vendor `TYPO3.CMS` in `TYPO3.CMS.IndexedSearch`, must no longer be set. Instead, the vendor will be evaluated by looking at the controller namespace. Releases: master Resolves: #87550 Change-Id: If47d087836c4345a8180dae3d4e4b8cd384e684c Reviewed-on: https://review.typo3.org/59566 Tested-by:Jörg Bösche <typo3@joergboesche.de> Reviewed-by:
-
- Jan 31, 2019
-
-
Alexander Schnitzler authored
Both properties $namespacesViewObjectNamePattern and $viewFormatToObjectNameMap of class ActionController have been removed without replacement. Both properties provided a functionality to set a custom view object class during runtime. As this contradicts the idea of having a defined state per request by configuring concrete implementations before runtime, these properties needed to vanish. While there is no dependency injection with a proper configuration available, the view object class can still be defined via property $defaultViewObjectName. Releases: master Resolves: #87511 Change-Id: I4b89a9434f71a3cbf38a9ad113ba8233e7f327f9 Reviewed-on: https://review.typo3.org/59514 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Achim Fritz <af@achimfritz.de> Reviewed-by:
Benni Mack <benni@typo3.org> Tested-by:
-
Oliver Hader authored
Resolves: #87589 Releases: master Change-Id: I69119636e11d116b79fc627a2993a1fa84d7a39c Reviewed-on: https://review.typo3.org/59359 Tested-by:
-
Oliver Hader authored
Resolves: #87590 Releases: master Change-Id: I30af97f075d352792370b363b0b152ead99eacab Reviewed-on: https://review.typo3.org/59360 Tested-by:
-
- Jan 30, 2019
-
-
Benni Mack authored
Due to a bug in checking for $result[t3ver_oid] ?? $result[uid] the uid is never used, but only the t3ver_oid. This value could be empty and then "0" is used. This means, the page record to be edited in FormEngine is treated as "NullSite" = Page without Site Configuration. Resolves: #87572 Releases: master, 9.5 Change-Id: I1c4175f61a9c5df3dd3a392c2f636112cfbdb350 Reviewed-on: https://review.typo3.org/59579 Tested-by:
Daniel Gorges <daniel.gorges@b13.de> Tested-by:
-
Georg Ringer authored
Increase the length of the field from 30 to 255 chars to be in sync with other tables, e.g. sys_file_mounts. 30 is fairly short for bigger sites and lots of storages. As this is an admin only field and not too often used, it is ok to backport that to 9.5 as well. Resolves: #87576 Releases: master, 9.5 Change-Id: I355b6295a9f813e72e1e66e05dd93419fd2aeaeb Reviewed-on: https://review.typo3.org/59581 Reviewed-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
Georg Ringer authored
Since #72332 the url to the delete action is built in the controller and assigned to the view. Resolves: #87578 Releases: master Change-Id: I36ea3374a848c48c981718dfc8dc1899dc9c0164 Reviewed-on: https://review.typo3.org/59582 Reviewed-by:
-
Georg Ringer authored
If a label of a table column is overridden by TsConfig (TCEFORM.<table>.<column>.label), the new value must also be used in the list view: - header of the table rendering - list of "set fields" Resolves: #87484 Releases: master, 9.5 Change-Id: I8eafd1f2878b571edd1e5a30b28b0d5330b9b5d0 Reviewed-on: https://review.typo3.org/59505 Reviewed-by:
Josef Glatz <josef.glatz@typo3.org> Tested-by:
Richard Haeser <richard@maxserv.com> Tested-by:
Riccardo De Contardi <erredeco@gmail.com> Reviewed-by:
-
- Jan 29, 2019
-
-
Benni Mack authored
The global variable TBE_TEMPLATE is not necessary anymore, and is not available anymore. The change is still ugly, as TBE_TEMPLATE initializes the PageRenderer object with necessary information, which should become built inside PageRenderer for BE. This has been moved to Backend's RequestHandler where this can be abstracted further at a later point. Resolves: #87567 Releases: master Change-Id: If1cb184740f1e99c0aeca5ae19c85899d56f3f9a Reviewed-on: https://review.typo3.org/59492 Tested-by:
-
Georg Ringer authored
Replace custom VH with the one provided by EXT:backend. Resolves: #87507 Releases: master Change-Id: I882d7555654a051e7190d7ffd25ff6e903f16ab1 Reviewed-on: https://review.typo3.org/59511 Tested-by:
Fabien Udriot <fabien.udriot@ecodev.ch> Tested-by:
-
Georg Ringer authored
Use the general ModuleLinkViewHelper instead of custom VH. Resolves: #87509 Releases: master Change-Id: I7f0d7125d0ee84973bc80599cbc51e44747e2d06 Reviewed-on: https://review.typo3.org/59513 Tested-by:
-
- Jan 28, 2019
-
-
Josef Glatz authored
This patch adds the correct description text for the new content element wizard of CType "menu_sitemap". Resolves: #87556 Releases: master, 9.5 Change-Id: Iec0de6887a9a60215a813e03041e4d58af7b297b Reviewed-on: https://review.typo3.org/59571 Reviewed-by:
-
Benjamin Franzke authored
Remove the old concept of priority-based HTTP request handlers, and use statically configured PSR-15 middlewares instead. Tranform the priority based request handlers into a set of chained middlewares. In case none of the middlewares handles the request a NotFoundRequestHandler returns a 404 response (replacing the previous exception that was thrown in that case). This scheme of using a 404 handler as "last" request handler is not new, it is also used in zend expressive (a PSR-15 framework). The TYPO3 RequestHandlerInterface is marked @internal and was set to be removed in v9, therefore we drop it now and also remove its implementation from the frontend and backend request handlers. Releases: master Resolves: #87516 Change-Id: Ibbd6a0e6c4ff8aa55b4367c9e4c07e279595dbfb Reviewed-on: https://review.typo3.org/59541 Tested-by:
-
Josef Glatz authored
Releases: master Resolves: #87559 Change-Id: I74d7ef26017080e45eb129217613ad7c36cd3881 Reviewed-on: https://review.typo3.org/59574 Reviewed-by:
-
Benni Mack authored
Various deprecated code regarding EXT:form and FormEngine have been removed. * IRRE CustomControls without userFunc is not possible anymore. * TBE_MODULES's configureModuleFunction is removed * EXT:form type "GridContainer" is removed (use GridRow) * EXT:form form configuration files must end with .form.yaml. * EXT:form renderingOptions._isHiddenFormElement and renderingOptions._isReadOnlyFormElement are removed * CLI Command "lang:language:update" is now only available under "language:update" Resolves: #87514 Releases: master Change-Id: Idef84daf51f882df23ef227d1777d24b1076dfaf Reviewed-on: https://review.typo3.org/59503 Tested-by:
-
hasenbalg authored
Improves indexed search documentation, mentioning activation and inclusion of a static template. Releases: master, 9.5 Resolves: #87023 Change-Id: I85e40b768e4020e71a7717d877a6305fb55a00cb Reviewed-on: https://review.typo3.org/58968 Tested-by:
Joerg Kummer <typo3@enobe.de> Reviewed-by:
Tymoteusz Motylewski <t.motylewski@gmail.com> Tested-by:
-
- Jan 27, 2019
-
-
Alexander Schnitzler authored
The following classes do no longer use setter injection but constructor injection instead: - TYPO3\CMS\Extbase\Configuration\AbstractConfigurationManager - TYPO3\CMS\Extbase\Configuration\BackendConfigurationManager - TYPO3\CMS\Extbase\Configuration\ConfigurationManager - TYPO3\CMS\Extbase\Configuration\FrontendConfigurationManager Releases: master Resolves: #87448 Change-Id: Ib6df3ab4a286bbe77cdda82d0066495a8dab8b22 Reviewed-on: https://review.typo3.org/59446 Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Tested-by:
Christian Wolff <chris@wolffc.de> Reviewed-by:
Sebastian Fischer <typo3@evoweb.de> Reviewed-by:
Jigal van Hemert <jigal.van.hemert@typo3.org> Tested-by:
-
- Jan 25, 2019
-
-
Christian Kuhn authored
Functional and acceptance tests need a db up and running. The according container is started as dependency and a loop delays further execution until the database connected to its network port. This sometimes goes wrong, for instance mssql in rare conditions does not come up. This leads to the loop running "forever", consuming the executing bamboo agent and the job never finishs. The patch adds an additional break condition: If db did not connect to the port after a minute, the job now fails. Resolves: #87549 Releases: master, 9.5, 8.7 Change-Id: Idc45f57d9cfd2d390cea6bd5319adaf4158340df Reviewed-on: https://review.typo3.org/59567 Tested-by:
-
Georg Ringer authored
Resolves: #87523 Releases: master Change-Id: I711ddb140e03e87b38ec06a7814e4b488bc9e9c9 Reviewed-on: https://review.typo3.org/59552 Tested-by:
Jan Stockfisch <typo3@jan-stockfisch.de> Reviewed-by:
-
- Jan 22, 2019
-
-
Oliver Hader authored
In order to enhance protection against (possible) executable file extensions phar, shtml, cgi, pl have been added to the according file deny pattern. Releases: master, 9.5, 8.7 Resolves: #87368 Security-Commit: c9f0d00b89768b63df9c77884cf9d19d658fc0fc Security-Bulletin: TYPO3-CORE-SA-2019-008 Change-Id: I92998a2046b6efb7f31961c20f24c81d00957879 Reviewed-on: https://review.typo3.org/59540 Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
-
Ralf Zimmermann authored
The ConfirmationFinisher message is now rendered within a fluid template to allow styling of the message. Furthermore, the FormRuntime (and thus all form element values) and the finisherVariableProvider are available in the template. Custom variables can be added globally within the form setup or at form level in the form definition. By using a fluid template and the associated html escaping, the display of the ConfirmationFinisher message is protected against XSS / html injection attacks. Resolves: #84902 Releases: master, 9.5, 8.7 Security-Commit: a38c63f3f03b1ab267666ca06a3abaead57b8265 Security-Bulletin: TYPO3-CORE-SA-2019-007 Change-Id: Ib6cfef88bef09f72b675909f7022120b32c095df Reviewed-on: https://review.typo3.org/59539 Reviewed-by:
-
Benni Mack authored
Fixes an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. Executed tasks: cd Build yarn add bootstrap-sass@^3.4.0 --dev yarn exec grunt Then copying the contents of Build/node_modules/bootstrap-sass/assets/javascripts/bootstrap.min.js into typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js additionally adding the AMD factory wrapper. Resolves: #86580 Releases: master, 9.5, 8.7 Security-Commit: f456e3c185b23c51d08a579ceef1082df473b01b Security-Bulletin: TYPO3-CORE-SA-2019-006 Change-Id: I235a4b5f6865afd9283cd1e692b25d3a572513ba Reviewed-on: https://review.typo3.org/59538 Reviewed-by:
-
Andreas Wolf authored
* HtmlentitiesViewHelper * UrlencodeViewHelper * StripTagsViewHelper Resolves: #85764 Releases: master, 9.5, 8.7 Security-Commit: 37bc147e634d67d521b716f83ca8d925ec57d531 Security-Bulletin: TYPO3-CORE-SA-2019-005 Change-Id: I1d5473b20378217a68e06c792be7f1cf096859fe Reviewed-on: https://review.typo3.org/59537 Reviewed-by:
-
Frank Naegler authored
Resolves: #86455 Releases: master, 9.5 Security-Commit: 161663d336f7a6c52a87359a1d1ac01037e5c768 Security-Bulletin: TYPO3-CORE-SA-2019-004 Change-Id: Ief21fcf68f14cb756f140b4c709ddb51f447e544 Reviewed-on: https://review.typo3.org/59536 Reviewed-by:
-
Benni Mack authored
When using FormEngine it is possible to create a Backend User without setting a password (or username), which could lead to issues when using third-party authentication providers. A hook within DataHandler ensures to set a random username and/or password if the data is handed into DataHandler without proper data. Besides that new backend users are disabled per default and have to be enable manually. Resolves: #80269 Releases: master, 9.5, 8.7 Security-Commit: f8a9edfed26ad48d13564ea99f27e0846671841c Security-Bulletin: TYPO3-CORE-SA-2019-002 Change-Id: Ic1d84010717e3ac056f447fd373b31bbce8f65c6 Reviewed-on: https://review.typo3.org/59535 Reviewed-by:
-
Oliver Hader authored
Inline JavaScript settings for RequireJS and ajaxUrls disclose the existence of specific extensions in a TYPO3 installation. In case no backend user is logged in RequireJS settings are fetched using an according endpoint, ajaxUrls (for backend AJAX routes) are limited to those that are accessible without having a user session. Resolves: #83855 Releases: master, 9.5, 8.7 Security-Commit: a9b60d26597449fec46bd26e0b511bc6e423ef24 Security-Bulletin: TYPO3-CORE-SA-2019-001 Change-Id: Ifa4029340e750baaf216fa953bf41b6d06d3138b Reviewed-on: https://review.typo3.org/59534 Reviewed-by:
-
Benjamin Franzke authored
ErrorPageController which is used by the ProductionExceptionHandler must not rely on PackageManager to be available. Rather use paths derived from Environment::getFrameworkBasePath(). Releases: master, 9.5 Resolves: #87503 Related: #87175 Change-Id: I556b503e06962b338ec11f2e031eb941417d5944 Reviewed-on: https://review.typo3.org/59507 Tested-by:
-
Josef Glatz authored
Resolves: #87505 Releases: master, 9.5 Change-Id: I879c4c484f8380a7270bd57c0d54a14ea7c7ad2e Reviewed-on: https://review.typo3.org/59508 Reviewed-by:
-
- Jan 21, 2019
-
-
Oliver Hader authored
composer update guzzlehttp/psr7 Resolves: #87512 Releases: master, 9.5, 8.7 Change-Id: Ic3dcef632fd1ac65e09f5d8fb6d631ab211e8c3e Reviewed-on: https://review.typo3.org/59517 Tested-by:
-
Sebastian Roßkopf authored
Since it is not obvious how to add a "Hidden" field to form definitions without the visual editor we add an element to the form definition example. Releases: master Resolves: #87449 Change-Id: I860a5a17346e405cf1f7b29ea3c6255dda1be044 Reviewed-on: https://review.typo3.org/59447 Reviewed-by:
Björn Jacob <bjoern.jacob@tritum.de> Tested-by:
-
Georg Ringer authored
Since #86422 the configuration of a site is available with TypoScript. As the identifier itself is not part of the configuration, it can't be retrieved. Now "site:identifier" will retrieve the identifier as well. Resolves: #87434 Releases: master, 9.5 Change-Id: Ic5a60e8a033c8fbc45baa19ad6a3fe81ff3b6e0b Reviewed-on: https://review.typo3.org/59506 Tested-by:
Riny van Tiggelen <info@online-gamer.nl> Tested-by:
-
Benjamin Franzke authored
Bootstrap::createCache() uses Typo3DatabaseBackend::class as fallback if no cache backend is configured explicitly. In that case incorrect class name 'Typo3DatabaseBackend' would be used without the `use` statement. Releases: master Resolves: #87504 Change-Id: I6abd1024d79fb7dad194ab32ae79d0658654c4a5 Reviewed-on: https://review.typo3.org/59509 Tested-by:
-
- Jan 20, 2019
-
-
Christian Kuhn authored
This is the last round of planned extension extractions from the main core repository. Both the extensions 'taskcenter' and its add-on extension 'sys_action' did not receive much love over the years. They are rarely used and their approach is clumsy to say the least. They are both dropped from main core repository with core v10 now. A fresh approach for a cool new dashboard is in the works already that may eventually find its way into the core later. The patch removes both extensions with have been released as 'taskcenter' and 'sys_action' to TER and as 'friendsoftypo3/taskcenter' and 'friendsoftypo3/sys_action' to composer. Extension 'impexp' registered a task for the taskcenter which is now within 'taskcenter' directly. Resolves: #87499 Releases: master Change-Id: I86e0292f13247bbd1f2060214f4f6d8e2aefe6c0 Reviewed-on: https://review.typo3.org/59502 Tested-by:
-
Christian Kuhn authored
Looking back, extension feedit had a hard life: While so many parts in the core improved so much over the years, it never received any similar love. There have already been multiple attempts to rewrite a frontend editing approach for TYPO3, for instance with core 4.5 as the feedit_advanced extension that quickly died. There is another editing approach as extension frontend_editing in the works that may eventually end up being integrated in the core again. feedit itself however is so sparse, outdated and not well working that we now go ahead and drop that extension from the core, extracting it to github.com/friendsoftypo3. Maybe some enthusiasts pick the development up again and make the extension shine and healthy again, without boundaries of core development. The patch removes the extension from the core repository, including some feedit specific code in adminpanel that has already been merged into the friendsoftypo3 feedit repository and released as v10.0.0. The extension is available as friendsoftypo3/feedit via composer and as name 'feedit' via TER. An upgrade wizard is in place to fetch it for those who want to use it. Resolves: #87498 Releases: master Change-Id: I11a0e91830b47f88fcea9a15459be37bc6dbd3de Reviewed-on: https://review.typo3.org/59501 Tested-by:
-
Christian Kuhn authored
There is a test related check for the extension scanner to verify all referenced ReST files actually exist. It is active as part of the 'integrity' job in bamboo. The patch adds a variable to suppress checking the same ReST file name multiple times if it is referenced in many matchers. In practice, this speeds up the scanning process drastically, on my local machine with current master from more than a minute to less than ten seconds. Resolves: #87493 Releases: master, 9.5 Change-Id: Iaa19add06ad9eeda9d36e3e204c1a671368b5f29 Reviewed-on: https://review.typo3.org/59495 Reviewed-by:
-
- Jan 19, 2019
-
-
Joerg Kummer authored
Change backslash to slash in file format, where backslash is not visible in rendered HTML - it is a file path, not a PHP namespace. Releases: master, 9.5 Resolves: #87495 Change-Id: If749a3cb1faaf9b25e05db7c1c3cbf7a38d0eafc Reviewed-on: https://review.typo3.org/59498 Tested-by:
-
