- Aug 08, 2023
-
-
Daniel Hettler authored
The URL param '_stg_debug' is needed to call the debug mode on-site Resolves: #101613 Releases: main, 11.5, 12.4 Change-Id: Iff94ede5c3d388fe8b130e10e5b48658511a0bc3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80473 Tested-by:
Stefan B�rk <stefan@buerk.tech> Reviewed-by:
core-ci <typo3@b13.com>
-
- Aug 07, 2023
-
-
Thomas Hohn authored
Moved assignment of $destPid = $sortInfo['pid'] after check if $sortInfo is an array, since the method call to getSortNumber can return other values than an array. Resolves: #101606 Releases: main, 12.4, 11.5 Change-Id: I3cfef35b351a0cd1fa8197702cce9e3b05871fcf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80430 Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
-
Christian Kuhn authored
Remove -j and -k and only use -i to specify database versions. This is more easy to use, parse and validate. Resolves: #101604 Releases: main, 12.4, 11.5 Change-Id: Ie6b9343c6f244a294d636f0e5c09d24c5e1845fb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80429 Tested-by:
-
Thomas Hohn authored
Added a null coalescing operator when assigning value to $editUid. Resolves: #101602 Releases: 11.5 Change-Id: Ie19fa72032c57c824322a319deafc441fdb9319e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80427 Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
- Aug 06, 2023
-
-
Rémy DANIEL authored
Linkvalidator extension has a couple of known issues, especially with external link checking. Those issues are now documented, so integrators can acknowledge them and implement counter-measures. Resolves: #101597 Releases: main, 12.4, 11.5 Change-Id: I00dc01243426fc56c21a4bd11815c3009e3dd3ad Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80365 Reviewed-by:
-
- Aug 05, 2023
-
-
Rémy DANIEL authored
If the svg-tree component is embedded in an iframe, and if the iframe src get changed by navigating to another url, pending AjaxRequest will be cancelled by the browser, without letting us the opportunity to properly catch the thrown error. As a workaround, we register an unload event on the iframe's window, and mute notifications to the user. Resolves: #101340 Releases: main, 12.4, 11.5 Change-Id: I8572fde4bf278481a32a459f802af69356ce28a5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80414 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
-
Gordon Brüggemann authored
Resolves: #99725 Releases: main, 12.4, 11.5 Change-Id: I4682cbe57b4908e13c219c5be4b0810c0d348bf1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80413 Tested-by:
-
- Aug 04, 2023
-
-
linawolf authored
The 5th parameter of ExtensionUtility::registerPlugin is thegroup and not `ExtensionUtility::PLUGIN_TYPE_CONTENT_ELEMENT` Fixes the name to the correct function and adds example code. Resolves: #101575 Releases: main, 12.4, 11.5 Change-Id: I05a344ee11aaa8a9b3187a11528e2e506f47756d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80355 Tested-by:
-
Anja Leichsenring authored
Releases: main, 12.4, 11.5 Resolves: #101574 Change-Id: I6617e9c31a20b84269ae708d177b4ebf81ba97d0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80316 Tested-by:
-
Stefan Bürk authored
Resolves: #101552 Releases: main, 12.4, 11.5 Change-Id: If9f12fa195f119b715e163c578188d8634b68b50 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80317 Tested-by:
-
Christian Spoo authored
parent::__construct() of MemcachedBackend calls setCompression() which determines compression based on state of $this->usePeclModule. This property needs to be set before parent::__construct() is called. Resolves: #99495 Releases: main, 12.4, 11.5 Change-Id: Ibc6c3a2378c5187748b4394d440232600de193e2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80388 Reviewed-by:
-
Tobias Liebig authored
This test checks lowlevel things like usergroup to be changed by GeneralUtility::fixPermissions(). Various tests in this area have been disabled on Windows already. They are problematic in macOS driven docker as well since macOS heavily messes around with access rights. We give up on this now, and reduce the details test checks of GeneralUtility::fixPermissions() a bit by removing that test. Resolves: #101568 Releases: main, 12.4, 11.5 Change-Id: I36e781302285dc1966633723abdc8f15bf84ef06 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80383 Tested-by:
-
- Aug 03, 2023
-
-
Simon Schaufelberger authored
While the backend already renders preview images of for example YouTube videos in the media module, it doesn't show the preview image anywhere else, for example in the page module and the Media elements within a "Text and Media" content element. This patch shows the generated preview image within the page module and the "Text and Media" content element as well. Resolves: #95454 Releases: main, 12.4, 11.5 Change-Id: I4e404cf41627d5ee9ac165ee46817a456dbecaa8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80372 Tested-by:
-
Stefan Bürk authored
Update the typo3/testing-framework to pull in a needed correction as preparation for functional tests with PHP 8.3. Used command(s): > composer require --dev \ typo3/testing-framework:^6.16.9 Resolves: #101538 Releases: main, 12.4, 11.5 Change-Id: Id26531be8c49a9b1ee9624c178342659b28d3eab Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80302 Tested-by:
-
- Jul 31, 2023
-
-
Christian Kuhn authored
Creating reports.xml in acceptance tests and feeding this to gitlab has been added with issue #96628 in the hope to be useful for finding frequently failing ac tests. The gitlab UI however buries this, it's de facto impossible to make use of this information. We drop this definition again. Resolves: #101514 Related: #96628 Releases: main, 12.4, 11.5 Change-Id: I91f13f402f0b9f72f2ca41252db93bb1714efcd6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80288 Tested-by:
-
Christian Kuhn authored
When select fields with db relations allow pages records, the DatabaseBrowser tries to render an icon from the page row. uid of that row may be an int, which needs to be cast to string to be fed to htmlspecialchars(). Resolves: #101513 Related: #100819 Releases: main, 12.4, 11.5 Change-Id: I52ee031cb0eb09f41ae8ecb6d7005f03e65de3bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80285 Tested-by:
-
Oliver Klee authored
This method promises to return an int, but actually returns a float. Also add a regression test. > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #101499 Releases: main, 12.4, 11.5 Change-Id: I85ca63c9b32717641d5926b16ee25e32eeb69310 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80273 Tested-by:
-
Nikita Hovratov authored
The labels of inline FileReference fields were not concatenated but overwritten, in a loop since #92427. This patch corrects the concatenation and adds line-break divs, otherwise the strings are on a single line. Resolves: #99873 Related: #92427 Releases: main, 12.4, 11.5 Change-Id: I368cd0d2cbf7e9ed7fdd1d003f869cc894d6f13e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80265 Tested-by:
Nikita Hovratov <nikita.h@live.de> Reviewed-by:
-
- Jul 30, 2023
-
-
Christian Kuhn authored
Add some waitFor() to the drag&drop tests and give the filter test a generic wait which hopefully stabelizes this one a bit as well. Resolves: #101494 Releases: main, 12.4, 11.5 Change-Id: I73d4d2415f4e100bed7f1d7e5ead1036d157af93 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80258 Reviewed-by:
-
Christian Kuhn authored
Similar to #101491, the other Application/Frontend acceptance tests get same treatment to wait for the "View webpage" icon being visible, before trying to click it. Resolves: #101492 Related: #101491 Releases: main, 12.4, 11.5 Change-Id: Ie8dd5338a6773baf8850fec0713dcd917699fbfc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80254 Tested-by:
-
Christian Kuhn authored
Fails locally occasionally. The additional explicit waitForElement() before clicking the elemnt stabilized it. Resolves: #101491 Releases: main, 12.4, 11.5 Change-Id: I4072daa0e949d3480f399e99a2f35d8ef889eded Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80251 Tested-by:
-
Torben Hansen authored
Add several type casts to avoid notices. Resolves: #101486 Releases: main, 12.4, 11.5 Signed-off-by:
Torben Hansen <derhansen@gmail.com> Change-Id: I87f02e129d91ae9902ad74f306f11915d12037b0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80246 Tested-by:
-
Christian Kuhn authored
This one was still flaky. Properly waiting for the element should finally fix this, this patch now had a huge number of successful runs locally, while it failed repeatedly without. Resolves: #101487 Related: #101440 Releases: main, 12.4, 11.5 Change-Id: I2cf4b3e878caf430ead27340694a169f98e710e8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80243 Tested-by:
-
- Jul 29, 2023
-
-
Benjamin Franzke authored
Resolves: #101480 Related: #101453 Releases: main, 12.4, 11.5 Change-Id: I62e7166a6ceceb6e8c6c0d0aa5393def72c75346 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80239 Tested-by:
Benjamin Franzke <ben@bnf.dev> Tested-by:
-
Stefan Bürk authored
The `phpspec/prophecy` defines a hard php version constraint in the `composer.json` not allowing PHP8.3 for now. This may tend to take quite some time and therefore the reason why it has been removed in TYPO3 v12+. To mitigate this issue way back for early PHP8.2 versions, a workaround have been used to ignore the php platform req only for the specific version. This should be reintroduced for PHP8.3 now. This change adds the `--ignore-platform-req=php+` workaround again - but for PHP8.3 only. Resolves: #101484 Releases: 11.5 Change-Id: I6b7eae083d35bc027d49811e645a8f83c648335e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80234 Tested-by:
-
Benjamin Franzke authored
Releases: main, 12.4, 11.5 Resolves: #101482 Change-Id: Id23a78cdb85c3b58a0ce79eacbc5626c27cde46b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80218 Reviewed-by:
-
- Jul 28, 2023
-
-
Stefan Bürk authored
Resolves: #101478 Releases: main, 12.4, 11.5 Change-Id: I40987e100686771365c30652dba5a13bfd509604 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80206 Reviewed-by:
-
Chris Müller authored
The new feature flag was introduced with the security releases 12.4.4 and 11.5.30: https://typo3.org/security/advisory/typo3-core-sa-2023-003 Resolves: #101462 Related: #100889 Releases: main, 12.4, 11.5 Change-Id: I891706caa51db8a6c9ab2442d311c6be61755849 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80205 Tested-by:
-
Christian Kuhn authored
As a preparation towards podman as container executor next to docker, runTests.sh is refactored a bit: * Image names now always have a host prefix like docker.io/ or ghcr.io/, except on CI, which will change later, too. podman needs those prefixes and does not fall back to docker.io if it's missing: "redis:latest" -> "docker.io/redis:latest" * Image names are now put into variables. * Rename "docker" to "container" in variables. * Have a variable for the container binary, set to "docker" for now. * Change the cleanUp() function slightly, it will later work with both docker and podman this way. Resolves: #101470 Related: #97566 Releases: main, 12.4, 11.5 Change-Id: Ifab85468dff5c21564611a45568d11e8559e155c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80203 Tested-by:
-
Stefan Bürk authored
Resolves: #101394 Releases: main, 12.4, 11.5 Change-Id: I1d0cbb99496108180cf1f06045934bb510abcd3f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80150 Tested-by:
-
- Jul 27, 2023
-
-
Chris Müller authored
Resolves: #101451 Resolves: https://github.com/TYPO3-Documentation/TYPO3CMS-Reference-CoreApi/issues/3244 Related: #90522 Releases: main, 12.4, 11.5 Change-Id: Ib6cd19b35f72138ee4667714d5fe9c8dbd8bbcca Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80145 Reviewed-by:
-
- Jul 26, 2023
-
-
Markus Klein authored
Resolves: #101452 Releases: main, 12.4, 11.5 Change-Id: Idf803dff6b4941380dbdde30f53548d31b6df575 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80142 Tested-by:
-
- Jul 25, 2023
-
-
Benjamin Franzke authored
With #101231 a missing URL encoding in FormEngine was triggered which caused contents like "svg;disallowed=|irre-object-id" to be added to bparams which got transformed into "svg&disallowed" in some setups (ddev, most likely caused by the ddev-router-proxy). This "change" causes the irre object id to be cut off from the bparams in IREE file list element browser, which is why "select" actions on file list elements were silently ignored. Resolves: #101433 Related: #101231 Releases: main, 12.4, 11.5 Change-Id: I89dd53131f9ecb3b199bbcd2d1abf6be87f819da Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80172 Tested-by:
-
Jochen Roth authored
runTests.sh uses of docker-compose to run tests. The patch ditches docker-compose in favor of direct docker cli commands for the following reasons: * runTests.sh is more concise and does not need to deal with writing a .env for docker-compose anymore. * Establish a foundation to use podman as alternative container runner. * Ditch the lengthy docker-compose.yml file that repeats things over and over again. * Better control of running containers. * Allow running multiple runTests.sh instances in parallel without disturbing each other by establishing unique names for networks and containers. * Minor performance improvements by getting rid of the docker-compose python overhead. * Simplified quoting in scripts. * Less path headaches. Resolves: #97566 Releases: main, 12.4, 11.5 Change-Id: I7ae50d1cec4c770b54dc9d4a1053420ad85f5ff0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80126 Tested-by:
-
Oliver Klee authored
This particularly helps PHPStan in extensions that call those methods detect unnecessary checks for empty strings if `GU::trimExplode` is called with `$removeEmptyValues = true`. Used command: > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #101395 Related: #99147 Releases: main, 12.4, 11.5 Change-Id: I6945cc0698b0777a05cb9327b342aa9aa7dee098 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80138 Reviewed-by:
-
Nikita Hovratov authored
The computed property '_ORIG_uid' is only set for workspace records, which are NOT moved (t3ver_state=4). It is better to check directly for the existence of this key as done in all other occurrences where it is retrieved. The presence already ensures that we are dealing with an overlaid workspace record and that there is need to fetch the original uid. Resolves: #101426 Releases: main, 12.4, 11.5 Change-Id: I7dd1072736b476015d5d44cb82f5e670fdd484a7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80168 Tested-by:
-
Oliver Hader authored
Change-Id: Ic561c16dd8f95af99b9d27f78633193968574118 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80163 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
-
Oliver Hader authored
Change-Id: I41cc21334354b86a347d35eaca63014f433c0e46 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80162 Tested-by:
-
Oliver Hader authored
See https://github.com/w8tcha/CKEditor-WordCount-Plugin/security/advisories/GHSA-q9w4-w667-qqj4 yarn add ckeditor-wordcount-plugin@^1.17.12 Resolves: #101234 Releases: 11.5 Change-Id: I7400bc7405a91e62fb7dc5b3565ee2f9d5b4cc06 Security-Bulletin: TYPO3-CORE-SA-2023-004 Security-References: CVE-2023-37905 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80157 Tested-by:
-
Oliver Hader authored
This change disallows calling an URI with page-id query parameters that are not part of a particular site - for instance the following URL `https://example.org/?id=3000&L=0` has two aspects: * the site `example.org` has the root page-id 1000 * the site `internal.example.org` has the root page-id 3000 The example above allows to call a page-id for an internal site, by using a valid and public entry point. The new feature flag `security.frontend.allowInsecureSiteResolutionByQueryParameters` allows to control this behavior for backward compatibility reasons. Per default `allowInsecureSiteResolutionByQueryParameters` is disabled. Resolves: #100889 Releases: main, 12.4, 11.5 Change-Id: I88d565b5d9bea556b4f754c3069d56124cea98bd Security-Bulletin: TYPO3-CORE-SA-2023-003 Security-References: CVE-2023-38499 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80156 Tested-by:
-
