The labels of inline FileReference fields were not concatenated
but overwritten, in a loop since #92427.

This patch corrects the concatenation and adds line-break divs,
otherwise the strings are on a single line.

Resolves: #99873
Related: #92427
Releases: main, 12.4, 11.5
Change-Id: I368cd0d2cbf7e9ed7fdd1d003f869cc894d6f13e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80265


Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: core-ci <typo3@b13.com>

Add some waitFor() to the drag&drop tests and give
the filter test a generic wait which hopefully
stabelizes this one a bit as well.

Resolves: #101494
Releases: main, 12.4, 11.5
Change-Id: I73d4d2415f4e100bed7f1d7e5ead1036d157af93
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80258


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Similar to #101491, the other Application/Frontend
acceptance tests get same treatment to wait for the
"View webpage" icon being visible, before trying to
click it.

Resolves: #101492
Related: #101491
Releases: main, 12.4, 11.5
Change-Id: Ie8dd5338a6773baf8850fec0713dcd917699fbfc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80254


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Fails locally occasionally. The additional explicit
waitForElement() before clicking the elemnt
stabilized it.

Resolves: #101491
Releases: main, 12.4, 11.5
Change-Id: I4072daa0e949d3480f399e99a2f35d8ef889eded
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80251


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Add several type casts to avoid notices.

Resolves: #101486
Releases: main, 12.4, 11.5
Signed-off-by: Torben Hansen <derhansen@gmail.com>
Change-Id: I87f02e129d91ae9902ad74f306f11915d12037b0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80246


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This one was still flaky. Properly waiting for
the element should finally fix this, this patch
now had a huge number of successful runs locally,
while it failed repeatedly without.

Resolves: #101487
Related: #101440
Releases: main, 12.4, 11.5
Change-Id: I2cf4b3e878caf430ead27340694a169f98e710e8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80243


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #101480
Related: #101453
Releases: main, 12.4, 11.5
Change-Id: I62e7166a6ceceb6e8c6c0d0aa5393def72c75346
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80239


Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>

The `phpspec/prophecy` defines a hard php version constraint
in the `composer.json` not allowing PHP8.3 for now. This may
tend to take quite some time and therefore the reason why it
has been removed in TYPO3 v12+.

To mitigate this issue way back for early PHP8.2 versions,
a workaround have been used to ignore the php platform req
only for the specific version. This should be reintroduced
for PHP8.3 now.

This change adds the `--ignore-platform-req=php+` workaround
again - but for PHP8.3 only.

Resolves: #101484
Releases: 11.5
Change-Id: I6b7eae083d35bc027d49811e645a8f83c648335e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80234


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>

Releases: main, 12.4, 11.5
Resolves: #101482
Change-Id: Id23a78cdb85c3b58a0ce79eacbc5626c27cde46b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80218


Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

Resolves: #101478
Releases: main, 12.4, 11.5
Change-Id: I40987e100686771365c30652dba5a13bfd509604
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80206


Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan B�rk <stefan@buerk.tech>

The new feature flag was introduced with the security releases 12.4.4 and 11.5.30:
https://typo3.org/security/advisory/typo3-core-sa-2023-003

Resolves: #101462
Related: #100889
Releases: main, 12.4, 11.5
Change-Id: I891706caa51db8a6c9ab2442d311c6be61755849
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80205


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

As a preparation towards podman as container
executor next to docker, runTests.sh is refactored
a bit:

* Image names now always have a host prefix like
  docker.io/ or ghcr.io/, except on CI, which will
  change later, too. podman needs those prefixes and
  does not fall back to docker.io if it's missing:
  "redis:latest" -> "docker.io/redis:latest"
* Image names are now put into variables.
* Rename "docker" to "container" in variables.
* Have a variable for the container binary, set to
  "docker" for now.
* Change the cleanUp() function slightly, it will
  later work with both docker and podman this way.

Resolves: #101470
Related: #97566
Releases: main, 12.4, 11.5
Change-Id: Ifab85468dff5c21564611a45568d11e8559e155c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80203


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #101394
Releases: main, 12.4, 11.5
Change-Id: I1d0cbb99496108180cf1f06045934bb510abcd3f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80150


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #101451
Resolves: https://github.com/TYPO3-Documentation/TYPO3CMS-Reference-CoreApi/issues/3244
Related: #90522
Releases: main, 12.4, 11.5
Change-Id: Ib6cd19b35f72138ee4667714d5fe9c8dbd8bbcca
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80145


Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

Resolves: #101452
Releases: main, 12.4, 11.5
Change-Id: Idf803dff6b4941380dbdde30f53548d31b6df575
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80142


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>

With #101231 a missing URL encoding in FormEngine was triggered
which caused contents like "svg;disallowed=|irre-object-id" to be
added to bparams which got transformed into "svg&disallowed" in
some setups (ddev, most likely caused by the ddev-router-proxy).

This "change" causes the irre object id to be cut off from the
bparams in IREE file list element browser, which is why "select"
actions on file list elements were silently ignored.

Resolves: #101433
Related: #101231
Releases: main, 12.4, 11.5
Change-Id: I89dd53131f9ecb3b199bbcd2d1abf6be87f819da
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80172


Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>

runTests.sh uses of docker-compose to run tests.

The patch ditches docker-compose in favor of
direct docker cli commands for the following
reasons:

* runTests.sh is more concise and does not
  need to deal with writing a .env for
  docker-compose anymore.
* Establish a foundation to use podman
  as alternative container runner.
* Ditch the lengthy docker-compose.yml file
  that repeats things over and over again.
* Better control of running containers.
* Allow running multiple runTests.sh instances
  in parallel without disturbing each other by
  establishing unique names for networks and
  containers.
* Minor performance improvements by getting
  rid of the docker-compose python overhead.
* Simplified quoting in scripts.
* Less path headaches.

Resolves: #97566
Releases: main, 12.4, 11.5
Change-Id: I7ae50d1cec4c770b54dc9d4a1053420ad85f5ff0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80126


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Review...

This particularly helps PHPStan in extensions that call those methods
detect unnecessary checks for empty strings if
`GU::trimExplode` is called with `$removeEmptyValues = true`.

Used command:

> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #101395
Related: #99147
Releases: main, 12.4, 11.5
Change-Id: I6945cc0698b0777a05cb9327b342aa9aa7dee098
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80138


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>

The computed property '_ORIG_uid' is only set for workspace records,
which are NOT moved (t3ver_state=4). It is better to check directly for
the existence of this key as done in all other occurrences where it is
retrieved. The presence already ensures that we are dealing with an
overlaid workspace record and that there is need to fetch the original
uid.

Resolves: #101426
Releases: main, 12.4, 11.5
Change-Id: I7dd1072736b476015d5d44cb82f5e670fdd484a7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80168


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>

Change-Id: Ic561c16dd8f95af99b9d27f78633193968574118
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80163


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I41cc21334354b86a347d35eaca63014f433c0e46
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80162


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

See
https://github.com/w8tcha/CKEditor-WordCount-Plugin/security/advisories/GHSA-q9w4-w667-qqj4

yarn add ckeditor-wordcount-plugin@^1.17.12

Resolves: #101234
Releases: 11.5
Change-Id: I7400bc7405a91e62fb7dc5b3565ee2f9d5b4cc06
Security-Bulletin: TYPO3-CORE-SA-2023-004
Security-References: CVE-2023-37905
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80157


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

This change disallows calling an URI with page-id query parameters
that are not part of a particular site - for instance the following
URL `https://example.org/?id=3000&L=0` has two aspects:

* the site `example.org` has the root page-id 1000
* the site `internal.example.org` has the root page-id 3000

The example above allows to call a page-id for an internal site,
by using a valid and public entry point.

The new feature flag
`security.frontend.allowInsecureSiteResolutionByQueryParameters`
allows to control this behavior for backward compatibility reasons.
Per default `allowInsecureSiteResolutionByQueryParameters` is disabled.

Resolves: #100889
Releases: main, 12.4, 11.5
Change-Id: I88d565b5d9bea556b4f754c3069d56124cea98bd
Security-Bulletin: TYPO3-CORE-SA-2023-003
Security-References: CVE-2023-38499
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80156


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

see https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.2

composer req typo3/html-sanitizer:^2.1.2
composer req typo3/html-sanitizer:^2.1.2 \
  -d typo3/sysext/core --no-update

Resolves: #100917
Releases: main, 12.4, 11.5
Change-Id: If6f77217dfefe0a3c15a8a8760206b6cc5ba5687
Security-Bulletin: TYPO3-CORE-SA-2023-002
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80155


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The `redirectMode=refererDomains` configuration allows to process a
redirect after a successful login to an evaluated referer value.

This patch fixes the evaluation of https urls as referer value. Without
this patch only http urls are evaluated correctly.

Also do not match hostnames that contain an invalid underscore in name.

Additionally the regex matching for the domain was not quoting the
configured domain names and thereby matching dots as 'any single
character' instead of a dot.

Resolves: #100215
Releases: main, 12.4, 11.5
Change-Id: I589638d82627283b5acdeec5da0243e082cc5ebf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80132


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

PHP8.3 emits a warning for content handed over to
unserialize() which contains superflous content at
the end.

The silence operator `@` is now used to suppress
the test setup unserialize() to avoid this exact
warning as preparation for PHP8.3 introduction.

Can be verified before and after by executing:

> Build/Scripts/runTests.sh -p 8.3 -s unitDeprecated

Resolves: #101409
Releases: main, 12.4, 11.5
Change-Id: I5741cd86e8e0a8afedb49ad01676d0766d5fbfaa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80070


Tested-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>

When updating entries, the `updateFields` will provide `uid`, which
works fine in MySQL but might lead to problems when working with
stricter DBMS.

Such an example of a DBMS not liking the update of an identity field,
is SQL Server.

Now, I know that SQL Server will not be supported in TYPO3 v12 going
onward, but on the off-chance that somebody has another DBMS than MySQL
or has DBMS that will break when trying to update an identify field,
this bugfix might still be valuable.

The bug exists back to TYPO3 10 at least.

Releases: main, 12.4, 11.5
Resolves: #100175
Change-Id: Id4dd90579191da0cb770490256087209e749deb4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80068


Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

Some rather minor script modifications in runTests.sh
to prepare #97566

Resolves: #101389
Related: #97566
Releases: main, 12.4, 11.5
Change-Id: I35e2acd7848f5b49c2a1359d2e976cb553d72ac0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80095


Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #100853
Releases: main, 12.4, 11.5
Change-Id: I8a1284c2c859cde9d114fecbbe9c5a1e38a35c94
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80092


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The variable `$port` in the changed code is an array element
from the return value of `GeneralUtility::trimExplode()` with
the `$removeEmptyValues` argument set to `true`. Hence it
is ensured to not be an empty string.

This change should be backported as it otherwise would block
improvements for the type annotations of
`GeneralUtility::trimExplode()`.

Resolves: #101384
Releases: main, 12.4, 11.5
Change-Id: I74ce433495fc3975c11991d21831db0244eacba0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80088


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Just clear potential the page being edited from indexed_search's
index. The previous implementation did also take potential child
pages, into account, but not the page itself.

Resolves: #100877
Releases: main, 12.4, 11.5
Change-Id: I4c8e0c70e68744f629cb1b1c9f62b5f3028502fd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80090


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>

Since the introduction of customizable page type icons,
the fallback icons did no longer work. Only the icon
and variations for "contentFromPid" worked. The reason
is, that these icons are prefixed with "page" while the
other ones are prefixed with the doktype ("1").

This is fixed now by providing an optional argument
for the getRecordTypeForPageType method, which takes
the type name as parameter. The default is "1".

Resolves: #101379
Related: #90042
Releases: main, 12.4, 11.5
Change-Id: Ia4379899642ad477026dd73b1ac0c22b918a1629
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80059


Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>

The main query execution builds a QueryBuilder instance out of
different sub information. Additionally, several hooks can be
used to influence the created query. On top of this, different
type of search queries are possible.

This change avoid consuming a lot of placeholder for list based
`in()` expressions by using a corresponding QueryBuilder method
suitable for the value type. This means that no placeholder are
used any longer for list expressions.

Note: Max query size may still be exceeded if the lists would
      getting bigger. This can be adjusted by database server
      administrators, but will lead to another exception for
      really large value lists.

Resolves: #86859
Releases: main, 12.4, 11.5
Change-Id: Ic0ac51c13cb74a058d71152ad626c484f696b176
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80080


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>

RegEx redirects have been processed in the order how they
have been inserted into the database ignoring the flag
`respect_query_parameters` completely. Due to this fact,
a non-query argument based regex redirect would match
before a concrete query-argument aware regexp redirect
have been matched - additionally favored by the changes
introduced with #96480 to provide a fallback.

To combine all use-cases and additionally fix the detected
issues, this change now splits the cached regex redirects
into two flavors:

* `regexp_respect_query_parameters`
* `regexp_flat`

That follows the pre-selection for the non-regex redirects.
Redirects respecting query paramaters have higher precedence
above the non-respecting once. Therefore, the matching flow
in the `RedirectService` has been aligned correspondingly to
respect this separated workflow.

The #96480 is now only applied for regex redirects which do
not respect query-arguments at all. It should be considered
if we should remove that safety fallback and enforce correct
regex redirects in a dedicated future change.

Furthermore, a deterministic sorting criteria chain has been
added to the `RedirectCacheService` to ensure a deterministic
loading and caching order of redirects.

The changes play together, which is the reason why they are
included in one change and to avoid a inbetween incorrect
test chain.

Regression tests have been added to cover the cases.

Resolves: #101191
Related: #96480
Releases: main, 12.4, 11.5
Change-Id: I9638835c33809e92ba883efb65d86bb1e9f5031b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80079


Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

The identifier for the icon cache used in the client's localStorage is
now version-aware to get a chance of updated icons after a release. It
now uses the same identifier as the backend cache.

Previously, only the registry state itself was taken into account which
may not change if icons assets get updated.

Resolves: #101348
Releases: main, 12.4, 11.5
Change-Id: I15dfc9d4bf1288f9787f88f579beccf3b13a3fc6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80073


Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>

Add the pid to the list of fields which should always be
retrieved when selecting a record. This especially avoid
a PHP warning in FormEngine when workspace records are
overlaid.

Resolves: #98181
Releases: main, 12.4, 11.5
Change-Id: Iaf5479e329693486c992495228fca1b711ba6161
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80043


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

The method str_contains requires the 1st argument to be a string.
So we need to ensure that it is a string.

(It can be `null` if the command ran into an error.)

Resolves: #101349
Related: #70869
Releases: main, 12.4, 11.5
Change-Id: Ic4267f1fd8290d340b5fc43acd47797b592d466e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80032


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Avoid exceptions due to wrong type in the link validator module.

Resolves: #101352
Releases: main, 12.4, 11.5
Change-Id: Ic54b38e2fad6c203526fe27fa1b2ea6815f0578f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80028


Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan B�rk <stefan@buerk.tech>

In very rare cases it may happen that a backend session is not valid
anymore when an icon is loaded within the TYPO3 backend. If the icon
is not in the user's localStorage, the TYPO3 backend login is stored
in localStorage instead.

To catch this issue in the future, additional checks were implemented:

* the response shall not come from a redirected request, which could be
  an indicator for unwanted markup
* the received markup must start with "<span"

Resolves: #101339
Releases: main, 12.4, 11.5
Change-Id: Ic30672b770b7d12aa078e423cb595966247d5506
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80016


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>

Fix some failures that occur if the internal classes in EXT:backend
use strict typing.

Resolves: #101325
Releases: main, 12.4, 11.5
Change-Id: I964b802762991b6409e599d7a746bdbe22740dfb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80015


Tested-by: Stefan B�rk <stefan@buerk.tech>
Reviewed-by: Stefan B�rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>