- Mar 31, 2022
-
-
Stefan Bürk authored
Luxembourgish is considered the national language of Luxembourg and one of the three used administrative languages, alongside German and French. Also see https://en.wikipedia.org/wiki/Luxembourgish This change adds support for Luxembourgish to be selected as TYPO3 Language and to connect to TYPO3 Localizations (XLF files, Site Configuration) by default. Resolves: #97254 Releases: main Change-Id: I334c1d9c00d941754f23c6a82412702796c94339 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74119 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Chris Müller <typo3@krue.ml> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
-
- Mar 30, 2022
-
-
Oliver Bartsch authored
In our process of using dedicated TCA types, the new TCA type "date" is introduced and replaces "renderType=inputDateTime" of TCA type "input". Notable changes to the previous behaviour: - the "format" option, which was already documented but never used in FormEngine, is now mandatory - TCA option "max" is no longer evaluated - The only allowed eval's are "null" and "int" The corresponding FormEngine element class is renamed from InputDateTimeElement to DatetimeElement. This is covered in the ClassAliasMap. Note: The "eval=int" seems to be superfluous since the field value should always be stored as int in case no native type ("dbType") is used. However, this would be breaking and is therefore done in a separate followup patch. This has already been kickstarted in https://review.typo3.org/c/Packages/TYPO3.CMS/+/74027/12. Resolves: #97232 Releases: main Change-Id: I94c6d12759cd7787e6185ab36d2fcd60f5dc15df Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74027 Tested-by:Nikita Hovratov <nikita.h@live.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
- Mar 29, 2022
-
-
Larry Garfield authored
This patch add more explicit types to MathUtility. Of particular note: * isIntegerInRange(), despite its name, allows for non-ints and treats them as out-of-range. Types are setup to retain that behavior. * convertToPositiveInteger() is the same behavior as a call to forceIntegerInRange() with a min of 0, thus changed to be that. * calculateWithPriorityToAdditionAndSubtraction() was docblock typed to return an int, when in reality it's float|string. Both are changed to "float|string" rather than changing the behavior. * Similarly, calculateWithParentheses()'s docblock changed to proper return type string instead of the incorrect int. Resolves: #97203 Releases: main Change-Id: I1c09ccff321f9a89684869e740b1b7bc16f3aa27 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73986 Tested-by:
Stefan Bürk <stefan@buerk.tech> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
Oliver Bartsch authored
Resolves "Case in function/method call doesn't match the case in declaration" in TcaMigration. Also fixes the the corresponding test method name. Resolves: #97253 Related: #97104 Releases: main Change-Id: I38e04342505d9c9318538c12f79c58482f45eec9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74118 Tested-by:
Torben Hansen <derhansen@gmail.com> Tested-by:
-
Simon Schaufelberger authored
With the introduction of symfony/property-access in TYPO3 version 10 reading properties through a lazy loaded object got broken. There have been workaround available like setting the property public so that the symfony package can access the property. Resolves: #92357 Releases: main, 11.5 Change-Id: Ibb383eeeee5afea69f503da0d617f22f6046936f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74072 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
-
Lars Michalowski authored
The unset($info['originalFile']) introduced in #90565 broke an access to that array key below in the method. This leads to the situation that files with UTF-8 characters are not found anymore since the imageLinkWrap() method is fed with an encoded version of the filename and not the original file object anymore. The patch parks $info['originalFile'] in a variable to access it for imageLinkWrap() again. Releases: main, 11.5 Resolves: #93716 Resolves: #90757 Related: #90565 Change-Id: I2471283bd6825c093745b2331a12737de00c105f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73983 Tested-by:
-
Oliver Bartsch authored
The styling of the checkbox in the mass undo modal in the recycler module is fixed by using proper DOM structure and bootstrap classes. Resolves: #97249 Releases: main, 11.5 Change-Id: I47f5628bc21ba53fcf86d93af587403a1ebf32b7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74092 Tested-by:
-
Georg Ringer authored
Resolves: #97189 Releases: main, 11.5 Change-Id: I256b62b3c877cd23ac313fbb44a7bdde97aa2abc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73974 Tested-by:
-
Eric Bode authored
In accordance with the core code base, "libs" in "includeJSFooterlibs" must be lowercase. Releases: main, 11.5, 10.4 Resolves: #97251 Change-Id: I0b1d25d6f22254cf7d3747cf66ab0c7e2e611628 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74113 Tested-by:
-
Stefan Bürk authored
In ext:styleguide the old password field 'input_16' has been removed, while new passwords fields, using the new "password" TCA type, were added in a dedicated tab to showcase #97104. Therefore, the 'input_16' check is removed from ElementsBasicInputSimpleCest and the dedicated ElementsBasicPasswordCest is added, checking the new password fields (with the "password" TCA type). Done steps: * updated styleguide to have min commit hash available * removed input_16 field test from ElementsBasicInputSimpleCest * added ElementsBasicPasswordCest with 'password_2' field as direct replacement for 'input_16' test. Further tests may be added later on. used commands: > composer u typo3/cms-styleguide Related styleguide change: https://github.com/TYPO3/styleguide/commit/31f6d4b5886e2d6403b4bea7fb7decbc73bab901 Resolves: #97250 Related: #97104 Releases: main Change-Id: I78613f8fbca73e1bbf4b81a0fc45037fa6a4b6de Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74112 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
-
Simon Schaufelberger authored
The contents of the column "Record" in the Recycler are escaped/encoded twice with htmlspecialchars. This leads to the display of & when the text contains an ampersand. Additionally some spacing was added next to the user avatar in the collapsed row. Resolves: #92857 Releases: main, 11.5 Change-Id: I131710895ecf7ea7ac36e26ba376853f666bdb9d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74065 Tested-by:
-
- Mar 28, 2022
-
-
Benjamin Franzke authored
The global window.$ accessor to the jQuery instance is now no longer provided. Global jQuery usage has been deprecated in #86438 with the suggestion to use JavaScript modules instead. With the integration of browser native ES6 modules jQuery should now be loaded as a regular module. Some remaining cases in acceptance test are removed. $.active == 0 checks have been no-ops as jQuery.ajax isn't used in those components anymore (core AjaxRequest which uses fetch() is used instead), therefore $.active always resolved to 0. This reveals why the additional 0.5s timeout-hack had been added there, the method is now explicitly marked as an explicit timeout instead of a waiting-method. Note that window.jQuery is still provided if the bootstrap javascript module is loaded as bootstrap JS needs to load jQuery from the global window object. window.jQuery global will be removed once we drop bootstrap jquery interop (which is another breaking change). Resolves: #97243 Related: #86438 Releases: main Change-Id: Ib1d937e474c9be1ef08bc941ac468a8ad1c3948a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74030 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
-
Benni Mack authored
Due to the new userSession handling in TYPO3 v11, the additional information provided in $authInfo can be removed as this is now available in the userSession object. Resolves: #97180 Releases: main Change-Id: I761d05bae4923dc9b07a9ecf2100a0519df7012c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73908 Tested-by:
-
Jochen Roth authored
In #95036 the table editor was moved from the separate wizard to "inline". This implementation did not respect "table_delimiter" and "table_enclosure". This has been fixed by passing the delimiter and enclosure to the table component and parse depending on the set values. Resolves: #96536 Releases: main, 11.5 Change-Id: Id5cbeec5ad5b67c7fb108794b61f8c8dc17ef0b7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73042 Tested-by:
Simon Schaufelberger <simonschaufi+typo3@gmail.com> Tested-by:
-
Larry Garfield authored
PHP 8.1's type system lets us add a lot more types to ArrayUitlity's signatures, and remove some unnecessary code in the process. I also did a little bit of related modern-syntax cleanup along the way, but this is mainly types. That also lets us remove some now-unnecessary tests, and with them some phpstan baseline entries. Resolves: #97202 Releases: main Change-Id: I05cd84524b42419a25ab06a9bffebcc2b90d9f6f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73984 Tested-by:
-
Chris Müller authored
Resolves: #96954 Releases: main, 11.5 Change-Id: I60366ca5155c96ccc1068cc48339b0e96318d5f8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73589 Reviewed-by:
-
Björn Jacob authored
This patch deprecates the usage of the RegularExpressionValidator within the form editor. The validator will be removed from the UI in TYPO3 v13. Our goal is to unclutter and strip the form editor from too technical and complex concepts. Regular expressions are difficult to understand especially for our main target group which are editors. An according comment has been added to the configuration files of the form framework. Resolves: #97016 Releases: main Change-Id: I895f2a377c545534869b79d93102544f2a84e36e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73689 Tested-by:
Elias Häußler <e.haeussler@familie-redlich.de> Tested-by:
-
Nikita Hovratov authored
This resolves a todo for a missing usage of a filled array called "$uniqueIds". This array had two responsibilities: 1. For inline fields with "foreign_unique" set, all already used unique ids must be excluded from the select items. 2. Ensure a select field inside an inline field, which functions as one (symmetric) side of a mn-table, will not have the same field we are currently in, in its select items. In short: This prevents self-references. The previous functionality has been restored with added type-safety. This functionality was probably removed by accident during a refactoring process. Resolves: #96487 Related: #64762 Releases: main, 11.5 Change-Id: I75d68fdaba5bdf896c336fe428652d15d760ac4c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72910 Tested-by:
-
Benni Mack authored
The Folder Tree shows notifications through FlashMessages when using the AJAX endpoint "file_process", while the drag uploader still used the very old "terr" XML Response (which I added in TYPO3 v4.1). Now the file_process returns the error messages from the flash message queue, ready to be printed out. The "includeMessages" is thus not needed anymore, as message results are always sent. Resolves: #97177 Releases: main Change-Id: I0ded504fcfd4847e01f44440fab5230899881285 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73906 Tested-by:
-
Simon Schaufelberger authored
Creating new content is usually confirmed with a blue button. This is inconsistent with the dashboard, which uses an orange button. This patch changes the orange button to a blue one to be consistent. Resolves: #95098 Releases: main Change-Id: Icd7de182403722af9b0866b69949c457e94ce192 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74064 Tested-by:
-
Oliver Bartsch authored
When a user is no longer available (e.g. deleted), record history entries for this user were not clear since only the general avatar without a name was displayed. This was especially confusing in case the "(via XYZ)" string was displayed, which happens if the change was done in switch user mode. This is improved by using the "[Not found]" label. Additionally, it now also ensures the "(via XYZ)" information is kept, in case the corresponding user is no longer available. Resolves: #97245 Releases: main, 11.5 Change-Id: I701098a07eab4969eefb24016f4351aef3de88bf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74066 Tested-by:
-
Jan Helke authored
Resolves: #97228 Releases: main, 11.5 Change-Id: I139a7f2dcf1e5ed35675a626b9aa496fe24061a7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74021 Tested-by:
-
- Mar 27, 2022
-
-
Larry Garfield authored
PSR-3 v2 and v3 add types, so we can switch to those now. Because we don't fully implement PSR-3 directly, this is a trivial change. Most of the updates are in tests and nominally optional. Note that composer/composer is still only v2 compatible, not v3, so this will still only pull in v2. However, it sets us up to automatically and safely get v3 as soon as composer/composer is updated. AbstractLogger is also now vestigial (it does nothing but use LoggerTrait), so I've removed usage of it in favor of the trait. That eliminates one autoload lookup. Used commands: > composer req psr/log:"^2.0 || ^3.0" > composer req psr/log:"^2.0 || ^3.0" \ -d typo3/sysext/core --no-update > composer req psr/log:"^2.0 || ^3.0" \ -d typo3/sysext/redirects --no-update Resolves: #97242 Releases: main Change-Id: I9089a5af216eb72c67614ab34ae126d08890a0eb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74063 Tested-by:
-
Chris Müller authored
- Move the content from the README.rst into the Documentation folder. - The README.rst now defaults to the content of the other system extensions. - Describe all modules - Describe available configuration options (user TSconfig) - Provide automatic screenshots - Align to the new documentation standards (https://docs.typo3.org/m/typo3/docs-how-to-document/main/en-us/GeneralConventions/FileStructure.html) Resolves: #95886 Releases: main Change-Id: Iad905b23e53be47ae3f107f9b454dbdb15780cef Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72068 Tested-by:
Lina Wolf <112@linawolf.de> Reviewed-by:
-
- Mar 26, 2022
-
-
Oliver Hader authored
Recent CKEditor4 v4.18.0 addressed several vulnerabilities: * CVE-2022-24728 (XSS via attributes & comments) * CVE-2022-24729 (reDoS via Dialog Plugin API) * see https://ckeditor.com/cke4/release/CKEditor-4.18.0 for details Mentioned known vulnerabilities are not considered relevant for the TYPO3 backend user interface. By-passing CKEditor's XSS protection allows to persist malicious markup in database fields, which is mitigated during frontend rendering by typo3/html-sanitizer. That's why this issue is handled as regular bugfix. Executed commands: cd Build/ nvm use yarn add ckeditor4@^4.18.0 rm -r ../typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Contrib/ yarn exec grunt build Resolves: #97239 Releases: main, 11.5, 10.4 Change-Id: I3be12120c316b334e7efd237d0300e6d3cd165a8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74056 Tested-by:
-
Torben Hansen authored
In the process of using dedicated TCA types, the new TCA type "password" is introduced and replaces "eval=password" and "eval=saltedpassword" of TCA type "input". Notable changes to the previous behaviour: - "trim" is always done in DataHandler and FormEngine - Password field is rendered as input type=password - The input field has by default "autocomplete=off" The TCA type "password" introduces the new configuration "hashed", which can be set to "false", if the field value should be saved as plaintext to the database. This configuration has no effect for the tables "fe_users" and "be_users". Resolves: #97104 Releases: main Change-Id: Ia48296291a61df6802ef21105b38b4f508b7a11c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73832 Tested-by:
-
- Mar 25, 2022
-
-
Oliver Hader authored
Recent guzzlehttp/psr7 versions address vulnerability CVE-2022-24775. Mentioned known vulnerability is not considered relevant for the TYPO3 core. That's why this issue is handled as regular bugfix. Commands executed: composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2" composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2" \ -d typo3/sysext/core --no-update Resolves: #97240 Releases: main, 11.5, 10.4 Change-Id: I915b5620140912ecf1e0dc5bc887f4cc25ffb85a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74059 Tested-by:Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Oliver Bartsch authored
This introduces a new PSR-14 event, enabling extension authors to modify the preview url within the image manipulation element, used e.g. for the `crop` field of `sys_file_reference`. This replaces the previously available hook $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['Backend/Form/Element/ImageManipulationElement']['previewUrl'] which is therefore now removed. Resolves: #97230 Releases: main Change-Id: I56bb2111d85994c13acfc8ae074cac3d61933145 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74025 Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
-
Oliver Bartsch authored
Using the hook ['Backend/Form/Element/ImageManipulationElement']['previewUrl'], one can define a preview url for the image manipulation wizard. If defined, a button is displayed, opening the defined url in a new window, while adding the crop variants as an additional query parameter. However, the query parameter was previously always added using "&" which failed, in case the defined preview url does not already define query parameters. This is now fixed by properly checking whether the url already contains further parameters when adding the crop variants. Resolves: #97236 Releases: main, 11.5 Change-Id: Iedfdfa10db036490a4a801b1614ad99016f0bdc3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74029 Tested-by:
-
Andreas Fernandez authored
TYPO3 allows to install incompatible extensions for a very long time, but distributions were missed when this feature was introduced. This patch now offers the same "Dependencies could not be resolved" dialog for distributions that miss dependencies. As this dialog is now used in different contexts, the "Go back" action has been made configurable. Resolves: #80219 Releases: main Change-Id: If429164e539d9c3c984477cfdcb2568a59891117 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74024 Tested-by:
-
- Mar 24, 2022
-
-
Oliver Bartsch authored
This introduces two new PSR-14 events, enabling extension authors to modify the enabled controls as well as the corresponding controls' markup for FormEngine inline elements. This replaces the previously available hook $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tceforms_inline.php']['tceformsInlineHook'] which is therefore now removed. The hook required implementations to implement the InlineElementHookInterface, which is now deprecated as it's unused due to the hook removal. Resolves: #97231 Releases: main Change-Id: I669d759c554d4a2d3ed24f65013c74d54038a0af Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74026 Tested-by:
-
Simon Schaufelberger authored
Resolves: #97211 Releases: main, 11.5 Change-Id: Ic0165c1c88bae6ef5206d79691aa5918762dc14c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73995 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
- Mar 23, 2022
-
-
Oliver Bartsch authored
Element browsers are now automatically tagged and registered, based on the implemented `ElementBrowserInterface`, using the autoconfiguration feature from the DI container. The previous registration via `$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ElementBrowsers']` has been removed. Additionally, to be able to use autoconfiguration, the identifier of a element browser has to be provided by the service directly using the now required :php:`getIdentifier()` method. Resolves: #97188 Releases: main Change-Id: I8fa782331b3226e651c239dfc5d131f3a0a46893 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73973 Tested-by:
-
Oliver Bartsch authored
The Scheduler module provides the option to execute symfony commands. Since those commands are usually built for CLI execution they might also contain interactive components like questions, which however can not be used when execution is scheduled. Therefore, the console input is now set to be non-interactive in the ExecuteSchedulableCommandTask "wrapper" class. Resolves: #97225 Releases: main, 11.5 Change-Id: I217c339ea0ef44ff91bcd8396d384227e8691184 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74018 Tested-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
-
Oliver Bartsch authored
This introduces a new PSR-14 event, enabling extension authors to modify the link explanation, used for TCA `link` fields in a flexible way. This replaces the previously available hook $GLOBALS['TYPO3_CONF_VARS']['SYS']['formEngine']['linkHandler'] which is therefore now removed. Resolves: #97187 Releases: main Change-Id: I8937a9870657085bd520d8b813d8d5b4c93f7bc1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73972 Tested-by:
-
Georg Ringer authored
Resolves: #97229 Releases: main, 11.5 Change-Id: I908102d0f4b5b3f3fe686f0ccdc60604669a8173 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74022 Tested-by:
-
Simon Schaufelberger authored
Used command: composer req friendsofphp/php-cs-fixer:^3.8.0 --dev Resolves: #97227 Releases: main, 11.5 Change-Id: Iad07abbef89a4b69c9d0ab2ea76cc3645bdb5476 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74020 Tested-by:
-
- Mar 22, 2022
-
-
Oliver Bartsch authored
A couple of JS modules requires some module information, such as the navigationComponent. Those information were previously added as data attributes to the main module menu items and then retrieved by the JS components. This however did no longer work for third-level modules, introduced in #97135, since they are not present in the main module menu. This is now resolved by adding the full module information, including all modules, as a single data attribute to the "scaffold-modulemenu" element. Note: On installing new extensions, which add backend modules, a complete backend refresh is necessary for the new modules to be accessible. An automatic refresh will be added in another patch, since this will also be required to update the JavaScript import maps. Resolves: #97184 Related: #97135 Releases: main Change-Id: I753ef87f09ef111222945703ae3aa7cb2cb0d802 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73914 Tested-by:
-
Oliver Hader authored
Custom element typo3-backend-table-wizard offers a wizard for modifying serialized table syntax of tt_content CType table. Whenever data is changed in the wizard, a corresponding client change event has to be forwarded to the actual tt_content field handled by FormEngine, to reflect the record has changes. Resolves: #96656 Releases: main, 11.5 Change-Id: Ib63088052ac3d2150e3f3db6b624bc7cac61db99 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74015 Tested-by:
-
Torben Hansen authored
To support future password hashing algorithms, it is recommended by PHP to use a DB size of 255 chars for fields storing password hashes. Resolves: #97221 Releases: main Change-Id: I490c7848f8ca7a0fc61aeb8272f6982c3b420a6a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74014 Tested-by:
-
