- Mar 27, 2023
-
-
Torben Hansen authored
A new PSR-14 event `EnrichPasswordValidationContextDataEvent` is introduced to allow extension authors to enrich the `ContextData` DTO before a password is validated against a password policy. Additionally, the `ContextData` DTO in the `PasswordReset` class now includes the backend user username and realName attribute, which can be used in custom password policy validators. Resolves: #100294 Releases: main Signed-off-by:
Torben Hansen <derhansen@gmail.com> Change-Id: I395a0eb75749c12c4beac3611c436209c07844cf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78259 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
core-ci <typo3@b13.com> Reviewed-by:
Simon Schaufelberger <simonschaufi+typo3@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Oliver Klee authored
see https://www.php.net/manual/en/functions.first_class_callable_syntax.php Resolves: #100315 Releases: main Change-Id: Ib915e7329d2a803dca241f533e0297c4cd13e204 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78270 Reviewed-by:
Wouter Wolters <typo3@wouterwolters.nl> Tested-by:
Nikita Hovratov <nikita.h@live.de> Reviewed-by:
-
Oliver Klee authored
This improves both code readability as well as type safety in the tests. Resolves: #100313 Releases: main Change-Id: Ib647d5107f48564e847e8c6a9444ae25f83175e7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78268 Tested-by:
-
Oliver Klee authored
- use parameter and return type declarations - use the same parameter names as in the mocked method - drop useless `self::anything()` calls - drop `self::isType()` calls that duplicate the native type declarations This improves code readability and type safety in the tests. Resolves: #100314 Releases: main Change-Id: Icc572eb327b09b05f8637a7d91eb7bc7188344be Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78269 Tested-by:
-
Benni Mack authored
The list module shows the dropdown of possible translations now in the same automatic width (instead of the full width) - the same way as in page module. Resolves: #100306 Releases: main Change-Id: I94dfd93f2d94a73b90a839183590da613af0cf84 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78262 Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
-
Christian Kuhn authored
* Static DP * Avoid withConsecutive() - kinda useless in this case anyways * Don't use $this in DP Resolves: #100320 Related: #100249 Releases: main Change-Id: Ia1fbdf1152786037f5bb9c9295ed3f57491000d5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78274 Tested-by:
Stefan Bürk <stefan@buerk.tech> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
-
Christian Kuhn authored
phpunit 10 expects files that end with Test.php to contain tests. Two fixture files are renamed since phpunit detects them as test cases, but they are not. Resolves: #100321 Related: #100249 Releases: main Change-Id: Icdf0cc44328c7687544e90c612128b1db2ea48fc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78275 Tested-by:
-
Alexander Schnitzler authored
Releases: main Resolves: #100283 Change-Id: I9281b4d8b276fda9628a4fbac085ca7b82ebf95f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78240 Reviewed-by:
-
Benni Mack authored
A new TypoScript cObject "EXTBASEPLUGIN" is added for Extbase plugins to allow Extbase authors to not reference the Extbase Bootstrap class anymore. This way, newcomers do not have to worry about running defining USER/USER_INT things, which is not relevant for them. As most existing users use the API, it does not matter much, except for places. In the future, Extbase logic can / should be moved to the Extbase Plugin Content Object, while removing the dependency on the ConfigurationManager and the cacheable actions from the Bootstrap and RequestBuilder classes. At the current point, this is very much convenience and helps to further document to distinguish between Plugins (= PHP code) and regular Content Types. Resolves: #100293 Releases: main Change-Id: Ia3a7cceddd9f93dc606c3194828d26bed5a8f2b2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76517 Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
-
Benni Mack authored
Two new Events are added * TYPO3\CMS\Core\Authentication\Event\BeforeUserLogoutEvent * TYPO3\CMS\Core\Authentication\Event\AfterUserLoggedOutEvent * TYPO3\CMS\Core\Authentication\Event\AfterUserLoggedInEvent They should be used instead of the hooks: * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'] * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'] * $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['backendUserLogin'] as they are now deprecated. This is an ongoing effort to remove hooks and use a better and more flexible PSR-14-based EventListener system. Resolves: #100307 Releases: main Change-Id: Iec5f96cc052ad5da572c2ba19c77da80a30025f3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78263 Tested-by:
-
Christoph Lehmann authored
This extends the AdminPanel toolbar with more important metrics: * Peak memory usage * Amount of SQL queries * Time spent doing SQL queries Resolves: #100167 Releases: main Change-Id: I40dc57491188ea65656bde66cb181f134085b308 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77007 Tested-by:
-
Andreas Fernandez authored
The `SearchRepository` class used in the LiveSearch is now able to handle pagination, allowing to render a pagination in the search modal window. The `SearchProviderInterface` received a new method `count()` used to calculcate the amount of potential results. Since pagination is available now, the "Show all" button in the LiveSearch serves no real purpose anymore and is therefore removed. Resolves: #100289 Releases: main Change-Id: I2f1f431d8d385d0ba1963483c2dd34b1e44cca67 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78232 Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
-
Stefan Bürk authored
It's possible that project instances are configured to use RouteEnhancers and RouteDecorators, e.g. PageTypeSuffix RouteDecorater with a suffix for page type "0" (zero) like ".html". Until now, only the slug-field value has been used as source path for auto created redirects, which neglected to respect these route configuration possibilities. That means that a proper redirect hasn't been create if for e.g. the ".html" suffix has been configured for page type "0". Since #99188 introduced the "SlugRedirectChangeItemCreatedEvent" it's possible to add further source types, for which redirects are created. This change provides the "PageTypeSource" as new generic source type for page type based sources. The TYPO3 core adds a listener to build an URI with page type "0" and adds this to the current change item as source. This added `PageTypeSource` will replace the `PlainSlugReplacementSource` if the source host and path are the same - it overrules it to avoid duplicate redirects. That means, if both are providing different source information both are kept and two different redirects are created. Extension authors can now use the new PageTypeSource type to provide additional sources for other page types registering a custom "SlugRedirectChangeItemCreatedEvent" listener - or remove the "PlainSlugReplacementSource" if needed. With this event based solution configuration options are kept simple. Resolves: #94499 Related: #99746 Releases: main Change-Id: Ic4feb8de1b05ba9d06dce2acaa0537ab39245e92 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77195 Tested-by:
Stefan Froemken <froemken@gmail.com> Tested-by:
-
Christian Kuhn authored
Rename AbstractSoftReferenceParserTest to AbstractSoftReferenceParserTestCase to prevent a phpunit 10 warning that class names ending with "Test" should not be abstract. Resolves: #100316 Related: #100249 Releases: main Change-Id: I85557a1cbda3ac96a1b9baad151cff160123819a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78271 Tested-by:
-
Oliver Hader authored
Add the possibility to extend the Content-Security-Policy model by cryptographic hashes - which can either be static or a dynamic proxy: * `$type = HashType::sha256;` * `new HashValue('<base64-hash>', $type);` * `HashProxy::glob('EXT:my/Resources/Public/*.js')->withType($type);` * `HashProxy::urls('https://example.org/worker.js')->withType($type);` Resolves: #100141 Related: #99499 Releases: main Change-Id: I7a3ee4fdea2c87bce9fc013688ffba7f21b680aa Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78102 Reviewed-by: -
Nikita Hovratov authored
Due to a missing file suffix check, @import for tsconfig was included twice, while it was looping through the possible ".typoscript" an ".tsconfig" file suffixes. This is now fixed by making sure that the absolute file name ends with the current file suffix. Resolves: #100240 Related: #97816 Releases: main Change-Id: I1f8acdddd60b257b93ce0ca21aee3434947fa999 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78200 Reviewed-by:
-
Christian Kuhn authored
* Submodule drop-down is shown on page 0 as well since page TSconfig is typically available on page 0 as well * Rename route pagetsconfig_records to pagetsconfig_pages * Headline improvements for page 0 Change-Id: I01eb793124042c34ad4aa21b6dceb058d1f3d9d8 Resolves: #100310 Releases: main Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78265 Tested-by:
Jasmina Ließmann <minapokhalo+typo3@gmail.com> Reviewed-by:
-
Max Frerichs authored
A user who's about to log in into the backend is now able to reveal the typed password. Once the password field is cleared, the visibility mode automatically switches back to its default to avoid revealing sensitive data by accident. Resolves: #86880 Releases: main Change-Id: I3c45730e2bed9a71371e472729edf12c29bf5860 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75380 Tested-by:
-
Alexander Schnitzler authored
This patch introduces ColumnMap\Relation enum as a replacement for the former ColumnMap::RELATION_* class constants. Releases: main Resolves: #100272 Change-Id: I517bd3ed30815e1bc51845ae2739121999ca5863 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78230 Reviewed-by:
-
Jochen Roth authored
The group of "Not assigned to any task group" can not be collapsed anymore. This has been fixed by adding the correct id, so the element to collapse is found and collapsed again. Resolves: #100308 Releases: main Change-Id: I08c705cea67d03c02667cc6753752b385339733f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78264 Tested-by:
-
Torben Hansen authored
The default value for a confirmation is currently not respected in the install tool on UI level and a confirmation dialog will always show the "deny" button as selected. On CLI level the default value is however taken into account. This change sets the default value of the confirm dialog buttons depending on the `defaultValue` property of the confirmation. If the `defaultValue` is `true`, the "confirm" button is selected, otherwise the "deny" button is selected. Resolves: #100291 Releases: main, 11.5 Signed-off-by:
-
Oliver Klee authored
- use arrow functions - make anonymous functions static if possible - add type declarations - use first class callables see https://www.php.net/manual/en/functions.first_class_callable_syntax.php Resolves: #100146 Releases: main Change-Id: Ic4f3f93b7592dc9ce3fdb2a3bd8bf2fea491ebbe Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78099 Reviewed-by:
Alexander Schnitzler <git@alexanderschnitzler.de> Tested-by:
-
Oliver Hader authored
An internal csp-violation reporting endpoint is integrated, which keeps track of potential violations in frontend and backend scope. Alternative remote endpoints of 3rd party services can be configured with in TYPO3_CONF_VARS setting `contentSecurityPolicyReportingUrl` for `BE` or `FE`. Violations ("reports") are visualized in the new Content-Security-Policy backend module, which allows to select from possible suggestions that would resolve a violation - however a user with system maintainer privileges has to make this decision. For the time being, the `GoogleMapsHandler` has been added, which can be used as an inspiration for additional custom CSP violation handlers. The following test extension triggers CSP violations: https://packagist.org/packages/oliver-hader/csp-test Resolves: #87423 Related: #99499 Releases: main Change-Id: I7476b954c896c4d367d4e41e3d0f6f663952e966 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77998 Tested-by: -
Georg Ringer authored
As there are no records regarding PageTsConfig, the wording should be adopted. Resolves: #100179 Releases: main Change-Id: I156d9a94aca69c774616633e04a2ac8345e1c868 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78134 Tested-by:
-
Christoph Lehmann authored
Given a page has TSconfig and it is translated, then the translation is also listed which blow ups the overview unnecessarily and is somehow confusing too, because page translations don't show the field TSconfig in BE. Resolves: #100303 Releases: main Change-Id: If8ac2f01a0c4ba99983f8389909d854a911d0c76 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78256 Reviewed-by:
-
Sybille Peters authored
This is a change to ease translation of the existing texts. The phrase "for your internal reference" adds little value to the description descripion and causes difficulties while translating: The phrase is ambiguous, it can mean "for your internal documentation" or something else and I am not sure what it means in this context. Resolves: #100299 Releases: main Change-Id: I9b6583c9a5315eab3e7c048eb61c4c06c0d236a9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78255 Tested-by:
-
Thomas Hohn authored
In #97202 types for the class ArrayUtility were added. Unfortunately the second parameter ($path) for the method isValidPath was changed to string only. The method basically calls getValueByPath, which has $path defined as array|string and handles it properly. It makes no sense, not to be able to call isValidPath with the same types for the $path argument. Resolves: #100302 Releates: #97202 Releases: main Change-Id: I7b0235d3013c84a6580397162de8f65dea212cda Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78258 Tested-by:
-
- Mar 26, 2023
-
-
Nikita Hovratov authored
Just like other ViewHelper tests, the AssetCollector ViewHelper tests now utilize the RenderingContext and TemplateView to render a real Fluid snippet. The AssetCollector Singleton can now also be retrieved from the DI container. Resolves: #100290 Releases: main Change-Id: I22841b46061d9f1510bc2967545fe8773b1b2ac3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78245 Tested-by:
-
Thomas Hohn authored
Added a null coalescing operator around the access $item['lastMod']. Resolves: #100280 Releases: main, 11.5 Change-Id: Idd4de6d647198e10d87ec01d64fa685535ab59aa Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78241 Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
Stefan Froemken authored
Add an index to TYPO3 table be_dashboard to prevent FTS. Resolves: #100298 Releases: main Change-Id: I7da4f23047c61053e646c445399edf3eb2bc2d64 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78254 Reviewed-by:
Thomas Hohn <tho@gyldendal.dk> Tested-by:
-
Stefan Froemken authored
Counting by column name has to check against null before. To speed up performance a little bit we switch to COUNT(*). Resolves: #100297 Releases: main Change-Id: Ia19e34852bea634de6447c198865a00ed3cb81a2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78253 Reviewed-by:
-
- Mar 24, 2023
-
-
Jochen Roth authored
Currently, it is not possible to get the uid of a given task via cli. For ease of use, the command 'scheduler:list' has been added to list all available tasks or only a given group. On top of that another command called 'scheduler:execute' was added which provides a multi-select list where the user can choose which tasks or grouped tasks to run. Resolves: #100143 Releases: main Change-Id: I3a153daf26c6bab358f6930999c74178f60ab12b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78095 Tested-by:
-
Frank Naegler authored
A webhook is an automated message sent from one application to another via HTTP. Most modern web applications have the ability to communicate either via outgoing or incoming webhooks. This way of communication allows application users to integrate multiple systems without writing code (so-called no-code/low-code integrations). TYPO3 provides the incoming webhooks part via the system extension "reactions". This feature now allows configuring outgoing webhooks in the TYPO3 backend - completing the round trip. A new backend module is added called "Webhooks" where any administrative user can create a webhook. At its' core a webhook consists of a trigger (when something should happen) and a target URL (what should happen). Every time the webhook is triggered, an HTTP request is sent to the target URL. With this feature, the request can be either a POST or a GET request. POST requests commonly contain data, and GET requests can trigger actions in third-party systems. The webhooks extension provides various triggers as examples - for example a trigger when a page is created or updated, or a file is added or removed - however, additional triggers can be provided in the future and custom triggers can be written by extension authors and project developers. The backend module also enforces the setting of a secret for each webhook which can be used to verify that the webhook request originated from the TYPO3 system and its' payload has not been modified in the meantime. Under the hood, the webhooks extension uses the TYPO3 queue and therefore the Symfony messenger component, which provides a flexible and extensible way for handling messages either synchronously or asynchronously. Co-authored-by:
Oliver Bartsch <bo@cedev.de> Co-authored-by:
Susanne Moog <look@susi.dev> Co-authored-by:
-
Muhammad Suleman authored
It is now possible to define additional fields (subject, cc, bcc, body) to links to emails by default. This means, that in the link picker of the TYPO3 Backend, emails can now be filled with additional fields, and the TYPO3 Frontend renders the mailto link properly encoded. The <f:link.email> Fluid ViewHelper now also accepts the new properties: * subject * cc * bcc * body This change also fixes some problems with existing links with percent-encoded parameters (RFC 3986) (see tests). Resolves: #70276 Resolves: #84594 Releases: main Change-Id: Iaf0366927feb79c9bfa0319556569236409858fd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77514 Tested-by:
-
Andreas Fernandez authored
Resolves: #100292 Related: #83580 Releases: main Change-Id: Ie3cf10bcb17645445ecc695912322ee1c76f5fef Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78247 Tested-by:
-
Thomas Hohn authored
Fix spelling error. Resolves: #100287 Relates: #95769 Releases: main Change-Id: I5dfa77780409208cce30db09b33d441a85f5b7d3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78244 Reviewed-by:
-
Alexander Nitsche authored
EXT:impexp may run into memory limits when converting XML to PHP arrays, even before all PHP memory is used up, because libxml has a specific limit of 10 MB. This limit can be turned off by using the `XML_PARSE_HUGE` (libxml) or `LIBXML_PARSEHUGE` (PHP) option, but only for the DOMDocument implementation of libxml, and not for the current XmlParser implementation. By replacing the XmlParser implementation with a DOMDocument implementation, larger XML files can be parsed with lower peak memory consumption as a side effect. For example, parsing a 4 MB dummy XML file consumes 56.03 MB (memory) / 168.72 MB (memory peak) with the XmlParser, while using DOMDocument reduces the consumption to 56.15 MB (memory) / 60.08 MB (memory peak). Besides the replacing of the implementation, XML parsing has been moved to separate classes (Typo3XmlSerializer / Typo3XmlParser), fully covered by tests, and restructured to reduce the number of required parameters to a minimum. The functional scope was not reduced in any way. Resolves: #83580 Releases: main, 11.5 Change-Id: Ic3345d539f028d766b49d01096ec34a6190a6dfe Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70814 Reviewed-by:
-
Oliver Hader authored
When using Content-Security-Policy for `style-src` with a `nonce-...` value, it requires that inline styles (those using a `<style>` element) have to be granted with a corresponding `nonce="..."` attribute. Note: 'unsafe-inline' is ignored when using a nonce or hashes. This behavior is decribed in CSP L3 in section 6.7.3.2.:2.1 (https://w3c.github.io/webappsec-csp/#allow-all-inline) > If expression matches the nonce-source or hash-source grammar, > return "Does Not Allow". Even if `<style>` usages in lit-element templates are static in most cases, it is considered a "inline style" in the scope of CSP. This change introduces a work-around, exposing `window.litNonce` in the global JavaScript context. In case a malicous script manages to retrieve this information, it does not really matter, since the malicious script was already executed with a valid nonce before... Resolves: #100140 Releases: main Change-Id: I53c2967f2c80c0f862145a4c94d75a5fc1349205 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78231 Tested-by:
-
Sybille Peters authored
The class name is removed since it is not customary for ViewHelpers and can easily be derived from the ViewHelper name. A description is added. In particular, the TYPO3 AssetCollector is mentioned. More details are added after the example (so the developer can still easily see the example in a preview of the IDE). Also, the specific attributes for this element are mentioned because the automatically generated ViewHelper reference lists all attributes in alphabetical order and quite a few make no sense for the asset ViewHelpers. Resolves: #100285 Releases: main Change-Id: I17d5f72ca4de4ad4ce4f244de29a54e97eecb7ff Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78242 Reviewed-by:
-
Torben Hansen authored
The password reset feature for TYPO3 frontend users does now consider the configurable password policy introduced in #97388, if the new feature toggle `security.usePasswordPolicyForFrontendUsers` is active. Password validation configured through `plugin.tx_felogin_login.settings.passwordValidators` has been marked as deprecated. Additionally, the `getLanguageService` function in `AbstractPasswordValidator` has been adopted to support both backend and frontend context. Resolves: #97390 Releases: main Change-Id: I3ab6f8a2fb7301ce2c8f70e7819d06a627366e6a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76445 Tested-by:
-
