- Oct 11, 2022
-
-
Benni Mack authored
Change-Id: I87e5976885d5d1862cb742d0ba8855a7912f5ac1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76088 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Benni Mack authored
Change-Id: I908c2eb905d4601da7a4737cc6211467384a64e9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76087 Tested-by:
-
Stefan Bürk authored
Search- and filter functionaly usually uses `LIKE` or `NOT LIKE` SQL statements to search a provided search term in the database. Different dbms behave differently regarding search term casing. MySQL/MariaDB relies on chosen collation of the database-, table- and/or column level. Typical and recommended defaults on db side and by TYPO3 default settings are case-insensitive collations, which is the most common spread configuration. Based on this, most people assume search terms are searched case-insensitive, when using `LIKE` or `NOT LIKE` SQL statements. PostgresSQL on the other hand knows the keywords `LIKE` and `ILIKE`. The `ILIKE` keyword has to be used, when a case-insensitive search is wanted. The current implementation simply uses `LIKE` for all dbms, so searching with postgres is case sensitive, while it is usually case insensitive with MySQL/MariaDB. SQLite states `LIKE` is case-insensitive, which is basically correct. The limitation is, this only works for the 26 chars in the ASCII charset range, and not only for `LIKE` but also for the `UPPER()` and `LOWER()`. There should be a way to compile php extension sqlite with ICU support, enabling case awareness for more chars, but that's nothing we can expect people do and have by default. We cannot do much, so we leave some notes in the code regarding this detail. The patch changes ExpressionBuilder to use ILIKE on PostgresSQL to be in-line with the default MySQL/MariaDB behavior. Resolves: #98570 Releases: main, 11.5 Change-Id: I5a586a4bf46ee1b4699f4223fd4b19a0b9ae453b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76085 Tested-by:
Stefan Bürk <stefan@buerk.tech> Reviewed-by:
-
Christian Kuhn authored
Obvious hardening of an array access. Resolves: #98469 Releases: main, 11.5 Change-Id: Ie4e083b0ff50de4e2fbabf4bdfd47753d29bd06d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76058 Tested-by:
-
Christian Kuhn authored
Harden GeneralUtility::explodeUrl2Array() and increase test coverage. Change-Id: I3136a27572414810989c038b78bd0f362cc64c65 Resolves: #98537 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76057 Tested-by:
-
Anja Leichsenring authored
Resolves: #98559 Releases: main, 11.5 Change-Id: Ifa5c3ac6997545a79c7306ff9a3afc0d97675dec Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76083 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
-
Simon Schaufelberger authored
Resolves: #98539 Releases: main, 11.5 Change-Id: I1a9943316a7d8d657b2e64cc704ae52943a89b40 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76056 Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
-
- Oct 10, 2022
-
-
Georg Ringer authored
Invalid HTML must not produce notices in backend or frontend. Resolves: #98513 Releases: main, 11.5 Change-Id: I6aca14d97318b292616a5a4670150263a2c7ec69 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76076 Tested-by:
-
Stefan Bürk authored
PostgresSQL is really picky about types and used operators. Thus using for example a `like` comparision on non string/text based fields fails hard. Database errors like following indicates this issue: > Undefined function: 7 ERROR: operator does not exist: > smallint ~~ unknown This changes implicit converts field data to a text representation for PostgresSQL, if field is not compatible. In case of small/tinyint fields a double cast is used, means casting to integer and then to string before applying the like comparison on it. The choosen solution is used to have a comparible behaviour against the other supported dbms systems like MariaDB, MySQL and SQLite, also doing a full search on all fields may be a bad decision. The whole search and full-search across all types should be reconsidered generally. Resolves: #98563 Releases: main, 11.5 Change-Id: I4dde0e49bf8fd68a01b50aeabc12c24398fb6ac9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76055 Tested-by:
-
Stefan Bürk authored
Resolves: #98468 Releases: main, 11.5 Change-Id: Ia3f0ac3c5d4c20eaef5ffdafae060bab4a1c9aad Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76073 Tested-by:
-
Stefan Bürk authored
PostgresSQL seems to get picky with upper case column names, if they are not proper quoted in queries, like `pages.SYS_LASTCHANGED` as example. Executing such database queries will return database error message like ERROR: column "sys_lastchanged" does not exist also it has been provided as upper case variant. Related to system architecture and historical build up sometimes sql parts are build manually instead of using QueryBuilder directly. Thus fields and values are eventually not properly quoted, thus leading to this error message. This can be verified using ext:styleguide frontend pages and open the `/menu-recently-updated` using postgres dbms backend. This change ensures proper quoting for build up of the extraWhere (or additionalWhere) in core content object class `\TYPO3\CMS\Frontend\ContentObject\Menu\AbstractMenuContentObject`. Resolves: #98561 Releases: main, 11.5 Change-Id: I28541eafd1ceee360c78b54d24967286ec66ea9a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76054 Tested-by:
-
Stefan Bürk authored
Prior to PHP8.0 the long libpq version (`PGSQL_LIBPQ_VERSION_STR`) contained compiler informations, which is used in the install tool environment checks. Since PHP8.0 the value is identical to the short version (`PGSQL_LIBPQ_VERSION`) and using the long form is deprecated. See: https://www.php.net/manual/en/pgsql.constants.php This change now simply use the short version for the PostgreSQL libpq check, avoiding nasty PHP version flip-flop checkings. Resolves: #98562 Releases: main, 11.5 Change-Id: I41f3cf0e51c16cc4c8dd5d9a95b262283f5bd7ed Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76072 Tested-by:
-
Mario Lubenka authored
DebuggerUtility::var_dump() is commonly used to debug PHP classes. We recommend hardening PHP classes by using typed properties in PHP classes. Previously uninitialized properties resulted in a PHP exception when passing the class instance into DebuggerUtility::var_dump. Uninitialized properties will not be processed by DebuggerUtility::var_dump anymore. Instead a label "uninitialized" indicates that it has not been initialized at the time of debugging. Resolves: #98519 Releases: main, 11.5 Change-Id: Ifbb9fd4d0de2e6214ab4b876b04302b2adaf6d2a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76053 Tested-by:
-
Stefan Bürk authored
PostgresSQL is picky if aggregation functions like `order by`, `group by` and similar are used, but missing the corresponding columns in the "SELECT" column listing. ext:redirects backend module builds query using the QueryBuilder based on the demand dto object, which so far is a good practice. To get the total count of records based on selection and properly building the pagination it uses the same technique but executing a simple count query, which leads to the aggregation error using PostgresSQL dbms due the containing `order by` sortings. This changes simply omits the orderBy part of the build query to avoid this error and still counting on a correct full dataset. Resolves: #98534 Releases: main, 11.5 Change-Id: I09e5f88d9d4f7c0aa578f8e1503cd1b17bc2c5dc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76052 Tested-by:
-
- Oct 09, 2022
-
-
Anja Leichsenring authored
Resolves: #98558 Releases: main, 11.5 Change-Id: Ic7bfd4812e49481f51603826a729423951275dbb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76034 Tested-by:
-
Stefan Bürk authored
This change properly removes registered exception handlers in tests to avoid side effects. Thus acting as pre-patch to tighten unit tests with auto dangling error- and exception handler detection through the testing-framework BaseTestCase. Resolves: #98554 Releases: main, 11.5 Change-Id: I8efb23a84d380dff1643ce61c87e59a7550a72e1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76015 Tested-by:
-
- Oct 08, 2022
-
-
Stefan Bürk authored
This change ensures that unit tests has a valid `setUp()` parent call chain down to the testing-framework base class and acts as a pre-patch to introduce tightend safe-guard checks on testing-framework level afterwards. Resolves: #98553 Releases: main, 11.5 Change-Id: I6ea1ddf5c979b6565b9dbfcb86776f224531fcdd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76008 Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Tested-by:
-
Stefan Bürk authored
Use guard to avoid undefined array key acces in core viewhelper `\TYPO3\CMS\Fluid\ViewHelpers\Be\PageInfoViewHelper`. Resolves: #98509 Releases: main, 11.5 Change-Id: Ief8594f08c0ab13b477491f89b93060998107e80 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76014 Reviewed-by:
-
- Oct 07, 2022
-
-
Oliver Klee authored
This update finds new problems and gets rid of some false positives. Run commands: > composer req --dev phpstan/phpstan:^1.8.8 > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #98541 Releases: main, 11.5 Change-Id: Idff8e6f7f9baa700a79ec0e823aee14f0fb63efb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76013 Tested-by:
-
- Oct 06, 2022
-
-
Oliver Klee authored
This helps avoid breakage when GeneralUtility will switch to strict mode. This change also prevents a bunch of possible invalid array access warnings. Change-Id: I64a0d5a5fce7bc3e3eb0aec97ebfbaa57675d3b8 Resolves: #97584 Related: #97578 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76012 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
- Oct 04, 2022
-
-
Oliver Hader authored
This change addresses several "undefined array key" issues that have been identified by PsalmPHP (see issue #98321). Resolves: #98411 Related: #98321 Releases: main, 11.5 Change-Id: Iec52d5b511c8c4af9fa97e3a5081a7a1ac1e5e3d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75986 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Christian Kuhn authored
Some minor php-cs-fixer modifications: * Move main config file to Build/php-cs-fixer * Adapt runTests.sh setup and helper scripts * Check Build/ directory, too * Simplify config a bit Change-Id: I74bea96791c9b74331030bd7c9c26d566ce6c90c Resolves: #98525 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75984 Tested-by:
Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
-
Oliver Klee authored
This update finds new problems and gets rid of some false positives. Run commands: > composer req --dev phpstan/phpstan:^1.8.7 > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #98524 Releases: main, 11.5 Change-Id: Idbb8e62aac0b480eb0590e483968741f2b58916d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75985 Reviewed-by:
-
Oliver Hader authored
Having manually(!) enabled "enhanced spell checking" in browsers, can lead to scenarios where password data is sent to remote services which actually take care of the spell checking. see https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Since this issue is caused by browsers and the determination of "confidentiality" is fuzzy here, this issue is handled in public. Following changes have been applied: + forms dealing mainly with credentials, as well as all forms in ext:install have been adjusted to `<form ... spellcheck="false">` + other password form elements, including TCA type `password` have been adjusted to `<input type="password" ... spellcheck="false">` Resolves: #98492 Releases: main, 11.5 Change-Id: I32cab686040e09fb491a93187a3c1b196e7cf1bf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75946 Tested-by:
-
Christian Kuhn authored
This avoids abandoned php-cs-fixer/diff > composer req --dev friendsofphp/php-cs-fixer:^3.11.0 > Build/Scripts/runTests.sh -s cgl -p 7.4 Change-Id: I84704208cc891916e5354c0900dc4bac4e771380 Resolves: #98522 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75980 Tested-by:
-
- Oct 03, 2022
-
-
Georg Ringer authored
Checking for a not existing value of a flexform sheet must not lead to a notice. Resolves: #98483 Releases: main, 11.5 Change-Id: I8ea7f6e8ecafcd14cc572e4c7207dc5e67300a18 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75896 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
-
Stefan Bürk authored
Symfony released new versions, which includes a bugfix in "symfony/mailer", which allows us to reactivate a unit test for PHP8.1 (#98216), see also issue: https://github.com/symfony/symfony/issues/47402 Resolves: #98493 Related: #98216 Releases: main, 11.5 Change-Id: Ie71aa65f150fca9a9587fbcd10edba6f9d130367 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75932 Tested-by:
-
- Sep 29, 2022
-
-
Daniel Siepmann authored
Resolves: #98421 Releases: main, 11.5 Change-Id: I069ae69d4d396883393f76b1c9cf1b1cacaa0f9d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75895 Tested-by:
-
Markus Klein authored
Avoid PHP warning if pageRow is empty, i.e. no 'editlock' can be checked. Releases: main, 11.5 Resolves: #98459 Change-Id: I49d5d98484612921c02746bcf75c9dfc2bef526c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75914 Tested-by:
-
Christian Kuhn authored
FormProtectionFactory has a static instance cache that potentially leaks state in between tests. The patch adds a couple of purgeInstances() calls to avoid this. Resolves: #98470 Releases: main, 11.5 Change-Id: Ic3e0aa5b6cbd7b7368aab34b74890d3f7ee04c1b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75894 Tested-by:
-
- Sep 28, 2022
-
-
Georg Ringer authored
The label in the extension manager must be adopted as t3x is not allowed anymore since #92590. Resolves: #98438 Related: #92590 Releases: main, 11.5 Change-Id: I7e2a616741f3c0355f09fb83cf85763f004bb55a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75893 Tested-by:
-
- Sep 27, 2022
-
-
Christopher Schnell authored
The filemounts from groups are used when a backend user logs in. Resolves: #98440 Releases: main, 11.5 Change-Id: I10b5eeeea003e71d22bf92d91656627140bacfcd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75892 Tested-by:
-
- Sep 26, 2022
-
-
Oliver Hader authored
Add static library functions that allow using base64url-compliant values (according to https://tools.ietf.org/html/rfc4648#section-5). The difference to classic base64 is, that the result alphabet is adjusted like shown below, padding (`=`) is stripped completely: + position #62: `+` -> `-` (minus) + position #63: `/` -> `_` (underscore) Resolves: #92509 Releases: main, 11.5 Change-Id: I8804824f3a7fb4e08e18ef6dee6826744dbd41bc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75868 Tested-by:
-
- Sep 23, 2022
-
-
Susanne Moog authored
MFA was preventing the login log entry to be written as after successful username/password auth MFA was triggered without logging the first part. With this patch, the order has been changed to allow logging of the successful first log in step. Additionally, the MFA controller is now also using writeLog to have a complete auth logging including failed and successful MFA attempts in the backend log module. MFA related log messages are aligned to also include the username. Resolves: #98237 Releases: main, 11.5 Change-Id: I8d4ad0c73f9a8d0e4e2c9f3db85c6280d03c3fca Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75863 Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
-
Andreas Fernandez authored
The controls of EXT:viewpage have several glitches which are fixed in this patch: * Setting a custom width now properly updates the selector in the preset dropdown * Updating the custom size also stores the data in the "current" scope * The controls now adapt to the dark appearance of the backend module Resolves: #98419 Releases: main, 11.5 Change-Id: Iaabf72124d4b0ee0339e77de330211d72027ff78 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75849 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
- Sep 22, 2022
-
-
Markus Klein authored
The New Record Wizard shows the correct header for the "system" group again. The change preserves the group's title and icon once set, so extensions can't override predefined groups. Resolves: #98413 Related: #98036 Releases: main, 11.5 Change-Id: I9c052fa234431969840fa3c8dac3720c286140cd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75823 Tested-by:
-
Daniel Siepmann authored
Resolves: #98412 Releases: main, 11.5 Change-Id: Idcb0a18ece3162940e0c883d41f0f2f9e1a740bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75822 Tested-by:
-
Daniel Siepmann authored
Resolves: #98418 Releases: main, 11.5 Change-Id: Ic97959c358978b2032e5fa18aaec915552e2ff1a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75821 Tested-by:
-
Daniel Siepmann authored
Resolves: #98406 Releases: main, 11.5 Change-Id: I856ebd36c1f8c8906fa6b23834704bd2ee5531ad Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75820 Tested-by:
-
Andreas Fernandez authored
To make datetimer picker buttons focus the belonging textfield, the buttons were rendered as `<label>` which is a very dirty hack, leading to clitching buttons. To solve this, the `@typo3/backend/global-event-handler` module is now capable of focussing a specific element after clicking a trigger element. Resolves: #98054 Releases: main, 11.5 Change-Id: I828785267e6a8c25f3ed7c17221e903cd4cc3220 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75392 Tested-by:
-
