- Feb 19, 2021
-
-
Oliver Bartsch authored
A new API is introduced, providing multi-factor authentication for the Core. The API is furthermore directly used to add two MFA providers by default: * TOTP (time-based one-time passwords) * Recovery codes Even if the API is designed to allow MFA in both, backend and frontend, it is currently only implemented into the backend. Users can therefore configure their available MFA providers in a new backend module, accessible via their user settings. There are also some configuration options for administrators to e.g. define a recommended provider or to disallow available providers for specific users or user groups. Administration of the users' MFA providers is possible for administrators in the corresponding user records. New providers can be introduced by implementing the MfaProviderInterface and tagging the service with the `mfa.provider` tag. Note that the API is currently marked as internal since changes in upcoming patches are to be expected. Following dependencies are introduced: * bacon/bacon-qr-code "^2.0" * christian-riesen/base32 "^1.5" Possible features that could follow later-on: * MFA frontend integration * Webauthn core provider for FIDO2 and U2F. * Forcing users to set up MFA on login * Password-recovery with active MFA Resolves: #93526 Releases: master Change-Id: I4e902be624c80295c9c0c3286c90a6a680feeb5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67548 Reviewed-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
core-ci <typo3@b13.com> Tested-by:
-
- Feb 18, 2021
-
-
Benni Mack authored
This change: * Removes any usages of TYPO3_REQUEST for the info module by handing over the current $request object into the TBE_MODULES_EXT codes * Cleans up the HTML code + uses Bootstrap 5 markup * Starts using constructor injection if applicable Resolves: #93542 Releases: master Change-Id: Ia01b0f922b3fdb904354ce294162ac36dcfe8e11 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67955 Tested-by:
Richard Haeser <richard@richardhaeser.com> Tested-by:
-
Martin Bless authored
Releases: master Resolves: #93541 Change-Id: I97a47fb4496d0381fc385db726a0f540247f7d5b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67965 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
-
Benni Mack authored
This change reduces technical debt on the HTML/CSS side by utilizing Fluid templates and Bootstrap 5 utilities in favor of home-grown code for Web->Template module. Most important changes: * Move as much logic from Controller in the Views (removal of LLprefix) * Unify module settings to be on top of the module and not below a listing * Streamline checkboxes * Remove inline CSS code Resolves: #93523 Releases: master Change-Id: I3ed23b57b4e2ff7d9efef9977801aecf2c9f02fb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67953 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
-
- Feb 17, 2021
-
-
Alexander Nitsche authored
All exception codes of the current TYPO3 version can be output to stdout without checking for missing and duplicate exception codes. Therefore, the patch adds the `-p` option to the duplicateExceptionCodeCheck.sh: Build/Scripts/duplicateExceptionCodeCheck.sh -p It is also added to runTests.sh: Build/Scripts/runTests.sh -s listExceptionCodes Resolves: #93499 Releases: master, 10.4, 9.5 Change-Id: I088d53bfbd8b5255b6516de3f546f3f914871ee1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67913 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
-
Anja Leichsenring authored
PageTree Acceptance tests must not rely on pageUids, as those can change unexpected. Better to find the page via its title. Credits to Christian Kuhn for coming up with the xpath. Resolves: #93538 Releases: master, 10.4, 9.5 Change-Id: Ia6d887728bac05d775ecfc3a3cc45045f96ffd1f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67961 Tested-by:
-
Torben Hansen authored
Symfony Expression language can't resolve the TypoScript [ELSE] condition. Instead a parsing error is logged which is not helpful for users, who may believe, that [ELSE] is not supported any more. Therefore the Expression Language resolver now does not parse the [ELSE] condition any more returns false instead. Resolves: #91259 Releases: master, 10.4 Change-Id: I6701b06efe237f36aad19e8d20573c28750dab5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67572 Tested-by:
Stefan Froemken <froemken@gmail.com> Tested-by:
-
Benni Mack authored
The file list module now also has a tree component which is not based on an iframe anymore, and now behaves similar to the page tree component. The main benefit is performance, which includes a state-of-the-art rendering component, and an added filter button to search for folder names and filenames (!). The tree component replaces the old "file_navframe" which will eventually be deprecated along its Routes, as well as the possibility to use a frame in the navigation component. Resolves: #93426 Releases: master Change-Id: Iad6c0a4288f1d448298cdaec7b52ff20959dbabf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67578 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
-
- Feb 16, 2021
-
-
Oliver Hader authored
Resolves: #93518 Releases: master, 10.4 Change-Id: I9a745fc608b1f1ce24af8005910ce776cd00a163 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67931 Tested-by:
-
Benjamin Franzke authored
Remove a stray inline padding-top definition that has been forgotten to be removed in #93489. The padding is no longer needed, as the docheader is using position sticky. Therefore padding-top added whitespace between docheader and module content. Resolves: #93522 Related: #93489 Releases: master Change-Id: I89c48a68c585f20d0689bfa5d767a5187d48aac9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67954 Tested-by:
-
Benni Mack authored
Labels within FormEngine are bold, but due to Boostrap 5 all labels in all places were bold and created margin, making the rendering of the rest of the TYPO3 Backend hard-to-grasp, as well as FormEngine not allowing to have a different view for labels of fields, and labels of actual form elements. This change adapts the margin and font-weight accordingly. Resolves: #93519 Releases: master Change-Id: I3bf0fda432cf43309fe3909a22784609ddeaa904 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67952 Tested-by:
-
Christoph Lehmann authored
This commit fills the section menu if no page is configured in the ce and the current page uses the content of another page Resolves: #92575 Releases: master, 10.4 Change-Id: I8050dc5979c37b35522067540f830d4aa10fca5d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66151 Tested-by:
Riccardo De Contardi <erredeco@gmail.com> Tested-by:
-
- Feb 15, 2021
-
-
Stephan Großberndt authored
The `colPos` identifier must be quoted - triggered by `{#colPos}` in TypoScript - to make the database query work on database systems that support case-sensitive identifiers (e.g. like PostgreSQL). See https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/8.7/Importa nt-80506-DbalCompatibleFieldQuotingInTypoScript.html and https://docs.typo3.org/m/typo3/reference-typoscript/master/en-us/Functions /Select.html#quoting-of-fields Releases: master, 10.4 Resolves: #93517 Change-Id: I3ae9b9d269371920570472890a92ba925a3e9822 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67925 Reviewed-by:Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Benni Mack authored
When an entered search word longer than 50 characters was used in indexed_search previously, a TYPO3 Exception was thrown due to a SQL error when having search statistics enabled. This change modifies the added statistic and cuts down the search stats to a maximum length of 50 characters as the DB field has only 50 characters. Resolves: #93385 Related: #92993 Releases: master, 10.4 Change-Id: Iea691446571c31378c79c7ac27a7fe98b0fa458a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67573 Tested-by:
-
Richard Haeser authored
After recent changes, system news was only shown when more than 1 item was available. With this change, also a single system news item will be shown. Resolves: #93515 Releases: master Change-Id: I7fe69071d7efda013db1e27d2818953b23d1e4f8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67920 Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Tested-by:
Martin Kutschker <mkutschker-typo3@yahoo.com> Reviewed-by:
-
Jochen Roth authored
Check for user in /etc/passwd, if it does not exist create a temporary passwd to get values from. Resolves: #93372 Releases: master, 10.4, 9.5 Change-Id: I60c9d2a10a0da155354546d57c823961bc39f014 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67539 Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
-
Christian Kuhn authored
Plus: No variable fallback magick in docker-compose.yml, this belongs to runTests.sh Change-Id: I9ec8d1ecba695061155807fd44d0a3cb3f342cfd Resolves: #93514 Releases: master, 10.4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67919 Tested-by:
Simon Gilli <typo3@gilbertsoft.org> Tested-by:
-
Andreas Fernandez authored
This patch refactors the client-side rendering of FlexForm sections. Now, there are two modules in place: - FlexFormSectionContainer This module handles the "outer" part of a section, e.g. to toggle all containers or to revalidate FormEngine if a container is removed. - FlexFormContainerContainer The FlexFormContainerContainer represents an individual container being a child of a section. In order to streamline the UI, the look & feel has been changed to be more similar to IRRE. Resolves: #93453 Releases: master Change-Id: Ica373a6dbed4b470725267eac221bf839b23ec0f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67589 Tested-by:
-
Richard Haeser authored
Verify the output of TypoScript settings config.pageTitleFirst and config.pageTitleSeparator Resolves: #93414 Releases: master, 10.4 Change-Id: Ib5f2c25aa15ce2f1689ded2c245499663e5a0429 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67632 Tested-by:
-
Martin Kutschker authored
The system news slider implements the ARIA pattern "carousel" except for the omission of aria-roledescription which has no support in current screen readers. Additionally the contrast of the slider controls has been increased and the click size does not shrink on small screens. Resolves: #93259 Releases: master Change-Id: Ia718184f9b4188c57c08d63f34bb05d80be37ced Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67456 Tested-by:
-
Andreas Fernandez authored
Passing jQuery objects to the methods `show()` and `hide()` of the module `TYPO3/CMS/Backend/Tooltip` has been marked as deprecated. The methods now check whether a NodeList or an HTMLElement is passed and handles the tooltip actions accordingly. If a jQuery object is passed, the old behavior is kept and a deprecation is logged in the browser's console. Resolves: #93506 Releases: master Change-Id: I680ae542f616627d3e22262c33cf126abc889d80 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67915 Tested-by:
-
Martin Kutschker authored
Clean up CSS by removing vendor prefixes that are handled by autoprefixer. The commit also removes SCSS mixins that add vendor prefixes. Releases: master Resolves: #93510 Change-Id: I949671211f5771524863df2062f6554a78b53caf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67918 Tested-by:
Jonas Eberle <flightvision@googlemail.com> Reviewed-by:
-
- Feb 13, 2021
-
-
Andreas Fernandez authored
Executed command: yarn add --dev @types/bootstrap Resolves: #93595 Releases: master Change-Id: I24ab01d3e1ef9d621ff1531a5d99a48ee67abb18 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67914 Tested-by:
-
- Feb 12, 2021
-
-
Benjamin Franzke authored
Avoid JavaScript based offset and height calculations. Position sticky can do that in all supported browsers for us. .module-docheader is additionally adapted to use display:flex in order for the docheader-bar margins to be contained within. (to preserve the position:fixed behaviour, which did the same). While at it, we also avoid jQuery usage within DocumentHeader.ts Releases: master Resolves: #93489 Change-Id: I8c42500c3fb608c7ee8bcfeca0578383814efcb6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67691 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
Benni Mack authored
This beta fixes various issues related to positioning of tooltips and popovers. See https://blog.getbootstrap.com/2021/02/10/bootstrap-5-beta-2/ Commands used: > yarn upgrade bootstrap@^5.0.0-beta2 > grunt build Resolves: #93487 Releases: master Change-Id: Ia320d925eec51a6cdd0fa73398a1a0e4ed70e524 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67688 Tested-by:
-
- Feb 11, 2021
-
-
Benjamin Franzke authored
Do not use global state by looking up the CacheManager from GeneralUtility, when we can actually inject the required cache. The core cache is available from early bootstrap, therefore we do not need to wait for CacheManager to be available, and can inject it right away. Releases: master Resolves: #93440 Change-Id: I5c760acc2a1bdcc740fa3210450167e6bed7e235 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67647 Tested-by:
Jörg Bösche <typo3@joergboesche.de> Reviewed-by:
-
Richard Haeser authored
Even when the page record is not translated, a hreflang tag should be rendered for languages with a fallback. Resolves: #89462 Resolves: #88020 Releases: master, 10.4 Change-Id: I12e17efd32043881e21ba631968872a90b22260c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67574 Tested-by:
-
Christian Kuhn authored
Brings a minor gfx fix and a massive memory footprint reduction for functional tests: As example master chunk 1/10 is down from 643MB to 145MB. composer req --dev typo3/testing-framework:^6.6.2 Change-Id: Ie9bc46a0c02f90d99e1d3b13e1e76640233433d9 Resolves: #93493 Releases: master, 10.4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67852 Tested-by:
-
Jonas Eberle authored
This fixes step indicators and button margins in the modal footer. Resolves: #93168 Releases: master Change-Id: Ic5e14389dfa4942645c6dc18b4a6355886209515 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67393 Tested-by:
-
Christian Kuhn authored
The EnhancerLinkGeneratorTest and EnhancerSiteGeneratorTest have 524 and 460 tests. Hack these into smaller parts using multiple files to be better digestible by the test splitter script. Resolves: #93490 Releases: master Change-Id: I2b926ed85211d8e19b6509f642e10cf24a5b44cc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67732 Tested-by:
-
Oliver Bartsch authored
The content fetcher did not consider delete placeholders. This task was done using a method in GridColumnItem which was used in the templates directly. Because defLangBinding is more complex, three additional calls to this method would be needed. Since such records shouldn't even be passed to the view at all, this check is now directly added into the content fetcher. This means that no elements with a delete placeholder are fetched anymore, making the getter and the calls in the templates superfluous. Therefore, the getter along with its single usage is removed. Resolves: #93332 Releases: master, 10.4 Change-Id: I5f214bc8f94ffe571289f7c62849590ca9931ea4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67492 Tested-by:
-
Oliver Bartsch authored
Passing a current page number which exceeds the maximum number of pages to the paginator is now silently resolved by using the last available page as the current page. This is done to prevent empty results, since such value can be passed unintentionally by a user. For example in case some internal state changed after the view was initially rendered or the view does not perform checks on this value at all. The later will now be prevented at least in core by adding the "max" attribute to all core paginations which previously missed it. Resolves: #93351 Releases: master, 10.4 Change-Id: I56fa1bd0ea62b7ddf7ea049819efc403fdf70d10 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67509 Tested-by:
-
Christian Kuhn authored
The styleguide extension generator creates a site configuration for its page tree for a while already. The manual creation of a site is not needed in acceptance PageTreeFilterCest. Resolves: #93488 Releases: master, 10.4 Change-Id: Iaaafd2d07589d1fcc370a4c22024e34d1182af35 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67689 Tested-by:
-
Oliver Bartsch authored
Page access failure log entries emitted by the TypoScriptFrontendController previously only included the same basic information, also shown to the user in the frontend. With this information it was nearly impossible for integrators to debug such errors further, making the whole entry log more or less superfluous. Therefore, all log entries for page access failures now include the requested URL and the requested page ID. Resolves: #93444 Releases: master Change-Id: Ie93399cf78b8af29f8ff7d3474fd6f0dac14e438 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67649 Tested-by:
-
- Feb 10, 2021
-
-
Benni Mack authored
Now that jQuery has gone and TypeScript is in place for Tree components, the next step is to consolidate and sort out re-usability. This change prepares the way for allowing multiple trees in the navigation component area (for FileStorageTree). * ContextMenu allows int+number (which is correct) * ContextMenu has all information from the TreeNode (and not the SVG element) - less Markup! * KeyTypeEnums are used throughout SvgTree * Centralized place for error notifications, removing duplicate code * tree.settings.isDragAnDrop is removed in favor of tree.settings.allowDragMove (which already exists) * Unused properties in TreeNode are removed * Since we are now in "TS module land", PageTreeToolbar.ts is removed because the class is only used in the PageTreeElement, so it does not need to be exposed anymore. Resolves: #93481 Releases: master Change-Id: Ia9bff532132dba5aea85352d7e510f6a7f9459c6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67683 Tested-by:
-
Christian Kuhn authored
6.6.1 for master & v10 4.15.3 for v9 Brings a bugfix to make the test splitter deterministic. composer req --dev typo3/testing-framework:^6.6.1 Change-Id: Iec61eb2d6a62a0c344c712d0577aa82adf04e7f5 Resolves: #93485 Releases: master, 10.4, 9.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67684 Tested-by:
-
Benni Mack authored
This change splits up Drag+Drop handling in general for SVG-based trees into PageTree specific logic, and common usages. This makes Drag+Drop functionality usable in more places than just the PageTree In addition, all usages of jQuery are removed and proper types were added instead of using "any". Resolves: #93478 Releases: master Change-Id: Ibb17cdd718424760676899b7746cb0828e06fc7d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67682 Tested-by:
-
Oliver Bartsch authored
The RedirectService is using typolink to build links to the defined target, e.g. a page. In case the redirect target is an access restricted page and the user is unauthorized, typolink did not build this link and therefore the request resulted in a 404 response. Since unauthorized requests to an access restricted page should always return a 403 status code, the `linkAccessRestrictedPages` option is now set in the typolink configuration. Therefore, the link will be built even if the user is unauthorized and then redirects to the target page where the correct 403 status code is returned. Resolves: #91879 Releases: master, 10.4 Change-Id: Ib82595abb12fae2c5629920d02b08e5e3144301b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67498 Tested-by:
-
Oliver Bartsch authored
If a non-admin does not have permissions to access a specific CType, disallowed via AD mode, the header icons, e.g. edit or delete, are now not longer displayed in the page module (fluid based) to prevent error messages in FormEngine. Therefore, recordEditAccessInternals is used, which was also the case in PageLayoutView and furthermore already includes the language access check. Resolves: #93411 Releases: master, 10.4 Change-Id: I6239cd1ace2f354386b5e6f11613f45b42342800 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67631 Tested-by:
-
Georg Ringer authored
The input type of the configuration `MAIL/transport_smtp_password` should be set to `password` instead of `text`. Resolves: #93231 Releases: master, 10.4 Change-Id: Id7938197a029fbf89ed060cdae35db58fc8a419c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67676 Tested-by:
-
