Resolves: #93104
Releases: master
Change-Id: I06ca0cf5886e5f880aff553c21c7e008f2f49492
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67182


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

See: https://getbootstrap.com/docs/5.0/components/navs-tabs/
for reference.

Resolves: #93124
Releases: master
Change-Id: Ifacfe27b269cb09fb002a37e9d809192708f13da
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67213


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Depending on SQL structure of an MM table, the recent fix for
issue #93064 can lead to query errors: It works with core
category relations but fails for instance with ext:news
'related news' relations. This is due to an assumption
about existence of field 'tablenames', which is bogus.
If needed, the according where restriction comes from TCA
MM_match_fields already, which is sufficient.

Resolves: #93109
Related: #93064
Releases: master, 10.4
Change-Id: Ifcc15989f87119cfb10c2da47c22b42a0dd4558a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67188


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Sebastian Michaelsen <michaelsen@t3seo.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Sebastian Michaelsen <michaelsen@t3seo.de>
Reviewed-by: Benni Mack <benni@typo3.org>

This changes removes the frontend framework
Bootstrap 3, and adds Bootstrap 5 beta 1 (we
expect Bootstrap 5 final by the time we release TYPO3 v11 LTS).

Bootstrap v3 is not supported by the Bootstrap
team any longer, so an update is critical for TYPO3 Core.

Bootstrap v5 adds a few accessibility improvements
as well as flexbox for rendering
containers and grids throughout TYPO3 Backend.

All JS components are not bound to jQuery anymore,
and have been reworked.

A lot of HTML/CSS changes happened, which we
slowly migrate (and not in a huge change)
to TYPO3's templates, in order to keep
this change managable.

A legacy CSS/SCSS file is added to
keep some backwards-compatibility classes
to ease the migration for extension developers
who have built their own backend modules.

Key features of Bootstrap 5:
* "rem" instead of "px" is used by default
* CSS variables are introduced
* Improved bootstrap focus outline styling (buttons / inputs / links)
* Simplified grid functionality
* use new button color mixin to increase contrast:
  Primary, Success and Warning Button color is now dark instead of white

EXT:styleguide was used as a basis for
upgrading to keep compatibility as much
as possible, but more changes will be coming
in the next few minor releases.

Resolves: #92616
Releases: master
Change-Id: Iec989f39649b5460b055ec879199faf38e424f2b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66247


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>

This change removes the &route parameter from all
Backend URLs, and changes them to speaking URLs
like /typo3/main?token=123123123.

For this change, it is necessary to adapt the
installations' webserver configuration rewrite
rules to enable URL rewriting in TYPO3 Backend.

An silent upgrader will automatically update
existing webserver configuration files like
.htaccess or web.config to adapt to the TYPO3
Backend navigation concepts.

Further steps will be using the browsers pushState
functionality to update the URL when a module changes,
and further deep-linking into TYPO3 Backend.

Resolves: #93048
Releases: master
Change-Id: Icdccfb4dbba71d2ecd08d619ed17ff49f6225b3e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67083


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

The t3editor panel label was removed by accident in
https://review.typo3.org/c/Packages/TYPO3.CMS/+/66225
because it was passed via the invalid textarea alt attribute.

Re-add this label via data-codemirror-config attribute.

Releases: master, 10.4
Resolves: #93115
Related: #92633
Change-Id: Ib743fa28a0249de142ac1d112865b1f2c7bdc216
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67189


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #93113
Releases: master, 10.4
Change-Id: I472414164c2d0628a7b4d85cdb456c9f89024007
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67187


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Since #92951 the PSR-7 request used in Core contains the
`applicationType` attribute. Because ResetPasswordCommand
creates its own "fake" request object, the new attribute must
also be added there, to prevent a RuntimeException.

Resolves: #93111
Releases: master
Change-Id: I29c61edbdb0f8047d3e41ee2bb07a9551f2a2418
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67186


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

This change adapts the frontend user resolving to use
the same functionality as in backend users, which wasn't
the case in the past 15 years.

The newly introduced GroupResolver now also resolves
groups for frontend users recursively, making the "getGroupsFE"
and "authGroupsFE" functionality obsolete.

The AuthenticationService->getGroups methods are removed,
also the properties userTS, userData_change and TSdataArray have
been made protected, as it is only used for internal purposes.

The "userTSUpdated" flag has been removed and the property $TSdataArray
has been marked as internal.

Resolves: #93108
Releases: master
Change-Id: I630be39e855d45802c0236a0a38acbc07e0dd812
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67177


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The FormEngine table wizard in the backend is replace by
a HTML custom element which allows to avoid server-side
round-trips when manipulating table rows and columns.

Resolves: #91811
Releases: master
Change-Id: I8f9bc5b6c142d7492ff26461b4760eb68e132f2c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65048


Tested-by: Richard Haeser <richard@richardhaeser.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Richard Haeser <richard@richardhaeser.com>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Indexed Search provides Crawler API hooks, not allowing
EXT:crawler or any other extension to properly queue
indexing processing.

In order to add a new external queuing / indexing system
the existing crawler integration from 2006 is removed.

A new feature is already in review, see https://review.typo3.org/c/Packages/TYPO3.CMS/+/64790

Resolves: #93110
Releases: master
Change-Id: Ib8823ec60830685e93fdc6957ec7f3f154002038
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67183


Tested-by: Tizian Schmidlin <st@cabag.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Tomas Norre Mikkelsen <tomasnorre@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Tizian Schmidlin <st@cabag.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Tomas Norre Mikkelsen <tomasnorre@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

Add the lit-html template engine, that originated from
the polymer project and is now base for web components
together with the web component base case LitElement.

It is used to replace string-concatenation/jquery based
templating in order to adapt to modern web standards.

typo3/testing-framework is adapted to include lit-html and
lit-element with:
https://github.com/TYPO3/testing-framework/pull/221
(releases as 6.6.0 and merged in #93074)

Commands:

  yarn add lit-html@^1.3 lit-element@^2.4
  yarn add --dev grunt-rollup
  grunt build

Resolves: #91810
Related: #93074
Releases: master
Change-Id: If419d378d6e98c150b219fe441b0766d12e9b639
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67092


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Because the request was not set for the recovery email,
the TYPO3 logo as well as the website URL in the footer
were not displayed when using the SystemEmail layout
from core.

This is now fixed by setting the request, if available.

Resolves: #93055
Releases: master, 10.4
Change-Id: I005df28b16bddc9a6105f72e361a07c0b7d15532
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67175


Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

To be able to introduce URL rewrites for the backend,
the internal handling and registration of the shortcut
PHP API is reworked.

The Shortcut PHP API previously has the full URL of
the shortcut target stored in the database. This lead
to many problems such as shortcuts got invalid as soon
as their target module changed its route path. Furthermore,
this required unnecessary functionality like replacing
tokens on URL creation.

Therefore, a shortcut record now stores only the route
identifier of the module to link to and necessary arguments
in two new database columns. A upgrade wizard is in place
to migrate existing data.

The rework also required to deprecate some methods in
the ShortcutButton API and a parameter signature change
of the JavaScript function `TYPO3.ShortcutMenu.createShortcut()`
which performs the AJAX call to create new shortcuts.

Side effect, this also deprecated the last remains of
xMOD_alt_doc.php in the core.

Resolves: #93093
Releases: master
Change-Id: I07666a299651e4953b4adf2987fcd3469094c288
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67143


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The host which contains the language zip files is now hardcoded into the
`LanguagePackService` instead of fetching an outdated information from
typo3.org and overriding it on the fly again.

Persisting and checking the registry is not needed anymore.
If the host needs to be overridden, the provided event
`ModifyLanguagePackRemoteBaseUrlEvent` can be used.

Resolves: #93081
Releases: master
Change-Id: I7acced228745f8ae428ff6474800d4e15c2e4ca7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67141


Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>

Class RelationHandler is a confusing mess with tons
of state spread over 28 class properties and 35
consuming methods. Nearly everything is public and
of course far from bug free.

The patch protects a series of properties and methods
that handle internal state and do not need to be
accessed from outside. For instance, the same state
created by the 'read' methods is done by start().

This is a starter patch to allow refactorings
towards a better manageable codebase.

Change-Id: I8aa45fcd0306209fcc298972ad850449d2c4f125
Resolves: #93080
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67138


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

The old upgrade functionality within the extension
manager has been superseded by the upgrade wizard
API of the install tool since core v9. The old API
based on the file class.ext_update.php in extensions
has been marked as discouraged in the docs since then.

Many extensions use the new API successfully. It comes
with much more flexibility and also includes happy
little features like a CLI interface.

The patch drops handling of class.ext_update.php without
further deprecation. Extensions still using that script
should migrate to the new API when preparing core v11
readiness.

Change-Id: I1cb40f1222a37763e8d9549af53520597f739d1a
Resolves: #93083
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67142


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Travis CI for core has been flaky for a while - processes
tend to die or are queued forever. The only thing travis
still executed for us is updating sonar cloud data.
This service has been introduced some years ago but did
never find significant usage and has never been configured.

The patch drops travis along with sonar-cloud. If anyone
wants to pick up work with sonar again, it could be added
as github action again.

Change-Id: I2929bfb1f72d1a6af273692b4f632d90280bf074
Resolves: #93084
Releases: master, 10.4, 9.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67144


Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

When a user logs in, the "cache" field "usergroup_cached_list"
is updated in the be_users table.

This value is used so the groups do not need to be recalculated
each time for each user (e.g. in Workspaces when sending
notifications and in Log module).

However, this has serious flaws:
1) If an admin removes a previously active user from a BE
   group, the cached list still contains the old group, until
   the user logs in
2) If a user never logged in before, the list is empty

This change removes this conceptual bug, and builds this
into the GroupResolver to use direct (optimized) DB queries
for these use cases, making the DB field obsolete.

Resolves: #79565
Releases: master
Change-Id: I9d8fd04cc466906d7f8da43887788f48de81c642
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67137


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

The following tsconfig configurations have been removed in favor of
strong defaults and less configuration options:

- `mod.web_layout.disableIconToolbar`
- `mod.web_layout.disableSearchBox`

Resolves: #93077
Releases: master
Change-Id: I01da28e2b3fbc12693c00cb012c3749b4fa4b0c7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67117


Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Since core dependency injection is in place and is about to
replace the extbase dependency injection, marking properties
with the @Extbase\Inject annotation to invoke property injection is
deprecated and must be replaced by one of the following di
methods:

- constructor injection: works both with core and extbase di
  and is well suited to make extensions compatible for multiple
  TYPO3 versions.

- setter injection: Basically the same like constructor injection.
  Both the core and extbase di can handle setter injection and
  both are supported in different TYPO3 versions.

- (core) property injection: This kind of injection can be used
  but it requires the configuration of services via a Services.yaml
  in the Configuration folder of an extension.

The recommended way is constructor injection. Not only is it the
most compatible version of di, it also brings the advantage of
clearly showing dependencies of a class. Also, it quickly shows
if dependencies stack up which i...

To explicitly refresh the internal cache of StorageRepository
when a file storage has been added/removed/updated, a public
method flush() has been added to the class.

Releases: master
Resolves: #93057
Change-Id: I514bc5c39f6749a171006968a8b513803c599f4d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67097


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

TYPO3 Core has its own implementation of driver classes
for database abstraction by effectively overriding e.g.
the PDO Statement class with TYPO3's Statment class
to ensure that resources are strings to be completely
transparent with Database abstraction.

Doctrine DBAL 3.0 will force Drivers to either
switch to composition or extend from the Abstract Driver classes.

This change switches TYPO3's native implementation
to extend from Abstract Driver classes, ensuring
forward-compatibility with Doctrine DBAL 3.0
for TYPO3 v11 with Drivers.

Resolves: #93076
Releases: master
Change-Id: I32b886fe13bc7b5c759c1d127b31fe6d3ba94141
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67115


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

The ShortcutRepository should not deal with generating
shortcut titles based on the provided arguments. This can
never be reliable, especially for custom extension code.
The appropriate title must be set by the calling controller
since this is the place where all necessary information,
to define such title, are available.

Therefore, adding a new shortcut button without defining
a display name is deprecated. All Core controllers are
adjusted to provide the necessary title themself.

Resolves: #93060
Releases: master
Change-Id: Ic15fe13769dec841868977a862464f8dd3c73c42
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67096


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

A 'true' MM relation (select / group with MM, but not inline
with foreign_field - used in core for pages/tt_content table
to sys_category via sys_category_record_mm) has two sorting
fields: 'sorting' for the local (sys_category) side, and
'sorting_foreign' for the foreign (pages / tt_content) side.

When categories are added to a tt_content element,
'sorting_foreign' is set to the given order of sys_category
elements. 'sorting' is set to 0. When then opening a
sys_category record that has multiple records pointing to
it with 0 as sorting, the returned order of records is
non-deterministic and depends on implicit DB engine fallbacks.

This also confuses the reference index, which checks
refindex integrity always from the 'local' side.

The patch adds 'uid_foreign' as second order-by field to
force deterministic ordering. There is still a possible
collision in multi table relations (more than one foreign
table uses the mm table like pages AND tt_content to
sys_category with foreign records having the same uid) and
if the mm table allows "multi" relations. Those scenarios
however have no explicit TCA configuration (only implicit
via MM_match_fields), need a deeper investigation and
possibly further detail patches later.

The patch should for now fix a functional test that is
flaky with postgres.

Change-Id: I3c89d0e67f8a4065354f9df173020ca0080e0d57
Resolves: #93075
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67110


Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

In order to re-use the group resolving, this logic
is now extract from AbstractUserAuthentication,
allowing to further optimize this code.

The hook $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing']
is removed and replaced by a PSR-14 event to modify the Group Data.

Resolves: #93056
Releases: master
Change-Id: If0fc7939e2617fae899474ba47ba786405e87a3c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67034


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>

This reverts commit 6558a6bd.

The client side template engine introduced in #91810 is inspired
by lit-html. It was introduced because ES6 modules like lit-html could
not be included in core AMD builds.
With the help of rollup, lit-html can be converted to AMD within
our build process. Therefore our own implementation is removed
in order for lit-html to be introduced afterwards.

Resolves: #93058
Reverts: #91810
Releases: master
Change-Id: I2d5d20a6f9e0c8c4c683dafb6e36500f1966bd35
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67095


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

The option "forceSetCookie", previously used
for lifetime, is only set in FrontendUserAuthentication,
and is moved to that subclass as a protected property,
making the dependencies between the parent class and the main class
cleaner.

Resolves: #93073
Releases: master
Change-Id: Ia711b2a0eb7b03ec1b352b0fd498d296a44df101
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67086


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Makes lit-html loadable in unit tests.

composer require --dev typo3/testing-framework ^6.6.0

Change-Id: I4b5cbf0825d12708882e744b10ffa31b78332c25
Resolves: #93074
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67113


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Releases: master
Resolves: #93069
Relates: #93011
Change-Id: I80c970009694462d48ec65f96eb9b0f29cacf18c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67108


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

In preparation for Doctrine DBAL 3.0,

1. all usages of Doctrine\DBAL\DBALException have
been migrated to Doctrine\DBAL\Exception,
because DBAL Exception does not exist in
Doctrine 3.0 anymore.

2. Doctrine\DBAL\Platforms\PostgreSqlPlatform
has been migrated to Doctrine\DBAL\Platforms\PostgreSQL94Platform
because this class does not exist anymore in Doctrine DBAL 3.0,
same goes for Doctrine\DBAL\Platforms\SQLServerPlatform
which has been replaced by Doctrine\DBAL\Platforms\SQLServer2012Platform

3. Doctrine\DBAL\Driver\PDOException has been
renamed to Doctrine\DBAL\Driver\PDO\Exception

4. Doctrine\DBAL\Driver\PDOStatement has been
renamed to Doctrine\DBAL\Driver\PDO\Statement

Resolves: #93071
Releases: master
Change-Id: I05e82f2fca09eb7718a90c09f95e503980ae10ae
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67109


Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Due to some missing casting and usage of wrong properties,
a wrong comparison happened.

In addition, the change now checks for "user" instead of "userSession",
as the "userSession" property is obsolete.

Resolves: #93066
Releases: master
Change-Id: I4a0ff4797265c15e5cf9a822e4f7e1ea31fb31c1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67103


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

Ensures client-side function `SecurityUtility.encodeHtml` behaves like
`htmlspecialchars(..., ENT_QUOTES)`. The function is used for complete
nodes only, but now could be used for parts as well.

Resolves: #93068
Releases: master, 10.4, 9.5
Change-Id: I74b09676d0fdb8ddf09e7fc639480742fe645e9b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67105


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>

This patch adds EventDispatcher and Logger support to the various
transports where it was missing so far. Now the Mailer API should be
compatible to the underlaying Symfony Mailer and all features can be
used.

Resolves: #93000
Releases: master, 10.4
Change-Id: Iea222586a0f4d3e35e462c3cf27c16eec914b5c4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66145


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Markus Gerdes <markus@madaxel.de>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Markus Gerdes <markus@madaxel.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

A first patch towards more reliable workspace-mm scenarios:
When a record is discarded that has mm relations, those
relations are now deleted along with the deleted "parent"
record.

Change-Id: Ic2abe8d1c828158cf86abe760aec8766abcd0e71
Resolves: #93064
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67100


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Flash Messages which should be stored in sessions,
are now stored as stringified JsonSerializable instead of
their objects themselves.

The huge advantages over the previous functionality
is that the FlashMessage objects are not instantiated during the process
when a session is loaded, but actually only when the FlashMessages
are needed, bringing a bit of performance for Backend functionality.

Resolves: #93063
Releases: master
Change-Id: Ie2da3b3d0a3fbb14416fd5743b3109221d30d28d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67098


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The "$BE_USER->groupList" property is a comma-separated list
of userGroupUID, whereas "$BE_USER->includeGroupArray"
is a list of groups added to the includeGroupArray
which contains groups possibly added multiple times due
to recursion.

This is not needed, and therefore cleaned up,
the properties are removed.

Resolves: #93062
Releases: master
Change-Id: Ic358c1be56253acdbe3be4222196a074aab1e98c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67099


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Resolves: #93065
Releases: master
Change-Id: Ia12c5e6fbec0441bc41508c6985b73347331157d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67102


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

With #91642 some event listeners were detached from the global document
object and reattached to better fitting DOM nodes to avoid pollution of
too many event listeners in document.

Unfortunately, this broke the module menu toggle after it has been
reloaded, e.g. after installing an extension via Extension Manager.

This change binds the event listener for the module menu state toggle to
the document object again.

Resolves: #93008
Related: #91642
Releases: master
Change-Id: I5da58a997db311205accfbaf57874460ce077e91
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67091


Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>

Showing PDF documents in Safari browsers is blocked due to recent
content-security-policy adjustments in `fileadmin/` directory.
This change uses a less restrictive approach for PDF documents.

Resolves: #93035
Releases: master, 10.4, 9.5
Change-Id: I58065e19c86c0054dc5f155e20d7f6a90baec20e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67081


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Marcus Schwemer <ms@schwemer.de>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Philipp Gampe <philipp.gampe@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Marcus Schwemer <ms@schwemer.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>