Avoid native PHP warnings in FrontendBackendUserAuthentication
because of invalid array key access. The places are now guarded
using null coalescing operator with a suitable fallback value.

Resolves: #101848
Resolves: #101847
Releases: main, 12.4, 11.5
Change-Id: Iaf747172b6ac04b9d2bdbf60519346ef7e3b3f2f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80845


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Allow temporary setting of the live workspace for backend users that
don't have permission "Edit Live (Online)". These users can now use the
comparison view in the frontend and compare the live version with the
workspace version.

Resolves: #93097
Resolves: #98445
Releases: main, 11.5
Change-Id: I7915c5a1ca32ed25655ce227db9c88872663f942
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76272


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

A few methods within the *UserAuthentication have arguments deprecated.

* AbstractUserAuthentication->writeUC() - first argument deprecated
* AbstractUserAuthentication->unpack_uc() - first argument deprecated
* BackendUserAuthentication->isInWebMount() - third argument deprecated
* BackendUserAuthentication->backendCheckLogin() - first argument deprecated

Resolves: #95320
Releases: master
Change-Id: Idc62a78d9238a7837770531ad94dcf40988c9d93
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71182


Tested-by: core-ci <typo3@b13.com>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

The UserTsConfig setting `options.lockToIP` is
removed, which was only active the global setting
$GLOBALS['TYPO3_CONF_VARS']['BE']['enabledBeUserIPLock']
was active.

Happy Eyeballs makes this feature very useless, but if
this is still needed, it should be rather implemented
as an individual AuthenticationService or PSR-15 middleware
than evaluated separately.

Resolves: #92941
Releases: master
Change-Id: I1e2be7784a3c4b54573b3c3118db1fb3109b0ddc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66640


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Daniel Haupt <mail@danielhaupt.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Daniel Haupt <mail@danielhaupt.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>

This patch fixes incompatible type usage in function arguments
and is preparatory work for introducing native type hints and
strict mode in all core files.

Releases: master, 10.4
Resolves: #92111
Change-Id: I28058d9e9e9886f1156a0124f0b360d9788dfdc7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65466


Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

The Permission class unnecessarily had been implemented as
Enumeration although the features of the Enumeration base
class hadn't been used.

As the Permission class only handles boolean flags, it is
now implemented as bit set, which improves the performance
in comparison to Enumeration classes.

Releases: master
Resolves: #89465
Change-Id: I73eff34090a7ea8e02f7d538e2db52045c86d438
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61099


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

This patch has been created with rector and php-cs-fixer

    bin/rector process --set=php53 typo3/sysext/backend/Classes
    bin/rector process --set=php53 typo3/sysext/backend/Tests

Releases: master
Resolves: #91064
Change-Id: I9e91882ab233b0e34bc991fd348fceba197a91ea
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64187


Tested-by: Benni Mack <benni@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

With this patch, the header comment of php files is
automatically added by the php-cs-fixer, which guarantees
that its format and place of occurrence remain the same
in all files.

Files that are copied over from other projects are excluded.

Furthermore, files that are kind of inspired by other
projects also get the same header comment but may have
a second, additional comment explaining its origin.

Used command:

    bin/php-cs-fixer fix --config=Build/php-cs-fixer/header-comment.php

Releases: master
Resolves: #91024
Change-Id: I5a040517e0fbde6e5a27d589bf2f222078326dc8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64159


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Benni Mack <benni@typo3.org>

This change adds two changes
        'blank_line_after_opening_tag' => true,
        'single_trait_insert_per_statement' => true,

to our PHP-CS Fixer configuration, adopting more rules related
to PSR-12.

Resolves: #91020
Releases: master
Change-Id: I180b2cbceb077911bddeb42d9f131e5b32244ed2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64158


Tested-by: Josef Glatz <josefglatz@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Alexander Schnitzler <git@alexanderschnitzler.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Alexander Schnitzler <git@alexanderschnitzler.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

When accessing the editPanel, the option "onlyCurrentPid" allows to also
check the permissions of the editable record to verify if the user
is allowed to edit it.

When checking for CONTENT_EDIT permissions, the "onlyCurrentPid" is also
evaluated now, having "mayEdit" set to false by default, before evaluating
the condition further.

Resolves: #43429
Releases: master, 9.5
Change-Id: I47ed7a7b8c0d1c750cd5b13b485ed14b3aced2dd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63616


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Siepmann <coding@daniel-siepmann.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Benni Mack <benni@typo3.org>

The following previously deprecated classes/interfaces have been removed:

* TYPO3\CMS\Adminpanel\View\AdminPanelView
* TYPO3\CMS\Adminpanel\View\AdminPanelViewHookInterface
* TYPO3\CMS\Core\FrontendEditing\FrontendEditingController

The following methods have been removed:
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->initializeAdminPanel()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->initializeFrontendEdit()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->isFrontendEditingActive()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->displayAdminPanel()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->isAdminPanelVisible()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->checkBackendAccessSettingsFromInitPhp()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extPageReadAccess()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extGetTreeList()
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extGetLL()

The following public properties have been removed
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extAdmEnabled
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->adminPanel
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->frontendEdit
* TYPO3\CMS\Backend\FrontendBackendUserAuthentication->extAdminConfig

The following PageTSconfig option has no effect anymore:
* TSFE.frontendEditingController

Resolves: #87231
Releases: master
Change-Id: I88cc3ac18077f054cc8895f5ccfb65291e94defa
Reviewed-on: https://review.typo3.org/59205


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

Due to the removal of pages_language_overlay the queries
for fetching trees have to work as before - mainly because the
concept of the "pid" (= storagePid) works the same - records on a
page have the pid of the default language, not of any translation.

Therefore, the used queries have to be built to check for
sys_language_uid=0.

Resolves: #87020
Related: #86961
Releases: master
Change-Id: Ie7740b6a32618a213d569362a58b9f8e5ed7824d
Reviewed-on: https://review.typo3.org/58967


Reviewed-by: Richard Haeser <richard@maxserv.com>
Tested-by: Richard Haeser <richard@maxserv.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

All specific controllers for specific Backend actions, Backend-module related modules,
all hook implementations (where the core uses hooks by itself), and module-specific
ViewHelpers are now marked as @internal to ensure developers what is
part of the public TYPO3 Core API.

within
- EXT:backend (except ViewHelpers)
- EXT:beuser
- EXT:about
- EXT:belog

All @api methods have been removed.

Resolves: #86505
Releases: master
Change-Id: I1fd1e16f7885e81fb994999e5873a1a3a1aa6c3b
Reviewed-on: https://review.typo3.org/58524


Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

This patch streamlines all deprecation messages and follow the
following rules.

1. All @deprecated should contain
@deprecated since TYPO3 xx, will be removed in TYPO3 v10.0 (not "core v10" or just "v10"

2. trigger_error()
- All trigger_error() messages MUST end with a "." (dot).
- Never use "This method" but the method name (enjoy the logs otherwise)
- "has been deprecated" can be spared - we KNOW it's deprecated once its in the deprecation log. Instead "Will be removed in TYPO3 v10.0" SHOULD be in the log file.
- Do not use "__METHOD__" or some other "magic".

Resolves: #86488
Releases: master
Change-Id: I6a34593ff89ecafe649366d60d725daa3aa6676c
Reviewed-on: https://review.typo3.org/58494


Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>

The last methods within FrontendBackendUser (BE_USER in FE mode)
are now deprecated in favor of Admin Panel and middlewares:
- checkBackendAccessSettingsFromInitPhp()
- extPageReadAccess()
- extGetTreeList()
- extGetLL()

Resolves: #86288
Releases: master
Change-Id: I6752589a4b7a5353ae1699f3786be743c6f1f13d
Reviewed-on: https://review.typo3.org/58305


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>

The class is not in use anymore, only feedit instantiates the class for legacy reasons.

Also FrontendBackendUserAuthentication->frontendEdit which holds an instance of
that, is deprecated.

Resolves: #86110
Releases: master
Change-Id: I3ff2ae529dd920d2abf9908f2ae94ae4c2bf9c15
Reviewed-on: https://review.typo3.org/58067


Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Jörg Bösche <typo3@joergboesche.de>
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>

Both methods within "ContentObjectRenderer->editPanel()" and
"ContentObjectRenderer->editIcons()" were built to have "FrontendEditingController"
resolve the editing panel (EXT:feedit) which is not needed, so ContentObjectRenderer
is calling the extensions itself.

For that use, the FrontendBackendUserAuthentication gains functionality
for checking if a record can be edited.

Resolves: #85972
Releases: master
Change-Id: Ic8405fde4cdf5b6d1336fd0925cd0553bae6cf5f
Reviewed-on: https://review.typo3.org/58030


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Daniel Gorges <daniel.gorges@b13.de>
Tested-by: Daniel Gorges <daniel.gorges@b13.de>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>

Resolves: #85891
Releases: master
Change-Id: Ie848059591cb69d9e6fad6c2c6275b9655e6ff87
Reviewed-on: https://review.typo3.org/57948


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Class properties explicitly initialized with NULL and
redundant assignments in constructors are removed.

Resolves: #85287
Releases: master
Change-Id: I44c565a0b54e7e98ffa6d2d1de5335a6212a5742
Reviewed-on: https://review.typo3.org/57243


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Alexander Schnitzler <typo3@alexanderschnitzler.de>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

This commit moves any language file of EXT:lang into a proper
destination, which renders EXT:lang obsolete.
This change requires an update of typo3/testing-framework, done with this
command:

composer update typo3/testing-framework

Resolves: #84680
Releases: master
Change-Id: I7ba59c1a10015121ed444a9c98082bad0348e03d
Reviewed-on: https://review.typo3.org/56017


Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Riny van Tiggelen <info@online-gamer.nl>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The admin panel has been extracted into an own extension. To enable
users to de-activate the admin panel completely, the hard coupling
between the extension and other parts of the core had to be resolved.

With this change, the initialization of both adminPanel and feedit
were moved into PSR-15 middlewares. Additionally all parameters
related to the adminPanel were removed from the FrontendBackend-
UserAuthentication.

As feedit is tigthly coupled with the adminPanel some changes had
to be made to its initialization, too.

The flow of the adminPanel initialization and rendering were
streamlined to allow modules to make use of the request object.

Due to these changes in the control flow of the application the
two existing tests were removed and new tests will be rewritten
once the API is declared as stable.

Releases: master
Resolves: #84641
Change-Id: I72beefde0d792d3f4295c45aa27204c817d2de7a
Reviewed-on: https://review.typo3.org/56558
Tested-by: TYPO3com <no-repl...

Extract all admin panel code to an own extension to
reduce cross-dependencies and allow clearer scoping.

See Epic / Initiative for background.

Related: #84044
Resolves: #84159
Releases: master
Change-Id: I0f6e2643746c94f0e10b87146ca7e86cbf8bc112
Reviewed-on: https://review.typo3.org/56030


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>

Using null coalescing operator in PHP 7 simplifies code structure.

Resolves: #83129
Releases: master
Change-Id: I449415c99ccb0ea158d3943800bc824514f7629c
Reviewed-on: https://review.typo3.org/54810


Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

See #81460 for a detailed reasoning behind the change.

The patch declares the getByTags method as deprecated
and removes the only usage that existed in TYPO3.

Resolves: #81460
Related: #81432
Releases: master
Change-Id: I9647563246d96228cb906b7d9008b2cec564d3ae
Reviewed-on: https://review.typo3.org/53091


Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>

The global option "content_doktypes" is
1. outdated (still contains doktypes 2 which was removed in 4.x)
2. only in use for Workspace Preview Links and Frontend Editing to query page trees

However, the idea was to disallow content editing (QuickEdit) and skip
search of other doktypes for simple DB search (removed in TYPO3 v7)

This is not the case anymore and nowadays a hidden feature which is only
10% implemented, and just another tedious option bloating the system.

The option has been removed and also cleaned via SilentConfigurationUpgradeService.

Resolves: #82803
Releases: master
Change-Id: I4ca868f721142d2ac9f1de0c1a7bccc33086989b
Reviewed-on: https://review.typo3.org/54438


Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>

The main $GLOBALS['LANG'] class has been moved to the core extension into the "Localization"
namespace, where all other related XLF/XML factory, store and parser classes reside.

This is done in order to streamline the localization of core-relevant files, since this class will
also be used in frontend context.

EXT:lang now contains the backend module, as well as most XLF files.

Resolves: #81196
Releases: master
Change-Id: I0e5d8260f5c5a28254658c68766990b4f4662a2a
Reviewed-on: https://review.typo3.org/52774


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>

This function now does the same as makeInstance() except for an if()
clause, since the API should be unified this method should be considered
as dropped, allowing to use callUserFunction() and makeInstance() as the
only two proper ways to call custom classes / methods.

Resolves: #80993
Releases: master
Change-Id: I0c2042dbe6c83a86f211bab4eaf64d75e6424232
Reviewed-on: https://review.typo3.org/52518


Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>

The TYPO3 Core currently has no guidline how to handle phpdoc
comments regarding @return annoations related to "void" and "null".

In practice, these annotations have no additional value if no additional
documentation is given.

With this change, the php-cs-fixer will remove any unnecessary linebreaks
within the comments above the @return annotation, as well as remove completely
empty phpdoc comments because the @return annotation is removed.

Please be aware, that once PSR-5 is accepted, this coding standard
within the TYPO3 Core will change again, where there are currently
some further proposal details like inheritance information.

Resolves: #80454
Releases: master
Change-Id: Ie969d720684c0a75919fe5addd1c36ef5b12eb04
Reviewed-on: https://review.typo3.org/51686


Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

The Frontend Controller (TSFE) does some initialization which
should belong to the FrontendBackendUserAuthentication directly.

Additionally, some further code cleanups are made for this area.

Resolves: #80479
Releases: master
Change-Id: I32d9c98bb511f1eaa1f56203c4678358107aa7bc
Reviewed-on: https://review.typo3.org/52177


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>

Move languages files from the root of ext:lang to
Resources/Private/Language/

Resolves: #78647
Releases: master
Change-Id: I9271442c98f2fcf705a38a639a6d503caeba1759
Reviewed-on: https://review.typo3.org/50584


Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>

To remove the susceptiblity to errors of SQL injections within the core
the principle of prepared statements should be followed for all queries.
Even variables which will be casted to e.g. an integer should use
setParameter(), setParameters() or createNamedParameter().

Change-Id: I7d6d256a199ba05f75791eb01f38b3b89b421989
Resolves: #78437
Releases: master
Reviewed-on: https://review.typo3.org/50090


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

As decided during T3ACME we will use the short
array syntax in master. The 7.6 branch will also be done
to make backporting easier.

Resolves: #77692
Releases: master,7.6
Change-Id: I37e9484b1012fc9161148257a842054c24d162ba
Reviewed-on: https://review.typo3.org/49651


Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>

Exclude:

typo3/sysext/core/Build/Configuration/TravisNginxFpm/ConfigureStartNginxFpm.sh
typo3/sysext/core/Build/Scripts/splitFunctionalTests.sh
typo3/sysext/core/Build/Scripts/xlfcheck.sh
typo3/sysext/core/Build/Scripts/duplicateExceptionCodeCheck.sh
typo3/sysext/core/Build/Scripts/cglFixMyCommit.sh
typo3/sysext/core/bin/typo3
typo3/cli_dispatch.phpsh

Resolves: #77363
Releases: master
Change-Id: I70871c4ebfb964f396e087ba4bbb1205a4fd8fab
Reviewed-on: https://review.typo3.org/49328


Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>

Resolves: #77030
Releases: master
Change-Id: I51f4a171a8a2ff079413298b3fe8a8d48015759d
Reviewed-on: https://review.typo3.org/48909


Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

Resolves: #76353
Releases: master
Change-Id: I90799c3652e7edd8ee3048f39b50237470fed19b
Reviewed-on: https://review.typo3.org/48366


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>

The lockSSL setting has three possible values:
0 = do nothing when in the backend
1 = show a blank page when accessing the BE from non-SSL
2 = redirect to the https version of the BE

The option "1" is nowadays not a valuable option and
"hiding" the TYPO3 Backend can be done via htaccess
or other access rules.

Therefore the lockSSL setting only has a bool state now:
 * When false do nothing
 * When true, redirect to the SSL version of the BE

Resolves: #75357
Releases: master
Change-Id: If326a725cc7c4b7b60cbb20c70704d55bf0111ee
Reviewed-on: https://review.typo3.org/47483


Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Change-Id: Ie0b546d6baf962ee4d80f5fb08aeaadf54ca1a66
Reviewed-on: https://review.typo3.org/47019


Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

Translated labels containing UTF-8 characters were double-encoded
in frontend editing.

extGetLL() already runs htmlspecialchars() on labels, so we do not have
to do that again in FrontendEditPanel.
This fixes the titles of the admin panel buttons.

Also, since we can expect all pages to be UTF-8 now, we can drop the forced
conversion of UTF-8 characters to XML entities.
This fixes the confirmation popup texts.

Resolves: #63131
Releases: master, 7.6
Change-Id: I49faff20ff4da8434868534d566c0d3da85e30c6
Reviewed-on: https://review.typo3.org/46247


Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Christian Weiske <typo3@cweiske.de>
Tested-by: Christian Weiske <typo3@cweiske.de>
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>

The CharsetConverter object is agnostic
of charset and environment, and a singleton on top.

There are still several calls in the TYPO3 core
that tries to fetch csConv from TSFE or LANG
which relies heavily on the environment.

The calls are replaced with simple instance
calls where possible.

Resolves: #73441
Releases: master
Change-Id: I098f17b1cdbcc1ebbbb7359cfec518c93597aad4
Reviewed-on: https://review.typo3.org/46627


Reviewed-by: Stefan Froemken <froemken@gmail.com>
Tested-by: Stefan Froemken <froemken@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>

The file index_ts.php is now \TYPO3\CMS\Frontend\Http\RequestHandler,
this change replaces all mentions of the old file.

Resolves: #72720
Releases: master, 7.6
Change-Id: Ic35c29b465d8d5f7d495591c9420b94147fb0a3f
Reviewed-on: https://review.typo3.org/45924


Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>