- Dec 13, 2020
-
-
Oliver Hader authored
Ensures client-side function `SecurityUtility.encodeHtml` behaves like `htmlspecialchars(..., ENT_QUOTES)`. The function is used for complete nodes only, but now could be used for parts as well. Resolves: #93068 Releases: master, 10.4, 9.5 Change-Id: I74b09676d0fdb8ddf09e7fc639480742fe645e9b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67105 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Torben Hansen <derhansen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Simon Gilli authored
This patch adds EventDispatcher and Logger support to the various transports where it was missing so far. Now the Mailer API should be compatible to the underlaying Symfony Mailer and all features can be used. Resolves: #93000 Releases: master, 10.4 Change-Id: Iea222586a0f4d3e35e462c3cf27c16eec914b5c4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66145 Tested-by:
Markus Gerdes <markus@madaxel.de> Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
-
- Dec 12, 2020
-
-
Christian Kuhn authored
A first patch towards more reliable workspace-mm scenarios: When a record is discarded that has mm relations, those relations are now deleted along with the deleted "parent" record. Change-Id: Ic2abe8d1c828158cf86abe760aec8766abcd0e71 Resolves: #93064 Releases: master, 10.4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67100 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
Benni Mack authored
Flash Messages which should be stored in sessions, are now stored as stringified JsonSerializable instead of their objects themselves. The huge advantages over the previous functionality is that the FlashMessage objects are not instantiated during the process when a session is loaded, but actually only when the FlashMessages are needed, bringing a bit of performance for Backend functionality. Resolves: #93063 Releases: master Change-Id: Ie2da3b3d0a3fbb14416fd5743b3109221d30d28d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67098 Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
-
Benni Mack authored
The "$BE_USER->groupList" property is a comma-separated list of userGroupUID, whereas "$BE_USER->includeGroupArray" is a list of groups added to the includeGroupArray which contains groups possibly added multiple times due to recursion. This is not needed, and therefore cleaned up, the properties are removed. Resolves: #93062 Releases: master Change-Id: Ic358c1be56253acdbe3be4222196a074aab1e98c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67099 Tested-by:
-
Markus Klein authored
Resolves: #93065 Releases: master Change-Id: Ia12c5e6fbec0441bc41508c6985b73347331157d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67102 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
- Dec 11, 2020
-
-
Andreas Fernandez authored
With #91642 some event listeners were detached from the global document object and reattached to better fitting DOM nodes to avoid pollution of too many event listeners in document. Unfortunately, this broke the module menu toggle after it has been reloaded, e.g. after installing an extension via Extension Manager. This change binds the event listener for the module menu state toggle to the document object again. Resolves: #93008 Related: #91642 Releases: master Change-Id: I5da58a997db311205accfbaf57874460ce077e91 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67091 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
-
Oliver Hader authored
Showing PDF documents in Safari browsers is blocked due to recent content-security-policy adjustments in `fileadmin/` directory. This change uses a less restrictive approach for PDF documents. Resolves: #93035 Releases: master, 10.4, 9.5 Change-Id: I58065e19c86c0054dc5f155e20d7f6a90baec20e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67081 Tested-by:
Marcus Schwemer <ms@schwemer.de> Tested-by:
Philipp Gampe <philipp.gampe@typo3.org> Reviewed-by:
-
Benni Mack authored
The method unpackExtensionFromExtensionDataArray() is only used once, but with the second argument set to "null", so all complexity down to EmConfUtility is reduced. Same goes for `isValidExtensionPath` in FileHandlingUtility which is not related to FileHandlingUtility and does not need to be exposed. Resolves: #93059 Releases: master Change-Id: I035e2faa81d6312c09ae5d040335784ec389f7c5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67093 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
-
Helmut Hummel authored
In order to prepare for further refactorings and streamlining extension manager code, resolving extensions' path is now always handled with a full path. Releases: master Resolves: #93054 Change-Id: I2d853c3f5d4a6ae4861dcd174d380a855764d995 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64873 Tested-by:
-
Benni Mack authored
The internal public property BE_USER->dataLists is removed as all data is now directly written into groupData now. This is part of a larger clean up of legacy code of UserAuthentication. Resolves: #93052 Releases: master Change-Id: I92ce48e71c5463ff5ddd3971deb5a82931dcc908 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67089 Tested-by:
-
- Dec 10, 2020
-
-
Matthias Weber authored
Add a label to the search field via aria-label attribute, because a separate all time visible label would break the design. Also disable pointer-events for the icon so the search field is focused when you click on the icon. Resolves: #92644 Releases: master Change-Id: If897e458efc0c0caf1958391b8f7ddbeca92f9f7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66276 Tested-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Tested-by:
-
Oliver Hader authored
Introduce a slim and simplistic client-side templating engine to avoid using custom template processing with e.g. jQuery and keep results robust agains cross-site scripting. This module has been inspired by `lit-html`, uses some of their vocabulary and behavior, but actually does not have all of their great features - see https://lit-element.polymer-project.org/ Resolves: #91810 Releases: master Change-Id: I4402f64625cb5526d246c315312a7977b68e88ac Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65047 Tested-by:
-
Benjamin Franzke authored
The BackendException class is exported as named (not as default) export in BackendException.ts, and therefore the module consumer needs to access the BackendException property of the module. Fix FormEngine to do so. Releases: master, 10.4 Resolves: #92249 Change-Id: Id416e7ee4753db033301c43482b786c38075e13a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65688 Tested-by:
-
Benni Mack authored
The public property $sendNoCacheHeaders of AbstractUserAuthentication is now fully put into PSR-15 middlewares, which decide on their own if headers diasallowing HTTP caches should be sent to the client. This change removes the property, as the PSR-15 middlewares set the headers already since TYPO3 v10. Resolves: #93047 Releases: master Change-Id: I242d972c1a37a0642be19522f321e3f0ee88935d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67082 Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
-
Benni Mack authored
This change raises a codeception-related (dev-) dependencies to enable PHP 8 support: Used composer command: composer req --dev codeception/codeception:^4.1.12 \ codeception/lib-asserts:^1.13.2 \ codeception/module-asserts:^1.3.1 \ codeception/module-filesystem:^1.0.3 \ codeception/module-webdriver:^1.1.4 \ php-webdriver/webdriver:^1.9.0 Resolves: #93050 Releases: master Change-Id: Ibde6f696cc620e2fdbf162c80d4ee6a1ba7c23b4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67085 Tested-by:
-
Alexander Schnitzler authored
This patch avoids further undetected usages of deprecated methods: - ControllerContext::getFlashMessageQueue() - ControllerContext::getUriBuilder() Those methods have been called on a controller context instance obtained by the rendering context. Releases: master Resolves: #93036 Releates: #93019 Releates: #93016 Change-Id: I0634580479f2a814e2644d35cc25abc1ca411d79 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67075 Tested-by:
-
Benni Mack authored
The AbstractUserAuthentication class handles way too much of what it should know / do. For this reason, a new UserSession object which contains basic information needed for everything belonging to a non-fixated session, a fixated anonymous session, if a session was evelated, or if a session has expired, is kept in there. The "SessionManager" should not be used anymore publically but slowly dissolve into a SessionBackendManager. Design goals: * UserAuth object should not know about session backends * UserAuth should not store sessionData etc. directly in its own object * Decouple UserSession info from any properties of UserAuth * A UserSessionManager deals with the creation and validation of the UserSession objects. No Session Objects can be created etc outside of this class to maintain persistability * UserSessionManager also encapsulates ipLocking and the responsible SessionBackend Final goals to be tackled later: * Build a user session object from the request object, and not within the UserAuth object * Session Handling can be accessed outside of UserAuth * Cookie Handling and Session Handling are separated from UserAuth * Load Session information from PSR-7 request instead of $_COOKIE Resolves: #93023 Releases: master Change-Id: Ia2d8244e433d0f6adf220d443b2c0947f251b5e9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66935 Tested-by:
-
Oliver Hader authored
Inline JavaScript produced by BackendUtility:viewOnClick is substituted with markup based instructions and static JavaScript event handlers. // basically delivers window.open(generatedUri) BackendUtility::viewOnClick($pageId, $backPath, $rootLine, $section, $viewUri, $getVars, $switchFocus); can be substituted with e.g. \TYPO3\CMS\Backend\Routing\PreviewUriBuilder::create($pageId, $viewUri) ->withRootLine($rootLine) ->withSection($section) ->withAdditionalQueryParameters($getVars) ->serializeDispatcherAttributes([ PreviewUriBuilder::OPTION_SWITCH_FOCUS => $switchFocus, ]); which results in the following HTML data attributes (data can be retrieved as array of complete element as well) data-dispatch-action="TYPO3.WindowManager.localOpen" data-dispatch-args="["https://...",null,"previewWin"]" Resolves: #91123 Releases: master Change-Id: Iedd9bfe60827977677ee68e2c948c63e359abf84 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64243 Tested-by: -
Benni Mack authored
The option typolink.addQueryString.method only has either "GET" or nothing (using $_SERVER[QUERY_PARAMS]) as possibility. In order to effectively make use of PSR-7 Requests and better routing capabilities, the "GET" method is preferred, making the whole option obsolete, and removing it. All related Fluid arguments and Extbase UriBuilder methods are deprecated. Resolves: #93041 Releases: master Change-Id: I286fdf08548f224f5e4287ad36b43b2d79a669b8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67000 Reviewed-by:
-
- Dec 09, 2020
-
-
Christian Kuhn authored
* Since introduction of class ReferenceIndexUpdater each record is handled only once when updating the reference index. The record runtime cache is obsolete and can be dropped. * The $excludedTables and $excludedColumns properties are non-static now: In normal operation only one instance of ReferenceIndex class is created and used for many records, there is no point in creating hard to evict static state. * A runtime cache has been used for information derived from TCA (no db calls). This is dropped in favor of a class property. Change-Id: I5cf16e38ec8f36dfa838cdbc6591b59b463be3f9 Resolves: #93038 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67076 Tested-by:
-
Ben Abbott authored
Page unavailable (e.g. maintenance mode) is a "503 service unavailable" error, not 500 internal server error. If TYPO3 is in maintenance mode then a 503 error is now thrown. Also 503 Error Handlers are taken into account now. Releases: master, 10.4 Resolves: #93032 Change-Id: I8bd013fc202b07263388fc22ec2256262c40b709 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67074 Tested-by:
-
Alexander Schnitzler authored
Since TYPO3 11 requires php >= 7.4 and since symfony components support php 7.4 type hint evaluations as well, some tests have been added to verify that when building ClassSchema instances, property types are properly detected. Releases: master Resolves: #93037 Change-Id: Ia50934731838d2bdccc2e6bdb4cdebb3b1a096b9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67077 Tested-by:
-
Alexander Schnitzler authored
With this patch method getFlashMessageQueue() of ControllerContext is deprecated and the core avoids using it. A trigger_error call will be implemented in another patch set which deprecates the whole ControllerContext object. Releases: master Resolves: #93016 Change-Id: I20b47dc26892b4affb1aec8e147169738139241c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67044 Tested-by:
-
- Dec 08, 2020
-
-
Christian Kuhn authored
Keeping relation information for soft deleted records in sys_refindex is quite useless: When records are undeleted, the reference index is updated to recreate rows. Additionally, the deleted handling was incomplete, especially if a record on the 'right' side of the relation got deleted. The patch drops the deleted field from the table and prevents adding relations for soft deleted rows. Furthermore, visibility of a couple of properties and methods is changed to protected and a series of not used methods is removed. Note the hash sums change due to the removal of the deleted field. The CLI command "bin/typo3 referenceindex:update" will update hashes and will drop obsolete deleted rows. Change-Id: I58d7a904a6b4c555529b7c70e45d56ccb498f77f Resolves: #93029 Releases: master Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66968 Tested-by:
-
Georg Ringer authored
As the PageLayoutView is marked as deprecated all usages must be changed. This patch migrates the hooks from PageLayoutView into PreviewRenderer. Resolves: #92926 Releases: master Change-Id: Ieed06e08c3a3896ad574a3d54d89716c8e8ed808 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66692 Tested-by:
-
Anja Leichsenring authored
Remove usage of $mock->at() matcher and some other deprecated matchers. Following matchers are deprecated in phpunit v9: * at() * assertRegExp() * assertFileNotExists() Those were replaced with their respective replacements. Resolves: #92461 Releases: master, 10.4 Change-Id: Id8373659160c219c2caff8bcbe0bdb9b0da16436 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65971 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
-
Benjamin Franzke authored
The method returned the opposite of what the function name defines. It checks whether the current backend route is a public route, and in that case it returned true. But if a public route is requested, then a backend user is actually *not* required. The method was then used inverted, which contervailed this mistake. Therefore there was no functional bug here, just a naming bug. Therefore we now invert the result of this method. Releases: master Resolves: #93021 Change-Id: I4ae585eb9259360cb3975df6654640d18ec45932 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67048 Tested-by:
-
Sybille Peters authored
Move the database queries of EXT:linkvalidator into a new class PagesRepository to make the functionality more flexible and easier to test. Resolves: #93006 Releases: master Change-Id: Id068d0ef876005db11aceffb11ad968a08f377cf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67040 Tested-by:
-
Alexander Schnitzler authored
Several properties and methods in the ActionController are marked interal and will remain as is only until TYPO3 11 LTS. From version 12.0 on, said properties and methods may change or vanish without further notice. Releases: master Resolves: #92996 Change-Id: Ia03f4746f45dcc9223907c9c8a4927e2e1f86876 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67008 Tested-by:
-
Alexander Schnitzler authored
With this patch method geturiBuilder() of ControllerContext is deprecated and the core avoids using it. A trigger_error call will be implemented in another patch set which deprecates the whole ControllerContext object. Releases: master Resolves: #93019 Change-Id: Ie36bac79a6da3400a2b3594d5519af13f23a22c6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67047 Tested-by:
-
Oliver Bartsch authored
The template now evaluates the correct variable for checking whether the login message should be displayed on the overview page. Resolves: #92939 Releases: master, 10.4 Change-Id: I54dd4759b3154be5e57cc38df89a52e22c838f63 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67049 Tested-by:
Simon Gilli <typo3@gilbertsoft.org> Tested-by:
-
Benni Mack authored
In previous TYPO3 versions, AbstractUserAuthentication emitted cookies directly via header() or setcookie() methods. In order to have a better testing scenario, this change builds Cookie objects and keeps them until a PSR-15 middleware asks to apply the cookie information to a PSR-7 Response. This also makes it possible to manipulate the authentication cookies in Middlewares. AbstractUserAuthentication does not actually "remove" or "set" a cookie but rather keeps the information for setting a cookie. Resolves: #93011 Releases: master Change-Id: Iaec0007a1347676bc3ba570b4b5a1da63d58d7e6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67032 Tested-by:
-
Anja Leichsenring authored
The composer min stage in nightly tests should respect the PHP version the run is executed with. So the platform.php setting will be the lowest possible PHP version of its own input, not the lowest possible TYPO3 currently supports. Resolves: #93020 Releases: master, 10.4 Change-Id: Id5cd4d4bce5f015ae35303cbcd0d0d561730204a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66940 Tested-by:
-
- Dec 07, 2020
-
-
Oliver Bartsch authored
Since $loginType will be always 'BE' in this context, there is no need to access $GLOBALS['BE_USER'] for this information. Resolves: #93018 Releases: master Change-Id: I0c6bef5d7f8eebbe2aca325d7e3737a2659dd53a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67046 Tested-by:
-
Daniel Siepmann authored
If a versioned page is inaccessible due to versionOL, the row will be converted to a value of "false". This can be the case for deleted or hidden pages. In those cases, the tree should not include this page. Keeping the page would furthermore result in a type error, as later calls expect $row to be an array. Resolves: #93009 Releases: master, 10.4 Change-Id: I43033e6fe3b403ffc2eebb2cc7080b988425917e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67043 Tested-by:
-
Benni Mack authored
Logic around Backend User Sessions and its access across the EXT:beuser backend module is now encapsulated and streamlined: * The BackendUserSessionRepository does not inherit from Extbase anymore, as there is nothing needed here * No ObjectManager is needed, GeneralUtility can be used instead * All access to the actual sessionBackend is now placed inside this method. This allows to further streamline the User Session handling at a later stage. Resolves: #93017 Releases: master Change-Id: I02ab22d90e570cd04f4e6a3ea96412dfbf247967 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67045 Tested-by:
-
Benni Mack authored
PageRenderer->render() does not accept any arguments anymore. This change allows to later-on hand in a Request object into the PageRenderer and/or continue building a generic View for rendering content, without marker-based changes. In addition, the corresponding constants are now marked as protected. Resolves: #93003 Releases: master Change-Id: Ia24c81647d665fdc23a8c961fe89722cf0e5a31d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67033 Tested-by:
-
Benni Mack authored
TYPO3 v11 supports PHP 7.4 or higher, some workarounds regarding same site functionality can be simplified and removed. Resolves: #92999 Releases: master Change-Id: I6ab5e257cfbe595f81693fc60d824bb46e106594 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67009 Tested-by:
-
Benni Mack authored
A seldom used (and undocumented) feature to transfer a session via the GET parameter FE_SESSION_KEY is removed in favor of custom authentication services when integrating third-party Single-Sign-On processes. Resolves: #93002 Releases: master Change-Id: I8418bdf36ce3dd2ab63edb9a77f2db59beeaac43 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67035 Tested-by:
-
