The GlobalEventHandler changes the location of the current (target)
window. The location is set to a given destination without any ability
to interrupt. The existing ConsumerScope API isn't used even if the
current window is the ContentContainer. This patch extends the handling
of a navigation action by checking its target window and using proper
ContentContainer API to set the location. Therefore registered listener
can deny a location change and trigger own functions.

Resolves: #95474
Resolves: #100114
Releases: main, 12.4, 11.5
Change-Id: If6a3b1cc546e1f2ff0b8e9fed3f83055f3f55e49
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79922


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>

Update (most) vulnerable dependencies/packages found by
`npm audit fix --force --dry-run`.

Notes redarding package changes:

 * The outdated grunt-postcss plugin is replaced by a (maintained)
   fork for compatibility with newer grunt versions.

 * karma is updated to v6 and pulls in @types/node which conflicts with
   TypeScript type definitions by @types/requirejs. Therefore 3rd party
   type declarations from packages (@types/*) are now explicitly
   enabled in tsconfig.json – note that there is no other way to exclude
   from typeRoots:
   https://github.com/microsoft/TypeScript/issues/18588

 * grunt-lintspaces and grunt-contrib-imagemin are replaced
   as these packages have been not been updated to not depend
   on vulnerabe dependencies, while grunt-lintspaces and
   grunt-contrib-imagemin would cause downgrades to older
   version when running `npm audit fix --force` (because only
   the older versions do not depend on vulnerable software).

 * (grunt-contrib-)imagemin is replaced by squoosh (by google) as
   a) imagemin dependencies ("bin-build" > "download") rely on vulnerable
      versions of "got".
      Neither of these packages is currently updated,see
      https://github.com/kevva/download/issues/224
   b) imagemin is unmaintained:
      https://github.com/imagemin/imagemin/issues/385
      and suggests squoosh as replacement

 * stylefmt is replaced by a maintained fork.

There is one remaining packages that pulls in a vulnerability alerts:

  * jquery-ui is marked as vulnerable (severity: high), but worked on
    in a separate patch #96497.
    (We don't actually use the vulnerable library parts though).

Vulnerability report before this patch:

    74 vulnerabilities (1 low, 30 moderate, 38 high, 5 critical)

Vulnerability report after this patch:

    1 high severity vulnerability
    (this is jquery-ui)

Commands executed:

  # Supposed to be non breaking, but broke grunt-css
  npm audit fix
  npm remove grunt-postcss
  npm install @lodder/grunt-postcss

  # Preparation for `npm audit fix --force` (breaking changes)
  npm install grunt@^1.5
  npm install grunt-lintspaces@^0.10.0
  npm remove grunt-lintspaces
  npm install --save-dev lintspaces-cli
  npm remove grunt-contrib-imagemin
  npm install --save-dev
  npm remove stylefmt
  npm install --save-dev @ronilaukkarinen/stylefmt
  npm audit fix --force

Releases: main
Resolves: #98198
Change-Id: I09df87fe131a499790e6c5f95f1c51e9216b71c2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75539


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

To make datetimer picker buttons focus the belonging textfield, the
buttons were rendered as `<label>` which is a very dirty hack, leading
to clitching buttons.

To solve this, the `@typo3/backend/global-event-handler` module is now
capable of focussing a specific element after clicking a trigger
element.

Resolves: #98054
Releases: main, 11.5
Change-Id: I828785267e6a8c25f3ed7c17221e903cd4cc3220
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75331


Tested-by: core-ci <typo3@b13.com>
Tested-by: Riccardo De Contardi <erredeco@gmail.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The backend related global-event-handler is a helper
to especially submit POST forms on various DOM elements.
It supersedes "onClick" events by having a watcher defined
by data attributes.
The patch extends given solution to also act on other
elements, especially the "<a .." tag.
This will be used by the upcoming backend TypoScript
Object browser and in general allows to send POST
requests instead of GET requests on many elements.
The JavaScript implementation has been prepared a while
ago already, but missed a use-case up until now.

Change-Id: I6604fd866543f94addbb9909fd41fb2ba3355bf5
Resolves: #97795
Related: #91052
Releases: main
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74963


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Switch from TYPO3/CMS/ExtName/ to @typo3/ext-name/ module
namespace in all TypoScript modules in order to
use the common "scoped package" syntax as known from npmjs.

This will allow TYPO3 TypeScript declarations to be
published to @TYPO3/* packages on npmjs.com at some point,
allowing extension authors to require these as npm/yarn
dependencies to be able to use TypeScript type declarations
when developing against the TYPO3 JavaScript API.

While at it, the naming convention of JavaScript modules is
also switched to use lowercase-dashed form. This is to adhere
to the common used naming convention in the npm-world.
Also @typo3/core/ajax/ajax-request.js simply looks better than
a mixed form @typo3/core/Ajax/AjaxRequest.js would be.

All existing RequireJS module identifiers are mapped
to the new naming syntax in the requirejs-to-es6 bridge:
For example a requirejs call to
  TYPO3/CMS/T3editor/Element/CodeMirrorElement
will transparently be transformed to the new scheme:
  @typo3/t3editor/element/code-mirror-element.js

Manual modifications in:

  Build/Gruntfile.js
  Build/util/map-import.js
  Build/JSUnit/karma.conf.js
  Build/Sources/TypeScript/backend/Resources/Public/TypeScript/viewport/navigation-container.ts
  typo3/sysext/core/Resources/Public/JavaScript/requirejs-loader.js
  typo3/sysext/core/Tests/Functional/Page/PageRendererTest.php
  typo3/sysext/core/Tests/Unit/Page/Fixtures/ImportMap/package2/Configuration/JavaScriptModules.php
  typo3/sysext/core/Tests/Unit/Page/Fixtures/ImportMap/package3/Configuration/JavaScriptModules.php
  typo3/sysext/core/Tests/Unit/Page/ImportMapTest.php
  typo3/sysext/t3editor/Configuration/JavaScriptModules.php

All other changes have been automated with:

find Build/Sources/TypeScript/ -type f | \
    grep -v index.d.ts | \
    sed \
        -e 's:Build/Sources/TypeScript/:typo3/sysext/:' \
        -e 's:/Tests/:/Tests/JavaScript/:' \
        -e 's:/TypeScript/:/JavaScript/:' \
        -e 's:\.ts$:.js:' | \
    xargs git rm

find Build/Sources/TypeScript/ -type f | while read file
do
    newFilename=$(echo $file | sed \
        -e :loop1 -e 's:\(/Public/TypeScript\|/Tests\)\([0-9a-zA-Z/.]*\)/\([A-Z][A-Z]*\)\([0-9a-zA-Z/-]*\)\.ts:\1\2/\L\3\E\4.ts:' -e 't loop1' \
        -e :loop2 -e 's:\(/Public/TypeScript\|/Tests\)\([0-9a-zA-Z/.]*[a-z]\)\([A-Z][A-Z]*\)\([0-9a-zA-Z/-]*\)\.ts:\1\2-\L\3\E\4.ts:' -e 't loop2' \
        -e s:/Resources/Public/TypeScript/:/: \
        -e s:/Tests/:/tests/:
    )

    mkdir -p $(dirname "${newFilename}")
    [[ "$file" != "$newFilename" ]] && git mv "${file}" "${newFilename}"
done

cat << EOF > convert_uppercase_to_lowercase.sed
:loop1
s:\(TYPO3/CMS[0-9a-zA-Z/]*\)/\([A-Z]\)\([0-9a-zA-Z/-]*\.js\):\1/\l\2\3:
t loop1

:loop2
s:\(TYPO3/CMS[0-9a-zA-Z/]*[a-z]\)\([A-Z]\)\([0-9a-z/-]*\.js\):\1-\l\2\3:
t loop2

s:TYPO3/CMS/\([0-9a-z/-]*\.js\):@TYPO3/\1:g

:loop3
s:\(^import \|^import .* from \|import(\|declare module \)'\([0-9a-zA-Z/.]*\)/\([A-Z][A-Z]*\)\([0-9a-zA-Z/.-]*\)':\1'\2/\L\3\E\4':
t loop3

:loop4
s:\(^import \|^import .* from \|import(\|declare module \)'\([0-9a-zA-Z/.]*[a-z]\)\([A-Z][A-Z]*\)\([0-9a-z/.-]*\)':\1'\2-\L\3\E\4':
t loop4

:loop5
s:\(\* Module\:\{0,1\} \|\* @exports \|\* @module \)\([0-9a-zA-Z/.]*\)/\([A-Z][A-Z]*\)\([0-9a-zA-Z/.-]*\)$:\1\2/\L\3\E\4:
t loop5

:loop6
s:\(\* Module\:\{0,1\} \|\* @exports \|\* @module \)\([0-9a-zA-Z/.]*[a-z]\)\([A-Z][A-Z]*\)\([0-9a-z/.-]*\)$:\1\2-\L\3\E\4:
t loop6

s:\(^import '\|^import .* from '\|import('\|declare module '\|\* Module\:\{0,1\} \|\* @exports \|\* @module \)TYPO3/cms/\([0-9a-z/.-]*\):\1@typo3/\2:g

s:@typo3/rte_ckeditor:@typo3/rte-ckeditor:

s:TYPO3/CMS/Backend/Module/Iframe:@typo3/backend/module/iframe:
s:TYPO3/CMS/Backend/PageTree/PageTreeElement:@typo3/backend/page-tree/page-tree-element:
s:TYPO3/CMS/Backend/Tree/FileStorageTreeContainer:@typo3/backend/tree/file-storage-tree-container:
s:TYPO3/CMS/Impexp/ContextMenuActions:@typo3/impexp/context-menu-actions:
s:TYPO3/CMS/Install/chosen.jquery.min.js:@typo3/install/chosen.jquery.min.js:

s:Public/JavaScript/JavaScriptItemHandler.js:Public/JavaScript/java-script-item-handler.js:
s:Public/JavaScript/RequireJSConfigHandler.js:Public/JavaScript/require-jsconfig-handler.js:
s:Public/JavaScript/AdminPanel.js:Public/JavaScript/admin-panel.js:
EOF

git ls-tree --name-only -r HEAD | \
    grep -v dashboard/Documentation/ | \
    grep -v Documentation/Changelog/ | \
    grep -v Build/JSUnit/ | \
    xargs sed -i -f convert_uppercase_to_lowercase.sed

rm convert_uppercase_to_lowercase.sed

sed -i \
    -e 's:TYPO3/CMS/\([A-Z]\):@TYPO3/\l\1:' \
    -e 's:@typo3/rteCkeditor:@typo3/rte-ckeditor:' \
    typo3/sysext/*/Configuration/JavaScriptModules.php \
    typo3/sysext/core/Tests/Unit/Page/Fixtures/ImportMap/*/Configuration/JavaScriptModules.php

sed -i \
    -e "s/: \\(@TYPO3\\/.*\\)/: '\1\'/" \
    typo3/sysext/form/Configuration/Yaml/FormSetup.yaml

(cd Build; grunt build)

git add typo3/sysext/

Resolves: #96906
Related: #96323
Releases: main
Change-Id: Ifed6ac373aa2bc0c36fe157fb3e9c220f520a9c4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73522


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>