FileListLocalisation.js was moved from backend to filelist
with #55810, but it was forgotten to adapt the reference
in InlineElement.

Resolves: #55979
Releases: 6.2
Change-Id: I102ffe25c255f8ac39a49d4022ee3ab73ff1914c
Reviewed-on: https://review.typo3.org/27861
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Frans Saris
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

This reverts commit 9974f36d.

The 401 header code is used with HTTP based authentication schemes,
based on RFC 2617.

This is not the case here.

Resolves: #55966
Reverts: #51803
Releases: 6.2, 6.1, 6.0, 4.5
Change-Id: I134f0f1d575f3e8d4c37c2af62df8eca3f01f817
Reviewed-on: https://review.typo3.org/27888
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

The absolute link generated for mailings to
workspace editors misses the page id.

The uid has been accidentally removed with
commit for #56359

Resolves: #56375
Releases: 6.2
Change-Id: I521aee2b96c542c27a911ffeab5d9bfffc8b9a46
Reviewed-on: https://review.typo3.org/27893
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

During the addition of the token check for mod.php
some places have been missed where a correct
token needs to be added.

Resolves: #56359
Releases: 6.2
Change-Id: I435cb36641fe96ecf050c915d200f94cbb31ce9f
Reviewed-on: https://review.typo3.org/27883
Reviewed-by: Markus Klein
Tested-by: Markus Klein

At some points where a file object is retrieved, a check for
the interpretation as integer is done for the method
argument only. If the argument is 0 a exception will be
thrown from the ResourceFactory.
A file object should only be fetched if the uid is an integer
greater than zero.

Resolves: #55530
Releases: 6.2
Change-Id: I9399d58bac4a48344769ac00207b64e25eea630e
Reviewed-on: https://review.typo3.org/27304
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein

In #30272 the backend formprotection has been changed
to not save flash messages in the user session if
the current request is an Ajax request.

Unfortunately the check for that is broken
since the TYPO3_AJAX global is reset in the
bootstrap now.

Introduce a method which uses the request type
constants and adapt the tests accordingly.

Resolves: #56357
Releases: 6.2
Change-Id: Idae8be036b3747ea71509cc37008a4d694390627
Reviewed-on: https://review.typo3.org/27879
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring

The directory selector in a file collection now displays the folders
of all filemounts of a user. Before only the folders of the first
filemount were displayed.

Resolves: #55414
Releases: 6.2
Change-Id: Ic47f5163e2cfc7c89edcba4119f06620ed0fd56e
Reviewed-on: https://review.typo3.org/27119
Reviewed-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Frans Saris
Tested-by: Frans Saris

Add a token check in mod.php and token generation
to BackendUtility::getModuleUrl()

Adapt code to use BackendUtility::getModuleUrl()
in every place where links are hardcoded.

Releases: 6.2
Resolves: #55509
Change-Id: I952c40fc1004a0a8d77c929927d37e1d93dcfef4
Reviewed-on: https://review.typo3.org/27636
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The DataHandler function checkRecordInsertAccess() does
now check the configuration for the root level.

Resolves: #52386
Releases: 6.2, 6.1, 6.0
Change-Id: I1810ea847e631ea6b242346a0271f491fd60fdf9
Reviewed-on: https://review.typo3.org/24166
Reviewed-by: Leon de Rijke
Tested-by: Leon de Rijke
Reviewed-by: Markus Klein
Tested-by: Markus Klein

Upload action was taken care of, but the ajax handler can be just
for all commands that ExtendedFileUtility->processData can handle.

This change checks the result set and flattens
data only when needed.

Resolves: #56084
Releases: 6.2, 6.1
Change-Id: Ic1a0bd9084b9eb206b9b53960890d22d2a9c56f5
Reviewed-on: https://review.typo3.org/27739
Reviewed-by: Alexander Schnitzler
Tested-by: Alexander Schnitzler
Reviewed-by: Markus Klein
Tested-by: Markus Klein

Resolves: #56294
Releases: 6.2
Change-Id: I1d86f1899447feaa301474f4ed247a0ecc6c1a6e
Reviewed-on: https://review.typo3.org/27859
Reviewed-by: Markus Klein
Tested-by: Markus Klein

getTreeList calls intExplode which converts empty
arrays to 0. This patch removes empty arrays
within intExplode.

Resolves: #55384
Releases: 6.2
Change-Id: Id4ca1a15edf2cc2617d85bda765461c4cb1f105c
Reviewed-on: https://review.typo3.org/27089
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack

The lowlevel array browser tries to modify the array that
is displayed if it's an object.
Now that TYPO3_LOADED_EXT is a simulated array (an object
which implements array access) modifying the data leads to
a fatal error. Instead the iterated value is now modified.

Releases: 6.2
Resolves: #54449
Change-Id: Ib1d3eb5cc76a4180ea0891d88c16191cd16f36e2
Reviewed-on: https://review.typo3.org/27850
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

The functionality for having to deal with
browsers that did not support style="width: XYpx"
is not needed anymore, as any browser supported
in the TYPO3 universe can deal with that (even IE6).

This patch cleans up all the areas that dealt with
that part. Also, one dummy function in
FormEngine.php has been removed completely,
another in DocumentTemplate.php has been
deprecated.

Releases: 6.2
Resolves: #56254
Change-Id: I6f47a5f7cabfd340088c242f1ee15b83c7cba0fe
Reviewed-on: https://review.typo3.org/27824
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack

Resolves: #56290
Releases: 6.2
Change-Id: I85348aea9fd514b9774b63846f444fcb9a8310e4
Reviewed-on: https://review.typo3.org/27856
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein

Fix for #41413 did not remove a superfluous parentheses.
This is causing a JS error now.

Backports of the original patch are fixed already.

Resolves: #56289
Releases: 6.2
Change-Id: Iff0e73a28c9428d931f44b538106b6120ccc4e6a
Reviewed-on: https://review.typo3.org/27854
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

Installing TYPO3 with an Oracle database (oci8) fails.
After selecting oci8 and passing the credentials,
the install wizard crashes with:

PHP Fatal error: Cannot use object of type
TYPO3\CMS\Core\Configuration\ConfigurationManager as array in
typo3/sysext/install/Classes/Controller/Action/Step/DatabaseConnect.php
on line 93

Obviously $config got mixed up with $configurationManager.
Fix this typo.

Resolves: #56253
Releases: 6.2
Change-Id: I58c1bc27f56b9a527d1d8fde7cf39b4ecd3ef7b6
Reviewed-on: https://review.typo3.org/27846
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Reviewed-by: Steffen Müller
Tested-by: Steffen Müller

The paginator in the extension list from TER is transformed into
using Ajax. This fails because this process searches for links inside
a class which is used by the frontend paginator widget. Changing it to
the id of the backend paginator widget makes the ajax calls work again.

Resolves: #56184
Releases: 6.2, 6.1, 6.0
Change-Id: I06c193b2657eb3edae623dc0126b06c240f486c6
Reviewed-on: https://review.typo3.org/27843
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

The security fix introduced a bug that the title is encoded
every time the link wizard is opened, leading to multiple
encoded strings.

Solution is to not encode it centrally but encode it just
before using it in the JavaScript context.

Fixes: #41413
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Change-Id: I6b08db290d5457761edc4506105672d79840764d
Reviewed-on: https://review.typo3.org/23740
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

There are 3 methods in ElementBrowser which are never used in the core.
We deprecate them, so they can be removed two versions later.

The methods are:
 * checkFolder
 * isWebFolder
 * setRecordList

Releases: 6.2
Resolves: #55985
Change-Id: I3e4f34e7ebaba9e8eeb0332e9f43c0e4acd2e706
Reviewed-on: https://review.typo3.org/27847
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

The form sysext contains a wizard to provide help for form creation.
This script used the init.php entry script. This is no longer wanted,
but the API can be used to add wizards.

To do so, some files were moved around and follow the same schema
as shown in openid sysext.

Change-Id: I6b6c41de6c271c56404151b1ec95f45e6f7786af
Resolves: #55669
Releases: 6.2
Reviewed-on: https://review.typo3.org/27347
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Markus Klein
Tested-by: Markus Klein

Resolves: #56272
Releases: 6.2
Change-Id: Idfcb04fac9f1c4e6637b7df929694b193266c825
Reviewed-on: https://review.typo3.org/27842
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Markus Klein
Tested-by: Markus Klein

Wizards used to be registered by defining a script path
to an entry script. Since we now aim to reduce
the number of entry scripts, wizards should be called
through mod.php and be registered accordingly.
However with the additional requirement of adding
CSRF protection for all mod.php calls, we cannot
hard code the script URLs for wizards any more.
Instead BackendUtility::getModuleUrl should be used,
which adds the CSRF protection token.
Since this token depends on the current user session
and TCA might be cached, we need a new way to register
a wizard by just specifying the module name in TCA.

FormEngine should then take care to call
BackendUtility::getModuleUrl()

Resolves: #56268
Releases: 6.2
Change-Id: I8dfd2f49257f673e0490e2553da63359a8e68776
Reviewed-on: https://review.typo3.org/27841
Reviewed-by: Markus Klein
Tested-by: Markus Klein

For the release of TYPO3 4.5 that the wizard in
install tool was renamed to "Upgrade Wizard"
to distinguish between patch level updates and
major version upgrades.

During the refactoring of the install tool for 6.2
the wizard was named "Update wizard again"

Fix the name again and name the upgrade wizard
"Upgrade Wizard" again.

Releases: 6.2
Resolves: #55970
Change-Id: I2cc75b7dfc5ddb3889a080270bf90a101fed935a
Reviewed-on: https://review.typo3.org/27617
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

Adapt the impexp simple import test to the testing framework
available with #54855.

Resolves: #55664
Related: #54855
Releases: 6.2
Change-Id: I6f1e9eb6ef3bda5b984ac67af3964fed90ba41f2
Reviewed-on: https://review.typo3.org/27325
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs

The functional test cases using EXT:irre_tutorial need to
enable move placeholders. $TCA[<table>]['ctrl']['versioningWS']
needs to be "2" and not just TRUE

Resolves: #56244
Releases: 6.2
Change-Id: Ic47536f26fd23a15b2c31c3eb05c1f30acd82865
Reviewed-on: https://review.typo3.org/27817
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Add missing '$' in front of formEl

Resolves: #56221
Releases: 6.2
Change-Id: Ia9b3260eebd007a60a34c33ac357fa84c572c8ac
Reviewed-on: https://review.typo3.org/27820
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Jost Baron
Tested-by: Jost Baron

The array was used by a mock call which is removed from
the test.

Resolves: #56119
Releases: 6.2
Change-Id: I6aa5ad720a52a710e59b9570a769396d6acb37fb
Reviewed-on: https://review.typo3.org/27821
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefano Kowalke
Tested-by: Stefano Kowalke

Encoding a few extra character besides the ones according to RFC3986
makes password reset links working again in various mail clients which
do not comply to this RFC (and which do not have plans to fix this in
the near future).

Change-Id: I0b42bef6cb732c5fc6cc2d900407271cb606e301
Fixes: #23984
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/17176
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

With the addition of categories-related menus, new fields were added
to the tt_content "menu" palette for handling categories relations.
This causes problems when people define new menu types.

This patch adds the categories-related fields in a more targeted
way using subtypes_addlist. The difference is that these fields
are not *in* the palette anymore, but just after it. I think
it is okay from a usability point of view and it makes the whole
categories thing less intrusive.

Resolves: #54041
Releases: 6.2
Change-Id: I923a6ec0d7716821626a31a95d80027987038bf1
Reviewed-on: https://review.typo3.org/27591
Tested-by: Dirk Klimpel
Reviewed-by: Dirk Klimpel
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

The core ships upgrade wizards for all versions since TYPO3 CMS 4.2.
Users upgrading to TYPO3 CMS 6.2 LTS should have at least TYPO3 4.5 LTS
or later. Therefore all Upgrade-Wizards which already have been executed
to upgrade to TYPO3 CMS 4.5 LTS and below can be safely removed for the
current LTS.

This change removed all these wizards relating to changes in 4.2, 4.3 and
4.5.

Resolves: #54930
Releases: 6.2
Change-Id: Ia691e3ca7dd347c6748a8e9d753278b2247f75b9
Reviewed-on: https://review.typo3.org/26776
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters

BE modules info and func now uses mod.php.

Changing the entry script for func and info module
will cause integrated submodules to fail in
case they use the old entry point index.php
with a relative path somewhere in funcMenu or in
other links or actions.

A compatibility layer is introduced in
typo3/index.php to catch those old
links and redirect to mod.php with proper parameters.

Change-Id: I83d31b6004ae3556dd8bf7c5c47b0fea39aaad55
Resolves: #55809
Resolves: #55672
Resolves: #55670
Releases: 6.2
Reviewed-on: https://review.typo3.org/27508
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

If a javascript file is forceOnTop the script uses array_unshift()
to put the file at the beginning of the section array. If this is
the first file that got processed, the array does not exist yet,
so the array_unshift function returns NULL and the file
will not added to the array.

The fix properly initalizes the section sub-array.

Resolves: #56242
Releases: 6.2, 6.1
Change-Id: I23af7862263fb0685032c34ded8736df87ddeb99
Reviewed-on: https://review.typo3.org/27793
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack

The tree class hierachie contains 3 empty classes, removed
by the patch:

* \TYPO3\CMS\Rtehtmlarea\ImageFolderTree
* rteFolderTree extends localPageTree in class.browse_links.php
* rtePageTree extends localFoltderTree in class.browse_links.php

Resolves: #55847
Related: #55830
Releases: 6.2
Change-Id: I5d0d92a484c37b6c2812f3350ab3f4dd3dfd15c8
Reviewed-on: https://review.typo3.org/27527
Tested-by: Tymoteusz Motylewski
Reviewed-by: Tymoteusz Motylewski
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Markus Klein
Tested-by: Markus Klein

The recent DataHander functional tests integrate file names that
are very long since they contain a description of what actually
is expected in the accordant test assertion file.

However, Windows has a limit of 260 characters per file path.
The longest file path of the mentioned functional tests has been
223 characters and is now reduced to 166 characters.

Resolves: #56177
Releases: 6.2
Change-Id: I1490a3f0fae7ef40547d81e304cb98077ab6142b
Reviewed-on: https://review.typo3.org/27815
Reviewed-by: Marc Bastian Heinrichs
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Add a token check in tce_file.php and token generation
everywhere forms for or links to tce_file.php are created.

Additionaly make sure, an instance of ExtendedFileUtility
is created in FileController on initialization to prevent
a fatal "Call to a member function on a non-object" error
in FileController::finish.

Releases: 6.2
Resolves: #55515
Change-Id: Ifd585661ac2cac6c88eaca5ad63b447d27e35395
Reviewed-on: https://review.typo3.org/27691
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

To be able to compare mostly only the data provided in the
database fixtures, the export needs to be limited to a given
set of fields of a record type.
This will loose the strict xml comparison of all existing fields
in the database and the tests would not break whenever we
change ext:core or ext:frontend ext_tables.sql.

Resolves: #55625
Releases: 6.2
Change-Id: Ie48e540ab1c9e271b64b893353a84c34ac982a50
Reviewed-on: https://review.typo3.org/27303
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Tymoteusz Motylewski
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs

Bring treeline sprite icons to t3-table in Template backend module.

Resolves: #56229
Releases: 6.2
Change-Id: I95cfad211fe5750d0786592986b4849f5f5b9826
Reviewed-on: https://review.typo3.org/27800
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Marcin Sągol
Tested-by: Marcin Sągol
Reviewed-by: Benjamin Mack
Tested-by: Benjamin Mack

In TYPO3_MODE == 'FE' we attached language overlays for file metadata
via an Signal in the MetaDataRepository. Within this signal the
methods of the PageRepository in $GLOBALS['TSFE'] are used to do the
actual language overlay.

When using eID the Frontend is not initialized. When creating file
objects in eID these functions are accessed on non-objects which
obviously leads to a fatal error.

As a result the registration of the Slot is extended to not register
itself in case of eID requests.

Resolves: #54232
Releases: 6.2
Change-Id: I4ccf226f48eb85428ce281c4a941ff7e834c2f88
Reviewed-on: https://review.typo3.org/27692
Reviewed-by: Wouter Wolters
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Hides bullet points in New Content Element Wizard.

Resolves: #56062
Releases: 6.2
Change-Id: Iead660b30df3cabea76d22dc962802c61be01ea7
Reviewed-on: https://review.typo3.org/27804
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer