- Nov 23, 2020
-
-
Dmitry Dulepov authored
Translation wizard will hang if there are new content elements to translate and there is an element with language "All". This change fixes the problem by disallowing to fetch elements with this language. The fix is contributed by the University of Basel. Resolves: #92751 Releases: master, 10.4, 9.5 Change-Id: Ib018e04f6e95a1dc1a1d1f57631a31b986a10cd5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66557 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- Nov 22, 2020
-
-
Oliver Bartsch authored
Since #92836 backend users have to confirm their password on accessing the install tool in the backend. The corresponding password field now properly gets the focus assigned. This improves the accessibility, especially for keyboard users who otherwise had to tab through the whole module menu first. Resolves: #92895 Releases: master, 10.4, 9.5 Change-Id: I001f851b3730a864923c73a766026ed18d9c5466 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66773 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Daniel Haupt <mail@danielhaupt.de> Tested-by:
Frank Nägler <frank.naegler@typo3.org> Reviewed-by:
Markus Klein <markus.klein@typo3.org> Reviewed-by:
Daniel Haupt <mail@danielhaupt.de> Reviewed-by:
Frank Nägler <frank.naegler@typo3.org>
-
- Nov 21, 2020
-
-
Sybille Peters authored
Resolves: #92894 Releases: master Change-Id: I21ab03f80924f27af267c9e4a401b53358ea6327 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66772 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Daniel Haupt <mail@danielhaupt.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Daniel Haupt <mail@danielhaupt.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Andreas Fernandez authored
Resolves: #92896 Related: #92888 Releases: master Change-Id: Icda106771196a1bcabd10651170f553bb56a7ffa Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66793 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de>
-
- Nov 20, 2020
-
-
Oliver Bartsch authored
System notes are being displayed in various modules. Previously one however had to always switch to the list module to add such note. Therefore, a new button is added to the button bar of the page, list and info module which allows to directly create a new sys_note record for the current page. The new button can be disabled via page TSconfig. Resolves: #83814 Releases: master Change-Id: Id7ab3b7a25d14c67a2a1b41753e1eae34eecd69e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66373 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Alexander Schnitzler authored
With this patch method canProcessRequest() of class \TYPO3\CMS\Extbase\Mvc\Controller\ActionController has been removed because it could never fulfill its claim, enabling users to simply register custom request types and then have custom controllers be built and dispatched depending on the request type. Besides that, dispatching another controller than the one configured and requested is unwanted behaviour. Furthermore, the corresponding protected property $supportedRequestTypes and the UnsupportedRequestTypeException have also been removed. Releases: master Resolves: #92853 Change-Id: I2d7ae9fea86f5161e67e0f17a11f563b037cc412 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66644 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
Matthias Weber authored
Add a visible label for the email input field in the forget password form. Releases: master Resolves: #92627 Change-Id: I8114b47e83320fdc730b4a0d4f6bf71761199226 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66273 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
TYPO3com <noreply@typo3.com> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Olaf Schmidt-Wischhöfer authored
Also add aria-expanded and aria-controls arguments for screen readers Resolves: #92682 Releases: master, 10.4 Change-Id: I48d0edcbea4d185d11216048d7847ad3574d704d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66271 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Sybille Peters authored
The HTTP requests for checking external links did not have a timeout. The timeout from Global Configuration was used which is set to 0 (not timeout) by default. This could cause the link checking to run indefinitely and scheduler tasks to never terminate. Usually, there is a connect timeout, a read timeout and a total timeout. We set the total timeout and make this configurable via page TSconfig. If this is not set via TSconfig, it will default to the value set in $GLOBALS['TYPO3_CONF_VARS']['HTTP']['timeout']. Resolves: #92655 Releases: master, 10.4 Change-Id: Ib4727a665e41be247a7391c9ae814917df39df6e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66241 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Sybille Peters <sypets@gmx.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Elias Häußler authored
This patch adds keyboard navigation for the multi-step wizard handling duplication of existing forms in backend and improves accessibility. Resolves: #92819 Related: #90132 Releases: master, 10.4 Change-Id: Iea487044557dba0caf33f83e47b8c87a7d603040 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66605 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Martin Kutschker authored
States of checkboxes defined in the TCA with "invertStateDisplay" enabled are announced in the same way as the visual representation. The underlaying checkbox value is inverted instead of just inverting the corresponding visual representation. The CSS class "checkbox-invert" used for styling these checkboxes has been removed. Resolves: #92678 Releases: master Change-Id: Id35d0cc3b3872a8176f30eee6abdf49287a2c44a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66282 Tested-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Olaf Schmidt-Wischhöfer authored
Instead of <a href="#" ...> or <span ...>, a <button> tag is used for inline relations to enable proper keyboard navigation. * rename variable and protected method names from "link" to "button" * remove unsed $objectPrefix argument from getLevelInteractionLink (now ...Button) Resolves: #91595 Releases: master, 10.4 Change-Id: I167c175fe9e0fa211e637936e9d777459f892e79 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66233 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Tested-by:
Martin Kutschker <mkutschker-typo3@yahoo.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Michael Telgkamp <michael.telgkamp@mindscreen.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Martin Kutschker <mkutschker-typo3@yahoo.com> Reviewed-by:
Torben Hansen <derhansen@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Benni Mack authored
The PHP version that is required now, is PHP 7.4, more specifically PHP 7.4.1, which fixed a hard issue on the JIT compiler. Used composer commands: composer config platform.php 7.4.1 composer req php:^7.4 composer req php:^7.4 -d typo3/sysext/core --no-lock Releases: master Resolves: #92890 Change-Id: Iaf090b34b1f825adcdb5d42e8a4df20673677a6f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66717 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Devid Messner authored
Replace the uid of the translated page with the uid of the original page in the mountpoint parameter. Resolves: #91328 Releases: master, 10.4 Change-Id: I6eeceff8b191cd76e134fda59e67550b58dfa985 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64952 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Sybille Peters authored
Linkvalidator ships with several Linktype classes that are used to check specific links such as ExternalLinktype, Filelinktype etc. The Linktype LinkHandler is not used by default (see Page TSconfig mod.linkvalidator.linktypes). It was used to check links of the extension "linkhandler" which is now outdated. The latest version supports TYPO3 4.1.0. Functionality from the extension linkhandler has been migrated to the core in TYPO3 8, but in any case the LinkHandler link type supports outdated link syntax starting with "record:". Resolves: #92693 Releases: master Change-Id: Ie0736720ce975b8ccf8e8323660e18d0c772b251 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66265 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Sybille Peters authored
When a broken link is fixed by using the pencil icon in list of broken links, the broken link should get removed from the list. Resolves: #92710 Releases: master, 10.4 Change-Id: I56e620313491414916f81cb32419348b7dab00d3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66287 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Eric Chavaillaz authored
The TsConfig CGL are described: https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/CodingGuidelines/CglTsConfig.html This patch ensure that those rules are now respected everywhere in the core. Resolves: #92820 Releases: master Change-Id: I7eef518c1aad5758a5d39d469ea16d5bbb97653b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66606 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Richard Haeser <richard@richardhaeser.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Sybille Peters authored
The edit record icon now has a proper button style to unify the appearance between the modules (e.g. redirect module). Resolves: #92823 Releases: master Change-Id: I899007222068fba39ff6672433908e04db31804e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66609 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Chris Müller <typo3@krue.ml> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Chris Müller <typo3@krue.ml> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Joachim Eckerlin authored
Additional wrapper around the sword in the search result template. Allowing CSS Styling to the word, but not the label. Resolves: #92786 Releases: master Change-Id: Iff9cab894883ed1cefe0769d40cad2f50ecf9102 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66695 Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Richard Haeser <richard@richardhaeser.com> Reviewed-by:
Torben Hansen <derhansen@gmail.com> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Anja Leichsenring authored
In order to improve quick result accessment, a summary is now outputted at the very end of the local test run. Details about test suite, php version and DBMS version are given, together with a clear message whether the test run was successful or not. Resolves: #92796 Releases: master, 10.4, 9.5 Change-Id: I0470a5e811088a5b56174ff66eaff1fd8387264e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66571 Tested-by:
Simon Gilli <typo3@gilbertsoft.org> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Simon Gilli <typo3@gilbertsoft.org> Reviewed-by:
Jonas Eberle <flightvision@googlemail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Markus Klein authored
The l10n_parent fields of sys_file_metadata and sys_file_reference are never shown anywhere. Having them as type 'select' in the TCA causes the FormEngine to try loading all possible parent value, which can be thousands or more. This degrades backend performance towards unusable. Changing the TCA definition to 'group' mitigates the issue easily as no lookup list has to be created/loaded. Resolves: #92863 Releases: master, 10.4 Change-Id: Ibf76ac51f6d79a69fdc19bfe1993bcb6c97de233 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66671 Reviewed-by:
Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
Torben Hansen <derhansen@gmail.com> Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Mathias Brodala <mbrodala@pagemachine.de> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Matthias Weber authored
Set the color of placeholders to #767676 to meet WCAG AA conformance for background-color #fefefe. Resolves: #92621 Releases: master Change-Id: I573876390cc628793817a5498479b0389afd05cc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66262 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
TYPO3com <noreply@typo3.com> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Christian Kuhn authored
It seems the DynamicReturnTypePlugin for PhpStorm does not deal with 'self::class'. Change a couple of makeInstance() calls to hint for the returned object. Resolves: #92876 Releases: master Change-Id: I2cd2ad28dcd4e3baba641bdbc0dbdbc50d6bde9d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66699 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Andreas Fernandez authored
Since #92689 the IconRegistry is fed by a JSON file taken from the TYPO3.Icons repository and does not grab all PNG and SVG files from the filesystem and auto-registers these files anymore. It turned out that some icons (all of them being PNG files) are not part of the TYPO3.Icons repository and thus haven't been registered anymore. This patch now registers icons of EXT:backend and EXT:impexp explicitly which are not part of the beforehand mentioned repository. Resolves: #92860 Related: #92689 Releases: master, 10.4 Change-Id: I0baab2b00be100ad768b4a67bf678e71e11f70bb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66693 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Simon Gilli <typo3@gilbertsoft.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Simon Gilli <typo3@gilbertsoft.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Andreas Fernandez authored
With upcoming TYPO3 v11, support for PHP versions older than 7.4 is cancelled. Due to this, we don't have to check these versions anymore in Bamboo and thus remove them from the build plans. Resolves: #92888 Releases: master Change-Id: Iae261d4f4bc8ec205a583f685fda2ef183f32767 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66714 Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Charanth authored
These two parameters are switched. Releases: master, 10.4, 9.5 Resolves: #92887 Change-Id: I7a896a167f39b8a68664ef6f37b3b1be447825c9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66712 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de>
-
Christian Kuhn authored
In the frontend middleware chain PrepareTypoScriptFrontendRendering interacts with TSFE and calls getFromCache() which acquires frontend rendering locks. Locks are usually released after TSFE rendering in the final middleware, the HTTP/RequestHandler. Middleware ShortcutAndMountPointRedirect however, wich is called after PrepareTypoScriptFrontendRendering, can return early without calling below middlewares. In this case, locks need to be explicitly released to prevent a deadlock. This is not an issue in normal frontend calls since acquired locks are always released in __destruct() of the locking API. But, if the frontend is called as sub request, for instance from within another frontend call, from cli or testing, the lock API destructors may or may not be called. If not, this leads to dangling locks after the FE sub request, which then may block a following sub request executed in the same process. Resolves: #92882 Releases: master, 10.4 Change-Id: I231e56fb04ffa899c6e1b4d7e1a9e4a971f632db Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66707 Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Markus Klein <markus.klein@typo3.org> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch>
-
Georg Ringer authored
The usage count of forms in the form module must not count deleted elements. Resolves: #92880 Releases: master, 10.4 Change-Id: Ia58c4e28e03ea1caa3b22ba1188d039fcdea69ea Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66709 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Rudy Gnodde <rudy@famouswolf.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Rudy Gnodde <rudy@famouswolf.com> Reviewed-by:
Markus Klein <markus.klein@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- Nov 19, 2020
-
-
Christian Kuhn authored
To bootstrap TYPO3 sub requests, the testing framework needs an instance of the class loader. There is no good way to retrieve this object that is immutable for the entire process. During casual bootstrap, an instance of the class loader is parked in object ClassLoadingInformation. The patch makes getClassLoader() public to allow retrieval. This solution is kinda ugly and should probably change later. The public method is for now marked @internal and should not be used by third party code to allow structural changes later. Resolves: #92883 Releases: master Change-Id: Ic819e1a5989a74ebf634e1b1090058b7fe93af9e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66708 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Christian Kuhn authored
Frontend, backend and install tool application classes are the main entry points to create a response from a request object. From within a HTTP index.php, run() is called, which creates the request object from globals and feeds that to handle(). But, to retrieve a TYPO3 response from within a different PHP application, or from within TYPO3 itself (eg. a backend calls a frontend), the leading application would want to hand over a given or specially crafted PSR-7 ServerRequest directly. This is exactly what PSR-15 RequestHandlerInterface is for. By implementing this inteface in the application classes, the core increases interoperability significantly and allows to be easily called by a third party PHP application. Resolves: #92884 Releases: master Change-Id: I3047c92de06668db4dd5ef224bafde23f4b8ebd5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66710 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Christian Kuhn authored
Handing over '/' as $uri to InternalRequest() in functional tests triggers an ugly fallback mechanism that changes this to 'http://localhost/' within the FE call. Not handing over any $uri string at all defaults to 'http://localhost/' too, but at an much earlier and more transparent point. The patch streamlines two places that used the above method. Resolves: #92877 Releases: master, 10.4 Change-Id: Ic8e8e58315efeaf49298737f549bb5955520f7f8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66700 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Christian Kuhn authored
Test related fixture extension 'test_datahandler' still has calls in ext_tables.php that changes $GLOBALS['TCA']. This is forbidden for a while. Move those calls to Configuration/TCA/Overrides. Resolves: #92879 Releases: master, 10.4 Change-Id: I4cc66ca41caf52d872b0ff1a06a90d180a739ddb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66705 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Christian Kuhn authored
Test related fixture extension 'irre_tutorial' still has calls in ext_tables.php that changes $GLOBALS['TCA']. This is forbidden for a while. Move those calls to Configuration/TCA/Overrides. Resolves: #92878 Releases: master, 10.4 Change-Id: I56c652e5073ef26c46335e05213363007d4450e5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66703 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- Nov 18, 2020
-
-
Markus Klein authored
The backend module for backend users needs to use the hashed sessionId to check the online status if the session backend allows hashed ids. Resolves: #92871 Releases: master, 10.4, 9.5 Change-Id: Ifb5c2f48c751a52233888b293347425afd3092ae Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66697 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Benni Mack <benni@typo3.org>
-
- Nov 17, 2020
-
-
Helmut Hummel authored
Extracting SVG processing to its own processor did not respect that previously SVG files without dimensions were handled as a side effect of undefined behaviour without causing hard errors. The new processor however throws an exception instead of accepting undefined behaviour, which causes old installations with such SVG files to break. As a mitigation (as long as no other correct behaviour is defined), some default image dimensions are assumed for SVG files where none can be properly determined. This does not make SVG files without defined dimensions properly work, but at least restores the previous behaviour of not throwing an exception. Additionally extracting SVG processing uncovered another bug that existed, but never fully surfaced before. Processed files that were updated, but in fact were using the original file (like SVGs typically do) accessed the wrong storage to fetch file infos, when the processed files were configured to remain of a different storage. This is now properly checked as well. Resolves: #92444 Resolves: #92449 Related: #92014 Releases: master, 10.4 Change-Id: Ide10af8105c5fb6a5257aa7a16e48a02a925a8fe Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65963 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Timo Poppinga <timo.poppinga@zdrei.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Timo Poppinga <timo.poppinga@zdrei.com> Reviewed-by:
Georg Ringer <georg.ringer@gmail.com>
-
Georg Ringer authored
If the TSconfig setting is turned on, translations of content elements are bound to the default record in the display. This means that within each column with content elements any translation found for exactly the shown default content element will be shown in the language column next to the translation. This feature has been forgotten during the rewrite and is now readded. Resolves: #92482 Releases: master, 10.4 Change-Id: I408343d3b9a33b3239d1f341f3df36b65d2cd9c8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66412 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Helmut Hummel authored
To avoid loss of quality and spawning unnecessary imagemagick processes, cropping and scaling of images is now done with a single imagemagick process. By doing so, the code for SVG processing is streamlined. SVG processing code can further be improved later, by putting it into a dedicated file processing task processor. Releases: master, 10.4 Resolves: #91855 Change-Id: I3bf735e74dd46dec73431405f37616506747ccdf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65187 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Markus Klein <markus.klein@typo3.org> Reviewed-by:
Benni Mack <benni@typo3.org>
-
Oliver Hader authored
Processing XML external entities is explicitly disallowed when retrieving RSS/XML data from a remote service. Code-wise it is handled as security issue - however it was not possible to actually exploit the code with current system distributions. Default processing of external entities has been disabled in libxml2 since verion 2.9 - thus, most systems are not affected by this issue. Resolves: #92329 Releases: master, 10.4 Change-Id: Ia00e98ea8e54472ad09fbf4beaf1481eaa5fd7a2 Security-Bulletin: TYPO3-CORE-SA-2020-012 Security-References: CVE-2020-26229 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66665 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Oliver Hader authored
Instead of storing session IDs with their corresponding storage backends in plain text, their HMAC-SHA256 (Redis) or HMAC-MD5 (DB) is being used. HMAC-MD5 had to be chosen to avoid breaking changes for limited field size in database fields (32 characters currently). This change also allows a fallback to non-hashed-session values, meaning that * set() and update() will create new session records with the hashed identifier * get() contains a fallback to the non-hashed-version when no session with a hashed identifier is found Resolves: #91854 Releases: master, 10.4, 9.5 Change-Id: Ia57acc5e0d0cf71088af1aaff1ab894bd1d4e3dd Security-Bulletin: TYPO3-CORE-SA-2020-011 Security-References: CVE-2020-26228 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66664 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-
Oliver Hader authored
* XSS in `f:be.labels.csh` in argument `label` * XSS in `f:be.menus.actionMenu` in argument `label` * XSS in `f:form` in argument `fieldNamePrefix` Resolves: #92602 Releases: master, 10.4, 9.5 Change-Id: I7574bfb60eb2e11ecfb98d187f2edd580f43cd93 Security-Bulletin: TYPO3-CORE-SA-2020-010 Security-References: CVE-2020-26227 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66663 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
-