The ext_tables.php of t3editor does overwrite parts of tt_content's TCA
without first loading it; this leads to errors if the ext_tables.php
cache is included before the TCA is properly loaded.

Change-Id: I54c19a2c6bc3e0b847ffa0bf19991a5936c0cba1
Resolves: #35495
Releases: 4.7, 6.0
Reviewed-on: http://review.typo3.org/10114
Reviewed-by: Stefan Neufeind
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Introduces a hook in tx_form_View_Wizard_Wizard. This hook
allows extending the wizard interface by loading extending
resources. The hook is executed after all other resources have
been loaded and just before content rendering.

Use it by adding your function to the array
$TYPO3_CONF_VARS['EXTCONF']['form']['hooks']['renderWizard']

Change-Id: I4fc22d5044d2808a9dbdb5ea9b256c2427987030
Resolves: #34711
Releases: 6.0
Reviewed-on: http://review.typo3.org/9559
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

Changes the regular expression used to validate the string into a
unicode-aware character-class and adds two testcases for this.

Change-Id: I247437d9e722c4656ddab0dd2e2ef6a960837cff
Fixes: #35296
Releases: 4.5, 4.7, 6.0
Reviewed-on: http://review.typo3.org/10066
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

Changes the regular expression used to validate the string into a
unicode-aware character-class and adds two tests for this.

Change-Id: I8cb83376ec3a029a0729cf950d385518746904b4
Fixes: #35284
Releases: 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/10065
Reviewed-by: Andreas Wolf
Tested-by: Andreas Wolf

Do not offer update for extensions with state "excludeFromUpdates"

Change-Id: Ic3aaf85a64fe23f5aede42a7949f4137d468675f
Fixes: #35126
Releases: 4.8, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9827
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Sebastian Fischer
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski

Add escaping to description and file name of file link content element.
Warning: There is no longer HTML possible in description!

Change-Id: Id9da65e927080db4e548811f9a82e0cf7e88e214
Fixes: #25246
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/7236
Security-Commit: a4006c10b5ac505a951131bbe3166a4271c62268
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10038
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

By accessing a cli script in the frontend, it is possible
that the DB name is shown.

Change-Id: Iac35d41ec7953fe14311b3bb619cc137389566fc
Fixes: #29060
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/9936
Security-Commit: 4953abf5d8e3c5eeeb60f5a8dcd919985f063ab3
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10037
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: Ia6a5d5d6d350eee0a440a4ce8299f2a483bed58d
Fixes: #29397
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/9935
Security-Commit: 582a55d38d48c24d6e04fc7d213f0d74644ab689
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10036
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

sys_notes misses an escaping in info module

Change-Id: If420168807f609709a767c7fb1d6a4d504d277f8
Fixes: #22748
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 31c4fdb3c3c9fe9d1a28fd13ca69f8b97d15459e
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10035
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

A proper escaping is missing for field "frequency"
Sanitize submitted uid

Change-Id: I882d167f55b813f7f20beba48ee09792acec4935
Fixes: #24474
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 68a9d5c2de0b6d466373cdde07fef03161bfa2de
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10034
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: I772490b260eb06e714ec57cdf75a6166f53eaea1
Fixes: #30940
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: dbed57cf912b792ae694ce4c6092a1900da9904b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10033
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Some values from the backend layout configuration
are not properly escaped

Change-Id: Id08f8f21d5c429e05e5de938e46eb2532855f5a6
Fixes: #29536
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: d34ae5f174a0fc5242323909771a6fbf21ef785b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10032
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

RemoveXSS fails to properly remove non printable characters, especially
zero-byte (\x00) chars.

Change-Id: I7005a7fbea98f224eab10cc639d6008d56adb2f6
Fixes: #30188
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 5c4076c527bb91f1232ed490eff779f78f89402b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10030
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: Id625eb9cc310f979899b3bd81d6eb43740825368
Reviewed-on: http://review.typo3.org/9989
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

Method t3lib_TCEmain::getPreviousLocalizedRecordUid() checks for the
"closest" localized record. For content elements it does this per
column, but actually fails because the "colPos" field is not among
the available fields. It must be added to the selection.

Change-Id: I2cd1ca612671aa8ff74599ccf7dd343ae6d86fa8
Fixes: #35260
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9891
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Philipp Gampe
Reviewed-by: Wouter Wolters
Reviewed-by: Francois Suter
Tested-by: Francois Suter

This Fix Replaces 3 occurences of new t3lib_install with
t3lib_div::makeInstance('t3lib_install')

Change-Id: I59c3366de1d7326c8da899d7f48a6125149c6b1f
Fixes: #35272
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9896
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

t3lib_collection_AbstractRecordCollection::getItemUidList() has
a method argument that is not used. The purpose is to have a
combination of table name and uid on demand.

Change-Id: I53f6aa0f87ea87db20d0e2d95cf5b4f5e2bdea81
Fixes: #35277
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9899
Reviewed-by: Dmitry Dulepov
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Introduces processDatamap_beforeStart hook to t3lib_TCEmain
which can be used to individually initialize or pre-filter
the datamap array.

Change-Id: I1862bfe0ecb3e3a1de8ae789a50f9eb6cfd9071b
Resolves: #35161
Releases: 4.7, 6.0
Reviewed-on: http://review.typo3.org/9817
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

t3lib_collection_StaticRecordCollection::loadContents() tries to
access class t3lib_TcaRelationService which is not available in
the TYPO3 Core. The accordant dependent feature request was
pending for master (see #32148). Since the TcaRelationService
was dropped for 4.7, this fix uses plain MM queries to get the
desired results.

Change-Id: I72fa5f7dc0fcf269ef00f9ec17bff6dd5bd95173
Fixes: #33942
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/9028
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Change-Id: I14e2ab3e462556ee2d6181660a3aedd506cc4b53
Releases: 6.0
Reviewed-on: http://review.typo3.org/9907
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

When creating a new page node via drag'n'drop shortcuts in pagetree,
the TCAdefaults.pages array from page TsConfig is now being respected.
This allows to preset certain field values for new pages.

Change-Id: I21c2f84951699469b00a745b62d2a95fb114809e
Fixes: #25021
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9747
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Stefan Neufeind
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

A few places in t3lib_iconWorks use variables as arrays without
checking if they are actually arrays. This leads to warnings in
the syslog.

Change-Id: Ibd14796dae648195a630d520ab18d5f8689076f0
Fixes: #24248
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9851
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Oliver Klee
Reviewed-by: Markus Klein
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

In groupfields the title attribute of options must also be handled
when moving items.

Change-Id: I82f8d3fabdda8e882087e80d3d8361a9be1b9c51
Fixes: #35176
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/9855
Reviewed-by: Markus Klein
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

This option in the User Settings is totally useless, as there aren't
any troubles with modern browsers and this feature anymore.

Change-Id: I27f1796b8e787aec9a673eaf3220115054711000
Resolves: #24584
Releases: 4.8
Reviewed-on: http://review.typo3.org/7334
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

This happens for the mkdirSetsGroupOwnershipOfCreatedDirectory() test in
t3lib_divTest.

Solution, just skip the test if the function does not exists.

Also do same safety check for posix_getegid() as done some tests above.

Change-Id: I18cbebc0b22ae5a7318673ed8abd2bd01003ba57
Fixes: #33718
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/8867
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

Change-Id: Iafa34e5c40105879afc58fe793bb61086dd19526
Resolves: #35160
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/9816
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: Idd7647e0e1aaee607203f64c421d6ca235920268
Fixes: #33791
Releases: 4.8, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9169
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers

When fetching page-details while using inside a workspace
make sure to fetch the correct overlay.

Change-Id: I7cd58201e4e3babf71e89f2ec7fecfd06f27ad21
Resolves: #27811
Releases: 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/3391
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

To make the long drowdown more readable, group the task list in
schedular (Add Task) by extension and add the description as title
to the corresponding option tag.

Change-Id: Ida7d85298df776c1f604c931aee49bf4f65cd796
Resolves: #35020
Releases: 4.8
Reviewed-on: http://review.typo3.org/9755
Reviewed-by: Felix Kopp
Tested-by: Felix Kopp
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch

The styling of t3editor should be configurable for
the content element "HTML". This makes it possible
to use e.g. a custom height

Change-Id: I64cde4382cc1e3b3e2185c52381d538aeb721698
Resolves: #34548
Releases: 4.8
Reviewed-on: http://review.typo3.org/9758
Reviewed-by: Philipp Gampe
Reviewed-by: Tobias Liebig
Tested-by: Tobias Liebig

Add missing sql_free_result in alt_doc.php to free hanging
records properly.

Change-Id: If2a6f291bd8839d1b7a2a617a192fe1d175f7cde
Resolves: #34771
Releases: 4.8, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/9757
Reviewed-by: Philipp Gampe
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Commit 94feeb25 introduced a major
performance overhead and is reverted for now.

Change-Id: Iaaa8895bf2ccfcf875b32e3d0773c111672e80ae
Releases: 4.8, 4.7, 4.6, 4.5
Resolves: #32756
Reviewed-on: http://review.typo3.org/9732
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Problem: Function compareLabel is not correctly declared in
class.tx_rtehtmlarea_microdataschema.php

Change-Id: Ieb2f5c460260c5aa3cc07ae3a5408270fc43011f
Resolves: #34708
Releases: 4.7, master
Reviewed-on: http://review.typo3.org/9536
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Oliver Klee
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland

Problem: IE does not support document.baseURI and document.URL is
incorrect when using realurl.
Solution: Get first base tag and extract href as base for iframe
document.

Change-Id: I845c3f617808235575d3af761e36ad188379c1b0
Resolves: #30847
Releases: 4.5, 4.6,4.7, master
Reviewed-on: http://review.typo3.org/6360
Reviewed-by: Stanislas Rolland
Tested-by: Stanislas Rolland

The PHP fatal error occurs for the following settings:
$TYPO3_CONF_VARS['SYS']['enableDeprecationLog'] is enabled
$TYPO3_CONF_VARS['BE']['forceCharset'] is not "utf-8" (or empty)
$TYPO3_CONF_VARS['SYS']['enableDeprecationLog'] is set to "file"

Change-Id: If95166c985499ded9764e6f7d6df224110580d95
Fixes: #34662
Releases: 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/9643
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Oliver Klee
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

The manual says that this type has been removed in 4.6 in favor of
userfunctions.
Besides that, the block makes use of includeMakeMenu(), which doesn't
exist anymore.
Therefore I'd say it's safe to remove the block.

Change-Id: I69b33894eff55a8eedd0b04448229a96f6a0d199
Fixes: #25100
Release: 4.7, 4.6
Reviewed-on: http://review.typo3.org/8848
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

When focussing the livesearch in the backend, other menus
should be closed.

Change-Id: Ibc6e9727ab9142f549bef3d5615bcb1426b42ebe
Fixes: #32890
Release: 4.7, 4.6
Reviewed-on: http://review.typo3.org/8837
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Sebastian Fischer

Change-Id: I6e7260fcb33f79f81ad2dbc4ae2da23130a009e6
Reviewed-on: http://review.typo3.org/9619
Reviewed-by: TYPO3 v4 Release Team
Tested-by: TYPO3 v4 Release Team

The classes t3lib_stdgraphic and t3lib_iconworks provide
the method imagecopyresized. Those functions got parameters
$w, $h twice in the function-header and therefore the function
only worked in "special cases".

This patch also adds a docblock and improves the (internal)
naming of the variables.

Change-Id: Id43229caa3694e8859f9912946c963f907f92951
Fixes: #26660
Releases: 4.4, 4.5, 4.6, 4.7
Reviewed-on: http://review.typo3.org/2564
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

When selecting html5 in config.doctype and deactivating
config.xmlprologue = none the xmlns-attribute of <html> has
to be omitted and the xhtml-cleaning has to be deactivated.

Furthermore the non XML-Syntax of the charset meta-tag has to
be provided to the renderer.

Change-Id: I5b3d3fe084d745df2a1cc98c614ba1fff173a4db
Fixes: #34730
Releases: 4.8,4.7,4.6
Reviewed-on: http://review.typo3.org/9537
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Ingo Pfennigstorf
Tested-by: Ingo Pfennigstorf
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter