- Feb 27, 2022
-
-
Stefan Bürk authored
doctrine/lexer has released a new minor version with changed method docblocks, which now emits phpstan errors because of incompatible types. This patch raises the minor version for development and core usage and adding phpstan ignore pattern to the baseline file until doctrine/lexer has fixed the incompatible state. This is a dedicated preparation to raise other dev dependencies. Issue has been reported to the corresponding github repository: https://github.com/doctrine/lexer/issues/62 used commands: > composer req doctrine/lexer:"^1.2.2" > composer req doctrine/lexer:"^1.2.2" \ --no-update -d typo3/sysext/core > Build/Scripts/runTests.sh \ -s phpstanGenerateBaseline Resolves: #97055 Releases: main, 11.5 Change-Id: Ib5c04202bdc6a4b5787a191e4bf1e175982fb217 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73736 Tested-by:
core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
-
Oliver Klee authored
GeneralUtility::getIndpEnv can also return values other than string, e.g., PATH_INFO might return null, and TYPO3_SSL will return a bool. Also, _ARRAY will return an array of all possible scalar values. The return type annotation needs to correctly reflect that in order for static type analysis to be able to work correctly when this function is called. Resolves: #97020 Releases: main, 11.5 Change-Id: Ibb24f1a3451c6598452402fc7a7b0a96c66bbd01 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73734 Tested-by:
-
Benjamin Franzke authored
The private container now provides access to non-public services that have been at least once injected (and thus be considered as service during DI compilation phase). This may be used to provide dependencies to functional test setups where some dependencies needs to be mocked while other should receive the vanilla dependency the container would normally inject. A functional test case does implement the ContainerInterface now, allowing tests to access both public and private services. $this->getContainer() may still be used if the default container (delivering public services only) needs to be injected into a service. Related testing-framework pull request: https://github.com/TYPO3/testing-framework/pull/331 Commands executed: composer req --dev typo3/testing-framework:^6.16.0 git grep -l "this->getContainer()->get(" | xargs sed -i 's/this->getContainer()->get(/this->get(/g' Resolves: #97032 Releases: main, 11.5 Change-Id: I5987d5244270a3e190c8721f6a8971c7fd1309ef Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73732 Tested-by:
Stefan Bürk <stefan@buerk.tech> Tested-by:
-
Christian Kuhn authored
Running bin/typo3 upgrade:run now encapsulates the wizard in question in double ticks. Before: > bin/typo3 upgrade:run Running Wizard Sanitize existing SVG files in fileadmin folder After: > bin/typo3 upgrade:run Running Wizard "Sanitize existing SVG files in fileadmin folder" Change-Id: I0739f836eb2b9cade517563a135f0333ecb6e055 Resolves: #97054 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73665 Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
- Feb 26, 2022
-
-
colin_44 authored
Add documentation for editors about validators. Add to sitetree. Resolves: #97025 Releases: main, 11.5 Change-Id: If250bae9acf265574f20bcef801d2c1fd66ceeb2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73664 Tested-by:
waldhacker <hello@waldhacker.dev> Reviewed-by:
-
colin.findeisen@tritum.de authored
This patch adds a documentation regarding form elements for editors. As a drive-by change the site trees for integrators and editors have been fixed. Resolves: #82357 Releases: main, 11.5 Change-Id: I06548dd0f51cdbd814067f1c44e49629fd56b68e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73663 Tested-by:
-
Oliver Hader authored
DefaultSanitizerBuilder for HTML sanitizer creates a new behavior for each invocation which is superfluous and can be cached in memory. Resolves: #96862 Releases: main, 11.5, 10.4 Change-Id: I4a6710524a1f2f1256c8aa7694ceaa56a627a07f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73462 Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
- Feb 25, 2022
-
-
Björn Jacob authored
The documentation now includes an overview of the used validation messages and their error codes. While being on it, the DateRange validator has been documented as well. Resolves: #87393 Releases: main, 11.5 Change-Id: I5e91131d5464fde370609310a2a5a5a3b64941c7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73662 Tested-by:
-
Elias Häußler authored
The localization of error with code 1521293686 in DateRangeValidator is missing. This patch adds the missing localization. Resolves: #97044 Releases: main, 11.5 Change-Id: I18c05c17d34f85b897c796cb987a94151d6da1ac Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73661 Tested-by:
-
Ralf Zimmermann authored
To make the form manager and form plugins load faster, the patch https://review.typo3.org/c/Packages/TYPO3.CMS/+/58054/ optimized the parsing of form definitions. Instead of using the YAML parser, a very rudimentary "parser" was introduced. This works fine, except for the fact that YAML escapes in form labels are not unescaped when displayed. This patch partially reintroduces the parsing of YAML, but only for the label. The performance drops only slightly. 10000x "loadMetaData()" (status quo) = 0.41 seconds 10000x "loadMetaData()" + parse label with yaml parser = 0.57 seconds 10000x parse the whole form definition with yaml parser = 7.57 seconds Resolves: #95733 Releases: main, 11.5 Change-Id: I742b18313af4c8fe90d2899848518d90f543f86e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73712 Tested-by:
-
Björn Jacob authored
This patch adds a new FAQ entry. It explains how to handle duplicate form submissions. Resolves: #95074 Releases: main, 11.5 Change-Id: Ide89f57dc296ab629b9bb50d76d7896cb998c008 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73660 Tested-by:
Mathias Brodala <mbrodala@pagemachine.de> Tested-by:
-
Elias Häußler authored
If section containers are changed (i.e. new containers are added or existing ones are deleted), the change is now recognized by adding a class `has-change` to the appropriate container. This assures the modal on exit is shown to the backend user to avoid discarding onsaved changes. Resolves: #95290 Releases: main, 11.5 Change-Id: Iff85a98f5f93876d1151909d28641ac6cca70874 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73706 Tested-by:
-
- Feb 24, 2022
-
-
Christian Kuhn authored
Scenario: * Create a page in live * Create a default language content element in live * Localize live page * Select a workspace * Localize the content element in workspaces, translate mode * Select live workspace * Delete default content element in live When deleting the default language content element in live, usually all translated content elements are deleted, too. This does not work for content element translations that have been created in workspaces (t3ver_state=1). Those elements *should* be discarded, but are not. The patch adds a method to DataHandler to take care of discarding t3ver_state=1 translations in workspaces when a live record is set to deleted, and adds two functional tests to verify behavior. Resolves: #97018 Releases: main, 11.5 Change-Id: I1bba5de52447cdfb9e80feca27aebf9855dccd28 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73659 Tested-by:
-
checkmaldierethorik authored
With deprecating 3rd party usage of getTreeList() in QueryGenerator and QueryView with #92080 a comma has been missed as element list separator for a list merge with array_merge(...) in WorkspaceService. This emits a corresponding native PHP warning or error. Missing comma is added to avoid the warning and merge the elements properly. Resolves: #97011 Related: #92080 Releases: main, 11.5 Change-Id: I612eecac4ff1222191d6310e8996268e8746de69 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73653 Tested-by:
Markus Gerdes <markus@madaxel.de> Tested-by:
-
Elias Häußler authored
Since form renderable validators are stored as SplObjectStorage instances, it is currently impossible to properly reset those validators, e.g. within a configured variant in the form configuration. This is because detaching during a foreach over SplObjectStorage instances updates the internal pointer. This leads to inconsistent behavior in the foreach loop. To come around this issue, a cloned SplObjectStorage is now used to remove all currently registered validators, properly resetting all validators for the form renderable. Additionally, this edge case is now covered by a functional test case. Resolves: #96424 Releases: main, 11.5 Change-Id: I91268e28a2c08fa21d655373e272204fbb9b84f4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73657 Tested-by:
Helmut Hummel <typo3@helhum.io> Tested-by:
-
Björn Jacob authored
Integrators have to be aware of a problem when sending emails to BCC recipients. This patch documents the problem and offers a solution as well as links to the TYPO3 Core API as well as Symfony Docs. Resolves: #92354 Releases: main, 11.5 Change-Id: Ia1594d8f8c93dfa5c4d58e12d13e61aa350ea9d0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73656 Tested-by:
-
Elias Häußler authored
Resolves: #97024 Releases: main, 11.5 Change-Id: If4b85ca494226fdd793af169c1e389e529e785b5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73655 Tested-by:
-
Georg Ringer authored
With #86196 the condition for `contentObject` has been accidentally removed. Resolves: #92471 Related: #86196 Releases: main, 11.5 Change-Id: I2c6ca4668141639650e3b4b1b58da2270f827f76 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73654 Tested-by:
-
Stefan Bürk authored
This patch raises styleguide to the recently released version to test against a more actual codebase, including backports and the one or other bugfix (postgres install etc). used command: > composer req typo3/cms-styleguide:"~11.5.4" --dev > cd Build/composer ; \ rm -rf composer.json ; \ mv composer.dist.json composer.json ; \ composer req typo3/cms-styleguide:"~11.5.4" \ --dev --no-update ; \ mv composer.json composer.dist.json ; \ cd ../../ Resolves: #97012 Releases: 11.5 Change-Id: Ic03b13ac3737d29a8d90e4957806a2f6dd173ab5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73674 Tested-by:Oliver Bartsch <bo@cedev.de> Tested-by:
-
- Feb 23, 2022
-
-
Jan Delius authored
LanguageService state has been moved into runtime cache for further reducing the need to keep the LanguageService in a global state. Failing to predict the need to translate into multiple languages in the same context and process, $cacheIdentifier had not be included the language. This patch adds the current language to the $cacheIndentifier to support multiple language translation while keeping the LanguageService state clean. Resolves: #97009 Related: #94415 Releases: main, 11.5 Change-Id: If1eaa3d2724ccdd12979a974c30d722878eb55d8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73685 Tested-by:
Benjamin Franzke <bfr@qbus.de> Tested-by:
-
- Feb 22, 2022
-
-
Stefan Bürk authored
Acceptance tests are the most likely tests to recover properly when automaticly retrying on test execution failure. CGL, integration, unit and functional tests on the other hand are more likely to fail with real issues and retry won't fix these issues, thus wasting CI execution time and job slots. The patch changes the default retry back to zero retries, except for 'acceptance' tests, including 'acceptanceInstall' tests. Resolves: #96999 Releases: main, 11.5 Change-Id: I570c7fc6c61fe55ab5f60b51c04161f935876d24 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73648 Tested-by:
-
Oliver Hader authored
Change-Id: I132fa89c4523a1571b5088774523050430f18961 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73642 Tested-by:
-
Oliver Hader authored
Change-Id: I62fdb4ee41b85c87291ad38c28e4c4ecdaa7dc36 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73641 Tested-by:
-
Stefan Bürk authored
In early stage of TYPO3v11 the storage format for data in the TCA ctrl transOrigDiffSourceField database field, often called l18n_diffsource changed from PHP serialized data to JSON encoded storage format with #91906, mainly to mitigate general security risks. doctrine/dbal enquotes json data provided as string with backslashes if not the correct field type is provided, which emits a postgres sql error exception when inserting or updating these fields, which are of type 'bytea' when dbms Postgres is used. Various parts of the core deal with arbitrary tables and don't know if a column is int, text or lob, or whatever. Those are blindly updated/inserted, resulting in Postgres saying "no". MSSQL has been named pickier than postgres in the past on that for similar issues with these fields. To solve this for MSSQL a expensive workaround on several places through the core with #81498 to get a working state and leaving it open to find a better way with a eventual cache-layer for these database field schema informations, thus unsolved yet. As core suffers now from the same issue for Postgres since the changed storage format, this patch adopts the choosen MSSQL solution for Postgres. This is a first bugfix solution with the tradeoff to be more expensive but working. Additionally one test case is added to cover this issue basicly but should be extended and further tightend in a dedicated patch. Improving the schema handling should be picked up and proper engineered in a another dedicated patch. Resolves: #96940 Related: #91906 Related: #81498 Releases: main, 11.5 Change-Id: I250fa10c9c7e06ddd330f7ab64f7680f21f3b4cd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73551 Tested-by:
-
Christian Kuhn authored
With #92238, it has been postulated that Extbase validators should not be dependency injection aware. Further places following this idea have been done in v11 with #94451 and #94384. A final breaking ReST file has been added with #95026. All of that is pretty unfortunate and there is simply no reason that Extbase validators can not get dependencies injected, no matter if they're not singletons. This patch specifically targets v11 to allow dependency injection in Extbase validators again if extension authors really need this, and don't want to stick to manual dependency retrieval as outlined in #95026. This patch should basically mitigate issues for extension upgrades and paves the way for a more solid general solution in v12. Extension authors have a more smooth upgrade path, especially when supporting two core versions at the same time. The v12 version of this patch is identical with v11 for now - The breaking interface change, adapting all core validators, and declaring core validators 'final' in v12 will be done with a dedicated v12 patch as soon as this v11 tailored version has been aligned on. Note all of this is pretty hairy and the solution outlined with the patch for v11 hopefully gives the maximum amount of compatibility without being breaking again, with giving extension authors additional options, and having v12 options to further mitigate this complex mess. Resolves: #96332 Related: #92238 Related: #95026 Related: #94451 Related: #94384 Releases: main, 11.5 Change-Id: I5fea15c9b73c59e5d7c3212a0842bc9a3413d2a1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73630 Tested-by:
-
Nikita Hovratov authored
When using the option "references" as an array, it is possible to provide table and uid with stdWrap functionality. The return type can be mixed so proper casting is necessary. Also, empty values like an empty string for table or "0" for uid should not trigger $pageRepository->getRawRecord and the fallback values should be used instead. Another potential bug was found while adding test cases, where an empty table would result in nothing. In such a case, the current table should be used for relation fetching. Resolves: #96809 Releases: main, 11.5 Change-Id: Ieb90f846bbdafb50190c1d30008aa65e1dbb9e43 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73550 Tested-by:
-
- Feb 21, 2022
-
-
Oliver Hader authored
Recent release of enshrined/svg-sanitize addressed a XSS vulnerability. The main purpose of having this library in TYPO3 is to protect against user submitted images that contains markup - which is possible with SVG files. In most TYPO3 scenarios these files would be stored in https://example.org/fileadmin/evil.svg and can be fetched directly. However, recent update for CVE-2022-23638 of the svg-sanitizer library seems to address the usage of inline SVG, used in an embedded HTML context, see https://github.com/darylldoyle/svg-sanitizer/issues/71 Resolves: #96901 Releases: main, 11.5, 10.4 Change-Id: Iacbaf4b9c9725dee9c12df3646fc1131b7ed93ed Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73627 Tested-by:
-
Andreas Fernandez authored
For a better UX, the period configuration field in the "Remove deleted records" task should be changed to be a "number" field. Resolves: #96977 Releases: main, 11.5 Change-Id: Ibd8f8eb6897d0349eb0902a78c2bf83741ff8f7a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73549 Tested-by:
-
Benjamin Franzke authored
For unknown reasons the /ajax/login/refresh route has never been used (all the way back to v6), to request a session timeout update. Instead the route /ajax/login/timedout, *without* the skipSessionUpdate=1 parameter has been used to refresh an existing session. With the introduction of configurable route parameters in #81409 this inconsistency wasn't noticed and the skipSessionUpdate parameter has been moved into the route-configuration, which meant /ajax/login/timedout was always called with skipSessionUpdate=1, even as result of the "Stay logged in" button, where a session update was intended. Use the dedicated /ajax/login/refresh route in order to actually refresh the session. Releases: main, 11.5, 10.4 Resolves: #96978 Related: #81409 Change-Id: I6e7ac78fdfae49fa07ac6b75d64dd1c381ad7e2b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73624 Tested-by:
-
Andreas Fernandez authored
The period validation now also checks whether the input is larger than 0 to disallow negative values. Resolves: #96976 Releases: main, 11.5 Change-Id: I9917e48fa976299227704b21c3aab2784ba0ca08 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73548 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
- Feb 20, 2022
-
-
Stefan Bürk authored
Raise development dependency "php-webdriver/webdriver" to a version which includes officially PHP8.1 fixes and opens for up for "Symfony 6 components" installation on main. used command: > composer req php-webdriver/webdriver:"^1.12.0" --dev Resolves: #96979 Releases: main, 11.5 Change-Id: I1ca15e0473e179c89c39fa2aa46073f3d09a2687 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73621 Tested-by:
-
Benjamin Franzke authored
Since #94084 all module URLs are automatically framed by the TYPO3 main controller whenever they are opened in a Sec-Fetch-Dest aware request. Use a non-module route for the popup window in order to avoid the automatic re-framing. Also hide the back-button in the popup window, as it would cause the entire backend to be opened in the popup. The shortcut button will link to the module-based detail-action in order to show in regular module context. Releases: main, 11.5 Resolves: #95361 Resolves: #86099 Related: #94084 Change-Id: I0bae3e502fa58f4b2bee804c5ed12b0fc2030d20 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73608 Tested-by:
-
Christian Kuhn authored
Recent pdo_sqlsrv 5.10.0 force SSL enabled connections with valid certificates. We can't supply these in CI right now. The patch removes active functional testing with this DBMS on CI, but keeps the rest of the infrastructure in runTests.sh and friends. This is a quick fix to get v11 and v10 green again. We could pick this up again if we find a solution for the certificate issue. Resolves: #96974 Releases: 11.5, 10.4 Change-Id: I0af99c52ae447ae6974d21236a862179e9b40dd6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73613 Tested-by:
-
Nikita Hovratov authored
This answers the question, why we check for 2 fields. Resolves: #96970 Releases: main, 11.5 Change-Id: Id2f74fe1362569765b0c030f810d5e208a15ad8e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73547 Tested-by:
-
Nikita Hovratov authored
The fieldControl to add a button to open the tableWizard has been removed in a previous optimization. Resolves: #96971 Related: #95036 Releases: main, 11.5 Change-Id: Ib1f8c5ff29071778ed098cabab8bdf22422822e9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73546 Tested-by:
-
Nikita Hovratov authored
Resolves: #96969 Releases: main, 11.5 Change-Id: I2dbd46db484c66bdea05d513f2b7e5c77f6f16bb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73545 Tested-by:
-
- Feb 19, 2022
-
-
Benjamin Franzke authored
BackendUserAuthentication isn't an injectable service, therefore the (unused) dependency injection is dropped and $GLOBALS['BE_USER'] usage is moved to be scoped by the isBackend() check. Also fix the same DI-anti-pattern in CategoryPermissionsAspect. No user facing error is currently known for this case, as the ModifyTreeDataEvent is only executed in backend context, so this is just to streamline both aspects. Releases: main, 11.5 Resolves: #96960 Change-Id: I7b9f49ef82eeffcf369f471b5d031311aa5007b4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73544 Tested-by:
-
- Feb 18, 2022
-
-
Georg Ringer authored
Avoid exceptions when creating inline relations if the parent record is not yet persisted. Resolves: #96900 Releases: main, 11.5 Change-Id: I383fd37efa8bec09333ee61156be1add99fd6e56 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73602 Tested-by:
-
Benjamin Franzke authored
* Avoid scrollIntoView which is no longer needed since #96947 * Do not catch exceptions on tab-click in ElementsBasicInputRangeCest which has been introduced in #93629, but actually didn't catch the documented case where the tab was already active (no exception in that case). It was actually only triggered when the tab was scrolled away. Again no longer needed due to #96947. Resolves: #96951 Related: #96947 Related: #93629 Releases: main, 11.5 Change-Id: I787960ea5dd8a6c946e090d90c4c9d2ecb950e68 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73586 Tested-by:
-
Oliver Bartsch authored
Some code examples for the ShortcutButton "routeIdentifier" property, introduced in #93093, used the non existing "web_view" identifier. Using this code example will therefore lead to a RouteNotFoundException exception. This is now fixed by using the correct identifier for the viewpage module. Resolves: #96945 Related: #93093 Releases: main, 11.5 Change-Id: Icf0a7cd476328661a630f24655ec53fe34b78745 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73543 Tested-by:
-
