- Jan 22, 2020
-
-
Alexander Schnitzler authored
composer require phpdocumentor/reflection-docblock:"^4.3.2" composer require phpdocumentor/type-resolver:"~0.5" Upating phpdocumentor/reflection-docblock to at least 4.3.2 allows updating phpdocumentor/type-resolver to a version higher than 0.4 which is needed to get support for resolving collection types in doc blocks which enables the removal of the custom type resolving via extbase/Classes/Reflection/DocBlock/Tags/Var_.php. Releases: master Resolves: #89795 Change-Id: I2126dd9362e51f6dae9e6103c219295c5c3d679b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62438 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Susanne Moog <look@susi.dev> Reviewed-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
-
Oliver Hader authored
* introduce `routeParameter` variable (default `{value}`) * introduce ExceptionExpectation applicable in test cases * adjust TestSet::getSingleApplicable($type) to consider ApplicableConjunction as well * adjust configuration/declaration merges Resolves: #90153 Releases: master, 9.5 Change-Id: Ic0e84ac91bb3a9f7a1d8b004052b8d93867a39e3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63005 Tested-by:Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Susanne Moog authored
Resolves: #90169 Releases: master Change-Id: Icf102d434ae6540ebacb4a5103271b86a03f9148 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63010 Tested-by:
-
Timo Poppinga authored
Adjust the IP validation to avoid a warning in case the IP stack used by the current user has changed. Resolves: #90047 Releases: master, 9.5 Change-Id: I814e72648c7b404acc5eaf0b2270685dbab16abe Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63001 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Richard Haeser <richard@maxserv.com> Reviewed-by:
-
- Jan 20, 2020
-
-
Oliver Hader authored
Symfony route modifiers like `{!parameter}` were not encapsulated when preparing TYPO3 specific enhancer data for route processing. Internal static MD5 hashing is reduced by 4 bits (one character when hex encoded) to keep route modifier in deflated values. Resolves: #90149 Releases: master, 9.5 Change-Id: I040e24b2b49d76ad2a67deb9da43d70be4305722 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62994 Tested-by:Benni Mack <benni@typo3.org> Reviewed-by:
-
Oliver Hader authored
+ introduces ApplicableConjunction and corresponding handling + introduces defined state check on variables (not-null variables) + adds possibility to merge with existing enhancer declaration + adjusts VariableItem to support scalar values as well + adds human readable output for empty string and null values Resolves: #90153 Releases: master, 9.5 Change-Id: I248238daced063cf91de93f7527477d13064dca2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62997 Tested-by:
-
Andreas Fernandez authored
POST, PUT and DELETE requests sent by the AJAX API now also support string payloads, e.g. by using `JSON.stringify()`. Resolves: #90152 Releases: master Change-Id: I4e5fa49a4ede2388bdfdc777a5cee92a6a94c3ee Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62996 Tested-by:
Rodger Rüdiger <spike-shape@protonmail.com> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
Oliver Hader authored
Resolves: #90156 Releases: master, 9.5 Change-Id: I237ffab4b22351d5244ee54d9bdad5068db3a2c6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63002 Tested-by:
-
Guido Schmechel authored
Pages that have slugs that end with the configured index are now no longer matched falsely by the PageTypeDecorator. Resolves: #88633 Releases: master, 9.5 Change-Id: I3af91d65bfbb8ef285bba6c00b6cfe85e0b78f6e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61965 Tested-by:
Tobi Kretschmann <tobi@tobishome.de> Reviewed-by:
Felix P. <f.pachowsky@neusta.de> Reviewed-by:
Sascha Rademacher <sascha.rademacher+typo3@gmail.com> Reviewed-by:
-
Jigal van Hemert authored
It's now possible again to process items from foreign_table configuration with the itemsProcFunc. After that pageTSconfig settings can influence the items once again. AbstractItemProvider->getStaticValues() is removed as it is not used anymore. Releases: master, 9.5 Resolves: #85142 Change-Id: I1d548ad72872d78360c7093e4d6e3cdca8780fc0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/57185 Tested-by:
Jörg Bösche <typo3@joergboesche.de> Tested-by:
-
- Jan 18, 2020
-
-
Benni Mack authored
DataHandler creates new dataHandler instances in itself which do not hand over the custom parameters used in the outermost instance. The change adds the two parameter which were added in a performance sprint for TYPO3 v8 initially. Resolves: #76215 Releases: master, 9.5 Change-Id: I5560055e6c314cd136ab818241b1558f9718358a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62931 Reviewed-by:
Henning Liebe <h.liebe@neusta.de> Reviewed-by:
Frank Nägler <frank.naegler@typo3.org> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
-
Daniel Goerz authored
Resolves: #90137 Relates: #90114 Releases: master Change-Id: I09404a3553632298174f13bc758883bdd8f03e0d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62952 Tested-by:
-
Daniel Windloff authored
* Replace _GP with psr-7 request calls * Declare internal public properties as protected * Minor code cleanups as the removal of unneeded properties Resolves: #88757 Releases: master Change-Id: I7a8919d1f333783e7772a2257741c56a6f213e70 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61297 Tested-by:
Steffen Frese <steffenf14@gmail.com> Tested-by:
-
- Jan 17, 2020
-
-
Benni Mack authored
The backend user aspect must be set before BE_USER->fetchGroups is called and the TypoScript parser needs a proper ConditionMatcher object for the Symfony-based UserTSconfig conditions like [backend.user.isAdmin] to be working. Note to future self: The reason why the original change was reverted was that: - before workspace-related conditions did not work. - then workspaces worked, but conditions in userTSconfig bricked partially - the patch was reverted and left for dead for 1 year as it's a chicken-egg problem The main issue is that fetchGroup() is doing too much. - A valid user record exists, but the right workspace haven't been "set" which always returns workspace=0 for workspace-related conditions - So the workspace must be initialized earlier, and not at the end of the fetchGroups() call. - workspaceInit() - and some other code within fetchGroups() relies on finished TSconfig (that is the actual chicken-egg problem) So we'll just set the aspects before, but BEFORE setting the aspects, we'll evaluate the selected workspace of a user in a "plain" way. The reason why the backend context aspect now works (again) is because the context contains a "real" BE user object and fetches the data from the object, where as the workspace aspect just contains a static property. Resolves: #90075 Resolves: #86923 Related: #86229 Reverts: #86856 Releases: master, 9.5 Change-Id: I326d92a860a806ff13748cf13ef6b71b7a77089e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62887 Reviewed-by:
-
Eric Chavaillaz authored
If config.fileTarget is set, per example to "_blank", the target is set as fallbak on file link. The target is also added on click enlarge link but it is not wanted if lightbox is enabled. This patch ensure that the target attribute is not printed when lightbox is enabled. Resolves: #89613 Releases: master, 9.5 Change-Id: Ib40359939a7d8689f43b3418b7b5865794046f1d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62248 Tested-by:
-
Sebastian Hofer authored
In case of the first mount point of a storage in file list \TYPO3\CMS\Core\Resource\ResourceStorage::getRootLevelFolder() returns always the first mount point folder and not the real root folder. This causes, that the condition is always true in case of first mount point. If the condition is true, no folder restriction is added. If no folder restriction is added the search is done in the whole storage and not only in the selected folder. With disrespecting the mount points this method always returns the real root folder and the condition is only true if the selected folder is the storage root folder. This means a folder restriction is added in other cases. Resolves: #88175 Releases: master, 9.5 Change-Id: I2e9d52fac71f7f37784a05656574d0a9267d28f7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62872 Tested-by:
-
Sybille Peters authored
PopulatePageSlug is an upgrade wizard which migrates existing slugs from realurl tables to the table pages.slug. In realurl, when the page title changed, the realurl slug changed (if not fixed). Realurl handled this by adding temporary entries to its tables which would be used to redirect the URL to its new location. These entries had a fixed expiration date (expire > 0). The final slug had no expiration date (expire = 0) The previous behaviour in PopulatePageSlug preferred entries from tx_realurl_pathdata with an expiration date (expire > 0) over entries without (expire = 0). This would prefer (temporary) entries that were only used for the redirects over the final slug. This patch uses the 'uid' for sorting in descending order, which will always use the latest entry for a specific page / language combinations. Resolves: #89194 Related: #89964 Releases: master, 9.5 Change-Id: Ica18bf5c6df9d101ccfce7712eae9c979e558a11 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61719 Tested-by:
Albrecht Koehnlein <ak@koehnlein.eu> Tested-by:
-
Alexander Schnitzler authored
This commit introduces a development requirement to phpstan/phpstan to enable static code analysis. A basic configuration file has been added as well to identify most basic errors in the TYPO3 code base. Releases: master Resolves: #90097 Change-Id: I87e11eca6296864fdd7ba8cd109a23b82c27f641 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62851 Tested-by:
Sascha Egerer <sascha@sascha-egerer.de> Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
Andreas Fernandez authored
This patch replaces the usages of `$.ajax()` and its friends with the AJAX API provided by TYPO3 Core. Resolves: #90038 Releases: master Change-Id: Ief3767dd5a5256dca269b8dfb496f37a9bcdbe69 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62790 Tested-by:
-
Christian Eßl authored
If multiple functions are present, that call the hook $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'], only the changes of the last executed hook would be present, as each hook in the loop will be executed with the initial value of $content, . not the last written $content. To fix this behaviour, the $_params must be initialized inside the loop. Resolves: #89679 Releases: master, 9.5 Change-Id: Ie54c45d9126acd01637c19c289c9942d0452fdae Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62325 Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
-
Toben Schmidt authored
This change adds a real life example to section "Overriding Configuration via Page TSconfig". Releases: master,9.5,8.7 Resolves: #90128 Change-Id: Ibb434bc3ec7ff3766186fd26a839fa16cd40ea43 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62928 Tested-by:
-
Andreas Fernandez authored
The AJAX API is now used in context menus. This patch also incorporates a neat ES6 feature to use variables in object keys in a sane way. Resolves: #90039 Releases: master Change-Id: Ib0edf1b530a1c059f9ff7937bd16358a07a656ea Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62791 Tested-by:
Tymoteusz Motylewski <t.motylewski@gmail.com> Tested-by:
-
Andreas Fernandez authored
Resolves: #90139 Releases: master Change-Id: Ie9e543b8f4437d57ac39fd12914e869f6051ee44 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62954 Tested-by:
-
Christian Eßl authored
When clicking the "translate" button for a page translation, that has "mixed mode" records, an empty wizard would be shown with no indication what is wrong. An alert message is now added, that explains the reason why the translation wizard cannot be used in "free mode". Resolves: #89345 Releases: master Change-Id: I81afe42330393e9c2135e987e838a674b4f5288b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62788 Tested-by:
-
- Jan 16, 2020
-
-
Alexander Schnitzler authored
Releases: master Resolves: #90090 Change-Id: Iba1fcf663df0f11d1227d77d5ead2b5f473f7bc6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62758 Tested-by:
-
Oliver Hader authored
Enable experimental checking of serialized Phar meta-data against PHP objects. This would consider a Phar archive malicious in case not only scalar values are found. A custom low-level Phar\Reader is used in order to avoid using PHP's Phar object which would trigger the initial vulnerability. Resolves: #90010 Releases: master Change-Id: Ifda811fab44bdbb8f4858d18e392e0f321dbf1be Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62760 Tested-by:
-
Daniel Siepmann authored
Prevent PHP TypeError when creating request from globals containing numeric keys. Resolves: #89980 Releases: master Change-Id: I4c22891a0a341b11cb6c9a42923dadeb45a07524 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62736 Tested-by:
Alexander Schnitzler <review.typo3.org@alexanderschnitzler.de> Tested-by:
-
Benni Mack authored
The permission access module allows for AJAX calls to dynamically updating page permissions on the fly, where DataHandler is used. When using the form to do a more customizable change, plain SQL was used previously to update the pages. This circumvented the change to also update any translated pages (which DataHandler does by default). This wasn't a problem until TYPO3 v9.0, where pages_language_overlay was merged with "pages", where the permissions of translated pages should reflect the changes of the default language page. The change updates the PermissionController->updateAction to call DataHandler for the changes as well. Resolves: #89838 Resolves: #88311 Releases: master, 9.5 Change-Id: I9e56b279ddcbb43ee7bb11b330c288b12a0e7439 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62930 Tested-by:
-
NGUYEN Duc Quan authored
Adding the possibility to enable/disable filelist localization Resolves: #90114 Releases: master Change-Id: I42529e035a1325ff41cf7584db73b268ddc58ac1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62922 Tested-by:
-
Sebastian Mazza authored
Resolves: #86917 Releases: master, 9.5 Change-Id: I740c839635143fef2ec33b9b7dd2c6b84f843007 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61696 Tested-by:
-
Daniel Siepmann authored
When fetching items from foreign table, they might be sorted based on foreign table configured sorting. In such case the foreign table name is prefixed to prevent ambiguous column name. Resolves: #90127 Related: #70677 Releases: master, 9.5 Change-Id: Iebda2bd417481ae01b1265dd9be31b67af89991d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62929 Reviewed-by:
-
Susanne Moog authored
The DebugExceptionHandler will display full error messages and stack traces and should not be used in production. To mitigate the information disclosure, a new status report has been introduced: - if display errors is set to 1 (-> uses DebugExceptionHandler setting) and context is Production an Error is displayed - if display errors is set to 1 (-> uses DebugExceptionHandler setting) and context is Development a Warning is displayed - if the production exception handler setting is configured to use the DebugExceptionHandler an Error is displayed Resolves: #89978 Releases: master Change-Id: I0f4eb357cf2c0a8012ed2e12a8c9f63073d3a19c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62735 Tested-by:
-
Felix Althaus authored
Menu entries in both open documents and recent documents list of the opendocs extension were htmlspecialchar‘ed twice. One level of escaping was removed. Resolves: #89553 Releases: master Change-Id: Id04f8742e3b91ad3ce8618f4d49f2d4e12b93d71 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62161 Tested-by:
-
Susanne Moog authored
Preview functionality was only implemented in the Admin Panel. Previewing itself (as in being able to preview pages with access or user restrictions) should also work without having the admin panel installed and open. The basic process is now like this: - Backend generates preview URLs for pages with access restrictions -- starttime, endtime, fe groups --> parameters ADMCMD_simUser and ADMCMD_simTime are appended to the FE URL - Frontend PreviewSimulator Middleware uses these parameters to modify the current Context - Adminpanel - if installed and open - takes given parameters as settings for preview date/time/group - when user changes those, they are overwritten Technical Changes: - BackendUtility: Enable link generation for a specified context - DateTimeAspect: Add new property to aspect to mirror SIM_ACCESS_TIME global - PageRepository: Use new DateTimeAspect context property for enable fields - AdminPanel: Set $_GET params in settings if given, remove $_GET vars if user saves admin panel settings (to allow user to change date/time in AdminPanel) Resolves: #86653 Releases: master, 9.5 Change-Id: I3a2302845461e9c18f9349438e10f1c059a85e48 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/59927 Tested-by:
-
Chris Müller authored
The debugging of the yaml configuration of the form extension can be hard. To ease this task the configuration is available in the configuration module of the lowlevel extension. Resolves: #90052 Releases: master Change-Id: I0bfbae26d2f84f4e90766b9dab6e609f029e9c69 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62816 Tested-by:
-
Benni Mack authored
OpenSSL was only needed for EXT:rsaauth, so a check in the installer / system maintenance should be avoided. It is now rather a suggestion. Resolves: #83643 Releases: master, 9.5 Change-Id: If62b7fc1ddc211083fa8b4f793019e61cf2046eb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62918 Tested-by:
-
Oliver Hader authored
Range from '01' to '03' correctly leads to ['01','02','03']. The prefix mechanism is however applied for a range from '0' to '11'. This should only happen when explicitly having used '00' to '11'. Resolves: #90123 Releases: master, 9.5 Change-Id: I90672c4d94cb97d61fe45f8d6e1382b8be3b49b7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62920 Tested-by:
-
Daniel Goerz authored
Editors without access to the default language can no longer see those options in the context menu for page records that would lead to error messages due to missing language access. Additionally the list menu doc header and edit button for translated pages in the list menu are adapted to respect missing access rights to the default language as well. Resolves: #75130 Releases: master, 9.5 Change-Id: I686d29a90ed0ee428f9c2eeb68815f4122705de3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62915 Tested-by:
-
Benni Mack authored
Current Backend User Authentication sends header() which is not appended to the headers of the PSR-7 response and cannot be tested or validated properly. This is mainly due to legacy reasons as AbstractUserAuthentication sends these headers. When using TYPO3 in a scenario to do sub-requests within one PHP process, it is not possible to properly evaluate these Response headers. To enable this, the BackendUserAuthenticator middlewares now apply the headers to the Response object. Resolves: #89911 Releases: master Change-Id: Id22ca1a65e52f101d3775fbe79ea0ef1622e9fa9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62593 Tested-by:
-
Benni Mack authored
The description that the extension key should be used - instead of the plugin identifier is wrong, and is now adapted. Resolves: #90113 Releases: master, 9.5 Change-Id: I4928dba4255d46bf72e0a0b45e5ff3360ae718ac Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62921 Tested-by:
-
