The testing-framework simplified database snapshotting.
Calling static initializeDatabaseSnapshot() and
tearDownAfterClass() are on longer needed.

composer req --dev typo3/testing-framework:^6.15.1

Change-Id: I0921d8c0c99d2dc677a607a0ba3eecbb1bf39763
Resolves: #96264
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72530


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The install tool uses the FailsafeContainer for the DI.
The $GLOBALS array did not contain the FAL drivers that were
registered via the DriverRegistry API.

The DriverRegistry is therefore now retrieved from
the late-booted symfony container.

Resolves: #93249
Releases: main, 11.5
Change-Id: Ic74eb22172e8e3d0ab0378a5b8dd52a0d82c9bd3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72429


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

The patch changes runTests.sh and the container
definition to avoid mounting users home, /etc/passwd
and /etc/group. yarn based setups need some special
treatment but in the end bow to shell power, too.

Change-Id: I4e5665d31c5bef4e046e992eddd534ae597cce31
Resolves: #96253
Releases: main, 11.5, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72427


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Starting with 11.4, in Composer managed TYPO3 installations,
having extensions, that are not installed by Composer, are deprecated.

They are still detected and registered though, by scanning the
typo3conf/ext folder and registering non Composer installed extensions
from there.

This process is now optimised to only read composer.json files
of extensions, that are known to not be installed via Composer,
instead of scanning all of them.

In that context it is now also ensured, that the root package,
in case it being an extension, is treated as "Composer installed".

Releases: main, 11.5
Resolves: #96076
Change-Id: I6544d43bf8ce2d49d5d480aab8baba4cdf23347e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72426


Tested-by: core-ci <typo3@b13.com>
Tested-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Helmut Hummel <typo3@helhum.io>

The scenario provided by tables tx_irretutorial_mnmmasym_* gets
its own test extension and gets loaded where needed.

Resolves: #96242
Releases: main, 11.5
Change-Id: If7a6af780e9fab8eaa66686286c241b415e69a63
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72428


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

APCu cache backend is a shared memory per user and
typically bound to the executing posix user-id.
Calculating different cache identifiers per user
is useless since those won't share the same shm.

Resolves: #96232
Releases: master, 11.5, 10.4
Change-Id: If6b6a744828d06d55f2c9b5656aef48193da7384
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72510


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The InternalResponseContext class of the testing-framework
provides method withGlobalSettings() which can be used to
set arbitrary globals when executing a frontend sub request.

It is used in various tests to set some TYPO3_CONF_VARS.

The testing-framework already provides class property
$configurationToUseInTestInstance to set TYPO3_CONF_VARS
on a per test-case level.

The patch migrates tests towards this property and
avoids using an AdditionalConfiguration fixture file
that is also used to set some TYPO3_CONF_VARS.

Resolves: #96244
Releases: main, 11.5
Change-Id: Ie34a449075d1c1bacb1380dd5e79e3c48978bfe4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72506


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72509


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

With #94891 the close handling of the context menus got reworked as its
previous attempt had some glitches. However, the introduced overhaul
had another glitch: The context menu should hide once the cursor has
left the context menu for at least 500ms. When the cursor is moved
within these 500ms, but is still outside the context menu, the timeout
is reset because the event handler storing the cursor's position calls
the "should I close the menu"-routine which resets all timeouts.

This patch replaces the hand-crafted timeout magic with event
debouncing, providing basically the same functionality, but in a more
reliable way. Doing so allows us to remove some code that became
obsolete by now.

The `within()` method had a minor flaw where it considered a cursor not
being within an element if the cursor position was at the exact right
or bottom boundary. The method is now based on
`getBoundingClientRect()` which appears to be more stable. Previously,
a context menu suddenly could have an offset of 0 causing some glitches
where the menus closed unexpectedly.

The cursor's position is stored all 50ms, which may lead to timing
issues between the debounced event and the last cursor update. To
circumvent this, the cursor position is now also updated when the
context menu is entered.

As additional measurements, the logic when exactly a context menu gets
closed is refined:

* close if cursor is outside the context menu AND no child menu is
  visible or available
* close parent menu if cursor leaves child menu from any boundary where
  cursor will not enter its parent menu

Resolves: #96105
Related: #94891
Releases: main, 11.5
Change-Id: Ib9c2505480ada166f8497fc69b42fb9ee45f6cc3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72425


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Resolves: #96217
Releases: main, 11.5
Change-Id: Ic4320b60d730cac8ca0f9c0acb4d4483f12b5c40
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72423


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

The RTE tsconfig option allowTagsOutside is now
considered, when deciding whether to wrap a tag
inside a paragraph.

Resolves: #92301
Resolves: #85038
Releases: main, 11.5
Change-Id: I064de33c76e6a0920452bffacf90741dfc414ceb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72424


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

A false check in the TER API allowed to use
arbitrary version strings, as soon as they start
with the known `XXX.XXX.XXX` schema. This
will be fixed in TER API. However, core as receiver
should also validate the incoming data, before
storing them in the database.

Therefore, the same version number check,
which is used in the TER API, is now also
applied in the ExtensionXmlParser.

Resolves: #96209
Releases: main, 11.5, 10.4
Change-Id: I487eed34c6b25a5e3841d5263b52b9a73aaf681a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72422


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

To support editors, the page module checks
whether configured shortcut targets exist
and if they are accessible in the frontend
(e.g. not hidden). Otherwise, a info box is
displayed on the page, defining the shortcut.

However, in case a target page has group
restrictions defined (`pages.fe_group`), it
was previously declared as non accessible,
since no frontend group context exists in
backend.

This is now fixed by disabling the group
access, while searching for target pages.

Resolves: #96184
Releases: main, 11.5
Change-Id: I173dfc4b6c5877a3a3ab458e890530fc167712aa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72421


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Currently, the TypoScriptParser adds an error when
the result of a modifier is null. This is, because
the line is not set to a new value in such a case
and the following switch statement is not expecting
a line with a value modifier.

This has been fixed by skipping further checks on
the value, if the modifier returns null.

Resolves: #94109
Releases: master, 11.5
Change-Id: I28ae1570a5b0b4fc5ad667bacd86a17234aa1c60
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72420


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #96185
Releases: main, 11.5
Change-Id: I4138c226c93ba0fb0f578a35f736a6e0b7598e6a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72470


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

With #94193, the FAL API related option
"relativeToCurrentScript" was deprecated.
Some affected classes only got the @deprecated
annotation and were mentioned in the RST,
but no extension scanner entry was added.

This patch adds the entries.

Resolves: #96203
Related: #94193
Releases: 11.5
Change-Id: Ie374b6e97c2d942fe70750d14313602f62a2c158
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72462


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

With #94137, the ArrayUtility::arrayDiffAssocRecursive
method was adjusted to actually behave like `array_diff_assoc`.

To not introduce a breaking change after 11.0, a third
parameter was added to enable the correct behaviour.
This parameter however will be removed again in v12.

Therefore, the extension scanner entry hast to be
placed in MethodArgumentDroppedStaticMatcher
instead of MethodCallStaticMatcher, because only
the last parameter is deprecated, not the whole
method.

Resolves: #96193
Related: #94137
Releases: main, 11.5
Change-Id: Ic6844b509046037f411b302eff2ee983bf093917
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72419


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

The RecordLinkHandler allows to define custom mount
points, to be used for the page tree in the LinkBrowser.

However, due to not properly handling an empty
Configuration, the page tree was no longer shown
in case no mount points were defined, because
this led to the value being "[0]".

This is now fixed by properly handling an empty
mount point configuration.

Resolves: #96190
Releases: main, 11.5
Change-Id: Ic1a01f11c7499262697110664a5eb6cea94d13e1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72418


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

RelationHandler always returns hidden records as well,
but they will crash when having pages.media with hidden
records.

If running in Frontend, this should not be allowed,
so the hidden restriction comes into effect.

This happens because we now use the RelationHandler
consistently instead of using manual SQL queries since
11.5.3.

Resolves: #95997
Resolves: #82844
Related: #63353
Releases: main, 11.5
Change-Id: I78131ebed97a20276adbe51fbc77dacfab2a0e77
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72417


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

In some cases the tabs are not in viewport
so the elements can't be click by any
acceptance test.

This has been fixed by scrolling the tabs
into the viewport to make sure the ac test
is able to click the item.

Resolves: #96182
Releases: master, 11.5
Change-Id: I69624b7f158fd2d13d16a05e07ec960beac10be6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72416


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This change adapts leftover XML fixtures to use real PIDs instead
of pid=-1.

By this, some drive-by fixes within Extbase:

* Extbase count() queries now respect workspaces
* Extbase's QueryParser now filters out workspace overlays in ANY case

Resolves: #96176
Releases: main, 11.5
Change-Id: Ie249bf13bf27a263ceb9f9561840b570765dd157
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72415


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

The translations need to use the language of the current backend user
and not the one of the current language of the site in the frontend.

Resolves: #96004
Releases: master, 11.5, 10.4
Change-Id: Id409e759de4f0324835cc932f87719147b6e1b0f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72361


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

Usually, when running jobs in gitlab-ci, they're
organized in stages - jobs of a second stage only
execute when all jobs of the previous stage were
successful.

The pre-merge jobs use this to supress jobs in case
the "early" stage checking cgl and composer
fail. This helps suppressing waste of resources.

The nightly jobs are organized in more logical stages.
The stage supression isn't too useful here. Pipelines
are only executed as scheduled pipelines or manually
to sometimes test if the extended nightly jobs are
happy with a single patch before merging it.

To reduce runtime of nightlies, they now introduce
a gitlab-ci feature for single stage jobs that ignore
stage boundaries. With this out-of-order configuration
the stage separation is basically ignored, which on one
side reduces overall runtime of nightlies since more
jobs are executed in parallel and on the other side now
find all issues in case multiple merged patched kill a
nigthly and one hides fails from the other away due to
stage constraints.

Change-Id: I8e461592eecd0a66b0fcf6ee5ab14509ebec8277
Resolves: #96166
Releases: master, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72409


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72411


Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>

Aligns styleguide to recent JS CSP header changes.

composer req --dev typo3/cms-styleguide:~11.5.3

Change-Id: Ia6f8bfe4346264af0cbe5588110633d6be419112
Resolves: #96168
Releases: 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72407


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

TCA provides the "l10n_display" configuration,
which allows to define how TCA fields should
behave in localizations. One of the possible
values is "defaultAsReadonly", which just
renders the default records value in a
readonly field. This is non functional
and only used in FormEngine.

Common use cases are fields, which do not
change in a localization, e.g. the author
of a blog article.

How did this work?

The SingleFieldContainer, entry point of
each TCA field, checked whether the option
is set and if so, overrides the "itemFormElValue"
- containing the processed database field value -
with the raw field value of the default record
and automatically sets the field to "readOnly".

This already worked for basic types, such
as "input", "check" or "radio", since their
database values are usually not further
processed by any form data provider.

However, when it comes to types, dealing with
relations or enrichments, just using the default
records' raw database value did mostly not work.

Therefore, this patch removes the replacement
from SingleFieldContainer and adds a new
form data provider, dealing with this task.
This way, we ensure all following data providers
can process the correct value (either the
current database value or the default
records value).

This can be tested with a new styleguide record:
https://github.com/TYPO3/styleguide/pull/254

For some cases (mostly MM lookups and inline),
the "l10n_mode" needs to be set to "exclude",
when using "defaultAsReadonly", since otherwise
the DataHandler doesn't hold the relations in sync.

Note: TCA type "slug" and TCA renderType
"belayoutwizard" do not yet handle readOnly
at all, because this option is not supported
as "columns config". This is fixed in two
separate patches (#96096 and #96095).

Note: TCA type "flex" does still not work,
since the corresponding containers do not
implement readOnly handling at all. Fixing
this will be done in a separate patch.

Resolves: #89152
Related: #96095
Related: #96096
Releases: main, 11.5
Change-Id: Ic5346606c0309784a689c83dcefd1888bf31fc89
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72414


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

While the "readOnly" option is not supported as
columns config for renderType "belayoutwizard",
it might be automatically set by FormEngine in
case the field is defined with "l10n_display",
set to "defaultAsReadonly".

This is now properly handled.

Resolves: #96095
Related: #89152
Releases: main, 11.5
Change-Id: I2a5e3a96db66603d36633c72cf36407b21b90438
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72413


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

While the "readOnly" option is not supported
as columns config for type "slug", it might be
automatically set by FormEngine in case the
field is defined with "l10n_display", set to
"defaultAsReadonly".

This is now properly handled.

Resolves: #96096
Related: #89152
Releases: main, 11.5
Change-Id: I3ca0a6a17cc79704a727a6600b211833601dc290
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72412


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

To avoid introducing new components that rely on inline JavaScript,
Content-Security-Policy HTTP headers for the TYPO3 backend are enabled
when executing automated tests.

Resolves: #95898
Releases: main, 11.5
Change-Id: I2bbc1ce055d066381cd53449d1b37fd2cafe0168
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72385


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Resolves: #96133
Releases: main, 11.5, 10.4
Change-Id: Ic1924bbf34b746bf1891419da6cb54e547a509a8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72364


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

CleanerTaskTest dynamically calculates the needed 'period' time to use
for testing, if one page records will survive the cleaning task, as
not being outside this periode grace time. This has worked quite some
time, but may crash now in a quite narrow timeframe, which failed core
ci tests, if they were run in this timeframe - and made it reproducible
only for a night owl, as the timeframe lays between UTC '00:00-01:00'.

PHP8.1.0RC6 included a regression bugfix which introduced another bug,
which leads to inconsinstent calculation behaviour for using 'diff()'
method of '\DateTime' or '\DateTimeImmutable', if timezone switches are
needed and there are the first hour leap (or two hour in summer time).
This is already fixed in PHP8.1.0 release.

As we do not really need that 1 hour leap calculation here, we are able
to tighten the test setup here and calculate the needed dynamic period
in way to work around this bug for PHP8.1.0RC6, be backwards compatible
and also being safe for 8.1.0 release.

PHP regression fix introduced new bug (8.1.0RC6):
https://github.com/php/php-src/commit/904933e9185664148ce54

PHP bugfix released with 8.1.0:
https://github.com/php/php-src/commit/e4679ef0c2d5a0a81cb6e

This patch uses '00:00:00' for the time part of both dates and further
uses 'UTC' timezone enforcement to calculate the period time, which
stabilizes this testcase and lets night owls do their stuff undisturbed.

Resolves: #96128
Releases: master, 11.5
Change-Id: Ib1f4201ce8556ae8f22eeb4463732c62394e3c14
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72360


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Creating auto redirects, if page slug is changed, has been extended
to add the target with LinkHandler 't3://' uri schema with #89327,
adding language argument '_language' to enforce the language for the
redirect, missing that that did not worked, which was solved through
adding '_language' argument handling in #96043.

As language arguments '_language' and 'L' are ignored, if the provided
page uid is already the uid of the localized page, the parameter was
meaning less. Further this breaks language fallback handling, if the
localized page record is deleted.

This patch uses now the default language page uid for creating target
of auto-redirects to mitigate the issue that redirect will break if
localized page is deleted but language fallback is configured.

Resolves: #96103
Related: #96043
Related: #89327
Releases: master, 11.5, 10.4
Change-Id: I2ece06bf053bda4edb542910c3f51b1e6c8e052c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72358


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

This patch handles problems which occured with a large number of pages
and also for a large number of records to be checked for broken links.
The problems previously resulted in "Prepared statement contains too
many placeholders" exceptions and consumption of too much RAM and
(possibly) out of memory errors.

Technical details about the implementation follows because this is
handled slightly differently than in other areas of the core.

LinkValidator used named placeholders to build database queries,
and the EditableRestriction class also used a number of placeholder.

Technically 'doctrine/dbal' explodes named placeholders for array
values with quote type 'PARAM_INT_ARRAY' or 'PARAM_STR_ARRAY' to
single unnamed placeholders for each value, using one placeholder
for each array value. If multiple array value placeholder are used
with a large number of values this could quickly emit the "Prepared
statement contains too many placeholders" error as the limit is
reached. The limit differs beetween the various database systems.
One way to work around this issue is to do database operations in
chunks, but it could become quite difficult to calculate the chunk
size beforehand.

Array values are mainly used for 'in()' or 'notIn()' query expressions,
which naturally do not not have direct limits for the value count in it
through all supported dbms systems. This opens the possibility to use
direct value lists for these expressions. There are other dbms
limitations depending on the used dbms (for example on mariadb/mysql
'max_allowed_packets', max query size setting for SQLite), which may be
adjusted in some cases. However we could not safely expect that these
values are monitored and adjusted, so we still need to do database
operations in chunks, but make it a little easier for 'chunksize'
calculations.

During testing on an instance with a large number of pages, it was
found that LinkValidator used up a lot of memory, reaching the
configured memory limit of 2G on that system, which itself was very
high already (and far beyond the recommended 256MB limit).
Instead of collecting unlimited results in an array before checking
links against this array, doing this for each record directly avoids
excessive memory consumption during link checking.

It was decided to do this in this patch directly instead of a separate
patch, as this patch otherwise would not be testable in real
instances.

This patch does the following:

* introduce two method to implode value arrays in QueryHelper
* replace placeholder in EditableRestriction with quoted values
* replace placeholder in BrokenLinksRepository with quoted values
* introduce chunk database operations in BrokenLinkRepository
* introduce chunk database operations in LinkAnalyzer
* move $results array and call checkLinks() on it to the inner
  loop to process this for each record (instead of accumulating the
  results in a huge array.

In the future we need to investigate and find a more generic way to
handle such scenarios for larger instances. This may take some time
and investigation to do this properly and in a reusable way. To not
stall the bugfix further, we are doing the workarounds in this patch
to solve these issues in the meantime.

Resolves: #92493
Releases: master, 11.5
Change-Id: I9a596df6749d07afee9c5ac37266b876ddc6e297
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72357


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The JavaScript method "scrollIntoView" does not work
for elements inside a modal or similar. It only
scrolls the main page.

A quick and easy alternative is to set "scrollTop"
to a very high value.

Resolves: #96070
Releases: master, 11.5
Change-Id: Ic5cea96177442acc57ea78cfa66b698c0dfd0f81
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72356


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

When performing a search in the configuration module,
a JavaScript error will occur, if a possible expanded
tree node is not part of the search result.

This patch adds checks for existence of the scrollElement
variable.

Resolves: #96097
Releases: master, 11.5
Change-Id: I5977dd48487563ae30407f8cf126724acc9bcb0a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72355


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The json_response functional test extension will soon
avoid returning json encoded responses. This will make
the functional frontend test suite fully transparent
regarding responses.
This patch prepares a couple of frontend functional
tests towards this change.

Resolves: #96112
Releases: master, 11.5
Change-Id: I8116caf08e4b8b76ad5d23b49954d9cb78d1c4de
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72354


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The NoteController, used to display system notes in a
couple of modules, e.g. page layout, does now properly
check the corresponding user permissions (show/edit/delete).

Resolves: #96037
Releases: master, 11.5
Change-Id: Ic0e6670f7befa23802382c0818454c4e7c34a253
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72353


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #96111
Releases: master, 11.5
Change-Id: Id8b381371ea257eb85e2ff59d5aeb1fbb7786db7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72352


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The method getVal now always returns an array with
a string at index 0 and an array at index 1.

Resolves: #96001
Releases: master, 11.5
Change-Id: Ia1b321694767fa01b1de9176b87470522511d150
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72311


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

When TYPO3 is 'natively' called by a web server call, the
main application entry point is AbstractApplication run().

When using a PSR-15 from within some other application,
a request should be hand over to Application->handle(),
expecting a response object.

Now we have that ImmediateResponseException thrown by TYPO3
at some places.

ImmediateResponseException is only caught within run(), not
within handle(). A PSR-15 call to handle() will thus not
catch ImmediateResponseException, it bubbles up to the
calling application.

PSR-15 section 1.4 of https://www.php-fig.org/psr/psr-15/:
"It is RECOMMENDED that any application using middleware
includes a component that catches exceptions and converts
them into responses."

The patch changes AbstractApplication to follow this:
The ImmediateResponseException is a TYPO3 internal management
exception, a calling application should never need to deal
with it, but can expect to receive a response object instead.

Change-Id: I2857efd2b575a9b324d3d7a23df0bca5763a8839
Resolves: #96099
Releases: master, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72310


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The feature page.includeCSS.inline checks the existence
of the given file with `is_file()`. This does not work
for files included with the EXT: prefix, since the
path to the filename is not fully resolved any more
since https://review.typo3.org/c/Packages/TYPO3.CMS/+/71457

This patch processes the given file using the
`getStreamlinedFileName` function in order to resolve
the relative path to the file.

Resolves: #96098
Releases: master, 11.5
Change-Id: I2958eb13228622e724b5d4db1919a982fcd6247e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72308


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Currently language:update command fails when
a translation of a extension is missing.

This has been fixed by returning a successful
status code even though the file was not found
on the translation server. With the additional
option '--fail-on-warnings' the command fails
if the download of a language pack was not
successful.

Missing files are still reported in CLI stdout
and it still fails if the server is not reachable.
Also missing translations are now logged.

Resolves: #95700
Resolves: #96054
Resolves: #96055
Resolves: #96053
Releases: master, 11.5
Change-Id: I9a19de919e99b591dcf02a5cf70465ad9c5c76b7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72309


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>