Resolves: #98985
Releases: main, 11.5
Change-Id: Id886584f8fa57b30f54257d79a6eca4465906a86
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78576


Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>

The HTML parser failed to correctly detect single tags with closing `/`
and without white space, e.g. `<br/>`. The old tag name detection only
splitted the tag content by white spaces, which is not enough to
correctly find these valid tags. So the new way is to also remove
trailing slashes from the tag name.

Resolves: #96347
Related: #96307
Releases: main, 11.5
Change-Id: I3acefcbf046600bf118764b873f15b2a1678932d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78575


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Set the array index `$linkDetails['typoLinkParameter']` in
`\TYPO3\CMS\Redirects\Service\RedirectService` to pass it
through. That information is needed for the LinkBuilder.

For example, `DatabaseRecordLinkBuilder` would trigger an
array key access error, in case the linked record cannot
be found and no link can be generated. This array value
is use there for the thrown exception message.

The team play between `LinkService->resolve()` and the
`LinkBuilder->build()` should be reviewed in a dedicated
change. It may be useful, that the resolver directly
adds this information to the result, making the manual
adding at several placed through out the core obsolete.
Comments are added to document this.

Resolves: #100612
Releases: main, 11.5
Change-Id: I74cbf5cbb1b91e0045207873554aec4477986c4b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78672


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Stefan Bürk <stefan@buerk.tech>

The docker container image hub is slowly becoming more
and more problematic for open source organisations, it's
time to move to another container registry for core-testing
images. Images are now build and published to both Docker
HUB and GitHub Container Registry (`ghcr.io`).

To test the ghcr.io images, the patch changes runTests.sh
to use them them for local (non CI) execution already.

We can not fully switch to ghcr.io yet, since CI uses the
docker registry container as mirror for images to heavily
reduce network load and increase performance. The registry
container however can only mirror hub.docker.io images, so
we need a different solution for CI first. When this is
done, we'll stop uploading images to docker hub later.

Resolves: #100617
Releases: main, 11.5, 10.4
Change-Id: Ia309826618696dc25b15527b73fa704235285479
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78668


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

External "enshrined/svg-sanitize" package uses
`libxml_use_internal_errors()`, but fails to
clear errors using libxml_clear_errors().

This can lead to side effects with subsequest
libxml usages.

An upstream patch to fix this is pending,
but it needs to be merged and released.

In the meantime, we mitigate the issue in
our wrapper class.

See: https://github.com/darylldoyle/svg-sanitizer/pull/90

Resolves: #100607
Releases: main, 11.5
Change-Id: I911119b498a4dda8312c5ca940b5fdf6410a1a87
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78648


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Simplify `initialize` using a guard clause.

Resolves: #100598
Releases: main, 11.5
Change-Id: Ic53d190a139bc4c74517fc680adf43a8daadb6d9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78574


Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

Since it's valid to use a digit-only subject or title, those
options are now properly cast to a string, preventing
TypeError exceptions when passing them to type-hinted
functions. This happened due to PHP converting digit-only
strings to integers.

Resolves: #100582
Releases: main, 11.5
Change-Id: I30c543b64f41b91ed64edabdb4bd2d9720f24e51
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78628


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>

Resolves: #100580
Releases: main, 11.5
Change-Id: I10e4b21908a1b4649d7ab4b02c467af381017b2b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78627


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch pre-defines `cropBox` with an empty jQuery object to avoid
errors when starting the image cropper. A similar fix was already done
in #99953, that's why the issue doesn't pop up in v12.

Resolves: #100576
Releases: 11.5
Change-Id: I5d4fc7022a7521816ffc7762dde146256a6171ff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78615


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

When using a formField with a property name
that only consists of a number (e.g. a UID),
Fluid will now allow this.

Resolves: #100281
Releases: main, 11.5
Change-Id: Ief95b87af1025f65ac0db1ed0c64b6fcf9c40bbe
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78573


Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>

A new patch level forces us to regenerate
baseline.

> composer req --dev phpstan/phpstan:^1.10.13
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Change-Id: I7e616c60e448332ed10183665b772d892670480f
Resolves: #100573
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78612


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Jasmina Ließmann <minapokhalo+typo3@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The changes introduced in #93706 broke the preview button functionality
in multidomain setups. When first previewing the page in one page tree
and then clicking the preview link in the page tree of a different
domain, a DOMException due to a cross origin error would be triggered
in JavaScript, because it is not allowed to access the constructor of
a window object from a different context.

The thrown DOMException is now properly caught.

Resolves: #99286
Related: #93706
Releases: main, 11.5
Change-Id: I709f06ef89e248d7b88d500281e708f56557a176
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78571


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Improve the privacy of users by using the no-cookie setting
by default as fallback and set the do not track parameter to 1.

This fix recreates the behaviour already implemented for YouTube
embedded media to also apply for Vimeo embedded media:
If the setting 'no-cookie' is not set at all then use the
'no-cookie' url anyway.

Resolves: #100466
Releases: main, 11.5
Change-Id: I37e23f6220696591c2eb7d58dd8932d9b766a491
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78572


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

Change-Id: Ifb6baec06e9a7be3e891b6e3e7b314d52886b87c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78568


Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

Change-Id: Iedc984e71a0cd1d82d1f7f0f28ddf8c9712b9575
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78567


Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

This fixes the YAML configuration of the "Number"
form element, making the gird selection available.

Resolves: #98930
Resolves: #100412
Releases: main, 11.5
Change-Id: I1586adfc41c00070e00db10a1b71d614f34f3466
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78561


Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>

This file was removed in v12 and only the version in
TYPO3\CMS\Lowlevel\Database\QueryGenerator
was updated with fixes.

This patch backports all the checks to the v11
TYPO3\CMS\Core\Database\QueryGenerator

Resolves: #98536
Releases: 11.5
Change-Id: I7aabc6e5b31529c15fd50b390c346b1ec7caf71d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78139


Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Ralph Brugger <typo3bugs@public.linkpool.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Ensure that invalid array key accesses are properly guarded.

Resolves: #99863
Releases: main, 11.5
Change-Id: I1900eb96f4c77d11accc465aa5847af3e642afcc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77778


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>

The recursive function pagesToFlatArray make use of
the page tree repository on two places, which always
instantiates the same object. To improve the performance
this patch instantiates the page tree only once and stores
it in a protected property.

Moreover, it adds another protected property
editPageAndDefaultLanguageAccess, which holds the general
allowance of a backend user to modify pages and access to
the default language. This information is needed in the
pagesToFlatArray as well and was requested over and over
again.

Finally, the array_merge construction inside fetchDataAction
and filterDataAction was changed to a more performant solution,
by merging it after the loop.
Overall, this reduces the request time of a page tree ajax
call (data and filter) by around 10%.

Resolves: #99852
Releases: main, 11.5
Change-Id: I75e8fca96c3eebec72a00e328c634338191d31c1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78304


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>

When the "Access" module is called without a selected
page, the root page icon rendering triggers a PHP 8.0
array access warning.

This was triggered by the refactoring with #100454, but
is a general issue of the method, which is why the patch
should go to 11.5 as well.

The patch sanitizes $row['uid']. Other parts of the
method access further array keys without fallback,
but those should be fine - at least for now - since
this is about 'pages', and if there is a uid, the
other fields are probably provided as well.

Resolves: #100527
Related: #100454
Releases: main, 11.5
Change-Id: I40df9fcb86a145cfa68f7dc3086649c52efe7d79
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78558


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The problem with the current implementation is that it does not
consider that a tab may already be active but not visible initially.
In that case the `shown.bs.tab` event is never triggered.

We are moving to an observer that stays active until the element
is visible once, after that the observer for the tree is de-registered.

Resolves: #97082
Releases: main, 11.5
Change-Id: If63534ac28afd7d7ca53a963f6fad34ae9522885
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78556


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>

Add more test cases found when running mutation tests.


Resolves: #100532
Releases: master, 11.5
Change-Id: I3dc61e303351d4f63b4b4ad757f21188f1e60117
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78552


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Due to an invalid page link, e.g. "t3://page?type=123",
the "pageuid" key might not be set by PageLinkHandler.

This is now properly handled in the parser.

Resolves: #100510
Releases: main, 11.5
Change-Id: I0bc35cc1e3c0f5128ea52e3645faeaa5c600faaf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78530


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

This changed adjusts the `Build/Scripts/runTests.sh` support for the
different database types and versions. That means, which version for
which types can be selected for functional and/or acceptance tests.

Additionally, the help text output is enhanced to list information
about the support of database versions provided by the vendors, on
actual published release informations:

* https://mariadb.com/kb/en/mariadb-server-release-dates/
* https://www.postgresql.org/support/versioning/
* https://endoflife.software/applications/databases/mysql

Available versions are choosen for supported versions of the TYPO3
core version, see following matrix as generic overview.

**NOTE** Be aware, that this does not mean that tests are green
         with all version. This only enables execution through
         `Build/Scripts/runTests.sh` for now. `CI` adjustments
         are done afterwards in a dedicated shuffle change.

mysql
-----

* 5.5 unmaintained since 2018-12    (11.5, 10.4)
* 5.6 unmaintained since 2021-02    (11.5, 10.4)
* 5.7 maintained until 2023-10      (11.5, 10.4)
* 8.0 maintained until 2026-04      (main, 11.5)

mariadb
-------

* 10.1  short-term, no longer maintained        (11.5, 10.4)
* 10.2  short-term, no longer maintained        (11.5, 10.4)
* 10.3  short-term, maintained until 2023-05-25 (main, 11.5, 10.4)
* 10.4  short-term, maintained until 2024-06-18 (main, 11.5, 10.4)
* 10.5  short-term, maintained until 2025-06-24 (main, 11.5, 10.4)
* 10.6  long-term, maintained until 2026-06     (main, 11.5, 10.4)
* 10.7  short-term, no longer maintained        (main, 11.5, 10.4)
* 10.8  short-term, maintained until 2023-05    (main, 11.5, 10.4)
* 10.9  short-term, maintained until 2023-08    (main, 11.5, 10.4)
* 10.10 short-term, maintained until 2023-11    (main, 11.5, 10.4)
* 10.11 long-term, maintained until 2028-02     (main, 11.5, 10.4)
* 11.0  development series                      (main) [not working]
* 11.1  short-term development series           (main) [not working]

postgres
--------

* 9.6 unmaintained since 2021-11-11 (11.5, 10.4)
* 10  unmaintained since 2022-11-10 (main, 11.5, 10.4)
* 11  maintained until 2023-11-09   (main, 11.5, 10.4)
* 12  maintained until 2024-11-14   (main, 11.5, 10.4)
* 13  maintained until 2025-11-13   (main, 11.5, 10.4)
* 14  maintained until 2026-11-12   (main, 11.5, 10.4)
* 15  maintained until 2027-11-11   (main, 11.5, 10.4)

Resolves: #100492
Releases: main, 11.5, 10.4
Change-Id: Iac5d4f799fd05ed7b766d1a9db95481caea2f898
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78499


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

PHPStan recenently released a new patchlevel version,
fixing the one or other bug and changing the reported
issue message texts.

This change raises the phpstan dependency along with
one extending package. The baseline file was regenerated to
update to new message texts of some reported messages
to mitigate issue flipping between composer locked and
composer max testing.

Used command(s):

> composer require --dev \
    "phpstan/phpstan":"^1.10.11" \
    "phpstan/phpstan-phpunit":"^1.3.11"

> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #100452
Releases: main, 11.5
Change-Id: I307089d4b655e92eff2561c4e6d92cf79c20ea82
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78467


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

With this update, whenever the `<f:sanitize.html>` view helper is
invoked, the initiator reference will be included in the log. This
will help to quickly identify which class or component triggered
the sanitization process and take necessary actions if needed.

Resolves: #100377
Releases: main, 11.5
Change-Id: Ic7b06a7e96d98492c69e917a575b9e6f2a3d7296
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78382


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

This also allows automated testing with a minimal data.

Resolves: #100430
Related: #100249
Releases: main, 11.5
Change-Id: I2cee7ff96dee58ef76ce8f91161ed21e1a52553a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78451


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Even for a broken/imcomplete configuration, we want to have the
exception that complains about the incomplete configuration instead
of a `TypeError`.

Also add some type casts to have predictable types in more cases.

Resolves: #100431
Related: #100249
Releases: main, 11.5
Change-Id: If92af8f66bab7d311cbddc3178bc515b63381741
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78452


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>

This caused page titles in copy/cut functionality to not
be resolved and instead display the site title as a fallback.

Resolves: #99826
Releases: main, 11.5
Change-Id: I925981a1040dab92518af3fc6f0bc5c2342ec262
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78412


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Resolves: #100379
Releases: main, 11.5
Change-Id: If772e0ba8d2d10a9aeb86af519c1c4f05c0ef3b4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78357


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The FormEngine JavaScript module `table-wizard` became obsolete with
ticket #95036 and was forgotten to be removed, which is now done.

Resolves: #100356
Related: #95036
Releases: main, 11.5
Change-Id: I2f517a29ec5298efb4ddc7149f903b9837338037
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78329


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>

This change updates the main TYPO3 code base
vendor/ directory to lock to latest packages
from our main dependencies, ready for the next
v12.x release, so the "non-composer mode"
has various updated dependencies shipped.

Used commands:
  composer update "symfony/*" "doctrine/*" -W

Resolves: #100322
Releases: main, 11.5
Change-Id: Ib483549b89115132ece28686e0f0dc5463a052a1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78327


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Within `.form-group`, the elements `.panel` and `.panel-group` get a
visible overflow applied to not cut off FormEngine wizards, e.g. color
pickers.

Resolves: #99815
Releases: main, 11.5
Change-Id: I088ef82f2503152c1fd457362bf95f3f799754b5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78317


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

When using TYPO3 as a response for multipart
result or application/binary responses,
TSFE should not append "charset=utf-8" to the
Content-Type HTTP response header.

Resolves: #100189
Related: #99373
Related: #97550
Releases: main, 11.5
Change-Id: I645bb6941bb4bd01cb508a873e1add074c39ca57
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78171


Tested-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Achim Fritz <af@achimfritz.de>
Reviewed-by: Achim Fritz <af@achimfritz.de>

Releases: main, 11.5
Resolves: #100339
Change-Id: I4b24fdced525703367da88981d8d9996e14fda9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78308


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

There are several checks related to array key
'_CURRENT_VERSION' on versioned records. Since
PHP 8 those checks are not safe anymore and
can result in errors.

Releases: main, 11.5
Resolves: #100336
Change-Id: I8b5a956a987a3d8c9690e824e0fccfd6570e0069
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78306


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The content element "Section index of subpages from selected pages"
now also respects the setting "Show in Section Menus".

Resolves: #100262
Releases: main, 11.5
Change-Id: I92c52cd48c0732410ded00c508fdd16633d67035
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78299


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The default value for a confirmation is currently not respected
in the install tool on UI level and a confirmation dialog will
always show the "deny" button as selected. On CLI level the
default value is however taken into account.

This change sets the default value of the confirm dialog buttons
depending on the `defaultValue` property of the confirmation. If
the `defaultValue` is `true`, the "confirm" button is selected,
otherwise the "deny" button is selected.

Resolves: #100291
Releases: main, 11.5
Signed-off-by: Torben Hansen <derhansen@gmail.com>
Change-Id: Iee6e89c61cc5ad7117f7e565b42d39bd82ce26f9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78248


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Added a null coalescing operator around the access $item['lastMod'].

Resolves: #100280
Releases: main, 11.5
Change-Id: Idd4de6d647198e10d87ec01d64fa685535ab59aa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78066


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

EXT:impexp may run into memory limits when converting XML to PHP
arrays, even before all PHP memory is used up, because libxml has a
specific limit of 10 MB. This limit can be turned off by using the
`XML_PARSE_HUGE` (libxml) or `LIBXML_PARSEHUGE` (PHP) option, but
only for the DOMDocument implementation of libxml, and not for the
current XmlParser implementation.

By replacing the XmlParser implementation with a DOMDocument
implementation, larger XML files can be parsed with lower peak memory
consumption as a side effect. For example, parsing a 4 MB dummy XML
file consumes

56.03 MB (memory) / 168.72 MB (memory peak)

with the XmlParser, while using DOMDocument reduces the consumption to

56.15 MB (memory) / 60.08 MB (memory peak).

Besides the replacing of the implementation, XML parsing has been moved
to separate classes (Typo3XmlSerializer / Typo3XmlParser), fully covered
by tests, and restructured to reduce the number of required parameters to
a minimum. The functional scope was not reduced in any way.

Resolves: #83580
Releases: main, 11.5
Change-Id: Ic3345d539f028d766b49d01096ec34a6190a6dfe
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78249


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>