With namespaces the @package and @subpackage annotations
do not have a real benefit anymore and can be removed.

Change-Id: Id8f4718db0c1c51ae5143a3353dd5efb42dadf70
Resolves: #43019
Releases: 6.0
Reviewed-on: http://review.typo3.org/16474
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Function TYPO3\CMS\Backend\Template\DocumentTemplate->isCMlayers()
is not needed and can be removed.

Change-Id: I7cef6a7711055c8cd6ce7ca0b3bf94b22e50a62f
Resolves: #41272
Releases: 6.0
Reviewed-on: http://review.typo3.org/14955
Reviewed-by: Mattias Nilsson
Tested-by: Mattias Nilsson
Reviewed-by: Oliver Klee
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

If GeneralUtility::validEmail() is called with array or object
as parameter, warnings or errors are thrown of type "strlen()
expects parameter 1 to be string" or similar.
The patch sanitizes the method by returning early with FALSE if
input parameter is not a string.

Change-Id: I56c8ec91c730e47d341de7f09c14c7ee0492a616
Fixes: #42792
Releases: 6.0
Reviewed-on: http://review.typo3.org/16462
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Refactoring #19938 a loose end was forgotten to be removed in one test.

Change-Id: I36d1f9368eb829afebd5c3be2282811b010ed5ff
Related: #19938
Releases: 6.0
Reviewed-on: http://review.typo3.org/16453
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Refactor and fix handling of preserveGETvars in felogin.
 * Add support for multi dimensional arrays
 * urlencode() values
 * Preserve only parameters defined in 'preserveGETvars'

The patch adds a new ArrayUtility method to handle
recursive array intersections. See the unit tests for details.

Change-Id: I90e2f8eb79586369a9c15c7ef19f7658b1d65ed3
Fixes: #19938
Fixes: #23324
Fixes: #23649
Fixes: #36894
Fixes: #38589
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/7638
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

This resolves the wrong instantiation of all classes
that contain uppercase characters within a certain
class name part, by adding the lowercased versions
to the class alias map.

Fixes: #40850
Releases: 6.0

Change-Id: I973393a5476e5b0ee8a2500117de636e43513666
Reviewed-on: http://review.typo3.org/16362
Reviewed-by: Thomas Maroschik
Reviewed-by: Mattias Nilsson
Reviewed-by: Ingo Pfennigstorf
Tested-by: Ingo Pfennigstorf
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The form extension uses iconv_strlen to determine
the string length, which fails when this method
is not present in PHP.

Use the CharsetConverter class instead.

Fixes: #42990
Releases: 6.0

Change-Id: Ibf7e82c85bd808f036c7d0715f55d6f1f9e5b8d5
Reviewed-on: http://review.typo3.org/16449
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I19bf442d362fc1ba7dd2df2d5d7e55c592222e27
Reviewed-on: http://review.typo3.org/16447
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The reports module to show the main typo3.org TER repository
extension list status and the security state of loaded and
existing extensions was not implemented with the new
extension manager.
The patch adds the missing reports.

Resolves: #39914
Releases: 6.0

Change-Id: Ib26dad4d798829ee96d900a80311aa28bb021c2c
Reviewed-on: http://review.typo3.org/16446
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The configuration of an extension can make use of
labels and those are not translated in a select box.

Therefore use LANG->sL()

Change-Id: I12c09b3cf0b68e5f5f0f1d03ac5f78dd89d7bbde
Fixes: #42931
Releases: 6.0
Reviewed-on: http://review.typo3.org/16437
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

Change-Id: Ia90500734c71095c82f774ac6c0acd16ce28f096
Resolves: #42253
Releases: 6.0
Reviewed-on: http://review.typo3.org/16224
Reviewed-by: Philipp Gampe
Reviewed-by: Tomasz Krawczyk
Tested-by: Tomasz Krawczyk
Reviewed-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The labels for the options of the settings "Hashing method for the
backend|frontend" are missing because the class names of the
salt methods, which changed in previous commits, are part of the
language key for the labels.

Change the language key generation to use the class name without
the prepended namespace and add the corresponding language key in the
actual language file.

Fixes: #42832
Releases: 6.0

Change-Id: I1ae96bd90bf153f0379159e1695701ecf5f9f004
Reviewed-on: http://review.typo3.org/16369
Tested-by: Philipp Gampe
Reviewed-by: Philipp Gampe
Reviewed-by: Tilo Baller
Tested-by: Tilo Baller
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Paths to the class files and class names for the user functions used
in the extension configuration of EXT:saltedpasswords are wrong, since
they were moved and namespaced.

Thus opening the extension configuration in extension manager fails
with a fatal error, because the required class files can not be loaded.

Load the right classes.

Fixes: #42829
Releases: 6.0

Change-Id: I9e9dd6f3f8ceacf0196971db91f108d7dc963bcd
Reviewed-on: http://review.typo3.org/16368
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Mattias Nilsson
Reviewed-by: Tilo Baller
Tested-by: Tilo Baller
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

t3lib_iconWorks::imagecopyresized was refactored
in #26660. Unfortunatelly that change introduced
a regression. Parameter names were changed in
the method definition, but not inside this method.

This change makes parameter names consistent.

Change-Id: I819da83ea059ecc7d17348c12ca64b37fac6dae0
Fixes: #39563
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/13488
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

The logos have been changed to match the new CI,
but were cut out sloppily.

Exchange the most prominent logos with proper ones.

Fixes: #42850
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Id5ac815b8c2b381bef89f9e152345fd29a822bf6
Reviewed-on: http://review.typo3.org/16391
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I68301629737a66a76332e59b3ccd674bb7d05722
Reviewed-on: http://review.typo3.org/16387
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Change-Id: Id506e3479c6b48526b7a9cdfdd211bc33c1a61d6
Reviewed-on: http://review.typo3.org/16386
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Currently extensions with "suggests" contraint in ext_emconf.php
fail to install in Extension Manager with exception
"suggestwas not a valid dependency type.".

Example (taken from EXT:saltedpasswords ext_emconf.php):
    'constraints' => array(
        [...]
        'suggests' => array(
            'rsaauth' => ''
        )
    ),

NOTE: This patch does not implement the missing handling
for suggested extensions.

Fixes: #42594
Releases: 6.0

Change-Id: I326de368508c5c9a350d7b7e84b07f3bc1582437
Reviewed-on: http://review.typo3.org/16367
Reviewed-by: Francois Suter
Tested-by: Francois Suter
Reviewed-by: Oliver Hader
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The current translation handling does not respect
subfolders in the zip file during extraction.
This leads to partly missing translations as the
translation files were not in the correct folder
structure.

Create the folder structure during zip file extraction
and improve the path calculation so that path traversal
is not possible any more.

Fixes: #42840
Releases: 6.0

Change-Id: I9e03622879f38d294b2487c63e9ced0ba40d8142
Reviewed-on: http://review.typo3.org/16381
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Tested-by: Oliver Hader
Reviewed-by: Oliver Hader

The current implementation in the TYPO3 backend does not allow
to store NULL values, only empty strings or zero as number are
allowed.
Since the overlay behavior of FAL takes e.g. the description
property from the original file object an empty value in the
disposal (the referenced file) cannot be defined to be blank,
thus not clearing the original file description.

For this case we need a new behavior to allow NULL values in
the storage and to handle that in the backend view.

This feature is enabled by adding "null" to the eval list of
the TCA configuration of a field, example:

'columns' => array(
  'title' => array(
    'config' => array(
      'type' => 'text',
      'eval' => 'null',
    )
  )
)

Besides that, of course the database field definition needs to
be updated to support NULL values.

Change-Id: Ib5cd0e34e34d084df7ba3380ae81e5240bcf76d6
Resolves: #41773
Releases: 6.0
Reviewed-on: http://review.typo3.org/15458
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

This patch enables IRRE fields in flexform. They can be used
identically to the TCA.

FlexForm segments are separated by a new divider "---" to
easily have the possiblity to recognize and parse them when
handline the IRRE object identifiers.

Besides that a new remapping level for FlexForms has been
introduced to the DataHandler to update accordant FlexForm
references after all child records have been written.

Unit tests have been extended to check the new additions to
the accordant object identifiers and form names. This is
important to any processing of IRRE in the form view.

Change-Id: Icadb89c2e496a5f1ad7de298ebee06d144475a11
Resolves: #18957
Releases: 6.0
Reviewed-on: http://review.typo3.org/13968
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Kai Vogel
Tested-by: Kai Vogel
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

On case sensitive file systems the SUViewHelper
cannot be found, as the file is named SUViewHelper.php
and the class SuViewHelper.

Rename both file and class to match and to be more
speaking.

Resolves: #42826
Releases: 6.0

Change-Id: I19c0b7c39b77ba2d7b192a989e5d45b2b7d4a2c7
Reviewed-on: http://review.typo3.org/16366
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The TypoScript Object "FILES" has been changed to be aware
of translations in the meantime. Anyhow the Content Element
uploads does not benefit from that, as it hardcodes the uid
of the related element and therefore the automatic logic
recognizing translations does not work.

Remove the affected line of TypoScript.

Change-Id: Ia70272a2d646c2d29eca311c44dc6a0706d1778c
Releases: 6.0
Fixes: #40607
Reviewed-on: http://review.typo3.org/16363
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

If a custom content element is created by using
an extension and the ext is removed, an empty content
element is rendered in the page module.

Now the same warning is shown as if a non existent
plugin is rendered

Change-Id: Ib98ff3fdf17d7383b51e6c108854a2fc34d5def4
Resolves: #42510
Releases: 6.0
Reviewed-on: http://review.typo3.org/16223
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
Reviewed-by: Wouter Wolters
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

A list of default categorized tables is put within the Install Tool
for now, since we don't have a dedicated BE module for category

Change-Id: I1b620652a09ae9712cbd5cd38a8bed8ab8605b6e
Resolves: #38716
Releases: 6.0
Reviewed-on: http://review.typo3.org/12674
Reviewed-by: Fabien Udriot
Tested-by: Fabien Udriot
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Change-Id: Ia33701578c100bb67beb66d010f76208d9c16457
Reviewed-on: http://review.typo3.org/16338
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

During namespacing the SEARCHRESULT content object,
which had two classes, has been messed up.

Combine both classes into one.

Resolves: #42806
Releases: 6.0

Change-Id: If757121be3dc5c93d215dfbb958090ed39a7f507
Reviewed-on: http://review.typo3.org/16337
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

During namespacing the OTABLE content object
which had of two classes has been messed up.

Combine both classes into one.

Resolves: #42805
Releases: 6.0

Change-Id: Ibc7a076cc6c9aa5fe3e3cfeff0dbb3db95ea5a2b
Reviewed-on: http://review.typo3.org/16336
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Releases: 6.0

Change-Id: I0f8863ae6e711f1da710b39f7644f24212ad41ef
Reviewed-on: http://review.typo3.org/16330
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

All abstract classes should be start with an Abstract
prefix in the class name.

Adjust the abstract task class to this naming convention.

Resolves: #42803
Releases: 6.0

Change-Id: Ibef1d71f1d3a6aa3683331464b33118b88b1ec01
Reviewed-on: http://review.typo3.org/16329
Reviewed-by: Steffen Ritter
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Update the version number in system extensions which
have been forgotten.

Resolves: #42728
Releases: 6.0
Change-Id: I05089f5f0706f3df685bccc68ab8915620f90609
Reviewed-on: http://review.typo3.org/16235
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Michael Klapper
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

This patch fixes the SQL injection possibilities in the record
history view as well as fixing XSS possibilities. The submitted
GET/POST data gets sanitized now besides that.

Change-Id: Ia92b5f7a2244412f87d9affdd73d2e0a6f7076ef
Fixes: #42696
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: a386933537b6193d3a3d7173721c5b3b961a7f0d
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16307
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Properly html encode the label of tree nodes.

Fixes: #42774
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I56b823bdd7ac8f4e8d533604cc91eb99e3bcd808
Security-Commit: b1b0b68d026795d04721f73c436eab2de72285d9
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16306
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

The method getFuncCheck creates an URL from input variables and puts
it in JavaScript context without properly encoding them.

This might lead to XSS if the input variables come from untrusted source.

Fixes: #42776
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ia312e96791bc23460462c2374c0d08f47f762447
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16305
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Releases: 6.0

Change-Id: I490683562533dfbfaa34310a04f7682cde91f0d2
Reviewed-on: http://review.typo3.org/16294
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I2e83cbd81b729242404f0fc8ef553f663ae87073
Reviewed-on: http://review.typo3.org/16290
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Since #37868 the backend comes with hardcoded favicon.
This should be configurable like logo_login to brand
the backend for certain projects and for better usability
when working with multiple projects.

Change-Id: Icc0f9c3f764c92a39ea46b5af749d57e2d2b30dc
Resolves: #39947
Releases: 6.0
Reviewed-on: http://review.typo3.org/13906
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter

Change-Id: I3c3078b6e69f937d4383eb8677dbd60f249d2c8d
Releases: 6.0
Reviewed-on: http://review.typo3.org/16276
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

File records are stored in PID 0. In TYPO3 non-admins do not
have access to anything stored in PID 0. As FAL won't work
without granting access to file-meta-data for non-admins,

A new TCA control configuration allows to ignore those
permission restrictions for sys_file and sys_file_reference:

* TCA/<table>/ctrl/security/ignoreWebMountRestriction
  Allows users to access records that are not in their
  defined web-mount and by-passes this restriction..
* TCA/<table>/ctrl/security/ignoreRootLevelRestriction
  Allows users (non-admins) to access records that are
  stored on the root-level (page-id 0) and by-passes this
  restriction.

Change-Id: If92b07b0ba63a0d544a337ddf4f55973fafcd345
Fixes: #39805
Releases: 6.0
Reviewed-on: http://review.typo3.org/13658
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Stefan Neufeind
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Resolves: #42731
Releases: 6.0

Change-Id: Icd08c7e9d1bb9f014ce77aae697e804aa4e17625
Reviewed-on: http://review.typo3.org/16238
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel