- Jan 18, 2018
-
-
Oliver Hader authored
Composer license definition GPL-2.0+ has been deprecated and has to be replaced with GPL-2.0-or-later. Resolves: #83607 Releases: master, 8.7, 7.6, 6.2 Change-Id: I6113bc3a90cb6a56830b930522dde2eaacd5025e Reviewed-on: https://review.typo3.org/55396 Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
-
- Apr 12, 2016
-
-
TYPO3 Release Team authored
Change-Id: I175bde6521224af6ea448361b33cae335ee7eed6 Reviewed-on: https://review.typo3.org/47617 Reviewed-by:
TYPO3 Release Team <typo3cms@typo3.org> Tested-by:
-
TYPO3 Release Team authored
Change-Id: I2f523930692c0d6f60c1a864804d8841165a8fd7 Reviewed-on: https://review.typo3.org/47616 Reviewed-by:
-
Helmut Hummel authored
In case a backend or frontend user is stored in the database with an empty string as password (not possible through backend UI), it is possible to authenticate this user using an empty password with the standard TYPO3 username/password authentication services. By definition this should be prohibited. Resolves: #75055 Releases: master, 7.6, 6.2 Security-Bulletins: TYPO3-CORE-SA-2016-009, 010, 011, 012 Change-Id: I611484df7cfc10cc7b9978ecc1ae03295e2ea277 Reviewed-on: https://review.typo3.org/47607 Reviewed-by:
-
Nicole Cordes authored
To view a preview of a workspace page a backend user is simulated. Currently the user who created the preview link is taken into account. This patch creates a limited backend user to be able to process the web request. Resolves: #28175 Releases: master, 7.6, 6.2 Security-Commit: f0445be5322b4c0e4b1c0900542aca4e00a39f46 Security-Bulletins: TYPO3-CORE-SA-2016-009, 010, 011, 012 Change-Id: If49b00328facbe76263afd6606d62882b6046e63 Reviewed-on: https://review.typo3.org/47606 Reviewed-by:
-
Nicole Cordes authored
In Javascript context the title attribute of a selected option is passed as unescapd HTML argument to the function. Creating a new option tag without title validation results in a XSS possibility. This patch removes hardcoded attribute setting and uses jQuery function which take care of proper escaping. Resolves: #75164 Releases: master, 7.6, 6.2 Security-Commit: c6ec139a9ad69db67c17b1f3688b07e65f8898cc Security-Bulletins: TYPO3-CORE-SA-2016-009, 010, 011, 012 Change-Id: Ie91f5d57d62def84d9e91876b6b4a40349bc845b Reviewed-on: https://review.typo3.org/47605 Reviewed-by:
-
Frank Naegler authored
This patch fix a XSS vulnerability in TCA type inline. Resolves: #73460 Releases: master, 7.6 Security-Commit: 8f178b4a68cbb50a55e0864b3f3c9989aa415ab3 Security-Bulletins: TYPO3-CORE-SA-2016-009, 010, 011, 012 Change-Id: Ib6ffa8f492a1ae5362a080357ebc31767ca8fa97 Reviewed-on: https://review.typo3.org/47604 Reviewed-by:
-
- Mar 22, 2016
-
-
TYPO3 Release Team authored
Change-Id: Idcbacb7c6d5e08cc6a0dbf64fecebe93e02e633c Reviewed-on: https://review.typo3.org/47355 Reviewed-by:
-
Benni Mack authored
During the refactoring of the impexp module a check for the page ID was introduced to show the pagetree and additional fields only if a page ID was given, which disallows to export records on ID 0. Additionally, a minor JavaScript bug which popped up then is fixed as well. Resolves: #75183 Releases: master, 7.6 Change-Id: I0adbd933ecc5da938b511d531178ac707cb035c3 Reviewed-on: https://review.typo3.org/47347 Reviewed-by:
-
Mathias Schreiber authored
In order to make navigating the docs possible, we added the TOCs Resolves: # Releases: master Change-Id: I91e03693743e299a20d5a0f580e927c99143647f Reviewed-on: https://review.typo3.org/47352 Reviewed-by:
-
Oliver Hader authored
Adjust unit tests concerning changed internal class dependencies. Resolves: #75214 Releases: master Change-Id: I3bbb261300370f1d0cafb62bd8f79379c3ef8909 Reviewed-on: https://review.typo3.org/47351 Reviewed-by:
-
Benni Mack authored
There are several problems due to the implementation of JsonView that returns spaces around a JSON returned to the extension manager that will update the latest extensions. Resolves: #75214 Releases: master Change-Id: Iee837da392f62cd1df72c03dca0a03bb763c5790 Reviewed-on: https://review.typo3.org/47343 Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Frank Naegler <frank.naegler@typo3.org> Tested-by:
-
- Mar 21, 2016
-
-
Nicole Cordes authored
This patch ensures the correct record information for saving and inserting a new record even in a workspace. Resolves: #70542 Releases: master, 7.6 Change-Id: I3b88b08a55600f8c7bc5e2c2f05444624181db83 Reviewed-on: https://review.typo3.org/47153 Reviewed-by:
Nicole Cordes <typo3@cordes.co> Tested-by:
-
Claus Due authored
Fixes the following issues: * https://github.com/TYPO3Fluid/Fluid/pull/76 BUG Possibly NULL value in SpacelessViewHelper * https://github.com/TYPO3Fluid/Fluid/pull/80 PERFORMANCE Internal cache of resolved ViewHelpers * https://github.com/TYPO3Fluid/Fluid/pull/82 BUG Key used in ForViewHelper defaults to NULL * https://github.com/TYPO3Fluid/Fluid/pull/84 BUG Improper array accessing * https://github.com/TYPO3Fluid/Fluid/pull/85 BUG/TASK Prefix to avoid reserving "sections" variable name * https://github.com/TYPO3Fluid/Fluid/pull/72 BUG Windows paths support in TemplatePaths * https://github.com/TYPO3Fluid/Fluid/pull/87 BUG Avoid invalid class name in compiled code when using non-file template sources * https://github.com/TYPO3Fluid/Fluid/pull/77 BUG Recursive section rendering accesses incorrect RenderingContext (see https://forge.typo3.org/issues/74393) * https://github.com/TYPO3Fluid/Fluid/pull/94 BUG Avoid double HTML encoding on chained...
-
Frank Naegler authored
Fix handling of inline records in JavaScript. Prevent wrong count of elements by adding a trimExplode function intead of usage native split function. Resolves: #72379 Releases: master, 7.6 Change-Id: Id6cde49eb6179ddc3d5b0ef796a0a6883dfa747e Reviewed-on: https://review.typo3.org/47337 Reviewed-by:
Andreas Fernandez <typo3@scripting-base.de> Tested-by:
Wouter Wolters <typo3@wouterwolters.nl> Tested-by:
-
Mathias Schreiber authored
Moved Feature Docs because Github Docs have been updated Resolves: # Releases: master Change-Id: I2dd09a81b14334f944b0adba4412864390940d98 Reviewed-on: https://review.typo3.org/47339 Reviewed-by:
-
Benni Mack authored
PHP 5.5 does not support APC anymore, but instead uses APCu for everything that is in the userland. Our code should be adapted to use APCu instead, since TYPO3 CMS 7 LTS requires PHP 5.5+. However, there are some edge cases where APCu is available as APC, so the existing APC code is kept. Resolves: #63291 Releases: master, 7.6 Change-Id: Ica6bac270b54e5a645d37679e5663479ef36f394 Reviewed-on: https://review.typo3.org/47024 Reviewed-by:
Steffen Müller <typo3@t3node.com> Tested-by:
Alexander Opitz <opitz.alexander@googlemail.com> Tested-by:
-
Mathias Schreiber authored
Moved breaking Docs because Github Docs have been updated Resolves: # Releases: master Change-Id: I280c4081fd9b2d52e929f7e13aa961d2cb7ad8e3 Reviewed-on: https://review.typo3.org/47338 Reviewed-by:
-
Andreas Fernandez authored
The ResourceCompressor must ensure the correct order of @-rules, which is: 1. charset 2. namespace 3. import If the concatenated CSS contains multiple @charset rules, only the first one is taken into account. Change-Id: I8c912874d486eac16505884e68a04b0bba400611 Resolves: #55690 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/47251 Reviewed-by:
Jigal van Hemert <jigal.van.hemert@typo3.org> Tested-by:
Michael Oehlhof <typo3@oehlhof.de> Tested-by:
Riccardo De Contardi <erredeco@gmail.com> Reviewed-by:
-
Michael Oehlhof authored
The text on the OK button was changed from "Yes, delete this file" to "Yes, delete this folder" when a folder should be deleted. Resolves: #75190 Releases: master Change-Id: I9568865b8f8536e4bc9993e6ab8e607fb7b13eb7 Reviewed-on: https://review.typo3.org/47330 Reviewed-by:
-
Mathias Schreiber authored
Proofread breaking Docs - one got left behind Resolves: # Releases: master Change-Id: If2181495ef7ecf3f0b2159482b40a7fb8d143147 Reviewed-on: https://review.typo3.org/47335 Reviewed-by:
-
- Mar 20, 2016
-
-
Benni Mack authored
The new hook introduced for BackendUtility::viewOnClick() added a parameter "backPath" which was never evaluated and was there for legacy reasons. The option has no effect and should not be part of the hook signature. The followup patch removes the property again. Resolves: #54887 Releases: master Change-Id: I6d0fec5d7639c1de00d73a4dc1196fb65268f1ce Reviewed-on: https://review.typo3.org/47326 Reviewed-by:
-
- Mar 18, 2016
-
-
Michael Oehlhof authored
Proofread breaking Docs Resolves: # Releases: master Change-Id: Ia0803361711f84ffb0637e30651d5f3bfc1a9add Reviewed-on: https://review.typo3.org/47327 Reviewed-by:
-
Mathias Schreiber authored
Proofread breaking Docs Resolves: # Releases: master Change-Id: I1c86c278d466d47e4bc866443f9267f00d2973e3 Reviewed-on: https://review.typo3.org/47322 Reviewed-by:
-
Mathias Schreiber authored
Proofread Deprecation Docs Resolves: # Releases: master Change-Id: I9ac836f1833f7957581e83353a902ef4bdecc1ee Reviewed-on: https://review.typo3.org/47304 Reviewed-by:
-
Mathias Schreiber authored
Proofread Deprecation Docs Resolves: # Releases: master Change-Id: I6fb335255f8117815aa4b717bf2eca9788502c21 Reviewed-on: https://review.typo3.org/47303 Reviewed-by:
-
Mathias Schreiber authored
Proofread breaking Docs Resolves: # Releases: master Change-Id: I5cba29ffb42a33d2b5807f09d7e5c4ceceafff7d Reviewed-on: https://review.typo3.org/47301 Reviewed-by:
-
Markus Sommer authored
Stop the toggle animation an the module headline first before a new animation is started Resolves: #75179 Releases: master, 7.6 Change-Id: I1dc683ba7740a0a939d699e6d3c01b154583a00a Reviewed-on: https://review.typo3.org/47310 Reviewed-by:
-
Alexander Jahn authored
Removing @injects introduced explicit injectFunctions into WidgetRequestHandler. These functions were named after the object they inject. This resulted in two methods injecting different objects into the same property and in the end the parent class' function reverted the local implementation. Change-Id: I345d04f150fe6413ffc67c159c43cdda7e979e7b Resolves: #74536 Related: #73018 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/47163 Reviewed-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Daniel Goerz <ervaude@gmail.com> Reviewed-by:
Jan Helke <typo3@helke.de> Tested-by:
-
Frank Naegler authored
The difference between translation changes of records are now highlighted again in FormEngine. Resolves: #73501 Releases: master, 7.6 Change-Id: I88f4a67c5392cf9ddca4410ddb07d57439a26b3a Reviewed-on: https://review.typo3.org/47253 Reviewed-by:
-
Benni Mack authored
The deprecated property "includeJSlibs" is removed in favor of the introduced property "includeJSLibs". Resolves: #75150 Releases: master Change-Id: I120a644a55cadb1bc345b3c9af0bb08dec470508 Reviewed-on: https://review.typo3.org/47297 Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by:
-
Marco Huber authored
To enable links with spaces and other special chars the service class to build the correctly escaped <link> tag is used. Resolves: #73675 Releases: master,7.6 Change-Id: I530cb7569372d2da12d0015e820b458c8299f435 Reviewed-on: https://review.typo3.org/46896 Reviewed-by:
-
Heiko Hardt authored
This fix solves the problem that hidden page translations not are not reviewable if logged in and "Show hidden pages" in admin panel is enabled. Treat records of "pages_language_overlay" as pages to make use of the showHiddenPage flag. Resolves: #75116 Releases: master, 7.6 Change-Id: I083ee3a90230b6c97eb20def93c9e96bfe31c4cb Reviewed-on: https://review.typo3.org/47263 Reviewed-by:
Mathias Schreiber <mathias.schreiber@wmdb.de> Tested-by:
-
Benjamin Serfhos authored
When TCA [ctrl][security][ignoreRootLevelRestriction] is enabled, the root level should be ignored on creation too. Resolves: #75147 Releases: master,7.6 Change-Id: I55414696838a256d967d410cf523edc031ebe952 Reviewed-on: https://review.typo3.org/47290 Tested-by:
Benjamin Serfhos <serfhos@gmail.com> Reviewed-by:
Frans Saris <franssaris@gmail.com> Tested-by:
-
Andreas Wolf authored
In a workspace, when a record is saved which contains an IRRE-managed relation in a flexform field, the relation is duplicated. The reason is that the workspace information is lost along the way when processing the flexform content. This commit introduces an additional method parameter to the relevant flexform processing callbacks. Additionally, this fixes an error in the Flexform XML fixture, which (apparently) made the test go into an endless loop. Work time for this patch was sponsored by Matthias Krappitz (aemka.de), the time for developing the test was sponsored by me. Releases: master, 7.6, 6.2 Resolves: #70962 Change-Id: If6d71cf966408fcf976365fc01e6a2529bf1902d Reviewed-on: https://review.typo3.org/44233 Reviewed-by:
Markus Sommer <markussom@posteo.de> Tested-by:
Andreas Wolf <andreas.wolf@typo3.org> Tested-by:
-
Andreas Fernandez authored
The LocalizationController used by the localization wizard is now covered by some functional tests. For better testability, the DataHandler processing in the controller is moved into its own method. Resolves: #75160 Related: #73617 Releases: master, 7.6 Change-Id: I3275f51d3dfec55ace3d8dbe7130c3f18b963341 Reviewed-on: https://review.typo3.org/47305 Reviewed-by:
-
Christian Weiske authored
Resolves: #72981 Releases: master, 7.6 Change-Id: I75deb2dd8808c0dccfe30b90b2459937b40dbd7c Reviewed-on: https://review.typo3.org/46273 Reviewed-by:
-
- Mar 17, 2016
-
-
Andreas Fernandez authored
Change-Id: I920cab82f1e9304be6c718b33c1a8ce13c745e17 Resolves: #73617 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/47264 Tested-by:
Armin Ruediger Vieweg <armin@v.ieweg.de> Reviewed-by:
Ruud Silvrants <ruudsilvrants@gmail.com> Tested-by:
-
Thorsten Griebenow authored
Resolves: #74317 Releases: master Change-Id: Iacbe2358fa9d62da6c2f7604c70a438e55fca0e1 Reviewed-on: https://review.typo3.org/47093 Reviewed-by:
Bjoern Jacob <bjoern.jacob@tritum.de> Tested-by:
-
Ralf Zimmermann authored
Render array viewhelper attributes as array. Resolves: #74014 Releases: master, 7.6 Change-Id: I2abcea032a6d58c610b57a9b07d0380567473eeb Reviewed-on: https://review.typo3.org/47015 Tested-by:
-
