This patch adjustes invalid namespaces uses in some files
to ensure PSR-4 loading compatibility.

Resolves: #97793
Releases: main, 11.5, 10.4
Change-Id: Ib8e0a1fd2b0c6493a7cda9d4360abec90b80ade4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74956


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Guard invalid argument type exception by using null coalescing operator
in `\TYPO3\CMS\Form\Domain\Finishers\FinisherVariableProvider`.

Resolves: #97699
Releases: main, 11.5, 10.4
Change-Id: I6312fb35d52857004e0467a20e215fc4095e0037
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74932


Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Change-Id: Id7f3beef270899625236c25be8db45719086af1c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74915


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I71f6551f6c250f9dde3155b069de4d5cf78e357b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74914


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The security fix TYPO3-CORE-SA-2022-005 introduced a synchronization
of backend user and admin tool sessions - without considering these
two documented aspects:

+ If no system maintainer is set up, then all administrators are
  assigned the system maintainer role.
+ In Development context, all administrators are system maintainers
  as well.

Resolves: #97768
Releases: main, 11.5, 10.4
Change-Id: I81dbfc5d07a41a4fa254e1fb50210c74f5e6f02c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74912


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I989daf592c9a350a54dbe26f138e614781ef7541
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74907


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I128659dc3c5e6370bdc6bc62154358029fb3d11c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74906


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Admin tools sessions are revoked in case the initiatin backend user
does not have admin or system maintainer privileges anymore. Besides
that, revoking backend user interface sessions now also revokes access
to admin tools. Standalone install tool is not affected.

Resolves: #92019
Releases: main, 11.5, 10.4
Change-Id: I367098abd632fa34caa59e4e165f5ab1916894c5
Security-Bulletin: TYPO3-CORE-SA-2022-005
Security-References: CVE-2022-31050
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74896


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The `receiverName` variable used in the password recovery mail of the
Extbase felogin plugin was susceptible to HTML injection due to
missing sanitization. The variable is now passed thru the
`f:format.htmlspecialchars` ViewHelper.

Resolves: #96559
Releases: main, 11.5, 10.4
Change-Id: I60e23c161f7f2fcc87b8870345b10a4c31d7b8db
Security-Bulletin: TYPO3-CORE-SA-2022-004
Security-References: CVE-2022-31049
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74895


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Multivalue items in the form editor user interface were previewed
as HTML, but should be treated as scalar text only.

Resolves: #96743
Releases: main, 11.5, 10.4
Change-Id: I5e8dab26119490ecf19ac5d48c2bc7a5a00daaad
Security-Bulletin: TYPO3-CORE-SA-2022-003
Security-References: CVE-2022-31048
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74894


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

When a TYPO3 exception is handled through registered exception
handlers, log writers may log sensitive information to logs,
since the full stacktrace is logged.

With this change, exception handlers that extend
AbstractExceptionHandler except DebugExceptionHandler will
by default not include the exception object any more and
thereby not log the full stacktrace.

Resolves: #96866
Releases: main, 11.5, 10.4
Change-Id: Iaf233eefc9a1a60334a47753baf457e8282e68c0
Security-Bulletin: TYPO3-CORE-SA-2022-002
Security-References: CVE-2022-31047
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74893


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The import functionality of the import/export module is already
restricted to admin users or users, who explicitly have access through
the user TSConfig setting "options.impexp.enableImportForNonAdminUser".

The export functionality has the following security drawbacks:

* Export for editors is not limited on field level
* The "Save to filename" functionality saves to a shared folder, which
  other editors with different access rights may have access to.

Both issues are not easy to resolve and also the target audience for
the Import/Export functionality are mainly TYPO3 admins.

Therefore, now also the export functionality is restricted to TYPO3
admin users and to users, who explicitly have access through the new
user TSConfig setting "options.impexp.enableExportForNonAdminUser".

Additionally, the contents of the temporary "importexport" folder in
file storages is now only visible to users who have access to the
export functionality.

In general,...

Some default fields (e.g. tt_content.bodytext) can contain null values.
TYPO3 first fetches the data in the default language and then overlays
the rows data with the translation values. The overlay method inspects
each array item with the php isset() function. This validates not only
the existence of the array key, but also the values. null and
false values evaluated as false. Empty strings evaluate as true.
This leads to inconsistent output in the frontend.

The overlay now valides only the array key existence and applies also
empty values.

Resolves: #97616
Releases: main, 11.5, 10.4
Change-Id: I4b01c52e9ac7adde786b3395bce870bc0a354b58
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74837


Tested-by: André Buchmann <andy.schliesser@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: André Buchmann <andy.schliesser@gmail.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni...

The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.

3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.7 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.7 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74879


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo...>

This change adds the ability to clean rendered documentation
folder and files in all system extension folders in one go.
Mentioned folders are `typo3/sysext/*/Documentation-GENERATED-temp`.

Added command/testsuite:

* `Build/Scripts/runTests.sh -s cleanRenderedDocumentation`

Additionally the already combined cleaning command `-s clean`
is extended to delete rendered documentation in the same run.

Resolves: #97673
Releases: main, 11.5, 10.4
Change-Id: I344f897769cd5f475d43db67dd1b27693f49a658
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74842


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

A dialog trying to prevent overriding existing files in the filelist
module shows an incorrect modification date of files that are existing
on the server-side. When using regular unix timestamps (instead of
micro-timestamps), dedicated `moment.unix` function has to be used.

Resolves: #97724
Releases: main, 11.5, 10.4
Change-Id: Ieb5a00aaf87410e9721e39d91b9e0da13a109bc6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74816


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The "page" and "pages" translation keys are backwards.
This patch makes them forwards.

Resolves: #96795
Releases: main, 11.5
Change-Id: I3dde22d5a6f9ae7c62fe8c60156d6131f676a11c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74833


Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

This is now covered by the annotations using generics in the testing
framework base class, and hence not needed anymore.

(Removing it also helps get consistent behavior from PhpStorm's
static type analysis.)

Resolves: #97736
Releases: main, 11.5, 10.4
Change-Id: Ia7d7e790bb92eaf1c9b7ffa4f9d97b2b0a50dee3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74769


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Stefan Bürk <stefan@buerk.tech>

+ npm package moment up to v2.29.2 contained a vulnerability
  (https://github.com/advisories/GHSA-8hfj-j24r-96c4) which only
  affected npm server users - in order to avoid confusion concerning
  security aspects, the package version is raised
+ npm package moment-timezone was upgraded to recent timezone data
  "IANA TZDB 2021"

Executed commands:

cd Build; \
  nvm use; \
  yarn upgrade moment moment-timezone; \
  yarn exec grunt clear-build; \
  yarn exec grunt build

Resolves: #97723
Releases: main, 11.5, 10.4
Change-Id: I84ea9ca6b696d74aab70cfa45e6d41a95ae0159d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74804


Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Update copyright year to 2022

Resolves: #97704
Releases: main, 11.5, 10.4
Change-Id: I15e6c0674ac293eecad88f95379ec33679dda8d4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74759


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The package guzzlehttp/guzzle has been updated to 7.4.3 and 6.5.6
respectively, both fixing a security vulnerability related to
cross-domain cookie leakage [1]. Since TYPO3 is not affected by
this issue by default, this is handled as a public bugfix.

However, 3rd party code (e.g. thru extensions) may be affected by this
issue, as long `'cookies' => true` is used in requests done by Guzzle.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.6 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.6 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Resolves: #97694
Releases: main, 11.5, 10.4
Change-Id: I39071c917c7ed26392f66b0ea2f774ecbceead9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74772


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@s...>

The note about jumping to a previous version of the
page is obsolete, because you can switch no further
than version 8.7 with the version selector and the
older version is in v7.6.

In any case, if someone needs the information for
version 7.6 and below they must use other means
anyway (e.g. use Git repository and render locally)
since these older versions are no longer rendered
on docs.typo3.og.

Resolves: #97632
Releases: main, 11.5, 10.4
Change-Id: Iedbb482c4086ed4740410acc3c6e82f47607ec52
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74686


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Use the correct middleware name 'typo3/cms-frontend/authentication' in
the changelog instead of referring to a non-existing name.

Releases: main, 11.5, 10.4
Resolves: #97660
Change-Id: I5ebb586689f3173e1cc2a06049fd4b4d40430972
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74694


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Brings a multibyte fix when dealing with word-based
diffs, which is our default usage.

composer req lolli42/finediff:^1.0.1

Resolves: #97611
Releases: main, 11.5, 10.4
Change-Id: I601842ed75917f9a6d438191273e602238d3edda
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74607


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Change-Id: I308c3851b4aeb0422acb4bf03c3285928cdd5e99
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74595


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I5ebedca1cf34181ad228aa833aaa651a46aebec7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74594


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Avoid a postgresql error when previewing a page from the backend which
has an access protection by a fe_group due to PreviewSimulator faking
a fe_user with uid PHP_INT_MAX and sql failure to update the is_online
status of this fake user in PostgreSQL as column fe_users.uid is of type
integer and thus has max value of 2147483647 instead of PHP_INT_MAX.

Releases: main, 11.5, 10.4
Resolves: #97564
Change-Id: I16c866c368a9b3f5ac6bdfacf2c6660a7046df5a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74552


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Latest docker:20.10-dind (currently 20.10.15)
triggers an error on CI:

Error response from daemon: failed to create shim task: OCI
runtime create failed: runc create failed: unable to start
container process: unable to apply cgroup configuration:
mkdir /sys/fs/cgroup/rdma/docker: permission denied: unknown

The image is the 'sub-container' in CI on runner hosts,
that runs all the test images like the php and database
images.

This error *may* have to do with sysbox, which is a security
layer on runner hosts to separate CI jobs from each other.
We however currently don't know exactly what is going on.

For the time being, we pin the dind image to its previous
verion docker:20.10.14-dind

Change-Id: Ie59be69680e1f444c115f2249ca8709bbfdd1e3e
Releases: main, 11.5, 10.4
Resolves: #97570
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74543


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Scrolling the list module with 100 entries causes framerate
to drop below 15fps on low DPI devices in Google Chrome
with subpixel font rendering enabled, which is the default
for low DPI (=non HiDPI/retina) devices on Linux and MacOS.

Without this fix Google Chrome rerenders the entire module
contents on every scroll step in order to perform full
subpixel rendering (for a possibly changing/changed
background), as Chrome only promots scrolling layers to
composited (fast!) layers when the background is opaque [1].
Large tables amplify this issue as the entire table –
not just the visible content – needs to be (re)drawn in
order to calculate the expensive table layout.

An explicit background color preserves subpixel
font rendering capabilities while allowing the browser
to avoid expensive redraws as the scrolling layer is
promoted to a separate, opaque composition layer.
Other possible workarounds like `transform: translateZ(0)`
or `will-change: transform` would degrade font quality [2],
as Chrome would disable subpixel rendering in that case.

This issue has been already been implicitly fixed in TYPO3 v11
as #93489 moved the scroll layer from .module-body to .module,
where an explicit background color is present.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=381840#c51
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=597678#c3

Releases: 10.4
Resolves: #97144
Related: #93489
Change-Id: I63ce557169a3b8683430e3cdca746abb4c5ce60a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74528


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Currently acceptance tests do not work on arm64 (Apple M1)
due to the lack of support in the selenium docker image.

This has been fixed by detecting arm64 and switch to
arm64 compatible image (seleniarm/standalone-chromium).

Resolves: #97541
Releases: main, 11.5, 10.4
Change-Id: I531e7e1d7f0f11a1c6d850699eee3b4a9aa3e5d0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74513


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Switchable controller actions are removed with TYPO3 12.0. The deprecation
note is adjusted to reflect it.

Resolves: #97523
Related: #89463
Related: #96282
Releases: main, 11.5, 10.4
Change-Id: Iad04bbb573f2b87ce87a8faabe25c97a8812f937
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74464


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Calling a site using http://example.org/index.php/invalid/ leads to
~/index.php/whatever/ being used as internal script path, which causes
errors or internal side-effects.

This behavior seems to occur only on web-servers using Apache with
PHP-CGI or PHP-FPM, using PHP setting `cgi.fix_pathinfo = 1`.

In case `cgi.fix_pathinfo` is enabled, the current script name is
retrieved from `$_SERVER['SCRIPT_FILENAME']` instead.

Resolves: #97543
Releases: main, 11.5, 10.4
Change-Id: Ia5f6b705253d42d4fc409b90b21d0363c4b97974
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74505


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

composer v2 is no longer an experimental feature of
Docker Desktop for MacOS/Windows. Broken composer v2
error message should be updated to give proper actual
information how to disable it correctly.

Resolves: #97489
Releases: main, 11.5, 10.4
Change-Id: I7c4199e5d3d3c47bbadba8210cc96b0385ab6fcc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74456


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>

When uploading new assets to the filelist,
the metadata (e.g. width and height) are
automatically extracted from the corresponding
files. This does not work for online media files,
e.g. a YouTube video. Therefore, the corresponding
services' oembed API is used to retrieve the
related metadata.

YouTube however changed their oembed API recently
to always set a width of "200" and a height of "113"
by default. This is obviously far too small for any
use case.

Since YouTube is following the oembed specification
(https://oembed.com/#section2.2), it's possible to
provide the "maxwidth" and "maxheight" parameters
to the oembed URL. This way YouTube returns
meaningful values for width and height.

Actually a similar change was already done to
the Vimeo integration in #85176. Vimeo however
supports the custom "width" parameter, which is
not mentioned in the specification and also not
supported by YouTube.

Resolves: #97481
Related: #85176
Releases: main, 11.5, 10.4
Change-Id: If902cf17b12fc510592a48828d8304fad42e2bfa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74454


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Add script to 'Build/Scripts/runTests.sh' to clean build and
test related files and folders to get fast a clean state.
Local instance related files are untouched and kept intact.

Added commands:

> Build/Scripts/runTests.sh -s clean
> Build/Scripts/runTests.sh -s cleanBuild
> Build/Scripts/runTests.sh -s cleanCache
> Build/Scripts/runTests.sh -s cleanTests

Resolves: #97355
Releases: main, 11.5, 10.4
Change-Id: I05c9dd966f4703315474e369dad52b1a40881c60
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74400


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Over time dangling local anonymous docker volumes
pollutes local docker environments and consuming
space on core contributors discs.

This patch additionally removes dangling, unused
anonymous local docker volumes when updating core
testing images are requested with:

> Build/Scripts/runTests.sh -u

Resolves: #97361
Releases: main, 11.5, 10.4
Change-Id: I6b25a88a9ff119035eea7d5efd6c415bd490a3eb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74306


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Having a CODE_OF_CONDUCT.md document that links to the TYPO3 code
of conduct provides users who view the project source on GitHub
easy, direct access to the full text.

Releases: main, 11.5, 10.4
Resolves: #97376
Change-Id: I6509b402a5229cbd926ce42b4fd6a1c0e60e0fc2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74300


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Lina Wolf <112@linawolf.de>

- align README.rst, Index.rst, Includes.txt, Includes.rst.txt,
  Settings.cfg
- add genindex.rst, Sitemap.rst
- remove outdated Targets.rst
- reference manual's start page with :doc:`<manual>:Index`

Adding the custom label `start` to the beginning of the manual's
Index.rst is redundant. Use :doc:`<manual>:Index` instead of
:ref:`<manual:start>` to refer to it.

- replace :ts: with :typoscript: text role

The ambiguous :ts: text role has been removed to
not confuse the writer with typescript and typoscript.

- rename Includes.txt to Includes.rst.txt
- align reST validator at Build/Scripts/validateRstFiles.php
- remove outdated encoding note

- fix rendering warnings of EXT:core
- fix rendering warnings of EXT:fluid_styled_content
- fix rendering warnings of EXT:form
- fix rendering warnings of EXT:linkvalidator
- fix rendering warnings of EXT:lowlevel
- fix rendering warnings of EXT:rte_ckeditor

See https://docs.typo3.org/m/typo3/docs-how-to-document/ma...

The CropViewHelper does not have a "length" argument, but the
"maxCharacters" argument is mandatory. From the context it is clear that
the wrong argument was accidentally used here and that this needs to be
renamed.

Releases: main, 11.5, 10.4
Resolves: #97362
Change-Id: I4e8b443f48006024a5949a143f50ed309cdd3d9c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74294


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Change-Id: I947cde3378f0d3ca02ef59c35cc7b0e18b85e751
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74273


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>