- Feb 24, 2022
-
-
Stefan Bürk authored
This patch raises styleguide to the recently released version to test against a more actual codebase, including backports and the one or other bugfix (postgres install etc). used command: > composer req typo3/cms-styleguide:"~11.5.4" --dev > cd Build/composer ; \ rm -rf composer.json ; \ mv composer.dist.json composer.json ; \ composer req typo3/cms-styleguide:"~11.5.4" \ --dev --no-update ; \ mv composer.json composer.dist.json ; \ cd ../../ Resolves: #97012 Releases: 11.5 Change-Id: Ic03b13ac3737d29a8d90e4957806a2f6dd173ab5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73674 Tested-by:core-ci <typo3@b13.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
-
- Feb 23, 2022
-
-
Jan Delius authored
LanguageService state has been moved into runtime cache for further reducing the need to keep the LanguageService in a global state. Failing to predict the need to translate into multiple languages in the same context and process, $cacheIdentifier had not be included the language. This patch adds the current language to the $cacheIndentifier to support multiple language translation while keeping the LanguageService state clean. Resolves: #97009 Related: #94415 Releases: main, 11.5 Change-Id: If1eaa3d2724ccdd12979a974c30d722878eb55d8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73685 Tested-by:
Benjamin Franzke <bfr@qbus.de> Tested-by:
Stefan Bürk <stefan@buerk.tech> Reviewed-by:
-
- Feb 22, 2022
-
-
Stefan Bürk authored
Acceptance tests are the most likely tests to recover properly when automaticly retrying on test execution failure. CGL, integration, unit and functional tests on the other hand are more likely to fail with real issues and retry won't fix these issues, thus wasting CI execution time and job slots. The patch changes the default retry back to zero retries, except for 'acceptance' tests, including 'acceptanceInstall' tests. Resolves: #96999 Releases: main, 11.5 Change-Id: I570c7fc6c61fe55ab5f60b51c04161f935876d24 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73648 Tested-by:
-
Oliver Hader authored
Change-Id: I132fa89c4523a1571b5088774523050430f18961 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73642 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
Oliver Hader authored
Change-Id: I62fdb4ee41b85c87291ad38c28e4c4ecdaa7dc36 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73641 Tested-by:
-
Stefan Bürk authored
In early stage of TYPO3v11 the storage format for data in the TCA ctrl transOrigDiffSourceField database field, often called l18n_diffsource changed from PHP serialized data to JSON encoded storage format with #91906, mainly to mitigate general security risks. doctrine/dbal enquotes json data provided as string with backslashes if not the correct field type is provided, which emits a postgres sql error exception when inserting or updating these fields, which are of type 'bytea' when dbms Postgres is used. Various parts of the core deal with arbitrary tables and don't know if a column is int, text or lob, or whatever. Those are blindly updated/inserted, resulting in Postgres saying "no". MSSQL has been named pickier than postgres in the past on that for similar issues with these fields. To solve this for MSSQL a expensive workaround on several places through the core with #81498 to get a working state and leaving it open to find a better way with a eventual cache-layer for these database field schema informations, thus unsolved yet. As core suffers now from the same issue for Postgres since the changed storage format, this patch adopts the choosen MSSQL solution for Postgres. This is a first bugfix solution with the tradeoff to be more expensive but working. Additionally one test case is added to cover this issue basicly but should be extended and further tightend in a dedicated patch. Improving the schema handling should be picked up and proper engineered in a another dedicated patch. Resolves: #96940 Related: #91906 Related: #81498 Releases: main, 11.5 Change-Id: I250fa10c9c7e06ddd330f7ab64f7680f21f3b4cd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73551 Tested-by:
-
Christian Kuhn authored
With #92238, it has been postulated that Extbase validators should not be dependency injection aware. Further places following this idea have been done in v11 with #94451 and #94384. A final breaking ReST file has been added with #95026. All of that is pretty unfortunate and there is simply no reason that Extbase validators can not get dependencies injected, no matter if they're not singletons. This patch specifically targets v11 to allow dependency injection in Extbase validators again if extension authors really need this, and don't want to stick to manual dependency retrieval as outlined in #95026. This patch should basically mitigate issues for extension upgrades and paves the way for a more solid general solution in v12. Extension authors have a more smooth upgrade path, especially when supporting two core versions at the same time. The v12 version of this patch is identical with v11 for now - The breaking interface change, adapting all core validators, and declaring core validators 'final' in v12 will be done with a dedicated v12 patch as soon as this v11 tailored version has been aligned on. Note all of this is pretty hairy and the solution outlined with the patch for v11 hopefully gives the maximum amount of compatibility without being breaking again, with giving extension authors additional options, and having v12 options to further mitigate this complex mess. Resolves: #96332 Related: #92238 Related: #95026 Related: #94451 Related: #94384 Releases: main, 11.5 Change-Id: I5fea15c9b73c59e5d7c3212a0842bc9a3413d2a1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73630 Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
-
Nikita Hovratov authored
When using the option "references" as an array, it is possible to provide table and uid with stdWrap functionality. The return type can be mixed so proper casting is necessary. Also, empty values like an empty string for table or "0" for uid should not trigger $pageRepository->getRawRecord and the fallback values should be used instead. Another potential bug was found while adding test cases, where an empty table would result in nothing. In such a case, the current table should be used for relation fetching. Resolves: #96809 Releases: main, 11.5 Change-Id: Ieb90f846bbdafb50190c1d30008aa65e1dbb9e43 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73550 Tested-by:
-
- Feb 21, 2022
-
-
Oliver Hader authored
Recent release of enshrined/svg-sanitize addressed a XSS vulnerability. The main purpose of having this library in TYPO3 is to protect against user submitted images that contains markup - which is possible with SVG files. In most TYPO3 scenarios these files would be stored in https://example.org/fileadmin/evil.svg and can be fetched directly. However, recent update for CVE-2022-23638 of the svg-sanitizer library seems to address the usage of inline SVG, used in an embedded HTML context, see https://github.com/darylldoyle/svg-sanitizer/issues/71 Resolves: #96901 Releases: main, 11.5, 10.4 Change-Id: Iacbaf4b9c9725dee9c12df3646fc1131b7ed93ed Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73627 Tested-by:
-
Andreas Fernandez authored
For a better UX, the period configuration field in the "Remove deleted records" task should be changed to be a "number" field. Resolves: #96977 Releases: main, 11.5 Change-Id: Ibd8f8eb6897d0349eb0902a78c2bf83741ff8f7a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73549 Tested-by:
-
Benjamin Franzke authored
For unknown reasons the /ajax/login/refresh route has never been used (all the way back to v6), to request a session timeout update. Instead the route /ajax/login/timedout, *without* the skipSessionUpdate=1 parameter has been used to refresh an existing session. With the introduction of configurable route parameters in #81409 this inconsistency wasn't noticed and the skipSessionUpdate parameter has been moved into the route-configuration, which meant /ajax/login/timedout was always called with skipSessionUpdate=1, even as result of the "Stay logged in" button, where a session update was intended. Use the dedicated /ajax/login/refresh route in order to actually refresh the session. Releases: main, 11.5, 10.4 Resolves: #96978 Related: #81409 Change-Id: I6e7ac78fdfae49fa07ac6b75d64dd1c381ad7e2b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73624 Tested-by:
-
Andreas Fernandez authored
The period validation now also checks whether the input is larger than 0 to disallow negative values. Resolves: #96976 Releases: main, 11.5 Change-Id: I9917e48fa976299227704b21c3aab2784ba0ca08 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73548 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
- Feb 20, 2022
-
-
Stefan Bürk authored
Raise development dependency "php-webdriver/webdriver" to a version which includes officially PHP8.1 fixes and opens for up for "Symfony 6 components" installation on main. used command: > composer req php-webdriver/webdriver:"^1.12.0" --dev Resolves: #96979 Releases: main, 11.5 Change-Id: I1ca15e0473e179c89c39fa2aa46073f3d09a2687 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73621 Tested-by:
-
Benjamin Franzke authored
Since #94084 all module URLs are automatically framed by the TYPO3 main controller whenever they are opened in a Sec-Fetch-Dest aware request. Use a non-module route for the popup window in order to avoid the automatic re-framing. Also hide the back-button in the popup window, as it would cause the entire backend to be opened in the popup. The shortcut button will link to the module-based detail-action in order to show in regular module context. Releases: main, 11.5 Resolves: #95361 Resolves: #86099 Related: #94084 Change-Id: I0bae3e502fa58f4b2bee804c5ed12b0fc2030d20 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73608 Tested-by:
-
Christian Kuhn authored
Recent pdo_sqlsrv 5.10.0 force SSL enabled connections with valid certificates. We can't supply these in CI right now. The patch removes active functional testing with this DBMS on CI, but keeps the rest of the infrastructure in runTests.sh and friends. This is a quick fix to get v11 and v10 green again. We could pick this up again if we find a solution for the certificate issue. Resolves: #96974 Releases: 11.5, 10.4 Change-Id: I0af99c52ae447ae6974d21236a862179e9b40dd6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73613 Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
Nikita Hovratov authored
This answers the question, why we check for 2 fields. Resolves: #96970 Releases: main, 11.5 Change-Id: Id2f74fe1362569765b0c030f810d5e208a15ad8e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73547 Tested-by:
-
Nikita Hovratov authored
The fieldControl to add a button to open the tableWizard has been removed in a previous optimization. Resolves: #96971 Related: #95036 Releases: main, 11.5 Change-Id: Ib1f8c5ff29071778ed098cabab8bdf22422822e9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73546 Tested-by:
-
Nikita Hovratov authored
Resolves: #96969 Releases: main, 11.5 Change-Id: I2dbd46db484c66bdea05d513f2b7e5c77f6f16bb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73545 Tested-by:
-
- Feb 19, 2022
-
-
Benjamin Franzke authored
BackendUserAuthentication isn't an injectable service, therefore the (unused) dependency injection is dropped and $GLOBALS['BE_USER'] usage is moved to be scoped by the isBackend() check. Also fix the same DI-anti-pattern in CategoryPermissionsAspect. No user facing error is currently known for this case, as the ModifyTreeDataEvent is only executed in backend context, so this is just to streamline both aspects. Releases: main, 11.5 Resolves: #96960 Change-Id: I7b9f49ef82eeffcf369f471b5d031311aa5007b4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73544 Tested-by:
-
- Feb 18, 2022
-
-
Georg Ringer authored
Avoid exceptions when creating inline relations if the parent record is not yet persisted. Resolves: #96900 Releases: main, 11.5 Change-Id: I383fd37efa8bec09333ee61156be1add99fd6e56 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73602 Tested-by:
-
Benjamin Franzke authored
* Avoid scrollIntoView which is no longer needed since #96947 * Do not catch exceptions on tab-click in ElementsBasicInputRangeCest which has been introduced in #93629, but actually didn't catch the documented case where the tab was already active (no exception in that case). It was actually only triggered when the tab was scrolled away. Again no longer needed due to #96947. Resolves: #96951 Related: #96947 Related: #93629 Releases: main, 11.5 Change-Id: I787960ea5dd8a6c946e090d90c4c9d2ecb950e68 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73586 Tested-by:
-
Oliver Bartsch authored
Some code examples for the ShortcutButton "routeIdentifier" property, introduced in #93093, used the non existing "web_view" identifier. Using this code example will therefore lead to a RouteNotFoundException exception. This is now fixed by using the correct identifier for the viewpage module. Resolves: #96945 Related: #93093 Releases: main, 11.5 Change-Id: Icf0a7cd476328661a630f24655ec53fe34b78745 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73543 Tested-by:
-
Oliver Bartsch authored
The option to disable the column selector in the filelist is located under the top-level key "options". Resolves: #96959 Related: #84184 Releases: main, 11.5 Change-Id: I97d09e17a19953ef20e9f3108c053d323f2a4507 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73542 Tested-by:
-
- Feb 17, 2022
-
-
ochorocho authored
Releases: main, 11.5 Resolves: #96943 Change-Id: I1934c621ab87ba46387860050124d8c55210a81c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73540 Tested-by:
Tymoteusz Motylewski <t.motylewski@gmail.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
-
Benjamin Franzke authored
With #90879 useOrOverridePlaceholder fields have been adapted to autofocus the related field when the related checkbox (e.g in sys_file_references) are triggered in FormEngine.toggleCheckboxField. This has the side effect that input fields whose checkbox is preselected are autofocused on initial page load, when FormEngine.toggleCheckboxField() is called from FormEngine.initializeNullWithPlaceholderCheckboxes. This caused the browser to scroll to these fields. The autofocus is now changed to not be triggered on initial pageload, only when FormEngine.toggleCheckboxField() is used due to user input. This also had the effect that acceptance tests failed randomly as automated tab-clicks didn't work (for example in #93629), when the formengine iframe was scrolled all the way to the last useOrOverridePlaceholder field, rendering the tab-selection invisible. Releases: main, 11.5 Resolves: #96947 Related: #90879 Related: #93629 Change-Id: Ie880595079e60421556994b14af0b94bba67b73c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73580 Tested-by:
Nikita Hovratov <nikita.h@live.de> Tested-by:
-
Stefan Bürk authored
'ext:redirect' now clusters the redirect cache into dedicated parts per domain, which reduces the data amount needed to load on redirect handling in the frontend to the absolute minimum. On the other hand, when rebuilding a cache this is narrowed down to the related domain, thus avoiding retrieving and caching all redirects, which may reduce the processing time in the backend on changing redirects or auto redirects creation on page updates. This works around some flaws for some instances and use cases, but do not harm on smaller instances with lower redirects count. * read and write redirect cache by domain based identifier * removed one array level from cached information and reduced one array key level in redirect matching code * cache identifier for domain entries are build using 'sha1()' * combined with early redirects introduced with #96480 this reduces the loaded data even more, as it is done in chunks * adjusted unit tests to reflect two redirect cache service calls, one for the domain and one for wildcard "*". * rebuilding cache through datahandler hook now rebuilds only for the related 'source_host', thus avoiding rebuild of all redirects for every change. This may still be further improved for multi record operations with the same domain. A 'rebuildAll()' fallback stayed as a last defense to cover cases where specific source_host cannot be determined. Resolves: #96617 Releases: main, 11.5 Change-Id: Id335017cf890dca7c57e892a2561c3555348a668 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73541 Tested-by:
-
dev-rke authored
FlexFormSectionContainer raises an exception when title is not defined. Releases: main, 11.5 Resolves: #96936 Change-Id: I0ad1a432f11bb2cc36f718ca25f430cf91d94417 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73538 Tested-by:
-
Elias Häußler authored
Resolves: #96942 Related: #93023 Releases: main, 11.5 Change-Id: I7352a53e03162b24a7e931244e02de5067cc02eb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73539 Tested-by:
-
- Feb 16, 2022
-
-
Oliver Bartsch authored
The StandardContentPreviewRenderer runs through a list of fields, whose value should be processed and displayed in the footer. Some of those field values might be a reference to a foreign table, e.g. in the "fe_group" field. Due to changes in getProcessedValue(), it's necessary to provide the records' uid, to be able to resolve values of fields with a "foreign_table" configuration. Resolves: #96920 Releases: main, 11.5 Change-Id: I0d8739710e478a7cb264be1d5b90b70af31de964 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73537 Tested-by:
-
Oliver Bartsch authored
The new content element wizard is using default values to define on which colPos or in which language the new element should be created. Using TSconfig it is also possible to define custom default values, most commonly the "CType". The user defined values should however never overwrite the dynamically generated values from the UI. Therefore, the dynamic values do now always overwrite the user defined values, like it's already done on preparing the data map (In case "saveAndClose" is used). Resolves: #96914 Releases: main, 11.5 Change-Id: I8f2bbf2589715c63a54bc19380f98483a12d028c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73536 Tested-by:
-
Oliver Bartsch authored
A JavaScript exception is fixed by replacing the invalid "auto" option for the "size" attribute of the custom "typo3-backend-icon" element with "small". Resolves: #96915 Related: #95353 Releases: main, 11.5 Change-Id: I765a79d4d32e93175a0c5f271b203ba39e607b36 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73556 Tested-by:
-
- Feb 15, 2022
-
-
Oliver Bartsch authored
Resolves: #96913 Releases: main, 11.5 Change-Id: Idf1b2d34d9c4373f52f5d8cbae84d83d2d5bfbd3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73535 Tested-by:
-
Benni Mack authored
When previewing the frontend for a specific usergroup (ADMCMD_simUser) or previewing a page in the future (ADMCMD_simTime) the GET parameters are now continued to be used when browsing the frontend. This solves issues when a user-restricted page or a page visible in the future has a form on it, and the GET parameters are kept. Resolves: #94974 Resolves: #96491 Releases: main, 11.5 Change-Id: I0a79749648c0235f0a959a416408540fab2fb4b1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73534 Tested-by:
-
Benni Mack authored
With the change https://review.typo3.org/c/Packages/TYPO3.CMS/+/50811/ the link markers in the label file were removed. Resolves: #96910 Related: #52286 Releases: main, 11.5 Change-Id: I59a45d2c4f43c84087c7c964ce4460f6c7eb49e0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73533 Tested-by:
-
Oliver Bartsch authored
This removes the no longer evaluated option `uploadfolder` from ext_emconf.php files. Additionally, `clearCacheOnLoad => 0` is removed, since this is the default. Resolves: #96898 Releases: main, 11.5 Change-Id: I99379d6066e53abd67fd8e6a1f32638b597ea1c6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73520 Tested-by:
-
Susi Moog authored
If l10n_source points to a deleted or non-existing record the translation wizard failed in free mode with a 500 error, because determining the source languages fail and no fallback was implemented. Instead of failing, the behaviour was adjusted to handle l10n_source pointing to erroneous records similarly to an empty column and offering all available language as option for the translation - as in fact the source cannot be reliably determined. Resolves: #96838 Releases: main, 11.5 Change-Id: Iec7f4a1dba6b93c5185fec7863b1deaa175b0279 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73532 Tested-by:
-
Christian Kuhn authored
Change-Id: I31ec2d1ab4872f5ab6df354c4e808b451ac1ce71 Resolves: #96897 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73513 Tested-by:
-
- Feb 14, 2022
-
-
Imko Schumacher authored
Tokens in an encoded URL (where '=' is '%3D') now get anonymized. Resolves: #96858 Releases: main, 11.5 Change-Id: If07d122b2a5b89cb66fef3fff0790004c5d07eb1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73399 Tested-by:
-
Markus Klein authored
Ensure the "new record" page position selector works on the root page (pid 0). Resolves: #96883 Releases: main, 11.5 Change-Id: I25681e5b0a2608dde3ca47180f443820cd7ff5bc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73398 Tested-by:
-
Susi Moog authored
* Migrate most test fixtures from .xml to .csv. Some special cases are left out, those will receive dedicated patches. * Streamline assertCSVDataSet() and importCSVDataSet() usage to __DIR__ relative paths. Resolves: #96856 Releases: main, 11.5 Change-Id: I747aafa03c031aa655c8f2a9ab71027ee2accddc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73484 Tested-by:
-
