- Jul 06, 2023
-
-
Oliver Bartsch authored
In case a user did not pass necessary multi-factor authentication, this is handled as a login failure. Therefore, a webhook is now triggered for this scenario, like done for login failures of the first factor (usually username / password), providing basic information about the user and the used MFA provider. Resolves: #101263 Related: #100129 Releases: main, 12.4 Change-Id: I56b79a74d291beb94d78bb42305dcfba86ecaa26 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79825 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Benjamin Franzke <ben@bnf.dev> Reviewed-by:
-
Benjamin Franzke authored
Resolves: #101265 Releases: main, 12.4 Change-Id: Ia4b6e5f9cb9c17394e3d72e18d9664ccbaf53f85 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79823 Tested-by:
-
Oliver Hader authored
Issue #39261 changed the behavior for processing nested tags. The iteration is adjusted and commented, to make clear what is actually happening there... (`$tagConfig` did not have a meaning). Resolves: #92194 Releases: main, 12.4 Change-Id: I94ddc683bbd1241330cde0d44cb7339afa75da56 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79806 Tested-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
-
Oliver Bartsch authored
In case a user has MFA enabled, the same handling is now done as for users, not having MFA enabled. This is e.g. dispatching the AfterUserLoggedInEvent. Resolves: #99864 Resolves: #100128 Releases: main, 12.4 Change-Id: I1df7a23e2b1a1ae09ac3b0217364478155af6bca Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79807 Tested-by:
-
Oliver Bartsch authored
Since #94345 it's possible to omit the "event" identifier when configuring an event listener, since the service can be resolved using reflection. This however did until now not work when using union types. This patch therefore adjusts the corresponding compiler pass, making it possible to use the same method for listing on multiple events. Resolves: #101264 Related: #94345 Releases: main, 12.4 Change-Id: I5668269104515811d3c916c832942ef532bdfa27 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79821 Tested-by:
-
Stefan Froemken authored
In case of activated STRICT_TRANS_TABLES, better known as strict_mode, the index_words record incl. metaphone can not be stored as a string is provided, but an int is expected. As various metaphone related methods in TYPO3 return a string we change the DB type of column metaphone to varchar. We set the length to 60 as it is the same we use in analyzeHeaderinfo(). Resolves: #99547 Releases: main, 12.4, 11.5 Change-Id: Ice4223f2169595b781ed8c3a7dd5dda3f50e8a1e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79817 Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Annett Jähnichen authored
Currently, when selecting a level in the "View" menu, the complete page tree is loaded starting from the root page, because the link did not have an id of the currently selected page. The id is now passed as an argument. Resolves: #99885 Releases: main, 12.4 Change-Id: I45fe4abfdd68b5bce15ca9d7b540a2965de7fab4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79820 Tested-by:
Annett Jähnichen <mcmietz@web.de> Reviewed-by:
-
Oliver Bartsch authored
By dispatching a new PSR-14 Event on a failed multi-factor authentication attempt, it's now possible to consider such failed attempts in the "send email on failed login" functionality. The improved log message does now also use the correct "action" and "error" types, which allows further functionality, such as the corresponding dashboard widget, to make use of those information. Resolves: #100129 Releases: main, 12.4 Change-Id: I52047bc45dba124f050aa31640444ce4af12c4df Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79816 Reviewed-by:
-
Andreas Fernandez authored
The FormEngine validation now accepts "00:00 01-01-1970" as an entered date, which evaluates to int 0. If string 0 is passed, the field is supposed to be empty. Previously, a too simple negation check was in place. In the long run, the whole date validation handling needs a major rewrite to not rely on timestamps anymore. Resolves: #101258 Releases: main, 12.4 Change-Id: I90a976088e01c23443369eff76f4c6401463715e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79819 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
-
Susanne Moog authored
When previewing a translated page that is enabled which has a parent (default lang) page that is hidden, users got a 403 error, because the preview flag was not set (as the page itself was not hidden). Change the check to always check both the default language and the overlay for setting the preview flag. Resolves: #20873 Resolves: #92775 Releases: main, 12.4 Change-Id: I438e772ee34cdb018cf4701878c18684a2fa3e03 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79813 Reviewed-by:
-
Lukas Niestroj authored
Rephrase the error messages presented to the user after a failed attempt to create or update a version record in offline workspace without permissions. Further, disable all modification actions in the recordlist. Disabled buttons: edit, move, delete, copy, cut, new record, history. Resolves: #10551 Releases: main, 12.4 Change-Id: Ieada8032ca12b1b90b53ee700ed9a6ba55d55bd2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79815 Tested-by:
-
Stefan Bürk authored
This change add additional functional tests to ensure old import tag syntax works in PageTsConfig UserTsConfig, from row templates and global array registration. Resolves: #99868 Releases: main, 12.4 Change-Id: I8921242fb5af3b2b4acf2c60ed74ee31e2589783 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79814 Tested-by:
Stefan Bürk <stefan@buerk.tech> Tested-by:
-
Imko Schumacher authored
The TCA processing temporary converts native datetime inputs to timestamps for some checks. The start of the unix epoch (1970-01-01 00:00) corresponds to the 0 timestamp. Conditionally checks interpreted that as false, resulting the value to be the default value. This fix also prevents empty date values from being set to MySQL-specific values (0000-00-00 00:00:00). Resolves: #92900 Releases: main, 12.4 Change-Id: I979d59f4abe3dd73117a9e135a74ae3036192d9b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79812 Tested-by:
-
Andreas Nedbal authored
This patch adds support for loading the base CKEditor 5 locales and importing them in the backend if requested. Because CKEditor doesn't ship a full set of locales, we needed to add an additional build step that assembles the locales of all plugins we have installed. Resolves: #100873 Releases: main, 12.4 Change-Id: I971bf3e55d006a4a378123e8723c1bb8d23b09d1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79777 Tested-by:
Andreas Nedbal <andy@pixelde.su> Tested-by:
-
Susanne Moog authored
The "show dialog" option is an option below the notification settings of each workspace and therefor only impacts the notification settings. A dialog will still appear, allowing the user to add a comment. The documentation now reflects this. Releases: main, 12.4, 11.5 Resolves: #101255 Resolves: #84629 Change-Id: I16b4d80cb454f77afe9fb0e8783920b41e3991ce Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79783 Reviewed-by:
-
Torben Hansen authored
With #99920 the HTTP referrer evaluation has been extended to not overwrite the evaluated HTTP referrer on failed logins. The fix however broke the HTTP referrer evaluation, when the login plugin is placed on a page which is configured as 403 error page. In this case, the page is called via sub-request and a possible available HTTP referrer from the initiating request is used as redirect url. This patch extends the HTTP referrer evaluation, so the URL of the initiating request is used as HTTP referrer variable, if the plugin is called via sub-request. This ensures, that the user is redirected to the URL which the 403 error handler intercepted. In order to do so, the `PageContentErrorHandler` is extended to pass the original request as request attribute `originalRequest` to the sub-request. Additionally, the evaluation of the referrer URL has been moved to `RedirectHandler` and all scenarios have been covered with tests. It has to be noted, that in TYPO3 11.5 the fix will only work, if the "Subrequest page errors" feature toggle is enabled. Resolves: #100715 Releases: main, 12.4, 11.5 Signed-off-by:
Torben Hansen <derhansen@gmail.com> Change-Id: Ibcfdf5093eac72f1796d15f40ef9426d0597d7f3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79785 Tested-by:
-
Henrik Elsner authored
Resolves: #97710 Resolves: #97639 Releases: main, 12.4, 11.5 Change-Id: I5ff95d2d8c4d31105a95da3a18467adb0f7d3852 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79778 Tested-by:
-
Benni Mack authored
This change allows user-lang code when using TYPO3's PSR-7 implementation to also use integers and floats for header values. This change popped up in PHP 8.0 environments. Resolves: #101001 Releases: main, 12.4, 11.5 Change-Id: Ia4d3309ef5c6c4f4357eed75bb0ddad40503d132 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79780 Tested-by:
-
Georg Ringer authored
If a record is translated, the modal overlay is now closed. Resolves: #100833 Resolves: #100896 Resolves: #99936 Releases: main, 12.4 Change-Id: Ifd282c72c5df2c03920f3b7aba67976fdacf168d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79774 Tested-by:
-
Andreas Fernandez authored
TYPO3 ships some default handling for encrypted email links and popup windows. Unfortunately, only links that were available on initial document load were handled, links that were added after couldn't get handled. To solve the issue, the events are not directly bound to such links anymore, but handled by an event delegation approach. Resolves: #101228 Releases: main, 12.4, 11.5 Change-Id: I8ec5d5736d9f9cfe8496cf69cf1128f1af4c0eb8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79782 Reviewed-by:
-
- Jul 05, 2023
-
-
Benni Mack authored
This change now checks for a records' sys_language_uid field before doing overlays, and is only doing overlays when the incoming record has a "sys_language_uid" -1 and was properly overlaid. Resolves: #100931 Resolves: #101229 Releases: main, 12.4 Change-Id: I73acaf02de950312d1728936a92b6603ff62eb77 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79775 Reviewed-by:
-
Jochen Roth authored
Currently, the RTE did not validate when required=true was set. This has been changed to update the source on change which triggers validation again. Resolves: #100838 Releases: main, 12.4 Change-Id: I3bc9a9c43d23d8334f3f5694ef52f626d12c424c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79776 Tested-by:
-
Mario Lubenka authored
Until TYPO3 CMS 10.4 the ValidatorTask could be used without sending the validation report via email. The task could be used to re-crawl all links and update the reports in the module only. This behaviour is restored by sending emails only if an email address is set. Resolves: #97431 Releases: main, 12.4, 11.5 Change-Id: I63197605c272f56449f933abd08d0c05bd7a7661 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79772 Tested-by:
-
Benni Mack authored
When a page translation of type=shortcut (doktype=4) contains a different value than its original page, the proper target URL is now resolved correctly upon link creation and link resolving in TSFE. This additionally fixes flaws in the behavior of first subpage in cases where the first subpage differs between languages. Resolves: #98565 Resolves: #98566 Resolves: #87815 Releases: main, 12.4 Change-Id: If44033affc1cde1f59d5ccab97d75cffd01d2ad0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79751 Tested-by:
-
Benni Mack authored
When using TSconfig like this: mod.web_list.tableDisplayOrder.pages { after = tt_content } which creates a circular dependency with the original TSconfig, the list module does not crash anymore but shows a warning instead. Resolves: #98072 Releases: main, 12.4 Change-Id: Ifcc3890fc6283a8c4f20b8b959a41bec5108893c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79750 Tested-by: -
Benni Mack authored
Resolves: #99838 Releases: main, 12.4 Change-Id: I41833544e3fe77340d1d82223eb3da0182cb1322 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79749 Tested-by:
-
jakotadesigngroup authored
Nullable time fields with value null (not set) are reset to 0 on update. This changes the value from not set to midnight. It is not so problematic for date fields as there reset value, for the time being, is null also. But this behavior is wrong anyway. Resolves: #99847 Releases: main, 12.4, 11.5 Change-Id: I080b6bb1ad00a025967d9626632ff71b8fb2193a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79748 Tested-by:
-
Benni Mack authored
Kudos to Georg Ringer for the hint. Resolves: #98600 Releases: main, 12.4, 11.5 Change-Id: I1c200b4a8835bdccc4e9dc2cf2cee423459a13c4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79746 Tested-by:
-
Oliver Bartsch authored
Resolves: #101248 Releases: main, 12.4, 11.5 Change-Id: If7954c44729897bf807bb06dd864fdfbf7f3f7eb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79744 Tested-by:
-
Andreas Fernandez authored
The Folder Browser now has a button that allows to select the currently opened browser, which is already possible in the Link Browser for pages. As a side-effect, this allows the selection of file storages again. Resolves: #100789 Releases: main, 12.4 Change-Id: Ifa30c7cc1f65a2b313f689f5c06c41734408f403 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79742 Tested-by:
-
Josef Glatz authored
This patch adds missing translation strings for the search located in: DB Check > Full search > Raw search in all fields The heading of the result section is also only shown if result markup is available to the view from now on. Resolves: #99967 Releases: main, 12.4 Change-Id: I5c5269148b98189079a6efd7246048225a8b4b67 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79743 Tested-by:
-
Florian Schöppe authored
The indexed_search extension uses a truncated md5 hash for building a word index. The truncation greatly increases the probability for collisions. These collisions are the root cause for the problems that are described in the related issues. The best solution would be to either use full-length hashes or no hashes at all. As this is not possible without changing the database schema and rebuilding the whole word index, this patch prevents the exceptions caused by the hash collisions. This is done by removing all words with colliding hashes before the word index is updated. Note that this patch just makes it possible to index page contents that contain hash collisions (words with colliding hashes) again. The affected words are obviously not added to the word index and though won't yield results when searched for. Resolves: #101249 Related: #84541 Related: #90977 Related: #87138 Releases: main, 12.4, 11.5 Change-Id: I5bf7d562ee42f63a5eeb99381b252018439bfaab Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79741 Reviewed-by:
-
Oliver Hader authored
The backend login refresh dialog is now passing a request-token (which is required in `AbstractUserAuthentication`), which is fetched via AJAX before actually submitting the login credentials as well via AJAX. Resolves: #101209 Releases: main, 12.4 Change-Id: I0d3d8a927b7f02791d990eefb2faf98be8aa2efb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79727 Tested-by:
-
Benni Mack authored
This change adds an additional guard clause check to avoid SQL errors when an invalid row is entered. Resolves: #98189 Releases: main, 12.4, 11.5 Change-Id: Iecb12b9c6ef97fb603c8b720d5e2be7433543637 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79738 Reviewed-by:
-
Susanne Moog authored
With the refactoring to attributes, RowUpdaters failed to be fetched from the UpgradeWizardService, as they present upgrade wizards in the registry but are not registered via the UgradeWizard service locator. To fix this gracefully, we avoid using the service locator for row updaters, falling back to the identifier. A next step (feature) would be the introduction of a dedicated attribute and service locator for RowUpdaters. Resolves: #100539 Related: #99586 Releases: main, 12.4 Change-Id: I2be4400b51f1ecef8059c3c22cf5da01090883dc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79653 Tested-by:
-
Josef Glatz authored
Streamline total amount text for backend groups and backend user listing. Also correct wording is applied, depending on the number of records displayed. Resolves: #99966 Releases: main, 12.4 Change-Id: Ie96dfc1148d4eafcc4418b7187645bf4831262f3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79736 Reviewed-by:
-
Oliver Bartsch authored
Resolves: #101238 Releases: main, 12.4 Change-Id: I3ff0ea07c5b4121d3b585215b13b4834de7838b4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79735 Reviewed-by:
-
Stefan Bürk authored
`ext:redirects` allowed to redirect to absolute target path. With #97159 the target field TCA type has changed and did not allowed to enter a path identifier since then. This change lets the `LinkService` resolve a path identifier not matching a file or folder as type `URL` and restore the ability to create path based redirect target links. Additionally, it's now possible again to link directly `/` again in link fields or RTE fields (#97693). The underlying solution is that "old-school" links to files (before FAL) to e.g. "fileadmin/mydownload.exe" is now actually treated as an external URL, and not as a automatically detected file anymore. Resolves: #101083 Resolves: #97693 Related: #97159 Releases: main, 12.4 Change-Id: Ib6a1503137b1c424c55aa3785f6c5d260b5a3aad Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79734 Tested-by:
-
Elias Häußler authored
The `PageErrorHandlerInterface` is often implemented in case a custom error handler is used in site configuration. Static code analysis may complain about missing iterable types in implementations. Thus, we now provide the iterable types to ease the implementation effort in TYPO3 projects. Resolves: #100004 Releases: main, 12.4 Change-Id: I9734ce09c091f6d0e6f68d19019e8d77d1ffc685 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79733 Tested-by:
-
Benni Mack authored
When a link href is empty or invalid, TYPO3 now does not crash anymore. Resolves: #100958 Releases: main, 12.4 Change-Id: I768d43b72a3abd55af06cd9750ac8a400bc41d63 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79732 Reviewed-by:
-
