The ExpressionLanguageResolver should be generic and not
implement some TypoScript related logic.

Therefore the check for "ELSE" expression is moved to
AbstractConditionMatcher

Dead code is removed on the go.

Resolves: #97077
Releases: 10.4, 11.5, main
Change-Id: Ic5037b46c65ffb80f2f5b242e671e2454922171c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73838


Tested-by: core-ci <typo3@b13.com>
Tested-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Helmut Hummel <typo3@helhum.io>

When ext:felogin is configured to redirectMode "getpost,login",
the extension does always redirect to a page configured in
TS/Flexform although a valid redirect URL is provided using
`return_url` or `redirect_url` GET parameter. Root cause of the
problem is the wrong assignment of the fluid variable
`redirectURL`, which should be used for GET/POST redirect urls
only.

This patch ensures, that the fluid variable `redirectURL`
is assigned either with GET data from `return_url` or
`redirect_url` if available.

Resolves: #92068
Releases: main, 11.5, 10.4
Change-Id: Iae3ba5c4345b26a1cf9d52801c6d101c5986dbb4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73785


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

DefaultSanitizerBuilder for HTML sanitizer creates a new behavior
for each invocation which is superfluous and can be cached in memory.

Resolves: #96862
Releases: main, 11.5, 10.4
Change-Id: I4a6710524a1f2f1256c8aa7694ceaa56a627a07f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73460


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Install tool has been trying to connect to the database before
checking if a bare minimum of configuration is given to. This has
been done to decide if the database connect step needs to be shown.

Starting with php8.1 this fails hard and the step is not shown,
thus an installation cannot be finished.

This patch change the checking order and checks for the bare minimum of
configuration first, before try to connect to the database.

Build/Scripts/runTests.sh -s acceptanceInstall -p 8.1 -d sqlite
Build/Scripts/runTests.sh -s acceptanceInstall -p 8.1 -d mariadb
Build/Scripts/runTests.sh -s acceptanceInstall -p 8.1 -d mysql

Resolves: #95545
Releases: master, 10.4
Change-Id: I9923198b26f86e44fd6c1f6655195faa0c79895e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73652


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

Change-Id: Iaf5eac9530f91a647c1702ff2f0800488cdee1c7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73640


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: If64bef86e6414801ec81cd622d4a59c80b5a43ff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73639


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Recent release of enshrined/svg-sanitize addressed a XSS vulnerability.

The main purpose of having this library in TYPO3 is to protect against
user submitted images that contains markup - which is possible with
SVG files. In most TYPO3 scenarios these files would be stored in
https://example.org/fileadmin/evil.svg and can be fetched directly.

However, recent update for CVE-2022-23638 of the svg-sanitizer library
seems to address the usage of inline SVG, used in an embedded HTML
context, see https://github.com/darylldoyle/svg-sanitizer/issues/71

Resolves: #96901
Releases: main, 11.5, 10.4
Change-Id: Iacbaf4b9c9725dee9c12df3646fc1131b7ed93ed
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73628


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

For unknown reasons the /ajax/login/refresh
route has never been used (all the way back to v6),
to request a session timeout update.

Instead the route /ajax/login/timedout, *without* the
skipSessionUpdate=1 parameter has been used to
refresh an existing session.

With the introduction of configurable route parameters
in #81409 this inconsistency wasn't noticed and the
skipSessionUpdate parameter has been moved into the
route-configuration, which meant /ajax/login/timedout was
always called with skipSessionUpdate=1,
even as result of the "Stay logged in" button, where
a session update was intended.

Use the dedicated /ajax/login/refresh route
in order to actually refresh the session.

Releases: main, 11.5, 10.4
Resolves: #96978
Related: #81409
Change-Id: I6e7ac78fdfae49fa07ac6b75d64dd1c381ad7e2b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73625


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Revi...

Recent pdo_sqlsrv 5.10.0 force SSL enabled
connections with valid certificates. We can't
supply these in CI right now.

The patch removes active functional testing with
this DBMS on CI, but keeps the rest of the
infrastructure in runTests.sh and friends.

This is a quick fix to get v11 and v10 green
again. We could pick this up again if we find
a solution for the certificate issue.

Resolves: #96974
Releases: 11.5, 10.4
Change-Id: I0af99c52ae447ae6974d21236a862179e9b40dd6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73614


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Our LICENSE.txt files contain a custom header
mentioning details of a 3rd party library.

The patch resets LICENSE.txt files to the
default GPLv2 version [1] and moves the 3rd party
credits to the backend about module, which
already lists other credits. This obeys the
authors whish to set a link to his work.

The default LICENSE.txt files have the additional
advantage that services like github should
recognize the project as GPLv2 licensed project.

[1] https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

Resolves: #96837
Releases: main, 11.5, 10.4
Change-Id: I63a4cd286ea3714667688d12347034b9ae67f276
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73447


Tested-by: core-ci <typo3@b13.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

Change-Id: I46b6ad09eacc8e7da38743607d3537323108d36d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73348


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I63603e8a8511b2599b20ee1d1065e7cca730e6b9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73347


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Due to a bug, the class properties did not override
properly using alternative names as the TYPO3-internal
"mergeRecursiveWithOverrule" was used in the wrong order.

This patch now uses "array_replace_recursive" and adds the
child properties at the very end.

Resolves: #87566
Releases: main, 11.5, 10.4
Change-Id: I91799cfb6c2effb8440bd099502ae801c9a69d15
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73087


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Under some circumstances, e.g. in a translations
only page module, a given $languageId (in this case
the default `0`) is not part of the $siteLanguages
array, since this only contains languages, allowed
for the user.

To fix a null pointer exception, we check whether
the SiteLanguage exists, before accessing it.

Resolves: #96600
Releases: 10.4
Change-Id: I2897edbf932075645a0c00dddb441b7eaa098708
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73102


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

When previewing pages a null pointer exception
is triggered in the frontend RequestHandler, in
case $GLOBALS['LANG'] does not exist. This
is the case when no user object exists (or is
not a FrontendBackendUserAuthentication).

This is now fixed by creating the LanguageService
with the corresponding factory and no longer relying
on $GLOBALS['LANG'].

Additionally, another possible null pointer is
fixed in the factory, since createFromUserPreferences()
allows NULL for the first parameter "$user"
but previously did not check the provided
value before accessing.

Resolves: #96590
Releases: main, 11.5, 10.4
Change-Id: I160a9dae9131973d681b392ee713d1fadcb9a24b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73095


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

The created reports.xml when running acceptance tests
is used for nothing in CI and just uploaded as artifact
along with the other reports. When ac tests fail, the
generally useful file is reports.html together with the
screenshots. Creating the xml file is skipped now.

Users who still want to create the xml file when running
the acceptanc test suite can do so by adding the "extra"
argument to runTests.sh:
> Build/Scripts/runTests.sh -s acceptance -e '--xml reports.xml'

Resolves: #96557
Releases: main, 11.5, 10.4
Change-Id: Ic385e307bb48702bc9269e42960fc76f1aa0be41
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73050


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Doctrine uses mixed type for most of their method arguments in
QueryBuilder. Since TYPO3 core uses variadic arguments for some
methods in the wrapping QueryBuilder, argument types have been
streamlined to match the ones in the concrete QueryBuilder
instance from Doctrine.

Resolves: #96507
Related: #96457
Releases: main, 11.5, 10.4
Change-Id: I834240f764feac7af9fba7db0d45aaf4927abb2e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73010


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The change for issue #94357 introduced handling for `event/` URLs,
and accidentally modified handling for `video/` URLs as well. As a
result, the `video/` IDs were incorrectly resolved containing a
leading slash.

Resolves: #96509
Releases: main, 11.5, 10.4
Change-Id: I5623ff59dac44a699877e4e5a2e91707f72a407e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72969


Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I9afad25a88555d3a89610b63ab0afd21e1284304
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72957


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I52bd2fc97d0e1a24ad393bc6b2fb4597fb5f73be
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72956


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The maintainer of the `colors` package decided to rampage and released
a bonkers version, see [1] and [2], causing an implosion of the npm eco
system.
Albeit TYPO3 uses this as a transitive dependency only, we're going
to be safe and enforce this package to version 1.4.0, the current known
to-be-stable version.

[1] https://github.com/Marak/colors.js/issues/285
[2] https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

Resolves: #96499
Releases: main, 11.5, 10.4
Change-Id: Ic8ad9105c9a9bc45bb2519547bb044be672db27c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72931


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Update to CKEditor v4.17.1 which addressed browser compatibility
issues and known security vulnerabilities:

https://ckeditor.com/cke4/release-notes

Commands:
  rm -r typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Contrib
  cd Build
  yarn add 'ckeditor4@^4.17.1'
  yarn build

Resolves: #96494
Releases: main, 11.5, 10.4
Change-Id: I87039f5a5d1fe7488f6d4c5d0c36e90421d4c93e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72930


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Some browsers (reported were Safari and Firefox) are not able to
load the file tree when invoking the module the first time.
This is because the iframe src is initially set to about:blank
and ModuleMenu calls both, iframe.setAttribute('src', …) and
iframe.contentWindow.location.reload(). This seems to cause
browsers to abort load as the current URL is being reloaded.

This is actually a result of a refactoring in #52877 where
the condition navUrl != currentUrl previously correctly
issued a `setUrl()` call but afterwards was swapped to
call `refresh()` instead (or rather additionally).

Releases: 10.4
Resolves: #96475
Resolves: #92556
Related: #52877
Change-Id: Ib20c05e0ca6ed1de62cabf86b6a46a3399636fab
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72932


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scr...>

Update to @claviska/jquery-minicolors v2.3.6 which addressed
known security vulnerabilities:

https://security.snyk.io/vuln/SNYK-JS-CLAVISKAJQUERYMINICOLORS-1930824
https://github.com/claviska/jquery-minicolors/releases/tag/2.3.6

Commands:
  cd Build
  yarn add '@claviska/jquery-minicolors@^2.3.6'
  yarn build

Resolves: #96495
Releases: main, 11.5, 10.4
Change-Id: Iaafdd29dd50a18321746fb36702702302078fceb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72942


Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

This patch adds a check to detect self referencing
redirects, thus avoiding them and instead log an error
in the corresponding frontend redirect middleware.

Furthermore, add a bunch of tests along the way to cover
this change and the different constellations, for example
not avoiding redirect with the same path but external host.

Resolves: #96427
Releases: main, 11.5, 10.4
Change-Id: I554ba51b53065dd754068e379f69c2a5dffc3054
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72808


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

User supplied strings must not be concatenated into the format
parameter of sprintf() as sequences like %s, or (more likely) %20S
(which is ' S' url escaped) may be contained and cause warnings
because sprintf() expects additional arguments in that case.

Streamline to always use the static '%s: "%s"' format instead.

Releases: main, 11.5, 10.4
Resolves: #96478
Change-Id: Ic3b09c6e1e7c617e78ea405289680bd78d0aab64
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72901


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

With the introduction of itemGroups, the index 3 of
the select items array has been shifted one position
to the right. Before that, the index 3 was used for
descriptions and index 4 for an optional keyword
EXPL_ALLOW or EXPL_DENY. These are used together
with authMode=individual to explicitly allow or deny
single items.

Since descriptions now occupy the index 4, the
former usage of this index needs to be shifted as
well to index 5.

For backwards compatibility reasons, a TCA migration
is added, which will check for these special
keywords and move them one index up.

Resolves: #96444
Related: #91008
Releases: main, 11.5, 10.4
Change-Id: I32a96f5c6377871551ab4ee60a402a585da7eaa0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72820


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72857

This patch adds missing 'CompositeExpression' as union
type for QueryBuilder methods 'where()', 'andWhere()'
and 'orWhere()' to match the ability of the underlying
doctrine/dbal QueryBuilder methods.

Resolves: #96457
Releases: main, 11.5, 10.4
Change-Id: Ib9330ffabcdc7680bfd5bb8a991cec60889c9773
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72879


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

With the changes in #95854, database mounts
are no longer sorted by the order they are defined in
the group/user settings, but undefined by the
order the database returns.

DB mounts aren't sorted against each other,
that means sorting values are not meaningful anyway,
and results in uncontrolable orderings.

Explicitly preserve the order using usort().
Also revert groupAndSortPages() to the state prior
to #95854, as the forcePid parameter would now be unused.

Releases: main, 11.5, 10.4
Resolves: #96359
Related: #95854
Change-Id: I64b8d90c68246cc0ac01abcbf3678aa1055189e3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72854


Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

The busybox variant as packaged with the test images based on
alpine of mktemp needs six 'X' as template in cglFixMyCommit.sh.
It otherwise emits a warning executing the command:

 > Build/Scripts/runTests.sh -s cglGit

Resolves: #96432
Releases: main, 11.5, 10.4
Change-Id: I1c1853aabe79186694161c21f5fe0341e1bd2e75
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72874


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The option "autoplay" only works if "mute" is enabled. See
https://developer.chrome.com/blog/autoplay/ for reference.

Resolves: #96320
Releases: main, 11.5, 10.4
Change-Id: Ic4e2de0576fe3d1619af8e35274adeb013c72b31
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72846


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

With the changes in #95854, implicit rootPid dbmounts caused
duplicated pages in pagetree, because explicit page mounts have
been considered multiple times for the pid=0 tree:

 * First time because of their relationship to pid = 0
 * Second time because of their explicit mount
   (which was sorted into the pid = 0 tree)

This happened because #95854 optimized to only use one call
to the PageTree repository, which then had the side effect
of merging "multiple" pages into one tree, instead
of showing "two" separate trees.

The patch ensures that multiple page trees are used when
the rootPid (0) is included as a webmount.

Releases: main, 11.5, 10.4
Resolves: #96367
Related: #95854
Change-Id: I7f421995f2d4aa88bb266fec684565102a4dc080
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72816


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The TCA option "appearance" is an array, with
pre-defined configuration keys. The column
"custom_stages" of the table "sys_workspace" set a
csv value for this option. This does not work.

The configuration is now transformed into the
correct array format.

Resolves: #96437
Releases: main, 11.5, 10.4
Change-Id: I25112d7ea1ce605376d70fa2dabceddd3c121faa
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72834


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Added the following Composer plugins as allowed/trusted

* composer/package-versions-deprecated
* typo3/class-alias-loader
* typo3/cms-composer-installers

Resolves: #96428
Releases: main, 11.5, 10.4
Change-Id: Iabb8f00411279f502bca1d1ba79714cc58d82d3f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72782


Tested-by: core-ci <typo3@b13.com>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>

This fixes several issues for the case that an editor only
has access to translated pages and not to the default
language (L=0).

Resolves: #95795
Releases: main, 11.5, 10.4
Change-Id: Ied31c7aa5229d3b8686741dd97005f9b5f16ef16
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72617


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

The core version service now uses the new entry point of the REST API
available via https://get.typo3.org/api.

The old entry point is still available but should not be longer used.

For more information see `https://get.typo3.org/api/doc <https://get.typo3.org/api/doc>`_
and `https://github.com/TYPO3/get.typo3.org/pull/272 <https://github.com/TYPO3/get.typo3.org/pull/272>`_.

Resolves: #92020
Releases: main, 11.5, 10.4
Change-Id: I2c92554e9ba212827b6412d4a88ac5c92e26aa17
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72757


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Remove the deprecated parameter useCacheHash from Typolink
viewhelper documentation (included in comments).

The parameters useCacheHash and noCacheHash have been deprecated
in TYPO3 v10 and should no longer be used.

The change applies to TYPO3 v10 only.

Resolves: #91956
Releases: 10.4
Change-Id: I1db7c06307d7e69a48ef91d7bafcdc63ee1e22ff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72707


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

Get rid of the select query entirely, which optimises
the task to only require one update query instead of
one select and possibly multiple update queries and
gets rid of doctrine version related incompatibilities
with fetching the select result.

Resolves: #96369
Related: #87162
Releases: main, 11.5, 10.4
Change-Id: I87b570f5efa3d77ed5f2c5fc0074e84bef4675a4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72692


Tested-by: Helmut Hummel <typo3@helhum.io>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Helmut Hummel <typo3@helhum.io>

Resolves: #96308
Releases: main, 11.5, 10.4
Change-Id: Ibcbda7fd97a338d721cf00b38026727e941c72ac
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72681


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

If a language in the SiteConfig is set to the fallbackType
free and there is no translated page for this language, then
there is now no generated hreflang.

Previously, a link was always generated with default language
slug, which lead to 404 page not found.

Resolves: #94270
Releases: main, 11.5, 10.4
Change-Id: Ifb261cf388fccbaabbf2bcae9ac805b143c9b42f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72674


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>