Resolves: #97280
Releases: main, 11.5
Change-Id: Id6b2b5bf9a200d7c0ccc6c23273bb5086d6ee50a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74154


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Resolves: #97270
Releases: main, 11.5
Change-Id: If1c899cdfd891cda5af5a502b40ab28c29830f58
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74127


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Native date/time types have a zero-value, which is '0000-00-00 00:00:00'
for DATETIME and '00:00:00' for TIME. For DATETIME values this position
in time is really special - however, for TIME values '00:00:00' it would
refer to midnight, which actually is common use case (and currently not
possible in backend forms).

Resolves: #97216
Releases: main, 11.5
Change-Id: Id77a3485e86008ff7c39319679120b2a73b0386c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73999


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

To prepare towards a deployable backend group access
rights system, some of the more obscure options are
removed to reduce overall complexity.

* TYPO3_CONF_VARS['BE']['explicitADmode'] is finally
  gone: Following a deny list approach is a flawed security
  system. TYPO3's default setting (explicitADmode=allow)
  follows the very common "Least Privileged" principle,
  so editors need to be explicitly given access to a
  CType, as is done with all other permissions.

* The only valid value for TCA config option "authMode"
  on type="select" fields is now "explicitAllow". The
  previous "explicitDeny" value is abandoned following
  the reasoning above. The value "individual" is abandoned
  since it is a very rarely used setting (not a single
  match in TER).

* With authMode="individual" being gone, the select item
  array keys on position six that could be set to "EXPL_DENY"
  and "EXPL_ALLOW" are obsolete.

* Field "explicit_allowdeny" in table be_groups is
  simplified. This was a comma separated list of
  colon separated: "table:field:value:ALLOW/DENY".
  The last "ALLOW" or "DENY" is now obsolete.

The patch removes the above handling from the core. A
TCA migration scans TCA for invalid options and adapts
them. An upgrade wizard is in place to clean up the
be_groups explicit_allowdeny field of existing rows.

Resolves: #97265
Releases: main
Change-Id: I545b08fc694e9081ad79e69e7f55f684316e7b0f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74126


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

Some followup adjustments to newly introduced
(#97013) TCA type "email".

- Remove eval "email" check in InputTextElement.
- Align TCA migration with the documentation and
  the functionality in the element, since only "null"
  "unique" and "uniqueInPid" are supported.

Resolves: #97267
Related: #97013
Releases: main
Change-Id: Icfc92c72e4dfebacacfd50b1409bffc97c6eb34e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74123


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

When core functional tests started to heavily rely
on CSV based import- and assertion files, we found
that editing such .csv files in Microsoft Excel leads
to warnings if the number of columns is not identical
for each row.

Script checkIntegrityCsvFixtures.php has then been
established to verify all rows of .csv fixture files
have the same amount of fields per file, and has been
enabled as CI job to ensure all existing fixture
files follow this.

Nowadays, this restriction feels archaic: Devs actively
working with these CSV files typically edit them in
an IDE like PhpStorm directly and don't use Excel for
this anymore. The PhpStorm plugin "Rainbox CSV" also
helps by coloring these files and other alternatives
like libreoffice do not have this 'all rows must have
same number of colums' restriction.

The patch drops the script, the runTests.sh usage and
the CI calls. This has the additional advantage that
line breaks for single fields are now possible, which
will further improve handling and readability of field
values in upcoming patches.

Resolves: #97274
Related: #83943
Releases: main, 11.5, 10.4
Change-Id: I2b4c2afc98c8471bccae1afb15e055182b563ee7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74129


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Jan Helke <jh@f7.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Jan Helke <jh@f7.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #97269
Releases: main, 11.5
Change-Id: Iec86d579af4fa8774f7ba6bd4d6b137ccefe3dd5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74125


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

With #97232 changes in ext:styleguide has been needed,
which has been provided with corresponding pull-request
for that extension.

Styleguide is updated to incorporate this change.

used command:
> composer u typo3/cms-styleguide

Resolves: #97262
Related: #97232
Related PR: https://github.com/TYPO3/styleguide/pull/312.
Releases: main

Change-Id: I1944bdbc170ff31aac08cfbe36e2152d179623e7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74122


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Luxembourgish is considered the national language of
Luxembourg and one of the three used administrative
languages, alongside German and French.

Also see https://en.wikipedia.org/wiki/Luxembourgish

This change adds support for Luxembourgish to be selected
as TYPO3 Language and to connect to TYPO3 Localizations
(XLF files, Site Configuration) by default.

Resolves: #97254
Releases: main
Change-Id: I334c1d9c00d941754f23c6a82412702796c94339
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74119


Tested-by: core-ci <typo3@b13.com>
Tested-by: Chris Müller <typo3@krue.ml>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Chris Müller <typo3@krue.ml>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

In our process of using dedicated TCA types,
the new TCA type "date" is introduced and
replaces "renderType=inputDateTime" of TCA
type "input".

Notable changes to the previous behaviour:

- the "format" option, which was already documented
  but never used in FormEngine, is now mandatory
- TCA option "max" is no longer evaluated
- The only allowed eval's are "null" and "int"

The corresponding FormEngine element class is
renamed from InputDateTimeElement to DatetimeElement.
This is covered in the ClassAliasMap.

Note: The "eval=int" seems to be superfluous since
the field value should always be stored as int in
case no native type ("dbType") is used. However,
this would be breaking and is therefore done in
a separate followup patch. This has already been
kickstarted in https://review.typo3.org/c/Packages/TYPO3.CMS/+/74027/12.

Resolves: #97232
Releases: main
Change-Id: I94c6d12759cd7787e6185ab36d2fcd60f5dc15df
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74027


Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Benni Mack <benni@typo3.org>

This patch add more explicit types to MathUtility.

Of particular note:

* isIntegerInRange(), despite its name, allows for non-ints and
  treats them as out-of-range. Types are setup to retain that
  behavior.
* convertToPositiveInteger() is the same behavior as a call to
  forceIntegerInRange() with a min of 0, thus changed to be that.
* calculateWithPriorityToAdditionAndSubtraction() was docblock
  typed to return an int, when in reality it's float|string. Both
  are changed to "float|string" rather than changing the behavior.
* Similarly, calculateWithParentheses()'s docblock changed to
  proper return type string instead of the incorrect int.

Resolves: #97203
Releases: main
Change-Id: I1c09ccff321f9a89684869e740b1b7bc16f3aa27
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73986


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves "Case in function/method call doesn't match
the case in declaration" in TcaMigration. Also fixes the
the corresponding test method name.

Resolves: #97253
Related: #97104
Releases: main
Change-Id: I38e04342505d9c9318538c12f79c58482f45eec9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74118


Tested-by: core-ci <typo3@b13.com>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

With the introduction of symfony/property-access in TYPO3 version 10
reading properties through a lazy loaded object got broken. There have
been workaround available like setting the property public so that the
symfony package can access the property.

Resolves: #92357
Releases: main, 11.5
Change-Id: Ibb383eeeee5afea69f503da0d617f22f6046936f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74072


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Torben Hansen <derhansen@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Torben Hansen <derhansen@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The unset($info['originalFile']) introduced in #90565
broke an access to that array key below in the method.
This leads to the situation that files with UTF-8
characters are not found anymore since the imageLinkWrap()
method is fed with an encoded version of the filename
and not the original file object anymore.
The patch parks $info['originalFile'] in a variable
to access it for imageLinkWrap() again.

Releases: main, 11.5
Resolves: #93716
Resolves: #90757
Related: #90565
Change-Id: I2471283bd6825c093745b2331a12737de00c105f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73983


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The styling of the checkbox in the mass
undo modal in the recycler module is
fixed by using proper DOM structure
and bootstrap classes.

Resolves: #97249
Releases: main, 11.5
Change-Id: I47f5628bc21ba53fcf86d93af587403a1ebf32b7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74092


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Resolves: #97189
Releases: main, 11.5
Change-Id: I256b62b3c877cd23ac313fbb44a7bdde97aa2abc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73974


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

In accordance with the core code base, "libs" in
"includeJSFooterlibs" must be lowercase.

Releases: main, 11.5, 10.4
Resolves: #97251
Change-Id: I0b1d25d6f22254cf7d3747cf66ab0c7e2e611628
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74113


Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

In ext:styleguide the old password field 'input_16'
has been removed, while new passwords fields, using
the new "password" TCA type, were added in a dedicated
tab to showcase #97104.

Therefore, the 'input_16' check is removed from
ElementsBasicInputSimpleCest and the dedicated
ElementsBasicPasswordCest is added, checking the
new password fields (with the "password" TCA type).

Done steps:

* updated styleguide to have min commit hash available
* removed input_16 field test from ElementsBasicInputSimpleCest
* added ElementsBasicPasswordCest with 'password_2' field as
  direct replacement for 'input_16' test. Further tests may be
  added later on.

used commands:

> composer u typo3/cms-styleguide

Related styleguide change:
https://github.com/TYPO3/styleguide/commit/31f6d4b5886e2d6403b4bea7fb7decbc73bab901

Resolves: #97250
Related: #97104
Releases: main
Change-Id: I78613f8fbca73e1bbf4b81a0fc45037fa6a4b6de
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74112


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

The contents of the column "Record" in the Recycler are escaped/encoded
twice with htmlspecialchars. This leads to the display of & when the
text contains an ampersand. Additionally some spacing was added next to
the user avatar in the collapsed row.

Resolves: #92857
Releases: main, 11.5
Change-Id: I131710895ecf7ea7ac36e26ba376853f666bdb9d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74065


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The global window.$ accessor to the jQuery instance is now
no longer provided.
Global jQuery usage has been deprecated in #86438 with the
suggestion to use JavaScript modules instead. With the
integration of browser native ES6 modules jQuery should
now be loaded as a regular module.

Some remaining cases in acceptance test are removed.
$.active == 0 checks have been no-ops as jQuery.ajax
isn't used in those components anymore
(core AjaxRequest which uses fetch() is used instead),
therefore $.active always resolved to 0.
This reveals why the additional 0.5s timeout-hack had been
added there, the method is now explicitly marked as an
explicit timeout instead of a waiting-method.

Note that window.jQuery is still provided if the
bootstrap javascript module is loaded as bootstrap JS
needs to load jQuery from the global window object.
window.jQuery global will be removed once we drop
bootstrap jquery interop (which is another breaking change).

Resolves: #97243
Related: #86438
Releases: main
Change-Id: Ib1d937e474c9be1ef08bc941ac468a8ad1c3948a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74030


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Due to the new userSession handling in TYPO3 v11, the additional
information provided in $authInfo can be removed as this is
now available in the userSession object.

Resolves: #97180
Releases: main
Change-Id: I761d05bae4923dc9b07a9ecf2100a0519df7012c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73908


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

In #95036 the table editor was moved from the separate
wizard to "inline". This implementation did not respect
"table_delimiter" and "table_enclosure".

This has been fixed by passing the delimiter and enclosure
to the table component and parse depending on the set values.

Resolves: #96536
Releases: main, 11.5
Change-Id: Id5cbeec5ad5b67c7fb108794b61f8c8dc17ef0b7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73042


Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

PHP 8.1's type system lets us add a lot more types
to ArrayUitlity's signatures, and remove some
unnecessary code in the process.

I also did a little bit of related modern-syntax
cleanup along the way, but this is mainly types.

That also lets us remove some now-unnecessary tests,
and with them some phpstan baseline entries.

Resolves: #97202
Releases: main
Change-Id: I05cd84524b42419a25ab06a9bffebcc2b90d9f6f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73984


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

Resolves: #96954
Releases: main, 11.5
Change-Id: I60366ca5155c96ccc1068cc48339b0e96318d5f8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73589


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch deprecates the usage of the RegularExpressionValidator
within the form editor. The validator will be removed from the UI
in TYPO3 v13. Our goal is to unclutter and strip the form editor
from too technical and complex concepts. Regular expressions are
difficult to understand especially for our main target group which
are editors.

An according comment has been added to the configuration files of
the form framework.

Resolves: #97016
Releases: main
Change-Id: I895f2a377c545534869b79d93102544f2a84e36e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73689


Tested-by: Elias Häußler <e.haeussler@familie-redlich.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Elias Häußler <e.haeussler@familie-redlich.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This resolves a todo for a missing usage of a filled
array called "$uniqueIds".

This array had two responsibilities:

1. For inline fields with "foreign_unique" set, all
already used unique ids must be excluded from the
select items.

2. Ensure a select field inside an inline field,
which functions as one (symmetric) side of a
mn-table, will not have the same field we are
currently in, in its select items. In short: This
prevents self-references.

The previous functionality has been restored with
added type-safety.

This functionality was probably removed by accident
during a refactoring process.

Resolves: #96487
Related: #64762
Releases: main, 11.5
Change-Id: I75d68fdaba5bdf896c336fe428652d15d760ac4c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72910


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The Folder Tree shows notifications through
FlashMessages when using the AJAX endpoint "file_process",
while the drag uploader still used the very old
"terr" XML Response (which I added in TYPO3 v4.1).

Now the file_process returns the error messages
from the flash message queue, ready to be printed
out.

The "includeMessages" is thus not needed anymore,
as message results are always sent.

Resolves: #97177
Releases: main
Change-Id: I0ded504fcfd4847e01f44440fab5230899881285
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73906


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Creating new content is usually confirmed with a blue button.
This is inconsistent with the dashboard, which uses an orange button.
This patch changes the orange button to a blue one to be consistent.

Resolves: #95098
Releases: main
Change-Id: Icd7de182403722af9b0866b69949c457e94ce192
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74064


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

When a user is no longer available (e.g. deleted),
record history entries for this user were not clear
since only the general avatar without a name was
displayed. This was especially confusing in case
the "(via XYZ)" string was displayed, which happens
if the change was done in switch user mode.

This is improved by using the "[Not found]" label.

Additionally, it now also ensures the "(via XYZ)"
information is kept, in case the corresponding user
is no longer available.

Resolves: #97245
Releases: main, 11.5
Change-Id: I701098a07eab4969eefb24016f4351aef3de88bf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74066


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Resolves: #97228
Releases: main, 11.5
Change-Id: I139a7f2dcf1e5ed35675a626b9aa496fe24061a7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74021


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

PSR-3 v2 and v3 add types, so we can switch to those now.

Because we don't fully implement PSR-3 directly, this is
a trivial change. Most of the updates are in tests and
nominally optional.

Note that composer/composer is still only v2 compatible,
not v3, so this will still only pull in v2. However, it
sets us up to automatically and safely get v3 as soon as
composer/composer is updated.

AbstractLogger is also now vestigial (it does nothing but
use LoggerTrait), so I've removed usage of it in favor of
the trait. That eliminates one autoload lookup.

Used commands:

> composer req psr/log:"^2.0 || ^3.0"
> composer req psr/log:"^2.0 || ^3.0" \
  -d typo3/sysext/core --no-update
> composer req psr/log:"^2.0 || ^3.0" \
  -d typo3/sysext/redirects --no-update

Resolves: #97242
Releases: main
Change-Id: I9089a5af216eb72c67614ab34ae126d08890a0eb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74063


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

- Move the content from the README.rst into the Documentation folder.
- The README.rst now defaults to the content of the other system extensions.
- Describe all modules
- Describe available configuration options (user TSconfig)
- Provide automatic screenshots
- Align to the new documentation standards (https://docs.typo3.org/m/typo3/docs-how-to-document/main/en-us/GeneralConventions/FileStructure.html)

Resolves: #95886
Releases: main
Change-Id: Iad905b23e53be47ae3f107f9b454dbdb15780cef
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72068


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Lina Wolf <112@linawolf.de>

Recent CKEditor4 v4.18.0 addressed several vulnerabilities:
* CVE-2022-24728 (XSS via attributes & comments)
* CVE-2022-24729 (reDoS via Dialog Plugin API)
* see https://ckeditor.com/cke4/release/CKEditor-4.18.0 for details

Mentioned known vulnerabilities are not considered relevant for the
TYPO3 backend user interface. By-passing CKEditor's XSS protection
allows to persist malicious markup in database fields, which is
mitigated during frontend rendering by typo3/html-sanitizer.

That's why this issue is handled as regular bugfix.

Executed commands:
  cd Build/
  nvm use
  yarn add ckeditor4@^4.18.0
  rm -r ../typo3/sysext/rte_ckeditor/Resources/Public/JavaScript/Contrib/
  yarn exec grunt build

Resolves: #97239
Releases: main, 11.5, 10.4
Change-Id: I3be12120c316b334e7efd237d0300e6d3cd165a8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74056


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>

In the process of using dedicated TCA types,
the new TCA type "password" is introduced and
replaces "eval=password" and "eval=saltedpassword"
of TCA type "input".

Notable changes to the previous behaviour:
- "trim" is always done in DataHandler and FormEngine
- Password field is rendered as input type=password
- The input field has by default "autocomplete=off"

The TCA type "password" introduces the new configuration
"hashed", which can be set to "false", if the field value
should be saved as plaintext to the database. This
configuration has no effect for the tables "fe_users" and
"be_users".

Resolves: #97104
Releases: main
Change-Id: Ia48296291a61df6802ef21105b38b4f508b7a11c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73832


Tested-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Recent guzzlehttp/psr7 versions address vulnerability CVE-2022-24775.
Mentioned known vulnerability is not considered relevant for the
TYPO3 core. That's why this issue is handled as regular bugfix.

Commands executed:
  composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2"
  composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2" \
    -d typo3/sysext/core --no-update

Resolves: #97240
Releases: main, 11.5, 10.4
Change-Id: I915b5620140912ecf1e0dc5bc887f4cc25ffb85a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74059


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

This introduces a new PSR-14 event, enabling
extension authors to modify the preview url within
the image manipulation element, used e.g. for the
`crop` field of `sys_file_reference`.

This replaces the previously available hook
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['Backend/Form/Element/ImageManipulationElement']['previewUrl']
which is therefore now removed.

Resolves: #97230
Releases: main
Change-Id: I56bb2111d85994c13acfc8ae074cac3d61933145
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74025


Tested-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Using the hook
['Backend/Form/Element/ImageManipulationElement']['previewUrl'],
one can define a preview url for the image
manipulation wizard. If defined, a button
is displayed, opening the defined url in a
new window, while adding the crop variants
as an additional query parameter.

However, the query parameter was previously
always added using "&" which failed, in case
the defined preview url does not already define
query parameters.

This is now fixed by properly checking whether
the url already contains further parameters when
adding the crop variants.

Resolves: #97236
Releases: main, 11.5
Change-Id: Iedfdfa10db036490a4a801b1614ad99016f0bdc3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74029


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

TYPO3 allows to install incompatible extensions for a very long time,
but distributions were missed when this feature was introduced.
This patch now offers the same "Dependencies could not be resolved"
dialog for distributions that miss dependencies.

As this dialog is now used in different contexts, the "Go back" action
has been made configurable.

Resolves: #80219
Releases: main
Change-Id: If429164e539d9c3c984477cfdcb2568a59891117
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74024


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

This introduces two new PSR-14 events, enabling
extension authors to modify the enabled controls as
well as the corresponding controls' markup for
FormEngine inline elements.

This replaces the previously available hook
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tceforms_inline.php']['tceformsInlineHook']
which is therefore now removed.

The hook required implementations to implement
the InlineElementHookInterface, which is now
deprecated as it's unused due to the hook removal.

Resolves: #97231
Releases: main
Change-Id: I669d759c554d4a2d3ed24f65013c74d54038a0af
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74026


Tested-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Resolves: #97211
Releases: main, 11.5
Change-Id: Ic0165c1c88bae6ef5206d79691aa5918762dc14c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73995


Tested-by: core-ci <typo3@b13.com>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>