Change-Id: Ieb3823ad72fe41875484dfc25c8f1eea1feef917
Resolves: #39906
Related: #39726
Reviewed-on: http://review.typo3.org/13869
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Move the default styles of ext:form to TS in
plugin.tx_form._CSS_DEFAULT_STYLE. This way it can be disabled with
TypoScript either via plugin.tx_form._CSS_DEFAULT_STYLE >, and also
respects the config.removeDefaultCss setting.

Change-Id: Ie2b0c397124f06ec32114983e78dd60b4229ce97
Resolves: #32480
Releases: 6.0
Reviewed-on: http://review.typo3.org/11932
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog

For 6.0 a new extension manager based on
extbase was developed. Goal of this extension
manager is not to be the most feature rich
but easy to use extension managers.

Therefore the whole extension manager was
restructured and some features where removed:
* language handling -> will be an own extension
* file editing -> can be done via other extensions
* upload extension -> will be integrated into extdeveval

This patch adds the base extension manager.
Styling and JS fine tuning will be done afterwards.

Please test the given functionality carefully and
report as many bugs as you can find to the project
at forge (TYPO3 6.0 > Extension Manager).

Change-Id: I28ef14401f40e239e5ea235af2be3e431fb8789d
Resolves: #39726
Releases: 6.0
Reviewed-on: http://review.typo3.org/13612
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

TYPO3 stores date and date/time values as a Unix timestamp.
This feature allows native database types to be used instead.

Native fields must be marked in the TCA using the key "dbType":

'my_native_date' => array(
    'exclude' => 0,
    'label' => 'My native date',
    'config' => array(
        'dbType'   => 'date',
        'type'     => 'input',
        'size'     => '8',
        'max'      => '20',
        'eval'     => 'date',
        'checkbox' => '0',
        'default'  => '0'
    )
),

Supported types for "dbType" are: date, datetime

Change-Id: I078047abd7a93e16cfca7f1fec3fe52109c6d347
Resolves: #38965
Releases: 6.0
Reviewed-on: http://review.typo3.org/12808
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog

Some tests for t3lib_log are failing in some cases, because
the fixture classes are not available. They are available
when executing the tests with the phpunit backend module
because the files are named *_test.php, recognized as
test files and thus required.

To avoid this confusion, the fixture classes are now moved
to a fixture directory and renamed so that they not end with *_test.php
To be consistent the class names are also renamed.


Change-Id: Ia5efce2909111b79ed6c836c4c704a78faacdc65
Fixes: #39885
Releases: 6.0
Reviewed-on: http://review.typo3.org/13854
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Allow easy comparison like:
[globalVar = TSFE:id = 10|12|15]   (in list)
[globalVar = TSFE:id != 10|12|15]  (not in list)

Change-Id: Iae920720ae6058c2cd741f74204c2fbce779e00f
Resolves: #39700
Releases: 6.0
Reviewed-on: http://review.typo3.org/13589
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Ingo Renner
Tested-by: Ingo Renner

Change-Id: I58ec40a9ede4458374a33317e861a3064e518e2b
Resolves: #39712
Depends: #39738 (Documentation)
Releases: 6.0
Reviewed-on: http://review.typo3.org/13604
Reviewed-by: Ingo Renner
Tested-by: Ingo Renner
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

This changeset implements the sectionIndex setting
"useColPos" that can be used to change the colPos
query filter. A negative value drops the filter
completely. Only integers are allowed as values
and stdWrap is possible.

Example:
tt_content.menu.20.3.1.sectionIndex.useColPos = -1

Change-Id: Ic65cdee014aa7972e3d28504a678a001355ed312
Resolves: #21142
Releases: 6.0
Reviewed-on: http://review.typo3.org/11251
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Stefan Galinski
Tested-by: Stefan Galinski

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: I141efa5ad610bda4608f65c136af472cc3c4ec73
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 1063d380e3532b69c24800f20b1127af70f820a0
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13774
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

This patch adds htmlspecialchars to page link target to prevent
XSS.

Change-Id: I5e9f07ec7465cd8658c4761328b394559cf9a53b
Fixes: #32653
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 5de8ebf8a53e744fa9ce06a9e02835c7a637a664
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13773
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Properly quote the form name and field list
for the JavaScript validation

Fixes: #25052
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I328a3a39e3034c55de96d403994a450d9397f389
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13772
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Properly encode field labels that are set via TSConfig.

Fixes: #25356
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ie61322d25c28cf953d3662fbd78febf64a21a970
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13771
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

The scheduler test-task that sends an email does not properly
sanitize the input of the email field when rendering the editing
form of that task.

Change-Id: Ic77e50b339488acb5b811e35aaa558e26ac6193e
Fixes: #30967
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: d72a6e273edb2e249c1f544f0d6b7139aecdc825
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13770
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Add support for HTML5 tags and attributes in RemoveXSS.

Change-Id: I4c51967b213b9bfe532887767a9b1cdcb182e9d7
Fixes: #37127
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 6ad77fddb6e264cd2ef763446c79a30a6cee0a2a
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13769
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

The configuration module showed the encryption key as plaintext.
For this view, the encryption key is masked and it's length is
shown instead, e.g. "***** (length: 96 characters)"

Change-Id: I16145e76a60d15d8e9575ef0cc5cf3cd54b1b6b1
Fixes: #39345
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: c9b4932c07d1b95c47e5c184b74c2d3493db3b06
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13768
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Using the old and already deprecated CSH handling in TYPO3 backend,
untrusted GP data is unserialized. There's no longer a code path
in TYPO3 to generate the GP data. So we can safely remove all
leftovers.

Change-Id: I522cc774e65754ebbf05e6d1df65da41e7ab3f8a
Fixes: #33520
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: ac048ef7f8a789b218c2fa170747122beb594277
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13767
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Indexed Search statistics module is vulnerable to
persistent XSS attack injected by arbitrary frontend users.

Change-Id: Ieb87cfff20a5e49522a2410d24a3b2ae141535a0
Fixes: #31927
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 9aa89980af0db90bfc535f4858fc61036c3d8170
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13766
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

When t3lib_div::quoteJSvalue() was used with second
parameter set to TRUE closing HTML script tags were
not escaped correctly.

Now every character except harmless ones is encoded
to a hex representation.

Change-Id: I4ce17c924458bc4db659b2d37e7932cc9b0c340d
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #23226
Security-Commit: ee1778ab0c7b4525dbabab4fcb94eb112b767e69
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13765
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

Change-Id: I5484ffc0b383ccf14fdf9252514a324c26bc74e0
Reviewed-on: http://review.typo3.org/13734
Reviewed-by: TYPO3 Release Team
Tested-by: TYPO3 Release Team

Class t3lib_file_exception_abstractFileOperationException is never
thrown itself and only extended. It should be abstract.

Change-Id: I98611945801259cb9aa9ee24e6aa6649d327e179
Releases: 6.0
Resolves: #39817
Reviewed-on: http://review.typo3.org/13696
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

t3lib_treeView is the base class for trees and is always
extended by other classes for specific trees.
The patch adds the abstract keyword to the class declaration.

Change-Id: I5a54f1339ccf84c16671d0dd19bb4bc9d1f5747c
Resolves: #39816
Releases: 6.0
Reviewed-on: http://review.typo3.org/13695
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Class t3lib_recordList is a base class for record lists
that is only extended by other classes. It can not be used
standalone and should be abstract.

Change-Id: I35ea02164726c6befda4edaa0d5c3eed027b18c0
Releases: 6.0
Resolves: #39815
Reviewed-on: http://review.typo3.org/13694
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

The base class of sub-sub-modules is always exentended
by specific classes and should be declared abstract.

Additionally, some reformatting of the main comment
header is done.

Change-Id: Ib95005f906a5c7c5fc30ae38ba07f99f9b6b8611
Releases: 6.0
Resolves: #39813
Reviewed-on: http://review.typo3.org/13693
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

t3lib_userAuthGroup is an abstract class that is only extended by
t3lib_beUserAuth. The comment states for ages that the two classes
could be merged. The patch merges all properties and methods from
t3lib_beUserAuth to t3lib_userAuthGroup and deprecates the latter.

Change-Id: Iaf12dd6b3f3aba36f5b87efc38ae60962a5f5bd9
Resolves: #39538
Releases: 6.0
Reviewed-on: http://review.typo3.org/13467
Reviewed-by: Oliver Klee
Reviewed-by: Wouter Wolters
Reviewed-by: Felix Kopp
Reviewed-by: Stefan Neufeind
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

When building the core registry a call to t3lib_extMgm::extPath() is done
for every extension of the LocalConfiguration/localconf.php
Sometimes the extension is not installed anymore which was never a problem
in earlier versions.

The change catches the exception and ignores this extension when building
the registry.

Change-Id: I79e34758617675957c732bbd533302adbb2edab0
Resolves: #39649
Releases: 6.0, 4.7, 4.6
Reviewed-on: http://review.typo3.org/13541
Tested-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Reviewed-by: Oliver Klee
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

jsmin.php has a non free license. See referenced bug report for
details. This patch replaces jsmin.php with a hook to provide a
way for extensions to implement own compression algorithms.

Change-Id: I1fc5bfe29aaa20692c4323dd28d5c0a95863cf3d
Fixes: #31832
Releases: 6.0
Reviewed-on: http://review.typo3.org/6682
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Change-Id: Ia055fb8aceb50271bf25e5d15b56d9dcde13a5aa
Fixes: #39600
Releases: 6.0, 4.7
Reviewed-on: http://review.typo3.org/13613
Reviewed-by: Tobias Liebig
Tested-by: Tobias Liebig
Reviewed-by: Wouter Wolters
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

The TYPO3 core has more than one class with the name "localPageTree"
This is not very good, because this classes can`t be loaded via
autoloader due to same names.
The autoloader don`t know which must be loaded.

Solution: Lets clean this mess up!

This patch will handle the localPageTree class in EXT:impexp

Change-Id: I439ddfce66a6d68ddbc774f36e1f285c41cd62e0
Fixes: #38756
Related: #38754
Releases: 6.0
Reviewed-on: http://review.typo3.org/12710
Reviewed-by: Wouter Wolters
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
Reviewed-by: Stefan Neufeind
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Created new AI and PDF files for the install tool image processing
section with the current TYPO3 Logo and the Share Font.

Change-Id: I5e552ce5294d80e5fc80670d90557b64985c9038
Fixes: #37720
Releases: 6.0
Reviewed-on: http://review.typo3.org/12658
Reviewed-by: Mario Rimann
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Stefan Neufeind
Reviewed-by: Felix Kopp
Tested-by: Felix Kopp
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

TYPO3 shipped with 1.8b1 already.
Final is out meanwhile.

Change-Id: Ia418fb63d22f518a9224ad1cc4c183817acdd12a
Resolves: #39705
Releases: 6.0
Reviewed-on: http://review.typo3.org/13591
Reviewed-by: Daniel Sattler
Tested-by: Daniel Sattler
Reviewed-by: Philipp Gampe
Reviewed-by: Helmut Hummel
Reviewed-by: Felix Kopp
Tested-by: Felix Kopp
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

The reports module can be done with extbase

Change-Id: I6f40dca7d3d5dc84af0788a573f1caa669d773ec
Resolves: #39427
Releases: 6.0
Reviewed-on: http://review.typo3.org/13418
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

At the moment it's not possible to use higher IDs as 255 for e.g.
section_frame or layout. Higher integer ranges for ids are useful to
structure your work on bigger installations.

Change-Id: I389dd2c2d32f4d80fa74d1065fb148c75accd782
Resolves: #39773
Releases: 6.0
Reviewed-on: http://review.typo3.org/13636
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Change-Id: Icddd3a865af52e5ca4e6ef60839fbd53b37a833d
Releases: 6.0
Reviewed-on: http://review.typo3.org/13619
Reviewed-by: Steffen Gebert
Tested-by: Steffen Gebert

The page module should also list the content elements
with language set to "All". Now elements set to "All" are displayed
in all languages, not only with the default language.

Change-Id: I2b0875e1993b3af29fbdec4f700b16a7c56696d8
Fixes: #24087
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12185
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
Reviewed-by: Stefan Neufeind
Reviewed-by: Felix Kopp
Tested-by: Felix Kopp
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Change-Id: Icf8567dc009d86b9795823009572555422f5c7ad
Resolves: #39739
Releases: 6.0
Reviewed-on: http://review.typo3.org/13617
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

Patch 1ad2cb85 for issue #39706 broke some iconWorks tests in
cli context. Solution is to make the initialize method of the sprite
manager a bit smarter. This allows a delayed initialization,
for example in unit tests that need it.

Change-Id: Ib1f85446cf5304b03c29e52e5be588ed12f9b0de
Resolves: 6.0
Releases: #39717
Related: #39706
Reviewed-on: http://review.typo3.org/13606
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

If the sprite manager is initialized in the frontend with empty caches,
the cache content will not be rendered correctly due to missing
information in frontend scope.
Solution is to not initialize the sprite manager in frontend and cli
context at all, they are not needed anyway. feedit works as before.

Change-Id: I5949f10d2383f4c259e0d86efe85960589ccf1a1
Resolves: #39706
Releases: 6.0
Reviewed-on: http://review.typo3.org/13592
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

Due to the change to hmac to generate the hash for 
the session save path in #39653 one is now logged out 
of the install tool when changing the encryption key.

Change the encryption key at runtime and ensure that the 
new session directory is created to avoid the logout.

Change-Id: Ia4625105b5c26fb7bfafd92f51d22a4466f5ca34
Fixes: #39688
Relates: #39653
Releases: 6.0
Reviewed-on: http://review.typo3.org/13569
Reviewed-by: Philipp Gampe
Tested-by: Philipp Gampe
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

The function addElement needs to have an array as third argument.

Change-Id: Ief786c358476da4d691cb89212b19c397b4a353f
Fixes: #39678
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13559
Reviewed-by: Michael Cannon
Reviewed-by: Mattias Nilsson
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Change-Id: I4e4747ceb4470bec97e640b1c36d8da7df922722
Resolves: #39670
Releases: 6.0
Reviewed-on: http://review.typo3.org/13553
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn