- Jul 15, 2020
-
-
Oliver Hader authored
* streamline variable names * streamline method names * preparation for additions in the future Resolves: #91805 Releases: master, 10.4 Change-Id: Iaa16cfcbcda7adbd48838a498f2f459d97f4ef18 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65042 Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
-
- Jul 10, 2020
-
-
Andreas Fernandez authored
TYPO3 now ships a new module acting as wrapper for `sessionStorage`. It behaves similar to `localStorage`, except that the stored data is dropped after the browser session has ended. Resolves: #91738 Releases: master Change-Id: I221ac1ea7b8a8a24b8490d7ddf55b92775e37d81
-
- Jul 07, 2020
-
-
Andreas Fernandez authored
Instead of generating the URL to the backend login, the URI of the current request is now used for the referrer check in backend login. This fixes a redirect issue with password recovery links opened via email. The anchor-based reload detection has been replaced with a localStorage-based solution as browsers don't trigger a new request if the target location is already loaded, but only an achor is appended to the URL. Resolves: #91442 Releases: master, 10.4, 9.5 Change-Id: I577bdd8ce75c94f864852f812c0b8ad66f0d5634
-
- Jun 29, 2020
-
-
Andreas Fernandez authored
nprogress is used to indicate activity when a collapsed IRRE node is about to get loaded. In case of FlexForms the id attribute may contain a dot which is not an issue if handled correctly. However, nprogress doesn't treat this value as an id, but rather as a full CSS selector which causes issues and breaks loading the IRRE node. To work around this issue, the id of the container used to render the progress bar is now MD5 hashed. Resolves: #91585 Releases: master, 10.4 Change-Id: I893d0cf24ea0f384d9ffff4d84f83b0fa35341b7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64783 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
Daniel Goerz <daniel.goerz@posteo.de> Reviewed-by:
-
Andreas Fernandez authored
The JavaScript modules now utilize the native String.prototype.trim function to trim whitespaces off string where jQuery's trim was used before. Resolves: #91683 Releases: master, 10.4 Change-Id: I5c7a25e508e7e052339f2969a5725593e110a3a1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64932 Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
- Jun 20, 2020
-
-
Andreas Fernandez authored
The JavaScript functions TBE_EDITOR.fieldChanged_fName` and its legacy alias `TBE_EDITOR_fieldChanged_fName` used to extract the table name, field name and uid from the incoming field name have been removed. As a drive-by bugfix, the undefined variables `TBE_EDITOR_setHiddenContent` and `TBE_EDITOR.setHiddenContent` have been removed as well. Resolves: #91578 Releases: master Change-Id: I528fde709367d5d474b846f347a3770d15b1a227 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64678 Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Andreas Fernandez authored
Some modules have been rewritten to not use jQuery in the past. However, there was still a dependency due to missing `ready` handling. Since recent changes TYPO3 is capable of such handling and enables to remove jQuery completely from some modules. Resolves: #91598 Releases: master Change-Id: I23fa63f9090eee8abc49cd1993df27bec12d92e2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64832 Tested-by:
-
- May 31, 2020
-
-
Nikita Hovratov authored
eot, otf and ttf font formats were used to support very old browsers like <= IE8. Since TYPO3 v10 does only support modern browsers, these formats can be safely removed. Used commands: >yarn remove npm-font-source-sans-pro >yarn add source-sans-pro >grunt build Resolves: #90904 Releases: master, 10.4 Change-Id: I0676bcdb2bc70454f73027e8e216bb889c419a57 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64596 Tested-by:
Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
-
- May 29, 2020
-
-
Andreas Fernandez authored
Resolves: #91486 Releases: master Change-Id: I4767e5395aad52fbe14f37d74af37609cd69e4ff Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64445 Tested-by:
-
Andreas Fernandez authored
The library md5.js has been removed in favor of the TYPO3/CMS/Backend/Hashing/Md5 module. Resolves: #91485 Releases: master Change-Id: I3e6e3419ddf84a5790421ba1117d78219a880b96 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64446 Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Daniel Haupt <mail@danielhaupt.de> Reviewed-by:
-
- May 28, 2020
-
-
Andreas Fernandez authored
Resolves: #91484 Releases: master Change-Id: Ic589bd298b4f6892bb0459a1396d2d2b95d456f7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64447 Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
-
Andreas Fernandez authored
The module `jquery.clearable` has been removed in favor of TYPO3/CMS/Backend/Input/Clearable. Resolves: #91483 Releases: master Change-Id: I52d14faed7e871dab9e79af5e2af4e9ebd7b5c67 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64448 Tested-by:
-
- May 15, 2020
-
-
Andreas Fernandez authored
When a null placeholder checkbox is changed, the linked form field is now marked as "changed", which triggers the confirmation when leaving the form while being unsaved. Resolves: #91351 Releases: master, 9.5 Change-Id: I1b3ac08223a4a4c588a980abe70f22ff9814b13f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64444 Tested-by:
Josef Glatz <josefglatz@gmail.com> Tested-by:
Xavier Perseguers <xavier@typo3.org> Tested-by:
Susanne Moog <look@susi.dev> Reviewed-by:
-
Oliver Hader authored
HTML element with identifier `t3js-login-url` is used to check whether referrer handling is activated and suported. In case the `Login.html` template has been overridden, mentioned element might not be given at all - which leads to a corresponding JavaScript error. Resolves: #91385 Releases: master, 9.5 Change-Id: Ie986a94209809c32cdfb217aa00b42f4369c525a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64484 Tested-by:
-
- May 14, 2020
-
-
Daniel Siepmann authored
A context can be provided, when opening the CSH (Context Sensitive Help). E.g. when opening the CSH for a backend module or specific table field, the help entry for that module or field will be opened. This patch restores the described functionality by adding the action to the link opened via JavaScript. The "see also" links, used for cross referencing different CSH entries are fixed as well. Cross referencing links are now build using the proper ViewHelper to use backend module routing, instead of extbase routing. This ensures arguments are not moved into an arbitrary extbase plugin namespace. Resolves: #91370 Releases: master Change-Id: Ib6361e5a5f4ef441e098a595fa344f484a07ddc0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64477 Reviewed-by:
Sebastian Klein <laitnin@gmx.net> Reviewed-by:
-
- May 12, 2020
-
-
Oliver Hader authored
Cross-site scripting in same-site/same-origin context most probably allows bypassing tokens that usually protects against cross-site request forgery - basically that is obvious when focusing on "cross-site" and "same-site" terminology. To mitigate these scenarios, same-site requests from outside`/typo3/` URI path - which is used to access the backend user interface - now have to provide an HTTP `Referer` header which is enforced for global routes potentially containing CSRF tokens. In general all routes that switch their state internally from `public` to `restricted` are relevant in this scenario. If really necessary, the behavior can be disabled using corresponding feature switch `security.backend.enforceReferrer` in TYPO3_CONF_VARS. Resolves: #90681 Releases: master, 9.5 Change-Id: Id410fa73f1029cb131356e44b64637a5f12381e5 Security-Bulletin: TYPO3-CORE-SA-2020-006 Security-References: CVE-2020-11069 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64470 Tested-by:
-
- May 11, 2020
-
-
Andreas Fernandez authored
Each link triggering the "New content element" wizard is now initially disabled and gets enabled once the according module has been loaded and initialized. Resolves: #91165 Releases: master Change-Id: Ic4073faa5bd97f9b50bb8c3ada6864539c0ae63f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64307 Tested-by:
Chris Müller <typo3@krue.ml> Tested-by:
-
- May 09, 2020
-
-
Andreas Fernandez authored
It's safe to use getElementById() instead of querySelector() in case an element is fetched by its ID. Numbers for nerds: getElementById() is nearly 1.5x faster than querySelector(). To be fair, both functions are really fast with executing multiple million operations per second, thus nobody will notice a performance impact. See https://www.measurethat.net/Benchmarks/ShowResult/106740 Resolves: #91254 Related: #91183 Releases: master Change-Id: I2ed590d20c9af66ce818f012ac73ec45c5c9fa55 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64384 Tested-by:
-
- May 04, 2020
-
-
Andreas Fernandez authored
This patch resets the `window.opener` for the entire TYPO3 backend and loads modules using this only in an authenticated environment. This solves an issue when `window.opener` is accessed and the login or backend were opened from a link, e.g. the password reset mail. Resolves: #91270 Resolves: #91205 Releases: master, 9.5 Change-Id: I83bdbfa7dfb80fbcd92ac4a000a6479aad22a73a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64394 Tested-by:
-
Oliver Bartsch authored
The ElementBrowser which is typically used for type=group, can be disabled via the `fieldControl`. This configuration is now also respected by the TableList buttons, which are also links for the ElementBrowser. Resolves: #88979 Releases: master, 9.5 Change-Id: Ib48586207480e4e61403ad6b0b694b51ee6e38c2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64076 Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
-
Oliver Hader authored
* allows custom events to bubble up in DOM tree * ensures that custom events are dispatched at those elements that initially contained the `data-event-name` attributes Resolves: #91186 Releases: master Change-Id: I0c5951a573bba0bbe73967ffcecf5dcfeae2e2f2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64311 Tested-by:
-
- May 03, 2020
-
-
Andreas Fernandez authored
IRRE relied on the HTML comment `<!--notloaded-->` to detect whether a record is already loaded or not. As this might collide with HTML minification, the comment has been replaced with a class placed in the panel. Resolves: #91258 Releases: master Change-Id: Ibe890317bdcb9707a71de1168de0d404fb3c67a4 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64385 Tested-by:
-
- May 02, 2020
-
-
Oliver Hader authored
Resolves: #91265 Releases: master, 9.5 Change-Id: I5e413f91ae92ba666a74606767c4ecd081407f79 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64389 Tested-by:
-
- May 01, 2020
-
-
Andreas Fernandez authored
The InlineControlContainer tried to fetch elements via `querySelector()` previously. This fails once the selector contains a character that has a specific meaning for the whole selector, e.g. a dot. Having a selector `#foo-bar-settings.test` instructs the query selector to fetch an element matching the ID `foo-bar-settings` and the class `test`. As we handle IDs only, we can safely use `getElementById()` which doesn't have the previously mentioned implications. Resolves: #91183 Releases: master Change-Id: I63d23428ee548140f42e2c551d155ac829a2b596 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64343 Tested-by:
Raphael Zschorsch <rafu1987@gmail.com> Tested-by:
Armin Vieweg <armin@v.ieweg.de> Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
-
- Apr 29, 2020
-
-
Oliver Hader authored
Resolves: #91229 Releases: master, 9.5 Change-Id: Ieb6211252a74983a89b7a1057574a1ebe29ae390 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64341 Tested-by:
-
- Apr 28, 2020
-
-
Benjamin Franzke authored
The existing "inline" rendering for icons causes bitmaps to be rendered for SVG-inline usage using the <image> tag. This tag can not be rendered in HTML context. The backend module menu uses inlined SVGs. Rendering bitmap icons with SVG-syntax, without an SVG root element, does not work in this context. (Note: It works in SVG trees because the optional svg container is removed by SvgTree.js and the image-tag is wrapped into a new <g> element) We do now wrap "inline" bitmap icons into an svg tag, which will fix the bitmap module case while the bitmap icons will still be embeddable into svg groups (<g>) for svg trees. Resolves: #89558 Related: #89206 Releases: master, 9.5 Change-Id: Ifaec3e697a45ba37b1ee23c0369414ce431cf4e8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64325 Tested-by:
Frank Nägler <frank.naegler@typo3.org> Reviewed-by:
-
- Apr 22, 2020
-
-
Oliver Hader authored
This change aims to reduce the amount of inline JavaScript by removing `onchange` or `onclick` events and dynamically created JavaScript code/settings. * adjusts invocations of top.TYPO3.InfoWindow.showItem * adjusts low-level inline `onchange` and `onclick` events Both JavaScript modules `TYPO3/CMS/Backend/GlobalEventHandler` and `TYPO3/CMS/Backend/ActionDispatcher` are required to actually handle these new triggers and correpsonding events - that's why they are loaded in `ModuleTemplate` and deprecated `DocumentTemplate`. Resolves: #91117 Releases: master Change-Id: Ie7012445d09c3aee253548cb3057c8e9e4b86809 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64242 Tested-by:
-
- Apr 20, 2020
-
-
Oliver Hader authored
This change aims to reduce the amount of inline JavaScript by removing `onchange` or `onclick` events and dynamically created JavaScript code/settings. There are still a couple of aspects that need to be solved in a general way - e.g. assigning global language labels (`TYPO3.lang`) or settings (`TYPO3.settings`). * extracts inline JavaScript from controllers & templates * GlobalEventHandler is extended to deal with custom scenarios that acutally would trigger a browser navigate events (e.g. changing a select drop-down leads to a document refresh) * ActionDispatcher is introduced to listen and delegate events to global TYPO3 modules in `top` window scope Resolves: #91015 Releases: master Change-Id: I67bf70bba1890c0ef966a08d96823ad91b1d4167 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64130 Tested-by:
-
- Apr 19, 2020
-
-
Oliver Hader authored
Module TYPO3/CMS/Core/DocumentService provides native JavaScript functions to detect DOM ready-state returning a Promise<Document>. `$(document).ready(() => {...});` can be replaced by `documentService.ready().then(() => {...});` Resolves: #91122 Releases: master Change-Id: Id812f786430f1ced6265493dd0bae472b8144588 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64241 Tested-by: -
Andreas Fernandez authored
When the MultiStepWizard is used with additional click events bound to the next or prev button, those event got stacked as the buttons don't change per step. To fix this issue, all click events are removed after switching a step and the original click event to switch the step is bound again. Furthermore the 'savePath' for duplication of a form is now correctly set if there is only one folder available and therefore no select element present in the modal. Resolves: #91094 Releases: master Change-Id: Ic95d2222441c8e1e8cf9fb46e5e7437d4e4ed85e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64214 Tested-by:
Christian Eßl <indy.essl@gmail.com> Reviewed-by:
-
- Apr 18, 2020
-
-
Christian Eßl authored
Resolves: #91103 Releases: master Change-Id: If342b9bf69574b54d598e342c3bb2773dba582cb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64224 Reviewed-by:
Alexander Schnitzler <git@alexanderschnitzler.de> Reviewed-by:
Jonas Eberle <flightvision@googlemail.com> Reviewed-by:
-
- Apr 17, 2020
-
-
Andreas Fernandez authored
The page module now doesn't try to update the flag icon of a dragged record if the page module is not in "language" mode as the required information is not available. Resolves: #91096 Related: #90693 Releases: master Change-Id: I1c796a6f4b00761f3310335cf45256d75a7e3bc5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64218 Tested-by:
Richard Haeser <richard@maxserv.com> Tested-by:
-
- Apr 16, 2020
-
-
Oliver Hader authored
This change aims to reduce the amount of inline JavaScript by removing `onchange` events. * extracts inline JavaScript from templates * introduces `TYPO3/CMS/Backend/GlobalEventHandler` module * adjusts PHP type-hints to their correct & actual values Resolves: #91052 Releases: master Change-Id: If92391bd48f89df57fbb0ed6f8b0936da0e1a49d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64191 Tested-by:
-
- Apr 15, 2020
-
-
Oliver Hader authored
This change aims to reduce the amount of inline JavaScript by removing `onchange` or `onclick` events and dynamically created JavaScript code/settings. There are still a couple of aspects that need to be solved in a general way - e.g. assigning global language labels (`TYPO3.lang`) or settings (`TYPO3.settings`). * allows `Modal` confirmation to emit `ModalResponseEvent` * extracts inline JavaScript from controllers & templates * introduces `BroadcastChannel` in `nav_frame` (folder tree) * uses plain links (`<a href="..."`) where applicable * updates folder tree when navigating in browser history Resolves: #91016 Releases: master Change-Id: Ied6a626e09df07bd1a240b9b6b4250cd6fff4c8a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64154 Tested-by:
-
Andreas Fernandez authored
Resolves: #90941 Releases: master Change-Id: If205ab5308c0f1bb7e935a53bebee41e7b9e2fd2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64061 Tested-by:
-
- Apr 14, 2020
-
-
Andreas Fernandez authored
To improve the user experience, the search filter in the "New Content Element" wizard is automatically focussed when the modal appears. Resolves: #91014 Releases: master Change-Id: I3e0f18bd454955af63cd797138de7b2118d9d2ac Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64129 Tested-by:
-
- Apr 06, 2020
-
-
Josef Glatz authored
Add related links for each upgrade documentation file at the end: - link to forge issue - link to rendered rST document This makes it possible to - read the documentation as rendered html with on click - easily share an upgrade document with others - open the related forge issue Resolves: #90923 Releases: master, 9.5 Change-Id: Iedf874e31b7026a55275d6073d645e875dab1b6c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64044 Tested-by:
Daniel Siepmann <coding@daniel-siepmann.de> Tested-by:
-
- Apr 04, 2020
-
-
Georg Ringer authored
Integrators are now able to compare individual backend usergroups. Backend usergroups are used to split permissions into smaller parts which can be later assigned to a backend user. This feature makes it possible to compare the defined permissions including the ones inherited from sub groups. Resolves: #90826 Releases: master Change-Id: Ic2306be7091c0001c293bcc8622c4d6ea16776ea Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63890 Tested-by:
-
- Apr 03, 2020
-
-
Georg Ringer authored
Use buttons instead of span tags to make the module more accessible. Resolves: #90872 Releases: master Change-Id: Id183fa8de13ec3bea992cb9cdbe851127b1bc15c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64000 Tested-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
-
- Apr 02, 2020
-
-
Andreas Fernandez authored
To improve the UX of null placeholder checkboxes (e.g. used in sys_file_reference) its assigned text field is now automatically focused if such checkbox gets disabled. Resolves: #90879 Releases: master Change-Id: I5228f49d58276d3c6fc1d19275ca9e92cbdb2f91 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64001 Tested-by:
-
