- May 24, 2016
-
-
Helmut Hummel authored
Instead of only checking for valid request arguments by using a hmac, we now check the complete request including action, controller and vendor to avoid spoofing these arguments and bypassing other security checks during forwarding to the referring action. Additionally, ReferringRequest is now separate from regular Request. The meaning of properties starting with "@" is only valid for processing a referring request. To avoid mixed concerns in using the same Request implementation for regular requests and referring requests, they are separated now. Resolves: #76231 Resolves: #76256 Releases: master, 7.6, 6.2 Security-Commit: 3562e177f1720e62cab84232dcc67c580a3cc3db Security-Bulletin: TYPO3-CORE-SA-2016-013 Change-Id: Ic94e11341df98c1326dc73c92a5c9e061a64cc9e Reviewed-on: https://review.typo3.org/48258 Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
-
- May 18, 2016
-
-
Andreas Fernandez authored
Using `children()` to get the option tags from the select fields will fail if the select field contains `optgroup` tags (e.g. rendered by a hook). This patch replaces `children()` with `find()` to cover this edge case. Resolves: #76097 Releases: master, 7.6 Change-Id: Ib80f422d465d9e48232b1820e524a01a97eb94e6 Reviewed-on: https://review.typo3.org/48044 Reviewed-by:
Frank Naegler <frank.naegler@typo3.org> Tested-by:
Daniel Goerz <ervaude@gmail.com> Reviewed-by:
Nicole Cordes <typo3@cordes.co> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
-
Andreas Fernandez authored
The message in the extension manager that notices about installing a conflicting extension contains HTML. As all output is encoded by default, the HTML is obviously also encoded. Wrap the text in `f:format.raw` to decode the HTML and get a functional list again. Resolves: #76214 Releases: master Change-Id: I0b31b907d95679b528a2dc8422cd41c497fe8ec3 Reviewed-on: https://review.typo3.org/48202 Reviewed-by:
-
Tomita Militaru authored
Removes the htmlspecialchars from the rendering of page content titles / tooltips. Resolves: #76149 Releases: master, 7.6 Change-Id: Ia5ad3df56101fe3962e4a5814df53dabdf5a4bbc Reviewed-on: https://review.typo3.org/48106 Reviewed-by:
Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
-
Helmut Hummel authored
Instead of calling the driver registry on every request, we can cache the TCA addition, by putting the call into overrides. Resolves: #76102 Releases: 7.6, master Change-Id: I8cfc72f0e7dbb133eecc754fd3cb774637a0d4bf Reviewed-on: https://review.typo3.org/48047 Reviewed-by:
-
- May 17, 2016
-
-
Oliver Hader authored
Issue #75022 reported problems with libxml and operations on compressed file streams. The work around for that patch showed drawbacks with memory consumption. That's why the push parser is used as default now. Resolves: #75721 Related: #75022 Releases: master, 7.6, 6.2 Change-Id: I6daadd4b375634cf45272bb249e4bfa083f03646 Reviewed-on: https://review.typo3.org/48189 Reviewed-by:
Andreas Fernandez <typo3@scripting-base.de> Tested-by:
-
Markus Klein authored
Uploaded files must be moved with the specific PHP function, otherwise permissions may be wrong. Resolves: #76205 Releases: master, 7.6 Change-Id: Ic96e6b8927ed5d21131952004805fa72fb8b6857 Reviewed-on: https://review.typo3.org/48181 Reviewed-by:
Frans Saris <franssaris@gmail.com> Tested-by:
-
Oliver Hader authored
This reverts commit 3d449f91. This change did not completely solve the libxml issue and introduced additional trouble on memory consumption with the current pull parsers. Related: #75022 Releases: master, 7.6, 6.2 Change-Id: I42454d61ab444860fc53b29715df69e65a2f0475 Reviewed-on: https://review.typo3.org/48182 Reviewed-by:
-
- May 16, 2016
-
-
Andreas Fernandez authored
The exceptions show now the affected class that does not implement the required interface. Where possible, the FQCN in the exception message string was replaced with the shorter ::class syntax. Resolves: #76187 Releases: master, 7.6 Change-Id: Id2c290a0cf29bdec5da504a8959996bb747f1c27 Reviewed-on: https://review.typo3.org/48115 Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
-
Adrian Mot authored
- Use expectedException() and expectedExceptionCode() instead of deprecated setExpectedException() - Fix a couple of incomplete tests in core/Http section, add some and slightly refactor a bit Resolves: #76159 Releases: master Change-Id: I3333f94494ce76601a61e4b5286cfef982867f8f Reviewed-on: https://review.typo3.org/48091 Reviewed-by:
Adrian Mot <adrian.mot@gmail.com> Tested-by:
-
- May 12, 2016
-
-
Wouter Wolters authored
Resolves: #76173 Releases: master Change-Id: I2a273c0e3ab4d4fad7db11ebad84fe00ca4493a1 Reviewed-on: https://review.typo3.org/48108 Reviewed-by:
-
Adam Marcinkowski authored
* Add fixture with categories * Add test to check if categories are visible in list module * Add test to check if category is editable Releases: master Resolves: #76162 Change-Id: Ia518e059d23238f52f79224acffccd21bf8aaa88 Reviewed-on: https://review.typo3.org/48096 Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
-
Tomita Militaru authored
Adds support in the media field for opensource formats: * ogg * flac * opus Resolves: #76072 Releases: master Change-Id: Ie17e1572a5eeb8d4b8954158e4a62e0b54ec6e86 Reviewed-on: https://review.typo3.org/48086 Reviewed-by:
Sebastian Fischer <typo3@evoweb.de> Reviewed-by:
-
Andreas Fernandez authored
The original patch introduced some regressions which are fixed now: - Deletion of multiple items works correctly now - Inserting items by the Element Browser does not throw an error anymore Resolves: #76071 Releases: master, 7.6 Change-Id: Ie16a1d404c2f12e6c952dc5022caff08ec6af171 Reviewed-on: https://review.typo3.org/48062 Reviewed-by:
Tomita Militaru <militarutomita@gmail.com> Reviewed-by:
-
Adrian Mot authored
This patch adds a constrain to compatibility7 extension in order to avoid conflicts with compatibility6 Resolves: #76099 Releases: master Change-Id: Icaf2781b31581380df97a856129a9e28dbd77bdb Reviewed-on: https://review.typo3.org/48052 Reviewed-by:
Helmut Hummel <helmut.hummel@typo3.org> Tested-by:
-
Nikola Stojiljkovic authored
Includes: * Added testing of persistence * Added tests for datetime fields * Prevent random timeouts from affecting the test results * Added displaying of modal with error message instead of an alert on trying to save a form with validation errors The tests are stable using Selenium with Firefox. Using phantomjs gives erratic results due to "QIODevice::write (QTcpSocket): device not open" bug which randomly pops up. Resolves: #76122 Releases: master Change-Id: Ia0c06fc4dbd83e2373d33bb07c48559894fc3ec5 Reviewed-on: https://review.typo3.org/48068 Reviewed-by:
-
Nicole Cordes authored
This follow up ensures the initialization of the value. Resolves: #76124 Releases: master Change-Id: Ie9981971e97d740df1df8545eb2bbd2dae0b465e Reviewed-on: https://review.typo3.org/48084 Reviewed-by:
Nikola Stojiljković <nikola.stojiljkovic@essentialdots.com> Tested-by:
-
Tomita Militaru authored
Removes extra space from between ! and important override from rtehtmlarea CSS. Resolves: #75958 Releases: master Change-Id: If19ff8cc80c11fe650c12e914a07d5b6938a8ab8 Reviewed-on: https://review.typo3.org/48100 Reviewed-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
-
Tomita Militaru authored
Replaces old TYPO3 Forge link regarding skip default arguments feature in Extbase to TYPO3 Wiki. Resolves: #75909 Releases: master Change-Id: If4d6cce26c22d296af3404c283a39b6851314394 Reviewed-on: https://review.typo3.org/48105 Reviewed-by:
-
Tomita Militaru authored
Adds property visibility information to DebuggerUtility::var_dump after each property in the dump. Resolves: #76008 Releases: master Change-Id: I196bfd45dbd70a52fa4cf29ec1ed24bbcdef2aee Reviewed-on: https://review.typo3.org/48087 Reviewed-by:
-
Nicole Cordes authored
Convert spaces to tabs. Resolves: #76136 Releases: master Change-Id: Ic17bfd0d54b38c1a80ee51d065ce8e3fe4d19efa Reviewed-on: https://review.typo3.org/48099 Reviewed-by:
-
Gianluigi Martino authored
The click area of the update button in extension manager was to small. The click handler is now assigned to the whole button. Change-Id: I8b2103dcbde5dcc37a7968780719abca384528a1 Resolves: #76136 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/48092 Tested-by:
Riccardo De Contardi <erredeco@gmail.com> Reviewed-by:
-
Nicole Cordes authored
This patch prevents escaping the output of the RenderChildrenViewHelper. Resolves: #76112 Releases: master Change-Id: I6cbb95c99b7bfc9d14b563edae33129080fc32ec Reviewed-on: https://review.typo3.org/48059 Reviewed-by:
-
- May 11, 2016
-
-
Anja Leichsenring authored
When installing TYPO3 in a cloud environment, the 50 character limit is not high enough. Therefor it is raised to 255 chars, what most protocols define as the max limit. Releases: master, 7.6 Resolves: #76132 Change-Id: I59383911e791b635fc80cb6b6b3c76d4433c8e0d Reviewed-on: https://review.typo3.org/48070 Reviewed-by:
Morton Jonuschat <m.jonuschat@mojocode.de> Tested-by:
-
Marcin Krzyżanowski authored
Render function from SoloFieldContainer class has been marked as deprecated now. It is not used in core anymore. Resolves: #76101 Releases: master Change-Id: I276f6b047b6104863f7f7d6c31a713c4df545fbf Reviewed-on: https://review.typo3.org/48073 Reviewed-by:
-
Christian Kuhn authored
8.0.1 to 8.0.2 brings some new fields, a list of cleanups and fixes. Change-Id: Iff59861d6db1f2a67f48545da69a6abb02519e79 Resolves: #76148 Releases: master Reviewed-on: https://review.typo3.org/48077 Reviewed-by:
-
Nicole Cordes authored
Fixes the following issues: * https://github.com/TYPO3Fluid/Fluid/pull/97 [TASK] Remove references to non existing convertArgumentValue * https://github.com/TYPO3Fluid/Fluid/pull/98 Revert "[BUGFIX] Avoid double HTML encoding on chained view helpers" * https://github.com/TYPO3Fluid/Fluid/pull/101 [TASK] Simplifiy encoding behavior * https://github.com/TYPO3Fluid/Fluid/pull/102 [BUGFIX] Fix interceptor call for self-closing view helpers Resolves: #76128 Releases: master Change-Id: I1ac5fd3eaf79df18d22f6667108e2a2574ed79c2 Reviewed-on: https://review.typo3.org/48069 Reviewed-by:
Paul Ilea <paul@target-e.com> Tested-by:
-
Wouter Wolters authored
Resolves: #75904 Releases: master Change-Id: Ifa27348ae8204af7cac777756282016a88b0be6b Reviewed-on: https://review.typo3.org/48034 Reviewed-by:
Marcin Krzyżanowski <m.krzyzanowski@macopedia.pl> Reviewed-by:
-
- May 10, 2016
-
-
Helmut Hummel authored
Use inline syntax for view helpers and correctly use raw view helper for output, since these labels contain HTML. Also fix the html entity for the button label. Resolves: #76103 Releases: master Change-Id: Iabcb1296dd05d33b04d7f343f0b60702debd56c8 Reviewed-on: https://review.typo3.org/48050 Reviewed-by:
Zbigniew Jacko <z.jacko@macopedia.pl> Tested-by:
-
Nikola Stojiljkovic authored
Resolves: #76124 Releases: master Change-Id: Ib53e24c17c0f662db06f4db039c39c0e9eeb4b30 Reviewed-on: https://review.typo3.org/48067 Reviewed-by:
Tymoteusz Motylewski <t.motylewski@gmail.com> Tested-by:
-
Nikola Stojiljkovic authored
Resolves: #76125 Releases: master Change-Id: I9d542a7a1a380a32f39f1c61f7cb4cf2d4b316b5 Reviewed-on: https://review.typo3.org/48066 Reviewed-by:
-
Gianluigi Martino authored
Editors (group) doesn't see the new content button without page edit permission in page module. with this bugfix editors can insert new content again. Change-Id: Ie8957b3386dfca8a91b7718bedba16af7559b373 Resolves: #76036 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/48057 Reviewed-by:
Gianluigi Martino <gmartino27@gmail.com> Tested-by:
-
Nicole Cordes authored
As the AvatarViewHelper returns HTML, the output should not be escaped. Resolves: #76111 Releases: master Change-Id: I4853de751c23dd726c30c11730b4c365625be5d0 Reviewed-on: https://review.typo3.org/48058 Reviewed-by:
-
Andreas Fernandez authored
If a multipleSideBySide form element is not allowed to add the same value multiple times, its selected values are hidden now and it's not possible to add them again unless the values are removed from the selection. Resolves: #76071 Releases: master, 7.6 Change-Id: I99d6c609ca081f4b8cb6f8ad07f74385a23b7a5c Reviewed-on: https://review.typo3.org/48031 Reviewed-by:
-
- May 09, 2016
-
-
Daniel Goerz authored
This patch fixes a regression where showLogoutFormAfterLogin was added as a condition to disable redirects in fe_login at all when it should only disable redirects after login. Change-Id: Ide5c17f202618c9c0696bc777473a7be1b089276 Resolves: #73144 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/48025 Reviewed-by:
-
Wouter Wolters authored
A few doktype are checked now to open the frontend page. Others will redirect to the homepage. Allow custom doktypes now too with opening the frontend page. Resolves: #75499 Resolves: #70094 Releases: master,7.6 Change-Id: Iaffe03dfff3f1181f26964f26611d80e71406b5c Reviewed-on: https://review.typo3.org/48036 Tested-by:
-
- May 07, 2016
-
-
Ludwig Rafelsberger authored
This is a follow-up to ee448440, matching the TCA max field-length to the already increased SQL lenghtes. Resolves: #76075 Releases: master Change-Id: Id65f9a87c73d914e221bebfb77d6595c6dd84d48 Reviewed-on: https://review.typo3.org/48033 Reviewed-by:
-
Nicole Cordes authored
Running Unit Tests creates file /tmp/typo3.log. On Windows systems this file is stored on the root of the drive. This patch uses the defined temp folder for storing the file. Resolves: #76070 Releases: master, 7.6, 6.2 Change-Id: Id77684e41020feb1a1ecff5051a80d2919250bf8 Reviewed-on: https://review.typo3.org/48027 Reviewed-by:
Susanne Moog <typo3@susannemoog.de> Tested-by:
-
- May 06, 2016
-
-
Markus Klein authored
GeneralUtility::getUrl() may fail. Guzzle provides detailed information in the exception it throws upon error. Allow consumers of getUrl() to make more detailed failure analysis by passing on the raw exception with the report. Resolves: #76068 Releases: master Change-Id: I63393a224695b5fd942da436672b3f75e1b1fc34 Reviewed-on: https://review.typo3.org/48026 Reviewed-by:
-
Marc von Schalscha-Ehrenfeld authored
This patch makes EXT:documentation/Resources/Private/.htaccess and EXT:extbase/Resources/Private/.htaccess Apache 2.4 suitable Resolves: #76066 Resolves: #76064 Releases: master, 7.6, 6.2 Change-Id: I91c6e683eeb1bc92e1192d2b3800d2dcb8a9d4b9 Reviewed-on: https://review.typo3.org/48023 Reviewed-by:
-
