- Aug 03, 2023
-
-
Oliver Bartsch authored
Apply type cast to the input value to prevent a TypeError. Resolves: #101555 Releases: main, 12.4 Change-Id: If2db6d0cc793999f2ce93d16cfedadb12325c316 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80231 Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
core-ci <typo3@b13.com>
-
Stefan Bürk authored
With PHP8.3 the `ReflectionProperty->setValue()` method emits a E_DEPRECATED if a value should be set to a class and the context is not set as first argument. For instanciated classes the class needs to be provided, which is not possible for a static class or property. The solution for this is to use `null` as first argument as context object. That avoids the deprecation and keeps the backward compatibility. The testing-framework provides a tool to keep and handle static Framework state, which uses reflection under the hood and therefore needs the null context for `setValue()`. To verify manually use: > Build/Scripts/runTests.sh -s functional -p 8.3 Note: Activating in CI runs will be shuffeld in a dedicated change afterwards. Resolves: #101548 Releases: main, 12.4 Change-Id: I13fae7a20162eb3a48910ca91a5a1b178d5a1821 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80228 Tested-by:Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
-
Jasmina Ließmann authored
Several H1 headings are used in some card views. As a result, the semantic structure for these views is not correct. The relevant H1 headings are changed to h2. Resolves: #101545 Releases: main, 12.4 Change-Id: Ic53d92a52b1ae75adda18a63bc76633d7ffcfa44 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80227 Tested-by:
Jasmina Lie�mann <minapokhalo+typo3@gmail.com> Reviewed-by:
-
Christian Kuhn authored
With workspaces and the extbase test related blog_example being fixed, we can finally add a primary key on MM tables that have no uid field. Resolves: #101425 Related: #101528 Related: #101537 Related: #95061 Releases: main, 12.4 Change-Id: I2cd44e3f21dac4b774b8067839a6d2abb8d759fb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80308 Reviewed-by:
-
Chris Müller authored
Resolves: #101539 Releases: main, 12.4 Change-Id: Id77ae5fb63c0de3d22cb1a4f4302c76476369b67 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80305 Tested-by:
-
Stefan Bürk authored
Update the typo3/testing-framework to pull in a needed correction as preparation for functional tests with PHP 8.3. Used command(s): > composer require --dev \ typo3/testing-framework:^8.0.2 Resolves: #101538 Releases: main, 12.4, 11.5 Change-Id: Id26531be8c49a9b1ee9624c178342659b28d3eab Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80301 Reviewed-by:Oliver Klee <typo3-coding@oliverklee.de> Tested-by:
-
- Aug 02, 2023
-
-
Christian Kuhn authored
Similar to the recently fixed other MM TCA setup of blog_example, the "related_posts" is adapted as well. This removes the last mm table definition from ext_tables.sql - the auto-creation kicks in as expected now. Resolves: #101537 Related: #101528 Releases: main, 12.4 Change-Id: Ia92ce6bbc78a493e1a2028bd9ab7a31952181dd3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80299 Reviewed-by:
-
Andreas Fernandez authored
When creating a new site configuration, deleting the default language (English) and importing a new language afterwards now doesn't create an invalid site configuration with languageId 0 missing. Resolves: #100439 Releases: main, 12.4 Change-Id: Ic6a83328e92941e4c9894019aab5162f0b3937d9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80226 Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
-
Helmut Hummel authored
While the initial idea to store the current ContentObjectRender (cObj) instance in a request attribute, to pass it along to code that requires both, the request and a cObj, is solid, we missed that cObj itself does not require to hold the request as attribute. The patch changes this: The request attribute is only set for ContentObjects, as these are actually responsible for rendering and eventually evaluating a request or the cObj instance. This makes sure, that an instance of cObj is available for Extbase plugins as well as for Fluid view helpers, which can access the request via RenderingContext. By changing the concept slightly, all places that previously added the cObj to the request can be removed in favor of doing so only in AbstractContentObject and ContentObjectRenderer::callUserFunction. The latter is at least required for TypoScript using the old way of calling Extbase plugins with USER and it's userFunc property. The circular reference is now removed, by not passing the request that contains the cObj attribute to the cObj itself. This means: * When a cObj is available, one can obtain the request using its getter * Such request objects, do NOT contain an attribute containing the cObj * The cObj request attribute can now be obtained in all content objects (such as EXTBASEPLUGIN or FLUIDTEMPLATE) and user functions, that are called from be ContentObjectRenderer. Releases: main, 12.4 Resolves: #101170 Resolves: #100872 Related: #100623 Change-Id: I6acb1a92c8b02f1be2f3a396fe9d9465d6482033 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79521 Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
-
linawolf authored
They should conform to the settings in `.editorconfig`. When your editor uses the `.editorconfig` file, these files become very hard to edit. I would backport this to make backports easier. Resolves: #101527 Releases: main, 12.4 Change-Id: I41e1782b46bbbf327106089f39dc28d2ca358761 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80296 Reviewed-by:
-
Benjamin Franzke authored
npm update lit lit-html @lit/reactive-element lit-element grunt build Releases: main, 12.4 Resolves: #101496 Change-Id: Ic8de6a200a70ca2721719b531dde2a146692b317 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80225 Tested-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by:
-
Christian Kuhn authored
Extension blog_example is used in various extbase tests. It defines invalid relations from tags table over MM to post and persons. The patch fixes the TCA - those relations now work in BE as well, when the fixture blog_example is activated. Essentially all functional tests that works with this extension break with the fixed TCA now. The major part of the patch is to disentangle the .csv import and export files to make them independent from each other per test-case, and to fix the imported and asserted db state along the way. Resolves: #101528 Releases: main, 12.4 Change-Id: I4fb7d6ac82962f8ef7b630b261d543f4ff626bde Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80295 Reviewed-by:
-
Benjamin Franzke authored
Imports via bare module specifiers (such that do not start with / or .) are cache busted by their URL mapping in importmap — relative imports (inside lit) are not by default. This is why we used version-suffixed lit package folders in #96511 (pretty much like unpkg.com does). This got removed with #100245, as required updates for configuration files have not been applied automatically and the reason for the version suffix was undocumented and thus unclear. While we could fix those issues and add autoupdate support for configuration files, it is now decided to remap all relative imports, as this logic is present in our build setup anyway and eases future updates by creating smaller diffsets (not every file has to be renamed, only changed ones are updated). Note that technically a new helper grunt task es-module-lexer-init is added, which is required to await the asynchronous es-module-lexer parser initialization (written in web assembly, and the...
-
- Jul 31, 2023
-
-
Christian Kuhn authored
Creating reports.xml in acceptance tests and feeding this to gitlab has been added with issue #96628 in the hope to be useful for finding frequently failing ac tests. The gitlab UI however buries this, it's de facto impossible to make use of this information. We drop this definition again. Resolves: #101514 Related: #96628 Releases: main, 12.4, 11.5 Change-Id: I91f13f402f0b9f72f2ca41252db93bb1714efcd6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80287 Tested-by:
Stefan B�rk <stefan@buerk.tech> Tested-by:
-
Christian Kuhn authored
When select fields with db relations allow pages records, the DatabaseBrowser tries to render an icon from the page row. uid of that row may be an int, which needs to be cast to string to be fed to htmlspecialchars(). Resolves: #101513 Related: #100819 Releases: main, 12.4, 11.5 Change-Id: I52ee031cb0eb09f41ae8ecb6d7005f03e65de3bd Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80284 Tested-by:
-
Nikita Hovratov authored
Resolves: #101502 Related: #97330 Releases: main, 12.4 Change-Id: I1171ec0cf44c61480a0dffb0b6105022c8b8efed Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80277 Tested-by:
-
Christian Kuhn authored
> composer req --dev typo3/cms-styleguide:^12.0.2 Resolves: #101508 Releases: main, 12.4 Change-Id: I824b05025c32eb72d10d908b9e61d6da6a7ca91a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80275 Tested-by:
-
Oliver Klee authored
This method promises to return an int, but actually returns a float. Also add a regression test. > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #101499 Releases: main, 12.4, 11.5 Change-Id: I85ca63c9b32717641d5926b16ee25e32eeb69310 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80272 Tested-by:
-
Thomas Anders | Naderio authored
The labels of inline FileReference fields were not concatenated but overwritten, in a loop since #92427. This patch corrects the concatenation and adds line-break divs, otherwise the strings are on a single line. Resolves: #99873 Related: #92427 Releases: main, 12.4, 11.5 Change-Id: I368cd0d2cbf7e9ed7fdd1d003f869cc894d6f13e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80267 Tested-by:
Nikita Hovratov <nikita.h@live.de> Reviewed-by:
-
- Jul 30, 2023
-
-
Christian Kuhn authored
Add some waitFor() to the drag&drop tests and give the filter test a generic wait which hopefully stabelizes this one a bit as well. Resolves: #101494 Releases: main, 12.4, 11.5 Change-Id: I73d4d2415f4e100bed7f1d7e5ead1036d157af93 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80257 Reviewed-by:
-
Christian Kuhn authored
Those need some additional waitFor checks to be more stable since the v12 refactoring with all the new js magic. Resolves: #101493 Releases: main, 12.4 Change-Id: Ib5cf06f92ced20c5ee97a77ef15a870dcbf0c36a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80223 Tested-by:
-
Christian Kuhn authored
Similar to #101491, the other Application/Frontend acceptance tests get same treatment to wait for the "View webpage" icon being visible, before trying to click it. Resolves: #101492 Related: #101491 Releases: main, 12.4, 11.5 Change-Id: Ie8dd5338a6773baf8850fec0713dcd917699fbfc Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80253 Tested-by:
-
Christian Kuhn authored
Fails locally occasionally. The additional explicit waitForElement() before clicking the elemnt stabilized it. Resolves: #101491 Releases: main, 12.4, 11.5 Change-Id: I4072daa0e949d3480f399e99a2f35d8ef889eded Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80250 Reviewed-by:
-
Oliver Bartsch authored
Additionally remove an outdated warning. Resolves: #101490 Related: #99220 Releases: main, 12.4 Change-Id: I0943ffa2097bd5284aa91d0bb6180a789e28e89f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80222 Reviewed-by:
Chris M�ller <typo3@krue.ml> Tested-by:
-
Torben Hansen authored
Add several type casts to avoid notices. Resolves: #101486 Releases: main, 12.4, 11.5 Signed-off-by:
Torben Hansen <derhansen@gmail.com> Change-Id: I87f02e129d91ae9902ad74f306f11915d12037b0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80221 Reviewed-by:
-
Christian Kuhn authored
A stupid return vs. continue issue breaks a loop in SysTemplateTreeBuilder early, which leads to `ext_typoscript_[setup|constants].typoscript` not being considered when they have been partially cached already. Resolves: #101407 Related: #97816 Releases: main, 12.4 Change-Id: Ia96bfd10a0f2998b1baa1c5a153417b424ba05a2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80220 Tested-by:
-
Christian Kuhn authored
This one was still flaky. Properly waiting for the element should finally fix this, this patch now had a huge number of successful runs locally, while it failed repeatedly without. Resolves: #101487 Related: #101440 Releases: main, 12.4, 11.5 Change-Id: I2cf4b3e878caf430ead27340694a169f98e710e8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80242 Reviewed-by:
-
- Jul 29, 2023
-
-
Benjamin Franzke authored
Resolves: #101480 Related: #101453 Releases: main, 12.4, 11.5 Change-Id: I62e7166a6ceceb6e8c6c0d0aa5393def72c75346 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80219 Tested-by:
Benjamin Franzke <ben@bnf.dev> Tested-by:
-
Benjamin Franzke authored
Releases: main, 12.4, 11.5 Resolves: #101482 Change-Id: Id23a78cdb85c3b58a0ce79eacbc5626c27cde46b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80217 Tested-by:
-
- Jul 28, 2023
-
-
Oliver Hader authored
The CSP directives 'report-to', 'require-trusted-types-for' and 'trusted-types' have been added. Albeit there aren't any typed value counterparts yet, they can be wrapped in a RawValue object, e.g. new Mutation( MutationMode::Set, Directive::RequireTrustedTypesFor, new RawValue("'script'") ), The stand-alone directives 'sandbox', 'trusted-types' and 'upgrade-insecure-request' now can be used without any values. The cases for 'unsafe-hashes' and 'strict-dynamic' were accidentally added as directives instead of source keywords and have been removed. The source schemes 'filesystem:' and 'mediastream' have been added. Besides that, the frontend CSP configuration now limits using the `<base>` element to same-origin URIs. The backend CSP configuration is now even stricter since using `<base>`, `<embed>` and `<object>` elements is blocked. Resolves: #101477 Releases: main, 12.4 Change-Id: Ie1ce2e30dc0d79faa5b7a923fa39a88dbee17292 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80208 Reviewed-by:Oliver Hader <oliver.hader@typo3.org> Tested-by:
-
Oliver Hader authored
Using 'strict-dynamic' (SourceKeyword::strictDynamic) should only be allowed for script-src*[1] directives. Using it for any other directive produces strange side effects, since it implicitly adds a CSP nonce value to that directive when compiling the policy. Thus, this change + ensures 'strict-dynamic' is applicable for script-src* when using Policy::set, Policy::extend or the constructor + removes invalid policy purges when 'strict-dynamic' was used, since that was only valid for CSP level 3 - ignoring these directives is supposed to be handled by the browser[2], not by the server-side API, in order to preserve CSP v1/v2 BC. [1] https://w3c.github.io/webappsec-csp/#allow-all-inline > 'strict-dynamic' only applies to scripts, not other resource types. [2] https://w3c.github.io/webappsec-csp/#strict-dynamic-usage > 8.2. Usage of "'strict-dynamic'" > If present in a script-src or default-src directive, it has two > main effects: > * host-source and scheme-source expressions, as well as the > "'unsafe-inline'" and "'self' keyword-sources will be ignored > when loading script. Resolves: #101460 Releases: main, 12.4 Change-Id: I95f696b92b60efef42367c2536b93b855a52522d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80207 Reviewed-by:
-
Benjamin Franzke authored
The importmap tag `backend.contextmenu` was added to EXT:form because it registers a context-menu item provider (for files). It turns out that the provider is based on the EXT:filelist provider and therefore doesn't require own javascript (`@typo3/filelist/context-menu-actions` is used). Resolves: #101445 Releases: main, 12.4 Change-Id: Ibdce39c971aae69889849b52847f62ce1298baf7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80216 Tested-by:
-
Stefan Bürk authored
Resolves: #101478 Releases: main, 12.4, 11.5 Change-Id: I40987e100686771365c30652dba5a13bfd509604 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80214 Tested-by:
-
Oliver Bartsch authored
Generally, adding a class to a link in CKeditor is done via the corresponding link browser (BrowseLinksController), which renders a select field with a list of allowed classes (as configured). However, CKeditor also automatically applies a so called "highlighting class" to a link. Furthermore it's always possible to manually set additional classes via the "Source" view mode. To be able to properly resolve an actually selected (allowed) class for the select field, the current link class value is now cleanup up before markup generation takes place in the BrowseLinksController. Resolves: #101436 Releases: main, 12.4 Change-Id: Ibed202dfe86b94524d9f2d6a5eb7587bef8a21f1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80215 Tested-by:
-
Chris Müller authored
The new feature flag was introduced with the security releases 12.4.4 and 11.5.30: https://typo3.org/security/advisory/typo3-core-sa-2023-003 Resolves: #101462 Related: #100889 Releases: main, 12.4, 11.5 Change-Id: I891706caa51db8a6c9ab2442d311c6be61755849 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80213 Reviewed-by:
-
Elias Häußler authored
This patch fixes an issue with prepared statements in the sys_log channel upgrade wizard. Values were bound incorrectly to the underlying statement, because the parameter name was used for an positional parameter. This is now fixed and all values are now bound using the parameter's position. Resolves: #101289 Releases: 12.4 Change-Id: Id156e9f839b731951632bcc1764ba2c40657e2e1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80169 Reviewed-by:
-
Benjamin Franzke authored
Button data attributes have been removed from th modal API and are therefore not automatically assigned. Instead of an initial and explicit data-action attribute, we rather imply that the initial intention of the "Check for core updates" is to check for updates, and therefore use data-action only for subsequent actions. Resolves: #100865 Releases: main, 12.4 Change-Id: Iac6138619012dd7f4a340fb4f773b7bbaf543583 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79802 Reviewed-by:
-
Andreas Fernandez authored
Some dev dependencies have known security issues again, that are now updated. Executed command: npm audit fix --force Due to the required update to PostCSS v8, the package `autoprefixer` is updated to v10 as well. Resolves: #101454 Releases: main, 12.4 Change-Id: I4befbc99919f363fc5a1b14657a739ce712160b2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80143 Tested-by: -
Benjamin Franzke authored
With #100270 stylesheets in icon elements have been inlined instead of using the style abstraction of lit which uses constructable stylesheets if available. Inline stylesheets need to be parsed over and over again, whenever a web component is used multiple times. The icon element is supposed to be used very often, which is why this matters. Constructable stylesheets are cached and therefore do only need to be parsed once, regardless how often a web component is used. Per issue description this has been done because browsers throw a DOMException in some (probably cross-iframe usage) situations: > Failed to set the 'adoptedStyleSheets' property on 'ShadowRoot': > Sharing constructed stylesheets in multiple documents is not allowed These situations can not be reproduced right now and web components that use shadow dom with constructable stylesheets will continue having to cope with this limitation, which is why we need to load the javascript modules into the document (frame) where the component is supposed to be used and define it in there. We've got API like `topLevelModuleImport` to do so; also see the following upstream comment for a similar suggestion: https://github.com/lit/lit/issues/2068#issuecomment-906671997) Resolves: #101464 Related: #100270 Releases: main, 12.4 Change-Id: Id69c5c850b6e7aedf41b7fe958eaa2187a287d62 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80212 Tested-by:
-
Christian Kuhn authored
As a preparation towards podman as container executor next to docker, runTests.sh is refactored a bit: * Image names now always have a host prefix like docker.io/ or ghcr.io/, except on CI, which will change later, too. podman needs those prefixes and does not fall back to docker.io if it's missing: "redis:latest" -> "docker.io/redis:latest" * Image names are now put into variables. * Rename "docker" to "container" in variables. * Have a variable for the container binary, set to "docker" for now. * Change the cleanUp() function slightly, it will later work with both docker and podman this way. Resolves: #101470 Related: #97566 Releases: main, 12.4, 11.5 Change-Id: Ifab85468dff5c21564611a45568d11e8559e155c Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80202 Tested-by:
-
