TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692014-03-15T19:52:56ZTYPO3 Forge
Redmine TYPO3 Core - Task #56941 (Closed): Return the 1-2-3 step icons in the step installerhttp://forge.typo3.org/issues/569412014-03-15T19:52:56ZErnesto Baschnyeb@cron.eu
<p>The 1-2-3 step installer could get the step icons back to visualize where the user is in the process of installation.</p>
<p>See <a class="external" href="https://redpen.io/xdk5sg">https://redpen.io/xdk5sg</a></p> TYPO3 Core - Bug #56770 (Closed): Install Tool flash messages in Step Installerhttp://forge.typo3.org/issues/567702014-03-11T16:51:49ZErnesto Baschnyeb@cron.eu
<p>The Step Installer sometimes want to present some "flash messages" which are passed over from one controller to the next through the session. Currently these messages are displayed over Step installer box.</p>
<p>And this looks ugly:</p>
<p><img src="http://forge.typo3.org/attachments/download/26211/install-tool-message-original.png" alt="" loading="lazy" /></p>
<p>This looks especially ugly in the first step of the Step Installer if the install tool tries to create the directory structure and fails on every single directory due to permission problems.</p>
<p>This is just a tiny adaptation to make it "less ugly", could be turned over again later on if we find an even better solution.</p>
<p>My pragmatic suggestion for now looks like this:</p>
<p><img src="http://forge.typo3.org/attachments/download/26212/install-tool-message-new.png" alt="" loading="lazy" /></p> TYPO3 Core - Feature #52090 (Closed): Merge Save Buttonshttp://forge.typo3.org/issues/520902013-09-17T22:40:56ZErnesto Baschnyeb@cron.eu
<p>To remove visual clutter it'd be great to merge the different save buttons into a split button drop down. Suggested to the UX team, designed and approved by Jens:</p>
<p><img src="http://forge.typo3.org/attachments/download/25002/TYPO3-Save-Selectbox-1.png" alt="" loading="lazy" /></p>
<p><img src="http://forge.typo3.org/attachments/download/25003/TYPO3-Save-Selectbox-2.png" alt="" loading="lazy" /></p>
<p><img src="http://forge.typo3.org/attachments/download/25004/TYPO3-Save-Selectbox-3.png" alt="" loading="lazy" /></p>
<hr />
<p>The CSS for this:</p>
<p>Arrow: <img src="http://forge.typo3.org/attachments/download/25005/small-arrow-down-8bit.png" alt="" loading="lazy" /> (inactive) = small-arrow-down-8bit.png</p>
<pre><code class="css syntaxhl" data-language="css"><span class="nc">.select-box-inactive-bg</span> <span class="p">{</span>
<span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="m">#b3b3b3</span><span class="p">;</span> <span class="c">/* stroke */</span>
<span class="nl">background-color</span><span class="p">:</span> <span class="m">#cbcbcb</span><span class="p">;</span> <span class="c">/* color overlay */</span>
<span class="p">}</span>
</code></pre>
<pre><code class="css syntaxhl" data-language="css"><span class="nc">.select-box-hover-btn</span> <span class="p">{</span>
<span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="m">#7b7b7b</span><span class="p">;</span>
<span class="nl">background-image</span><span class="p">:</span> <span class="n">-moz-linear-gradient</span><span class="p">(</span><span class="nb">bottom</span><span class="p">,</span> <span class="m">#d5d5d5</span> <span class="m">0%</span><span class="p">,</span> <span class="m">#f5f5f5</span> <span class="m">100%</span><span class="p">);</span>
<span class="nl">background-image</span><span class="p">:</span> <span class="n">-o-linear-gradient</span><span class="p">(</span><span class="nb">bottom</span><span class="p">,</span> <span class="m">#d5d5d5</span> <span class="m">0%</span><span class="p">,</span> <span class="m">#f5f5f5</span> <span class="m">100%</span><span class="p">);</span>
<span class="nl">background-image</span><span class="p">:</span> <span class="n">-webkit-linear-gradient</span><span class="p">(</span><span class="nb">bottom</span><span class="p">,</span> <span class="m">#d5d5d5</span> <span class="m">0%</span><span class="p">,</span> <span class="m">#f5f5f5</span> <span class="m">100%</span><span class="p">);</span>
<span class="nl">background-image</span><span class="p">:</span> <span class="n">linear-gradient</span><span class="p">(</span><span class="nb">bottom</span><span class="p">,</span> <span class="m">#d5d5d5</span> <span class="m">0%</span><span class="p">,</span> <span class="m">#f5f5f5</span> <span class="m">100%</span><span class="p">);</span>
<span class="p">}</span>
</code></pre>
<hr />
<p>Arrow: <img src="http://forge.typo3.org/attachments/download/25006/small-arrow-down-act-8bit.png" alt="" loading="lazy" /> (active) = small-arrow-down-act-8bit.png</p>
<pre><code class="css syntaxhl" data-language="css"><span class="nc">.select-box-contextmenu-active</span> <span class="p">{</span>
<span class="nl">border</span><span class="p">:</span> <span class="m">1px</span> <span class="nb">solid</span> <span class="m">#7b7b7b</span><span class="p">;</span>
<span class="nl">background-color</span><span class="p">:</span> <span class="m">#f7f7f7</span><span class="p">;</span>
<span class="nl">-moz-box-shadow</span><span class="p">:</span> <span class="m">0</span> <span class="m">1px</span> <span class="m">4px</span> <span class="n">rgba</span><span class="p">(</span><span class="m">0</span><span class="p">,</span><span class="m">0</span><span class="p">,</span><span class="m">0</span><span class="p">,</span><span class="m">.69</span><span class="p">);</span>
<span class="nl">-webkit-box-shadow</span><span class="p">:</span> <span class="m">0</span> <span class="m">1px</span> <span class="m">4px</span> <span class="n">rgba</span><span class="p">(</span><span class="m">0</span><span class="p">,</span><span class="m">0</span><span class="p">,</span><span class="m">0</span><span class="p">,</span><span class="m">.69</span><span class="p">);</span>
<span class="nl">box-shadow</span><span class="p">:</span> <span class="m">0</span> <span class="m">1px</span> <span class="m">4px</span> <span class="n">rgba</span><span class="p">(</span><span class="m">0</span><span class="p">,</span><span class="m">0</span><span class="p">,</span><span class="m">0</span><span class="p">,</span><span class="m">.69</span><span class="p">);</span>
<span class="p">}</span>
</code></pre> TYPO3 Core - Bug #24914 (Closed): Upgrade Wizard "Install Outsourced System Extensions" should on...http://forge.typo3.org/issues/249142011-02-01T12:11:22ZErnesto Baschnyeb@cron.eu
<p>The Upgrade Wizard "Install Outsourced System Extensions" (tx_coreupdates_installsysexts) suggests the user to install all system extensions, even those which are already installed. This is confusing to the user that is doing a "new installation" based on the intro package for example, where all those extensions are already installed by default.</p>
<p>Solution would be to do the same logic as we have in "tx_coreupdates_installnewsysexts", which checks every extension if they are installed (and if all are installed, don't present the wizard at all!).</p>
<p>(issue imported from #M17429)</p> TYPO3 Core - Bug #24784 (Closed): Workspaces module get place on "top" of all moduleshttp://forge.typo3.org/issues/247842011-01-25T01:12:26ZErnesto Baschnyeb@cron.eu
<p>After uninstalling the new sysext "info", the Workspaces module is on the first position of the modules menu (even before "Web>Page").</p>
<p>Since we moved several old hardcoded modules to sysext, they can also be uninstalled. Some extensions place their backend modules using the t3lib_extMgm::addModule() call and setting the $position parameter to one of these old hardcoded extensions.</p>
<p>E.g. the workspaces module registers himself for "before:info". So if "info" is not installed, the default would be to be placed "at the end". This is even documented in the method addModule(), but it doesn't work.</p>
<p>This is related to <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: New sysext modules are placed incorrectly in the Web> module menu (Closed)" href="http://forge.typo3.org/issues/24271">#24271</a> and a follow-up after this fix was applied: <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: New sysext modules are placed incorrectly in the Web> module menu (Closed)" href="http://forge.typo3.org/issues/24271">#24271</a><br />(issue imported from #M17282)</p> TYPO3 Core - Bug #24038 (Closed): SVG TypoScript object unuseable after tslib_content splituphttp://forge.typo3.org/issues/240382010-11-12T21:23:17ZErnesto Baschnyeb@cron.eu
<p>A minor typo in the ext_autoload makes the SVG not work anymore, because the class is not loaded.</p>
<p>(issue imported from #M16370)</p> TYPO3 Core - Bug #23499 (Closed): XHTML validity of backend when sys_action is loadedhttp://forge.typo3.org/issues/234992010-09-03T19:51:05ZErnesto Baschnyeb@cron.eu
<p>sys_action is able to generate links for the backend.php toolbar. The links with a href and "&" parameters, but this is not properly escaped (htmlspecialchars missing).</p>
<p>Solution is to escape the links, so that that part gets XHTML valid.</p>
<p>Problem is there since 4.3 where the toolbar was added.<br />(issue imported from #M15635)</p> TYPO3 Core - Bug #22780 (Closed): Web>List: Turning "Extended view" on makes rows growhttp://forge.typo3.org/issues/227802010-05-31T18:43:29ZErnesto Baschnyeb@cron.eu
<p>When turning "Extended view" on in list view will change the height of the individual data rows. Thus the icon that you just clicked to turn Extended view on is shifted downwards and more space is consumed on the screen.</p>
<p>My idea would be to leave the row height as it was before. An padding:2px around the div.typo3-DBctrl caused the grown.</p>
<p>Solution is to remove this padding. :)</p>
<p>See attached screenshots before and after the patch<br />(issue imported from #M14559)</p> TYPO3 Core - Bug #21333 (Closed): Sysext:lowlevel (function "DB>Full search") susceptible to XSShttp://forge.typo3.org/issues/213332009-10-22T10:34:54ZErnesto Baschnyeb@cron.eu
<p>Sysext:lowlevel provides, amongst others, a function called "Full Search" that allows to query the database directly. Both sub-functions "raw search in all fields" and "advanced query" are susceptible to XSS as both modules fail to sanitize results.</p>
<p>Reported by Markus Krause</p>
<p>Security Team OTRS reference: 2009091210000033 <br />(issue imported from #M12308)</p> TYPO3 Core - Bug #21332 (Closed): XSS in alt_palettehttp://forge.typo3.org/issues/213322009-10-22T10:28:47ZErnesto Baschnyeb@cron.eu
<p>BE authentication required to exploit the vulnerability</p>
<p>TYPO3 Security Team OTRS reference: #2009061610000068<br />(issue imported from #M12307)</p> TYPO3 Core - Bug #21331 (Closed): XSS in module dispatcherhttp://forge.typo3.org/issues/213312009-10-22T10:21:39ZErnesto Baschnyeb@cron.eu
<p>BE authentication required to exploit the vulnerability</p>
<p>TYPO3 Security Team OTRS reference: #2009061610000068<br />(issue imported from #M12306)</p> TYPO3 Core - Bug #21330 (Closed): tfID GET variable used in view_help.php is not sanitized and th...http://forge.typo3.org/issues/213302009-10-22T10:15:54ZErnesto Baschnyeb@cron.eu
<p>Sanitize tfID before using it.</p>
<p>Reporter: Jelmer de Hen</p>
<p>Security Team OTRS reference: 2009060310000056<br />(issue imported from #M12305)</p> TYPO3 Core - Bug #21329 (Closed): XSS in alt_mod_framesethttp://forge.typo3.org/issues/213292009-10-22T10:08:40ZErnesto Baschnyeb@cron.eu
<p>BE authentication required to exploit the vulnerability</p>
<p>TYPO3 Security Team OTRS reference: #2009061610000068 <br />(issue imported from #M12304)</p> TYPO3 Core - Bug #21328 (Closed): XSS vulnerability due to not proper sanitizing in function t3li...http://forge.typo3.org/issues/213282009-10-22T09:56:11ZErnesto Baschnyeb@cron.eu
<p>Reported by Andreas Schnapp.</p>
<p>Added missing escaping of the first parameter. Better description (and name) of the usage of parameter #2.</p>
<p>Reported by Andreas Schnapp</p>
<p>Security Team OTRS reference: 2009060910000027 <br />(issue imported from #M12303)</p> TYPO3 Core - Bug #15510 (Closed): UTF-8 sites display garbled chars in select-fields (in BE)http://forge.typo3.org/issues/155102006-01-26T16:50:33ZErnesto Baschnyeb@cron.eu
<p>Steps to reproduce (TCEforms):</p>
<p>1) Set forceCharSet = utf-8.<br />2) Login to the backend, create a usergroup called "ÄÄÄ" (or any other non-ascii-char)<br />3) Create a user and add the group to the user (clicking on the right box). Upon adding, the group-name is add correctly to the left box.<br />4) Save the form and look at the result. Instead of "ÄÄÄ" you have a 6 bytes-string</p>
<p>Other place where it occurs (flexforms):</p>
<p>1) Set forceCharSet = utf-8.<br />2) Add tt_news extension<br />3) Create a News Category called "ÖÖÖ" <br />4) Add a News-Plugin as a content element, and tell it to display only elements in the category "ÖÖÖ".<br />5) Save and look at the displayed value in the left category box, its garbled again.</p>
<p>The attached minor patch (to latest 4.0-CVS) seems to solve it. But I think more thinking has to be done here.</p>
<p>The only change the patch does is that LANG->sL() won't try to convert from the encoding specified for the current users language (e.g. iso-latin-1) to UTF-8. In the case of values coming from the DB, they are already UTF-8, so this would cause double-encoding.</p>
<p>There might be side-effects, because sL() is also used for the "language-splitted" labels, but they are obsolete anyway. And I cannot imagine any latin-1 encoded string to enter this part of the function if the site is set to forceCharSet=utf8.</p>
<p>Non-forceCharSet-sites aren't affected by this change, because hscAndCharConv won't don anything other than htmlspecialchars, which I still do in my change.</p>
<p>Initially reported for TYPO3 4.0<br />(issue imported from #M2396)</p>