TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692023-03-21T06:42:10ZTYPO3 Forge
Redmine TYPO3 Core - Bug #100234 (Rejected): Incorporate tests of enshrined/svg-sanitize:v0.16.0http://forge.typo3.org/issues/1002342023-03-21T06:42:10ZOliver Haderoliver.hader@typo3.org
<p>It looks like the security release enshrined/svg-sanitize:v0.16.0 did not fix a real vulnerability and was a false-positive:</p>
<ul>
<li><a class="external" href="https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2">https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2</a></li>
<li><a class="external" href="https://nvd.nist.gov/vuln/detail/CVE-2023-28426">https://nvd.nist.gov/vuln/detail/CVE-2023-28426</a></li>
<li><a class="external" href="https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322">https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322</a></li>
</ul>
<p>Passing the two new added test files with the previous version v0.15.4 of that package did not reveal any valid attack vector - all entities are correctly encoded and would not have lead to an exploit in a browser context. This change in the TYPO3 context aims to demonstrate that there is no vulnerability.</p>
<ul>
<li><a class="external" href="https://github.com/darylldoyle/svg-sanitizer/blob/cce18bc237c05c6e093e9672db7926788da9b322/tests/data/cdataTwoTest.svg?short_path=025a153">https://github.com/darylldoyle/svg-sanitizer/blob/cce18bc237c05c6e093e9672db7926788da9b322/tests/data/cdataTwoTest.svg?short_path=025a153</a></li>
<li><a class="external" href="https://github.com/darylldoyle/svg-sanitizer/blob/cce18bc237c05c6e093e9672db7926788da9b322/tests/data/formDataTest.svg?short_path=b4118f0">https://github.com/darylldoyle/svg-sanitizer/blob/cce18bc237c05c6e093e9672db7926788da9b322/tests/data/formDataTest.svg?short_path=b4118f0</a></li>
</ul> TYPO3 Core - Bug #98642 (Rejected): Remove dependency injection from resource controllerhttp://forge.typo3.org/issues/986422022-10-17T21:51:58ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #98410 (Rejected): Prevent undefined array key warnings in ext:feloginhttp://forge.typo3.org/issues/984102022-09-22T10:18:42ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #98409 (Rejected): Prevent undefined array key warnings in ext:formhttp://forge.typo3.org/issues/984092022-09-22T10:15:18ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #98408 (Rejected): Prevent undefined array key warnings in ext:extensionmanagerhttp://forge.typo3.org/issues/984082022-09-22T10:15:03ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #98407 (Rejected): Prevent undefined array key warnings in ext:extbasehttp://forge.typo3.org/issues/984072022-09-22T10:14:09ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #97669 (Rejected): Handle COA_INT in config.pageTitle TypoScript assignmenthttp://forge.typo3.org/issues/976692022-05-21T16:27:41ZOliver Haderoliver.hader@typo3.org
<p>Using deferred content rendering for the page title does not work, since <code>@ will be HTML-encoded in @PageRenderer</code> and corresponding post-processors in <code>TypoScriptFrontendController</code> are not considering <code>&lt--INT_SCRIPT.12345 --&gt</code>.</p>
<pre>
config {
noPageTitle = 1
pageTitle.cObject = COA_INT
pageTitle.cObject {
10 = TEXT
10.value = Page Title created during content rendering
}
}
</pre> TYPO3 Core - Bug #96179 (Rejected): Ensure URIs are parsed using plain POSIX/C localehttp://forge.typo3.org/issues/961792021-12-01T14:19:49ZOliver Haderoliver.hader@typo3.org
<p>Using <code>parse_url</code> on unicode characters and not using a plain POSIX/C locale might lead to negative side-effects, destroying the unicode sequence of those special characters.</p>
<p>See attached <code>locale.php</code> to local locale testing.</p>
<a name="References"></a>
<h3 >References<a href="#References" class="wiki-anchor">¶</a></h3>
<ul>
<li><a class="external" href="https://bugs.php.net/bug.php?id=52923">https://bugs.php.net/bug.php?id=52923</a></li>
<li><a class="external" href="https://github.com/TYPO3/testing-framework/pull/313">https://github.com/TYPO3/testing-framework/pull/313</a></li>
</ul> TYPO3 Core - Task #95039 (Rejected): Use @template phpDoc annotationhttp://forge.typo3.org/issues/950392021-08-30T17:39:34ZOliver Haderoliver.hader@typo3.org
<p>see <a class="external" href="https://phpstan.org/blog/generics-in-php-using-phpdocs">https://phpstan.org/blog/generics-in-php-using-phpdocs</a></p> TYPO3 Core - Feature #94067 (Rejected): Introduce f:condition.isInstanceOf view-helperhttp://forge.typo3.org/issues/940672021-05-04T21:01:48ZOliver Haderoliver.hader@typo3.org
<p>This view-helper implementation has been taken from<br /><a class="external" href="https://viewhelpers.fluidtypo3.org/fluidtypo3/vhs/2.1.2/Condition/Type/IsInstanceOf.html">https://viewhelpers.fluidtypo3.org/fluidtypo3/vhs/2.1.2/Condition/Type/IsInstanceOf.html</a></p> TYPO3 Core - Task #93879 (Rejected): Use named export for BroadcastService modulehttp://forge.typo3.org/issues/938792021-04-08T08:46:18ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #93103 (Rejected): Migrate backend context menu to lit-htmlhttp://forge.typo3.org/issues/931032020-12-17T23:09:49ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #92985 (Rejected): Cannot show record history of pages anymore in TYPO3 v10.4.10http://forge.typo3.org/issues/929852020-12-04T08:59:10ZOliver Haderoliver.hader@typo3.org
<blockquote>
<p>(1/3) Doctrine\DBAL\Exception\InvalidFieldNameException<br />An exception occurred while executing 'SELECT `uid` FROM `tx_impexp_presets` WHERE `pid` = ?' with params > [81]: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'pid' in 'where clause'</p>
<p>...</p>
<p>at TYPO3\CMS\Core\Database\Query\QueryBuilder->execute()<br />typo3/sysext/backend/Classes/History/RecordHistory.php line 328</p>
</blockquote>
<p>How to reproduce:</p>
<ul>
<li>(update TYPO3 v10.4.9 to v10.4.10)</li>
<li>(impexp system extension must be enabled)</li>
<li>use context menu in page-tree to show record history</li>
</ul>
<p>Reasons:</p>
<ul>
<li>looks like <a class="external" href="https://review.typo3.org/c/Packages/TYPO3.CMS/+/66582">https://review.typo3.org/c/Packages/TYPO3.CMS/+/66582</a> changes database definition and introduces new TCA table</li>
<li>records history iterates over all TCA tables - applying <code>pid</code> constraint for <code>pages</code></li>
<li><code>pid</code> column does not exist unless database migration in Install Tool was executed (which should not be required for patch level releases)</li>
<li>affects TYPO3 v10 only</li>
</ul> TYPO3 Core - Feature #26514 (Rejected): Add possibility to include files for the global variable ...http://forge.typo3.org/issues/265142011-04-29T19:42:36ZOliver Haderoliver.hader@typo3.org
<p>Since many global statements have been cleaned-up for TYPO3 4.6, a generic way to include files is required by respecting the possible global context.<br />The new functionality shall behave similar to t3lib_div::requireOnce().</p> TYPO3 Core - Feature #9754 (Rejected): Module: Implement Workspaces List tabhttp://forge.typo3.org/issues/97542010-09-16T12:01:32ZOliver Haderoliver.hader@typo3.org
<p>Implement Workspaces List tab</p>