TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692023-12-06T21:30:04ZTYPO3 Forge
Redmine TYPO3 Core - Task #102620 (Closed): Add strict parameter to base64url decodehttp://forge.typo3.org/issues/1026202023-12-06T21:30:04ZOliver Haderoliver.hader@typo3.org
<p>Taken from <a class="external" href="https://forge.typo3.org/issues/102438#note-11">https://forge.typo3.org/issues/102438#note-11</a></p>
<p>PHP's <code>base64_decode</code> has a strict parameter to only accept characters of the corresponding base64 alphabet, see <a class="external" href="https://www.php.net/manual/en/function.base64-decode.php">https://www.php.net/manual/en/function.base64-decode.php</a></p> TYPO3 Core - Task #102610 (Closed): Revert "[BUGFIX] Set HTTP timeout to 20 seconds"http://forge.typo3.org/issues/1026102023-12-06T10:10:08ZOliver Haderoliver.hader@typo3.org
<p>The change for issue <a class="issue tracker-1 status-8 priority-3 priority-lowest" title="Bug: Update Guzzle timeout to 20 seconds (Under Review)" href="http://forge.typo3.org/issues/102606">#102606</a> has the potential to do more harm than good.</p>
<p>The initial intention was to define a HTTP timeout to be lower than the PHP <code>max_execution_time</code>.<br />Defining general timeout of 20 seconds now also limits e.g. long running CLI processes (e.g. importing data).</p>
<p>→ corresponding discussion in Slack: <a class="external" href="https://typo3.slack.com/archives/C03AM9R17/p1701850585082239?thread_ts=1701810994.856119&cid=C03AM9R17">https://typo3.slack.com/archives/C03AM9R17/p1701850585082239?thread_ts=1701810994.856119&cid=C03AM9R17</a>)</p> TYPO3 Core - Task #102017 (Closed): Show Content Security Policy Mutations Configurationhttp://forge.typo3.org/issues/1020172023-09-22T13:44:35ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #102011 (Closed): Streamline providing CSP mutationshttp://forge.typo3.org/issues/1020112023-09-22T10:31:09ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #101753 (Closed): DDEV & Traefic substitute semi-colon to ampersand in URLshttp://forge.typo3.org/issues/1017532023-08-25T13:23:39ZOliver Haderoliver.hader@typo3.org
<p>With v1.22+ DDEV recently started to use Traefic as routing service - and Traefic has an issue with substituting ";" to "&" in URLs:</p>
<ul>
<li><a class="external" href="https://ddev.readthedocs.io/en/stable/users/extend/traefik-router/">https://ddev.readthedocs.io/en/stable/users/extend/traefik-router/</a></li>
<li><a class="external" href="https://github.com/traefik/traefik/issues/9164">https://github.com/traefik/traefik/issues/9164</a></li>
<li><a class="external" href="https://github.com/traefik/traefik/pull/9131/files#diff-f7d7f0e8fef165ce3ca78be8f4d887b323d564a29b25d416a6a7d2b0e9ff7df7R50">https://github.com/traefik/traefik/pull/9131/files#diff-f7d7f0e8fef165ce3ca78be8f4d887b323d564a29b25d416a6a7d2b0e9ff7df7R50</a></li>
</ul>
<p>Traeffic offers the option <a href="https://doc.traefik.io/traefik/routing/entrypoints/#encodequerysemicolons" class="external"><code>encodeQuerySemicolons</code></a> to actually control the behavior, however I was not able to adjust the corresponding configuration in DDEV.</p>
<p>For the time being, Traeffic can be disabled in general, by using <code>ddev poweroff && ddev config global --router=nginx-proxy</code>.</p>
<p>This affects how URLs in the TYPO3 backend scope are handled, e.g (this list is probably not complete, yet):</p>
<ul>
<li>/typo3/wizard/record/browse?token=[...]&mode=file&bparams=|||allowed=gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,svg <code>;</code> disallowed=|data-138-tt_content-1850-background_image-sys_file_reference&contentOnly=1&expandFolder=1%3A%2Ft3con23%2Fimages%2F
<ul>
<li>will be interpreted as<br /> /typo3/wizard/record/browse?token=[...]&mode=file&bparams=|||allowed=gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,svg <code>&</code> disallowed=|data-138-tt_content-1850-background_image-sys_file_reference&contentOnly=1&expandFolder=1%3A%2Ft3con23%2Fimages%2F</li>
<li>causes a failure in <code>\TYPO3\CMS\Filelist\ElementBrowser\FileBrowser::initialize</code></li>
</ul></li>
</ul>
<hr />
<p>Long-term, these URLs (especially the semi-colon "&") should be correctly URL-encoded.</p> TYPO3 Core - Feature #85051 (Rejected): Add possibility to deny setting cookies on client sidehttp://forge.typo3.org/issues/850512018-05-19T14:22:19ZOliver Haderoliver.hader@typo3.org
<p>In the scope of GDPR and ePrivacy regulations inside the EU it become required that users provide agreement before any cookies are set.<br />Since the TYPO3 core sets a couple of cookie automatically it is required to introduce an API that is capable of individually allow/deny cookies by individual handlers that might be provided by one or some 3rd party extensions.</p> TYPO3 Core - Bug #39968 (Rejected): Collections use t3lib_BEfunchttp://forge.typo3.org/issues/399682012-08-19T15:43:17ZOliver Haderoliver.hader@typo3.org
<p>t3lib_collections use e.g. t3lib_BEfunc calls that won't work in the frontend.</p> TYPO3 Core - Feature #38233 (Rejected): Add event handling to bootstrap mechanismhttp://forge.typo3.org/issues/382332012-06-20T19:58:14ZOliver Haderoliver.hader@typo3.org
<p>Add several events like "database is initialized", "bootstrap is initialized", etc. to the whole bootstrap mechanism.<br />The concrete situation to be solved is the registration of Extbase Signal Slots in ext_localconf.php - which fails since autoloader and caching framework are not yet initialized at the time the ext_localconf.php gets executed.</p> TYPO3 Core - Feature #38088 (Rejected): Enhance Bootstrap contextshttp://forge.typo3.org/issues/380882012-06-15T16:13:41ZOliver Haderoliver.hader@typo3.org
<p>The Typo3_Bootstrap mechanism shall be extended to reflect the accordant contexts:</p>
<ul>
<li>Typo3_Bootstrap_Abstract (abstract)</li>
<li>Typo3_Bootstrap_Backend</li>
<li>Typo3_Bootstrap_Frontend</li>
<li>Typo3_Bootstrap_Install</li>
<li>Typo3_Bootstrap_Cli</li>
</ul> TYPO3 Core - Task #38087 (Rejected): Streamline typo3/classes naminghttp://forge.typo3.org/issues/380872012-06-15T16:09:26ZOliver Haderoliver.hader@typo3.org
<p>Streamline typo3/classes naming to be typo3/Classes</p> TYPO3 Core - Feature #25223 (Rejected): Enable TCA property displayCond for IRRE child recordshttp://forge.typo3.org/issues/252232011-03-02T14:54:11ZOliver Haderoliver.hader@typo3.org
<p>Imagine that particular fields of an IRRE child record shall only be shown depending on a value in the parent record. Currently there is no easy way to access evaluate the parent record and define a behaviour.</p>
<p>For Flexforms a similiar solution with displayCond is available, e.g.:<br /><pre>FIELD:parentRec.header:REQ:true</pre></p>
<p>However, it's problematic if the parent record is brand new and was not saved yet. In that case the field values of the parent should be transfered to the server side with the accordant AJAX request.</p>
<p>(issue imported from #M17824)</p> TYPO3 Core - Bug #23521 (Rejected): Flash Uploader does not work if cookieHttpOnly is enabledhttp://forge.typo3.org/issues/235212010-09-09T13:10:57ZOliver Haderoliver.hader@typo3.org
<p>The Flash Uploader does not work if the TYPO3_CONF_VARS setting "cookieHttpOnly" is enabled. After uploading a file, the uploader just shows a "303" error.</p>
<p>"303" is a HTTP status code and tells that there was a redirect since the backend user could not be authorized to have access to the TYPO3 backend.</p>
<p>(issue imported from #M15673)</p> TYPO3 Core - Bug #21726 (Closed): Updating translations from repository in extension manager fail...http://forge.typo3.org/issues/217262009-11-28T15:53:33ZOliver Haderoliver.hader@typo3.org
<p>Updating translations from repository in extension manager fails in Safari 4.0.4 on Mac OS X. Just a white page is shown - after a while, when all packages have been downloaded, suddenly the full status appears. Thus, showing the process dynamically does not work.</p>
<p>In Firefox everything works as expected.</p>
<p>(issue imported from #M12822)</p> TYPO3 Core - Feature #20294 (Closed): Integrate possibility to validate custom links for RTEhtmla...http://forge.typo3.org/issues/202942009-04-08T13:12:09ZOliver Haderoliver.hader@typo3.org
<p>In RTEhtmlarea there's a possibility to define custom links, e.g. by using a link handler. It might happen, that the name of the linkhandler (defined in $TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_content.php']['typolinkLinkHandler']) is different to the used link prefix (e.g. "linkhandler" vs. "myOwnLinkhandler:"). Furthermore it can happen that those custom links are not defined using a linkhandler at all.<br />Links that could not be validated by the current strict mechanism are shown as invalid in RTEhtmlarea.</p>
<p>The solution is to integrate a new hook that can take care of that validation in general.</p>
<p>(issue imported from #M10872)</p> TYPO3 Core - Bug #16741 (Rejected): typoLink doesn't use "type" correctly with simulateStaticDocu...http://forge.typo3.org/issues/167412006-11-27T10:35:06ZOliver Haderoliver.hader@typo3.org
<p>Imagine a TypoScript configuration like the following and simulateStaticDocuments enabled:</p>
<p>page.10 = TEXT<br />page.10 {<br /> stdWrap = 1<br /> stdWrap.typolink {<br /> returnLast = url<br /> useCacheHash = 1<br /> parameter.data = tsfe:id<br /> additionalParams = &type=5<br /> }<br />}</p>
<p>You would get something like this as link-URL:</p>
<p>SomePage.13+M5bd9214a8c2.0.html?&type=5</p>
<p>If a user clicks that link, he isn't forward to typeNum "5" as defined, but to the regular typeNum "0". So we would expect to have a link like the following one:</p>
<p>SomePage.13.5.html</p>
<p>The MD5-Part is missing here because it was used for the "&type=5" param only.</p>
<p>The attached patch file is exactly doing this by adding an additional check to tslib_cObj::typoLink.</p>
<p>It's not only a 4.1-beta1a issue. This exists since a long time... ;-)<br />(issue imported from #M4564)</p>