TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692024-03-14T17:36:06ZTYPO3 Forge
Redmine TYPO3 Core - Bug #103400 (Under Review): Avoid mapping route values that are out of scopehttp://forge.typo3.org/issues/1034002024-03-14T17:36:06ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #103396 (Resolved): Apply stricter route generation assertionshttp://forge.typo3.org/issues/1033962024-03-14T10:25:21ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #103361 (Resolved): Streamline test names in ImageViewHelperTesthttp://forge.typo3.org/issues/1033612024-03-11T13:28:37ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #103323 (Resolved): Streamline userid/username handling and system-maintainer c...http://forge.typo3.org/issues/1033232024-03-07T15:46:17ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #103102 (Resolved): Update composer/composer to most recent versionhttp://forge.typo3.org/issues/1031022024-02-12T15:20:11ZOliver Haderoliver.hader@typo3.org
<p><a class="external" href="https://github.com/advisories/GHSA-7c6p-848j-wh5h">https://github.com/advisories/GHSA-7c6p-848j-wh5h</a></p> TYPO3 Core - Bug #103097 (Resolved): Avoid calling LogDataTrait::formatLogDetails in non-static c...http://forge.typo3.org/issues/1030972024-02-10T17:01:06ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #102942 (Resolved): Show language name in "Manage Language Packs" modalhttp://forge.typo3.org/issues/1029422024-01-26T11:59:15ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #102906 (Under Review): Prevent Extbase errorAction from writing session datahttp://forge.typo3.org/issues/1029062024-01-23T18:06:02ZOliver Haderoliver.hader@typo3.org
<p>Any validation error and the resulting FlashMessage items that is<br />handled implicitly by the Extbase <code>ActionController::errorAction</code><br />will be persisted to a user session. In case the session does not<br />exist, it will be generated and a new session cookie is sent.</p> TYPO3 Core - Task #102821 (Under Review): Drop \TYPO3\CMS\Core\Utility\ExtensionManagementUtility...http://forge.typo3.org/issues/1028212024-01-11T15:59:42ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #102681 (Closed): Rearrange position of always active featurehttp://forge.typo3.org/issues/1026812023-12-16T11:43:31ZOliver Haderoliver.hader@typo3.org
<p><code>security.backend.enforceContentSecurityPolicy</code>, enabled per default in TYPO3 v13.0, is moved to the corresponding comment.</p> TYPO3 Core - Bug #102668 (Resolved): Consider empty or invalid password policy referencehttp://forge.typo3.org/issues/1026682023-12-13T18:08:30ZOliver Haderoliver.hader@typo3.org
<p>In case <code>$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordPolicy']</code> is disabled or set to a preset that actually does not exist, the backend editing view should not issue JavaScript errors on the missing <code>#password-policy-info</code> element. Currently the following error appears in the browser console:</p>
<pre>
Uncaught TypeError: Cannot read properties of null (reading 'classList')
at HTMLInputElement.<anonymous> (password-element.js?bust=2e5226ec73ecf48bcbde72dd5fdea0b0252fc4ee:13:647)
</pre> TYPO3 Core - Task #102620 (Closed): Add strict parameter to base64url decodehttp://forge.typo3.org/issues/1026202023-12-06T21:30:04ZOliver Haderoliver.hader@typo3.org
<p>Taken from <a class="external" href="https://forge.typo3.org/issues/102438#note-11">https://forge.typo3.org/issues/102438#note-11</a></p>
<p>PHP's <code>base64_decode</code> has a strict parameter to only accept characters of the corresponding base64 alphabet, see <a class="external" href="https://www.php.net/manual/en/function.base64-decode.php">https://www.php.net/manual/en/function.base64-decode.php</a></p> TYPO3 Core - Task #102610 (Closed): Revert "[BUGFIX] Set HTTP timeout to 20 seconds"http://forge.typo3.org/issues/1026102023-12-06T10:10:08ZOliver Haderoliver.hader@typo3.org
<p>The change for issue <a class="issue tracker-1 status-8 priority-3 priority-lowest" title="Bug: Update Guzzle timeout to 20 seconds (Under Review)" href="http://forge.typo3.org/issues/102606">#102606</a> has the potential to do more harm than good.</p>
<p>The initial intention was to define a HTTP timeout to be lower than the PHP <code>max_execution_time</code>.<br />Defining general timeout of 20 seconds now also limits e.g. long running CLI processes (e.g. importing data).</p>
<p>→ corresponding discussion in Slack: <a class="external" href="https://typo3.slack.com/archives/C03AM9R17/p1701850585082239?thread_ts=1701810994.856119&cid=C03AM9R17">https://typo3.slack.com/archives/C03AM9R17/p1701850585082239?thread_ts=1701810994.856119&cid=C03AM9R17</a>)</p> TYPO3 Core - Bug #102386 (Resolved): Consider URL encoded values for addQueryString.excludehttp://forge.typo3.org/issues/1023862023-11-16T13:57:22ZOliver Haderoliver.hader@typo3.org
<pre>
typolink {
parameter = 1
addQueryString = 1
addQueryString {
exclude = param%,param%25
}
}
</pre>
<p>URL: <code>?keep=1&param%2525=2</code></p>
<p>Result: The params to be excluded are not removed - the TypoScrip property probably(?!) refers to the internal URL-decoded representation.</p> TYPO3 Core - Task #102262 (New): Add CSP MutationMode::InheritStatic (or similar)http://forge.typo3.org/issues/1022622023-10-26T08:30:32ZOliver Haderoliver.hader@typo3.org
<p>From <a class="external" href="https://review.typo3.org/c/Packages/TYPO3.CMS/+/80756/comments/83fac188_a7132447">https://review.typo3.org/c/Packages/TYPO3.CMS/+/80756/comments/83fac188_a7132447</a></p>
<blockquote>
<p>I would prefer we had some kind of "late static binding" extensions, that says: "whatever is changed on the ancestor sometime later, please inherit" <br />Maybe that could be "InheritStatic".<br />Anyway I'm still fine with this patch as is.</p>
</blockquote>