TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692024-03-14T17:36:06ZTYPO3 Forge
Redmine TYPO3 Core - Bug #103400 (Under Review): Avoid mapping route values that are out of scopehttp://forge.typo3.org/issues/1034002024-03-14T17:36:06ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #102620 (Closed): Add strict parameter to base64url decodehttp://forge.typo3.org/issues/1026202023-12-06T21:30:04ZOliver Haderoliver.hader@typo3.org
<p>Taken from <a class="external" href="https://forge.typo3.org/issues/102438#note-11">https://forge.typo3.org/issues/102438#note-11</a></p>
<p>PHP's <code>base64_decode</code> has a strict parameter to only accept characters of the corresponding base64 alphabet, see <a class="external" href="https://www.php.net/manual/en/function.base64-decode.php">https://www.php.net/manual/en/function.base64-decode.php</a></p> TYPO3 Core - Task #102610 (Closed): Revert "[BUGFIX] Set HTTP timeout to 20 seconds"http://forge.typo3.org/issues/1026102023-12-06T10:10:08ZOliver Haderoliver.hader@typo3.org
<p>The change for issue <a class="issue tracker-1 status-8 priority-3 priority-lowest" title="Bug: Update Guzzle timeout to 20 seconds (Under Review)" href="http://forge.typo3.org/issues/102606">#102606</a> has the potential to do more harm than good.</p>
<p>The initial intention was to define a HTTP timeout to be lower than the PHP <code>max_execution_time</code>.<br />Defining general timeout of 20 seconds now also limits e.g. long running CLI processes (e.g. importing data).</p>
<p>→ corresponding discussion in Slack: <a class="external" href="https://typo3.slack.com/archives/C03AM9R17/p1701850585082239?thread_ts=1701810994.856119&cid=C03AM9R17">https://typo3.slack.com/archives/C03AM9R17/p1701850585082239?thread_ts=1701810994.856119&cid=C03AM9R17</a>)</p> TYPO3 Core - Task #102017 (Closed): Show Content Security Policy Mutations Configurationhttp://forge.typo3.org/issues/1020172023-09-22T13:44:35ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #102011 (Closed): Streamline providing CSP mutationshttp://forge.typo3.org/issues/1020112023-09-22T10:31:09ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #101809 (Resolved): Ensure minimal dependency order in PackageManagerhttp://forge.typo3.org/issues/1018092023-08-31T10:23:22ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #101753 (Closed): DDEV & Traefic substitute semi-colon to ampersand in URLshttp://forge.typo3.org/issues/1017532023-08-25T13:23:39ZOliver Haderoliver.hader@typo3.org
<p>With v1.22+ DDEV recently started to use Traefic as routing service - and Traefic has an issue with substituting ";" to "&" in URLs:</p>
<ul>
<li><a class="external" href="https://ddev.readthedocs.io/en/stable/users/extend/traefik-router/">https://ddev.readthedocs.io/en/stable/users/extend/traefik-router/</a></li>
<li><a class="external" href="https://github.com/traefik/traefik/issues/9164">https://github.com/traefik/traefik/issues/9164</a></li>
<li><a class="external" href="https://github.com/traefik/traefik/pull/9131/files#diff-f7d7f0e8fef165ce3ca78be8f4d887b323d564a29b25d416a6a7d2b0e9ff7df7R50">https://github.com/traefik/traefik/pull/9131/files#diff-f7d7f0e8fef165ce3ca78be8f4d887b323d564a29b25d416a6a7d2b0e9ff7df7R50</a></li>
</ul>
<p>Traeffic offers the option <a href="https://doc.traefik.io/traefik/routing/entrypoints/#encodequerysemicolons" class="external"><code>encodeQuerySemicolons</code></a> to actually control the behavior, however I was not able to adjust the corresponding configuration in DDEV.</p>
<p>For the time being, Traeffic can be disabled in general, by using <code>ddev poweroff && ddev config global --router=nginx-proxy</code>.</p>
<p>This affects how URLs in the TYPO3 backend scope are handled, e.g (this list is probably not complete, yet):</p>
<ul>
<li>/typo3/wizard/record/browse?token=[...]&mode=file&bparams=|||allowed=gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,svg <code>;</code> disallowed=|data-138-tt_content-1850-background_image-sys_file_reference&contentOnly=1&expandFolder=1%3A%2Ft3con23%2Fimages%2F
<ul>
<li>will be interpreted as<br /> /typo3/wizard/record/browse?token=[...]&mode=file&bparams=|||allowed=gif,jpg,jpeg,tif,tiff,bmp,pcx,tga,png,pdf,ai,svg <code>&</code> disallowed=|data-138-tt_content-1850-background_image-sys_file_reference&contentOnly=1&expandFolder=1%3A%2Ft3con23%2Fimages%2F</li>
<li>causes a failure in <code>\TYPO3\CMS\Filelist\ElementBrowser\FileBrowser::initialize</code></li>
</ul></li>
</ul>
<hr />
<p>Long-term, these URLs (especially the semi-colon "&") should be correctly URL-encoded.</p> TYPO3 Core - Bug #101705 (Resolved): Update composer.lock for typo3/html-sanitizer:2.1.3http://forge.typo3.org/issues/1017052023-08-17T11:03:20ZOliver Haderoliver.hader@typo3.org
<p>see <a class="external" href="https://stackoverflow.com/questions/76920144/typo3-11-5-30-error-after-bootstrap-update-undefined-function-mb-split">https://stackoverflow.com/questions/76920144/typo3-11-5-30-error-after-bootstrap-update-undefined-function-mb-split</a></p> TYPO3 Core - Bug #101460 (Resolved): Allow strict-dynamic only for applicable CSP directiveshttp://forge.typo3.org/issues/1014602023-07-27T10:56:06ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #101253 (Resolved): Normalize filename of uploaded fileshttp://forge.typo3.org/issues/1012532023-07-05T18:12:07ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #100948 (Closed): Remove jquery & jquery-ui from image manipulation widgethttp://forge.typo3.org/issues/1009482023-06-02T15:03:36ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #100740 (Closed): Update SECURITY.md for TYPO3 v12.4 LTShttp://forge.typo3.org/issues/1007402023-04-25T06:13:24ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #100732 (Closed): Allow f:asset.css and f:asset.script to use CSP noncehttp://forge.typo3.org/issues/1007322023-04-24T15:03:29ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Task #100691 (Closed): Track CSP nonce consumptionhttp://forge.typo3.org/issues/1006912023-04-20T15:34:55ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #21726 (Closed): Updating translations from repository in extension manager fail...http://forge.typo3.org/issues/217262009-11-28T15:53:33ZOliver Haderoliver.hader@typo3.org
<p>Updating translations from repository in extension manager fails in Safari 4.0.4 on Mac OS X. Just a white page is shown - after a while, when all packages have been downloaded, suddenly the full status appears. Thus, showing the process dynamically does not work.</p>
<p>In Firefox everything works as expected.</p>
<p>(issue imported from #M12822)</p>