TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692019-10-10T15:54:25ZTYPO3 Forge
Redmine TYPO3 Core - Bug #89392 (Closed): Fix composer definitionshttp://forge.typo3.org/issues/893922019-10-10T15:54:25ZOliver Haderoliver.hader@typo3.org
<pre>
The typo3/cms-core package of which you are a maintainer has
failed to update due to invalid data contained in your composer.json.
Please address this as soon as possible since the package stopped updating.
It is recommended that you use `composer validate` to check for errors when you
change your composer.json.
Below is the full update log which should highlight errors as
"Skipped branch ...":
[Composer\Repository\InvalidRepositoryException]: Some branches contained invalid data and were discarded, it is advised to review the log and fix any issues present in branches
Reading composer.json of typo3/cms-core (v10.1.0)
Found cached composer.json of typo3/cms-core (v10.1.0)
Reading composer.json of typo3/cms-core (v10.0.0)
Found cached composer.json of typo3/cms-core (v10.0.0)
Reading composer.json of typo3/cms-core (v9.5.9)
Found cached composer.json of typo3/cms-core (v9.5.9)
Reading composer.json of typo3/cms-core (v9.5.8)
Found cached composer.json of typo3/cms-core (v9.5.8)
Reading composer.json of typo3/cms-core (v9.5.7)
Found cached composer.json of typo3/cms-core (v9.5.7)
Reading composer.json of typo3/cms-core (v9.5.6)
Found cached composer.json of typo3/cms-core (v9.5.6)
Reading composer.json of typo3/cms-core (v9.5.5)
Found cached composer.json of typo3/cms-core (v9.5.5)
Reading composer.json of typo3/cms-core (v9.5.4)
Found cached composer.json of typo3/cms-core (v9.5.4)
Reading composer.json of typo3/cms-core (v9.5.3)
Found cached composer.json of typo3/cms-core (v9.5.3)
Reading composer.json of typo3/cms-core (v9.5.2)
Found cached composer.json of typo3/cms-core (v9.5.2)
Reading composer.json of typo3/cms-core (v9.5.1)
Found cached composer.json of typo3/cms-core (v9.5.1)
Reading composer.json of typo3/cms-core (v9.5.0)
Found cached composer.json of typo3/cms-core (v9.5.0)
Reading composer.json of typo3/cms-core (v9.4.0)
Found cached composer.json of typo3/cms-core (v9.4.0)
Reading composer.json of typo3/cms-core (v9.3.3)
Found cached composer.json of typo3/cms-core (v9.3.3)
Reading composer.json of typo3/cms-core (v9.3.2)
Found cached composer.json of typo3/cms-core (v9.3.2)
Reading composer.json of typo3/cms-core (v9.3.1)
Found cached composer.json of typo3/cms-core (v9.3.1)
Reading composer.json of typo3/cms-core (v9.3.0)
Found cached composer.json of typo3/cms-core (v9.3.0)
Reading composer.json of typo3/cms-core (v9.2.1)
Found cached composer.json of typo3/cms-core (v9.2.1)
Reading composer.json of typo3/cms-core (v9.2.0)
Found cached composer.json of typo3/cms-core (v9.2.0)
Reading composer.json of typo3/cms-core (v9.1.0)
Found cached composer.json of typo3/cms-core (v9.1.0)
Reading composer.json of typo3/cms-core (v9.0.0)
Found cached composer.json of typo3/cms-core (v9.0.0)
Reading composer.json of typo3/cms-core (v8.7.27)
Found cached composer.json of typo3/cms-core (v8.7.27)
Reading composer.json of typo3/cms-core (v8.7.26)
Found cached composer.json of typo3/cms-core (v8.7.26)
Reading composer.json of typo3/cms-core (v8.7.25)
Found cached composer.json of typo3/cms-core (v8.7.25)
Reading composer.json of typo3/cms-core (v8.7.24)
Found cached composer.json of typo3/cms-core (v8.7.24)
Reading composer.json of typo3/cms-core (v8.7.23)
Found cached composer.json of typo3/cms-core (v8.7.23)
Reading composer.json of typo3/cms-core (v8.7.22)
Found cached composer.json of typo3/cms-core (v8.7.22)
Reading composer.json of typo3/cms-core (v8.7.21)
Found cached composer.json of typo3/cms-core (v8.7.21)
Reading composer.json of typo3/cms-core (v8.7.20)
Found cached composer.json of typo3/cms-core (v8.7.20)
Reading composer.json of typo3/cms-core (v8.7.19)
Found cached composer.json of typo3/cms-core (v8.7.19)
Reading composer.json of typo3/cms-core (v8.7.18)
Found cached composer.json of typo3/cms-core (v8.7.18)
Reading composer.json of typo3/cms-core (v8.7.17)
Found cached composer.json of typo3/cms-core (v8.7.17)
Reading composer.json of typo3/cms-core (v8.7.16)
Found cached composer.json of typo3/cms-core (v8.7.16)
Reading composer.json of typo3/cms-core (v8.7.15)
Found cached composer.json of typo3/cms-core (v8.7.15)
Reading composer.json of typo3/cms-core (v8.7.14)
Found cached composer.json of typo3/cms-core (v8.7.14)
Reading composer.json of typo3/cms-core (v8.7.13)
Found cached composer.json of typo3/cms-core (v8.7.13)
Reading composer.json of typo3/cms-core (v8.7.12)
Found cached composer.json of typo3/cms-core (v8.7.12)
Reading composer.json of typo3/cms-core (v8.7.11)
Found cached composer.json of typo3/cms-core (v8.7.11)
Reading composer.json of typo3/cms-core (v8.7.10)
Found cached composer.json of typo3/cms-core (v8.7.10)
Reading composer.json of typo3/cms-core (v8.7.9)
Found cached composer.json of typo3/cms-core (v8.7.9)
Reading composer.json of typo3/cms-core (v8.7.8)
Found cached composer.json of typo3/cms-core (v8.7.8)
Reading composer.json of typo3/cms-core (v8.7.7)
Found cached composer.json of typo3/cms-core (v8.7.7)
Reading composer.json of typo3/cms-core (master)
Importing branch master (dev-master)
Skipped branch master, Invalid package information:
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
Reading composer.json of typo3/cms-core (8.7)
Found cached composer.json of typo3/cms-core (8.7.x-dev)
Reading composer.json of typo3/cms-core (9.2)
Found cached composer.json of typo3/cms-core (9.2.x-dev)
Reading composer.json of typo3/cms-core (9.3)
Found cached composer.json of typo3/cms-core (9.3.x-dev)
Reading composer.json of typo3/cms-core (9.5)
Found cached composer.json of typo3/cms-core (9.5.x-dev)
</pre>
<p><code>composer validate</code> in typo3/sysext/core:</p>
<pre>
composer validate
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
./composer.json is valid, but with a few warnings
See https://getcomposer.org/doc/04-schema.md for details on the schema
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
</pre> TYPO3 Core - Bug #86923 (Closed): Symfony expressions/conditions doesn't work in user-tsconfighttp://forge.typo3.org/issues/869232018-11-14T08:50:52ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #85875 (Closed): Issues in ThumbnailControllerhttp://forge.typo3.org/issues/858752018-08-16T18:33:06ZOliver Haderoliver.hader@typo3.org
<ul>
<li>information disclosure (fileIdentifier can be arbitrary, supports fallback zero-storage)</li>
<li>denial of service (dimensions, basically whole configuration can be arbitrary)</li>
</ul>
<p>Introduced in <a class="external" href="https://review.typo3.org/#/c/56765/">https://review.typo3.org/#/c/56765/</a> - not released yet to 9.4.0 nor 8.7.19</p>
<p>Solution: Add HMAC to all HTTP request parameters.</p>
<a name="PoC"></a>
<h2 >PoC<a href="#PoC" class="wiki-anchor">¶</a></h2>
<p>XSRF Token has to be adjusted in the links below</p>
<a name="Information-Disclosure"></a>
<h3 >Information Disclosure<a href="#Information-Disclosure" class="wiki-anchor">¶</a></h3>
<pre>
http://ip9.local/typo3/index.php?route=%2Fthumbnails&token=f956bed9f5fa218860ef00491b37d9ede93b7731
&fileIdentifier=typo3conf/LocalConfiguration.php&processingInstructions%5Bwidth%5D=64
&processingInstructions%5Bheight%5D=64c
&processingInstructions%5Bcrop%5D=
</pre>
<a name="Denial-of-Service"></a>
<h3 >Denial of Service<a href="#Denial-of-Service" class="wiki-anchor">¶</a></h3>
<pre>
http://ip9.local/typo3/index.php?route=%2Fthumbnails&token=f956bed9f5fa218860ef00491b37d9ede93b7731
&fileIdentifier=1%3A%2Fuser_upload%2Fafter_01.png
&processingInstructions%5Bwidth%5D=1000000
&processingInstructions%5Bheight%5D=1000000c
&processingInstructions%5Bcrop%5D=
</pre> TYPO3 Core - Bug #85773 (Closed): Flaws in sys_log entry IP anonymizationhttp://forge.typo3.org/issues/857732018-08-07T14:22:19ZOliver Haderoliver.hader@typo3.org
The sys_log entry IP anonymization has several flaws which lead to a revert of the initial change in master:
<ul>
<li>REMOTE_ADDR is anonymized, REMOTE_HOST not (probably there are more occurrences)</li>
<li>PHP method <code>sprintf()</code> is invoked with too many arguments, username information is out of bounds</li>
<li>introduced in <a class="external" href="https://review.typo3.org/#/c/57313/">https://review.typo3.org/#/c/57313/</a></li>
</ul> TYPO3 Core - Bug #54857 (Closed): Test extensions are not considered in functional test caseshttp://forge.typo3.org/issues/548572014-01-09T00:12:28ZOliver Haderoliver.hader@typo3.org
<p>The functional testing framework offers the possibility to define custom extension to be installed for each test scenario.<br />However, this does not work at all, only extensions that are available in the original base installation can be used.</p>
<p>The origin of this misbehaviour can be found in this change set:<br /><a class="external" href="https://review.typo3.org/#/c/19605/32/typo3/sysext/core/Tests/FunctionalTestCaseBootstrapUtility.php">https://review.typo3.org/#/c/19605/32/typo3/sysext/core/Tests/FunctionalTestCaseBootstrapUtility.php</a></p> TYPO3 Core - Bug #52585 (Closed): Overwriting exiting database during install does not workhttp://forge.typo3.org/issues/525852013-10-07T16:34:30ZOliver Haderoliver.hader@typo3.org
<p>It sounds nice that existing data cannot be overwritten anymore... however, if it's intended and the database user is not allowed to create new databases, then one is lost after the first 10 seconds with TYPO3.</p>
Steps to reproduce:
<ul>
<li>install TYPO3 CMS 6.2</li>
<li>use user that has a database with data/tables</li>
<li>you won't find the database in the list of "empty databases" - which is correct of course, but not helpful</li>
</ul> TYPO3 Core - Bug #52578 (Closed): Install process removes permissionhttp://forge.typo3.org/issues/525782013-10-07T13:59:57ZOliver Haderoliver.hader@typo3.org
<p>The initial server error reads like this:</p>
<p>Forbidden<br />You don't have permission to access /typo3/sysext/install/Start/Install.php on this server.</p>
<p>The permission to the document root folder is modified and thus TYPO3 is currently locking out itself during the install process.<br />Looks like $GLOBALS['TYPO3_CONF_VARS']['BE']['folderCreateMask'] is used as targetPermission...<br />So, either leave out the root node or find a way to determine the correct permission.</p>
<p>In my case I get a<br /><code>Permission denied: /.../introduction/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://.../typo3/sysext/install/Start/Install.php</code></p> TYPO3 Core - Bug #47969 (Closed): Call to undefined function mime_content_type()http://forge.typo3.org/issues/479692013-05-06T09:21:53ZOliver Haderoliver.hader@typo3.org
<p>Call to undefined function mime_content_type() on fetching the mime type of the favicon.<br />I'm still investigating the PHP versions and environment. However it looks like a superfluous regression from <a class="issue tracker-4 status-5 priority-4 priority-default closed" title="Task: Make mimetype-detection possible without finfo_file (pre-PHP-5.3, no pecl-fileinfo) (Closed)" href="http://forge.typo3.org/issues/46126">#46126</a></p> TYPO3 Core - Bug #47145 (Closed): TypoScript stripProfile not forwarded to ProcessedFilehttp://forge.typo3.org/issues/471452013-04-11T23:47:12ZOliver Haderoliver.hader@typo3.org
<p>The TypoScript stripProfile feature not forwarded to<br />ProcessedFile anymore. Example of the feature that has<br />been available in TYPO3 CMS 4.x:</p>
<p><code>10 = IMAGE<br />10.file = fileadmin/images/image1.jpg<br />10.file.stripProfile = 1</code></p>
<p>The protected method modifyImageMagickStripProfileParameters() <br />does not make any sense anymore since the actual ImageMagick<br />processing has been moved around in TYPO3 CMS 6.0.</p> TYPO3 Core - Bug #46530 (Closed): Crop-Scaled images have wrong file content typehttp://forge.typo3.org/issues/465302013-03-22T09:57:25ZOliver Haderoliver.hader@typo3.org
The following scenario is given:
<ul>
<li>resize a 300dpi TIFF image to PNG using stdWrap/cObj</li>
<li>the 'fileExtension' configuration is not set ($fileArray['ext'] is empty)</li>
<li>the processed file csm_... has the file extension PNG</li>
<li>but the file content type is still TIFF, so the file was just renamed, but not converted to PNG</li>
</ul>
<p>Solution:<br />Since the processing task determines the accordant filename and file extension, the image processor (ImageMagick, ...) needs to know about that fact as well.</p> TYPO3 Core - Bug #46205 (Closed): Cache file could not be written on concurrent actionshttp://forge.typo3.org/issues/462052013-03-12T15:30:34ZOliver Haderoliver.hader@typo3.org
<p>I get several errors like</p>
<p><code>The cache file "htdocs/typo3temp/Cache/Data/t3lib_l10n/3e2cbbda0301cf592e5831ef26c56b7b" could not be written.</code></p>
<p>This happens while a scheduler process is running that imports data using t3lib_TCEmain/DataHandler an I'm trying to work in the backend.<br />I consider this kind of a race condition that e.g. in this case language caches are flushed too often if a new record gets persisted in the DataHandler.</p>
<p>I can reproduce this on my local machine (Mac OS X) and a staging server with Ubuntu 12.04.</p> TYPO3 Core - Bug #34546 (Closed): Records with same UID but different tables are not shownhttp://forge.typo3.org/issues/345462012-03-05T22:33:55ZOliver Haderoliver.hader@typo3.org
<p>Records with same UID but different tables are not shown in the Workspace Module.<br />The ExtJS setting "idProperty" needs to point to a unique value.</p> TYPO3 Core - Bug #31249 (Closed): Caching tables of new extensions are not createdhttp://forge.typo3.org/issues/312492011-10-25T00:34:19ZOliver Haderoliver.hader@typo3.org
<p>Creating the caching tables of an extension that has been installed in the same process does not work.<br />Since the cachingConfiguration of the new extension is not forwarded to the cache manager, the new tables are just not know there.</p> TYPO3 Core - Bug #31246 (Closed): Internal extension information is not updated properlyhttp://forge.typo3.org/issues/312462011-10-24T23:53:12ZOliver Haderoliver.hader@typo3.org
<p>tx_em_Tools::refreshGlobalExtList() is triggered on installing extensions. However the current implementation is wrong (early return) and does not consider $TYPO3_CONF_VARS.</p>
<p>This misbehavior also prevents the Introduction Package to correctly install accordant cf_* tables of workspaces and extbase, since the information in $TYPO3_CONF_VARS is not available globally.</p> TYPO3 Core - Bug #31120 (Closed): Add default csc-mailform DIV wraphttp://forge.typo3.org/issues/311202011-10-19T18:59:47ZOliver Haderoliver.hader@typo3.org
<p>A new form element does not have any class settings.<br />This issue reintroduces stdWrap possibilites for the new form system extension.</p>