TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692019-10-23T09:08:10ZTYPO3 Forge
Redmine TYPO3 Core - Task #89481 (Closed): Add security reporting procedure to READMEhttp://forge.typo3.org/issues/894812019-10-23T09:08:10ZMathias Brodalambrodala@pagemachine.de
<p>The current README does not have a single mention how security issues should be reported. This can lead to public reports which violates the <a href="https://en.wikipedia.org/wiki/Responsible_disclosure" class="external">responsible disclosure</a> principle.</p> TYPO3 Core - Bug #88806 (Closed): "Test Mail Setup" broken: Too few arguments to function EventDi...http://forge.typo3.org/issues/888062019-07-19T16:29:10ZMathias Brodalambrodala@pagemachine.de
<p>Using <strong>Test Mail Setup</strong> in the <strong>Environment</strong> module currently fails with an error which can be found in the TYPO3 logfile:</p>
<code>
Fri, 19 Jul 2019 16:25:30 +0200 [CRITICAL] request="262570147be62" component="TYPO3.CMS.Core.Error.DebugExceptionHandler": Core: Exception handler (WEB): Uncaught TYPO3 Exception: Too few arguments to function TYPO3\CMS\Core\EventDispatcher\EventDispatcher::__construct(), 0 passed in /.../typo3/sysext/core/Classes/Utility/GeneralUtility.php on line 3450 and exactly 1 expected | ArgumentCountError thrown in file /.../typo3/sysext/core/Classes/EventDispatcher/EventDispatcher.php in line 35. Requested URL: http://.../typo3/install.php?install[controller]=environment&install[context]=backend - {"TYPO3_MODE":"BE","exception":{}}
</code>
<p>For some reason dependency injection does not seem to be working properly here.</p> TYPO3 Core - Bug #85988 (Closed): @cli annotation deprecated without replacementhttp://forge.typo3.org/issues/859882018-08-27T11:10:51ZMathias Brodalambrodala@pagemachine.de
<p>With <a class="issue tracker-4 status-5 priority-4 priority-default closed" title="Task: Deprecate @cli annotation (Closed)" href="http://forge.typo3.org/issues/85977">#85977</a> the <code>@cli</code> annotation has been deprecated without replacement but hinting at a successor in TYPO3v10. No matter if and when this will really happen we cannot do a deprecation without a replacement so this change needs to be reverted.</p> TYPO3 Core - Bug #84973 (Closed): Cannot delete invalid Scheduler taskhttp://forge.typo3.org/issues/849732018-05-11T17:39:24ZMathias Brodalambrodala@pagemachine.de
<p>When trying to delete an invalid Scheduler task (e.g. due to the related code being removed) an error occurs:</p>
<pre>
Fatal error: TYPO3\CMS\Scheduler\Scheduler::isValidTaskObject(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition &quot;<Task>&quot; of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /.../typo3/sysext/scheduler/Classes/Scheduler.php on line 449
</pre> TYPO3 Core - Bug #84491 (Closed): Breaks field in EXT:styleguidehttp://forge.typo3.org/issues/844912018-03-20T09:21:36ZMathias Brodalambrodala@pagemachine.de
<p>EXT:styleguide, elements basic > text_17 breaks with</p>
<blockquote>
<p>Argument 2 passed to TYPO3\CMS\Backend\Controller\Wizard\TableController::configurationStringToArray() must be of the type integer, null given, called in /.../typo3/sysext/backend/Classes/Controller/Wizard/TableController.php on line 496</p>
</blockquote> TYPO3 Core - Bug #84465 (Closed): "Status report" broken because of invalid routehttp://forge.typo3.org/issues/844652018-03-18T10:52:13ZMathias Brodalambrodala@pagemachine.de
<p>The <strong>Status report</strong> within the <strong>Reports</strong> module throws an exception due to an invalid route identifier:</p>
<blockquote>
<p>#1476050190: Unable to generate a URL for the named route "system_ReportsTxreportsm1" because this route was not found.</p>
</blockquote> TYPO3 Core - Bug #84178 (Closed): Cannot create but upload file with "@" in namehttp://forge.typo3.org/issues/841782018-03-08T14:45:32ZMathias Brodalambrodala@pagemachine.de
<p>In FAL there are at least two different ways to create files which apparently do not apply the same sanitation/validation rules to file names.</p>
<p>This can be verified easily in the <strong>Filelist</strong> module: if you try to upload a file called <strong><a class="email" href="mailto:foo@bar.txt">foo@bar.txt</a></strong> everything simply works.</p>
<p>But if you create a file called <strong><a class="email" href="mailto:foo@bar.txt">foo@bar.txt</a></strong> a <code>ResourceDoesNotExistException</code> is thrown:</p>
<pre>
#1329647780: Object with identifier "1:/foo@bar.txt" does not exist in storage
</pre>
<p>When opening the file list once more after this, an error flash message is shown which says <em>File name "<a class="email" href="mailto:foo@bar.txt">foo@bar.txt</a>" was not allowed!</em>.</p>
<p>This behavior can be traced back to these two code paths:</p>
<ul>
<li><code>LocalDriver::addFile()</code> calls <code>LocalDriver::sanitizeFileName()</code> which accepts <strong><a class="email" href="mailto:foo@bar.txt">foo@bar.txt</a></strong> (this is used e.g. for file uploads)</li>
<li><code>LocalDriver::createFile()</code> calls <code>AbstractDriver::isValidFilename()</code> which denies <strong><a class="email" href="mailto:foo@bar.txt">foo@bar.txt</a></strong> (this is used for everything else)</li>
</ul> TYPO3 Core - Bug #82518 (Closed): Broken composite form element check in RenderAllFormValuesViewH...http://forge.typo3.org/issues/825182017-09-20T13:51:32ZMathias Brodalambrodala@pagemachine.de
<p>The check for composite form elements in the <code>RenderAllFormValuesViewHelper</code> is broken:</p>
<pre>
if (
!$element instanceof FormElementInterface
|| $element->getType() === 'Honeypot'
|| (
isset($renderingOptions['_isCompositeFormElement'])
&& $renderingOptions['_isCompositeFormElement'] = true
)
) {
continue;
}
</pre>
<p>This was implicitly fixed for master in <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: EXT:form - do not show hidden field on confirmation page (Closed)" href="http://forge.typo3.org/issues/81770">#81770</a>.</p> TYPO3 Core - Task #74491 (Closed): Add Travis check for file path lengthhttp://forge.typo3.org/issues/744912016-03-08T10:20:22ZMathias Brodalambrodala@pagemachine.de
<p>A check should be added to Travis to check the file path lengths in the core repository.</p>
<p>The <a href="https://review.typo3.org/46357" class="external">limit has been set to 130</a> which reduces the risk of not being able to create all files/directories on Windows hosts when cloning the core/fetching it via Composer as source.</p> TYPO3 Core - Bug #73035 (Closed): Broken path for GlobalDebugFunctions autoload in core extensionhttp://forge.typo3.org/issues/730352016-01-30T17:42:20ZMathias Brodalambrodala@pagemachine.de
<p>The <code>core</code> extension specifies a wrong path in its <code>composer.json</code> for autoloading the <code>GlobalDebugFunctions.php</code> file:</p>
<pre>
"files": ["typo3/sysext/core/Resources/PHP/GlobalDebugFunctions.php"]
</pre>
<p>This should be fixed for the case this extension is required separately via Composer in the future.</p> TYPO3 Core - Task #69792 (Closed): Bring back icons before select fieldshttp://forge.typo3.org/issues/697922015-09-14T15:55:36ZMathias Brodalambrodala@pagemachine.de
<p>With the removal of <code>iconsInOptionTags</code> the icon prepended to <code>select</code> fields was dropped too even though it doesn't suffer from bad browser support:</p>
<p><img src="http://forge.typo3.org/attachments/download/29592/select-icon-prepend.png" alt="" loading="lazy" /></p>
<p>This should be added again and cleaned up a bit, e.g. to switch the icon before the confirmation dialog triggered by <code>requestUpdate</code> is shown which was the other way around previously.</p> TYPO3 Core - Bug #67047 (Closed): Cannot access shortcut target in menushttp://forge.typo3.org/issues/670472015-05-20T12:18:54ZMathias Brodalambrodala@pagemachine.de
<p>With <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Invalid shortcut target on translated pages (Closed)" href="http://forge.typo3.org/issues/36822">#36822</a> links via overlaid shortcuts have been fixed but the original menu item data was kept unchanged.</p>
<p>This makes it impossible to e.g. mark active menu items with pure TypoScript. An <code>override</code> is not useful since both <code>CONTENT</code> as well as <code>RECORDS</code> perform overlays too.</p> TYPO3 Core - Bug #66473 (Closed): Cannot create object implementing Serializable on PHP 5.6http://forge.typo3.org/issues/664732015-04-17T18:05:51ZMathias Brodalambrodala@pagemachine.de
<p>Starting with PHP 5.6 classes implementing the <code>Serializable</code> interface are represented as <code>C</code> instead of <code>O</code> in the serialized output.</p>
<p>The <code>Container::getEmptyObject</code> method which creates objects with the unserialize hack to avoid calling the constructor thus yields an error like this:</p>
<blockquote>
<p>Warning: Erroneous data format for unserializing 'Foo' in ...<br />Notice: unserialize(): Error at offset 13 of 15 bytes in ...</p>
</blockquote>
<p>Starting with PHP 5.4 this usecase can be dealt with by <a href="http://php.net/manual/en/reflectionclass.newinstancewithoutconstructor.php" class="external"><code>ReflectionClass::newInstanceWithoutConstructor</code></a></p>
<p>This also needs to fixed for TYPO3 6.2 though which supports PHP 5.3, in which case checking for the <code>Serializable</code> interface and using <code>C</code> instead of <code>O</code> could work.</p> TYPO3 Core - Bug #66350 (Closed): 6.2 static template outdatedhttp://forge.typo3.org/issues/663502015-04-10T10:59:27ZMathias Brodalambrodala@pagemachine.de
<p>The <code>v6.2</code> static template of <code>css_styled_content</code> in the current master is not up to date with changes from the 6.2 branch, namely the title attribute rendering of File Links (see <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: Title not used for Filelinks (Closed)" href="http://forge.typo3.org/issues/60429">#60429</a>) and a small style differnce.</p>
<p>This should be updated to ensure exactly the same rendering when using 7.x with the <code>v6.2</code> static template as it is in 6.2 with the latest static template.</p> TYPO3 Core - Bug #66347 (Closed): Alternative text used as link title in File Linkshttp://forge.typo3.org/issues/663472015-04-10T10:40:46ZMathias Brodalambrodala@pagemachine.de
<p>If an alternative text was specified for a file, it is used as link title for file, preview and icon in File Links.</p>
<p>This should be fixed to use the title instead.</p>