Project

General

Profile

Actions

Bug #92217

open

EM does not let users to download/install extensions marked as "outdated"

Added by Michael Schams almost 4 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Extension Manager
Target version:
-
Start date:
2020-09-08
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

TYPO3 v8 in a traditional installation (no composer): The EM only lists extension versions in the overview of update-able versions that are not marked as insecure (review_state = -1) or outdated (review_state = -2). As a consequence, users can't update their insecure extensions, even a security bulletin and an upload comment on extensions.typo3.org tell users that an update is available and both explicitly suggest to update the extension.

See discussion on Slack

In short, the the problem is that the EM does not provide an option for uses to download extension versions that marked as outdated.

The following screenshot shows an example for extension l10nmgr.


Files

image.png (42.1 KB) image.png Michael Schams, 2020-09-07 16:24
Actions #1

Updated by Michael Schams almost 4 years ago

I had a quick look.

See file: typo3/sysext/extensionmanager/Classes/Domain/Repository/ExtensionRepository.php

As far as I can see, the EM uses the function findByExtensionKeyOrderedByVersion() to generate the list of available (downloadable/installable) extension versions.

In line 93:

$query->matching($query->logicalAnd($query->equals('extensionKey', $extensionKey), $query->greaterThanOrEqual('reviewState', 0)));

The condition check against review_state should be "!= -1" (hide insecure extensions), rather than ">= 0", as this also excludes outdated extensions ("-2").

However, I don't know if changing this would introduce side effects.

Actions

Also available in: Atom PDF