Project

General

Profile

Activity

From 2013-11-30 to 2013-12-29

2013-12-23

12:37 Revision c2211f54: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self...
Claus Due
12:36 Revision 9283d4b8: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self...
Claus Due

2013-12-21

15:50 Revision f8fdcea7: [BUGFIX] isValidUrl() idna converts whole URI
GeneralUtility::isValidUrl() idna converts whole URI instead of
domain only.
The expensive idna_convert() is called ...
Michiel Roos
14:11 Revision 8379b1af: [BUGFIX] Fix message for install tool warning
Fix incorrect message for install tool login attempt warning.
Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b...
Cynthia Mattingly
11:03 Revision 28b91ac6: [BUGFIX] Folder::getFiles directly calls Factory::createFileObject
Folder::getFiles implements the logic of creating file objects
itself, after retrieving the information from the driv...
Steffen Ritter
11:02 Revision b100e06f: [BUGFIX] getFileIndexRecordsForFolder only works for hierarchical path
The method FileRepository::getFileIndexRecordsForFolder
retrieves the Index Records for files in a given folder using...
Steffen Ritter

2013-12-20

13:47 Revision 2a392e44: [BUGFIX] Fix message for install tool warning
Fix incorrect message for install tool login attempt warning.
Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b...
Cynthia Mattingly
11:02 Revision 6aaa9bf4: [TASK] UX enhancement for EXT:documentation
Rework the documentation module according to the
discussion with the TYPO3 Usability Team.
Resolves: #54067
Releases...
Xavier Perseguers

2013-12-19

16:22 Revision 57106fbf: [TASK] Set TYPO3 version to 6.2-dev
Change-Id: Ia6a172bcc88924db714005165d92added4bb4a1a
Reviewed-on: https://review.typo3.org/26493
Reviewed-by: TYPO3 R...
TYPO3 Release Team
16:21 Revision b547f600: [RELEASE] Release of TYPO3 6.2.0beta3
Change-Id: I59ca5042eda854c6d3daf02b54c23bb3acd615ff
Reviewed-on: https://review.typo3.org/26492
Reviewed-by: TYPO3 R...
TYPO3 Release Team
15:23 Revision 75f9c586: [TASK] Setup travis notifications
Since the travis ci service changed the notification
policy to not notify authors of commits on failed
builds, we nee...
Helmut Hummel
14:51 Revision 9562f0d6: [TASK] Update NEWS.md for system categories
The following changes to system categories should be mentioned
in NEWS.md:
* activation by default on pages and tt_c...
Francois Suter
14:45 Revision 3cdda5b9: Revert "[BUGFIX] Replace the table definition manipulation by signals"
This reverts commit 2d6e8deae30794afb1967c38857f49b10060f38d
This merge broke travis unit and functional tests.
Needs...
Helmut Hummel
14:29 Revision 8b8d2ea9: [BUGFIX] Missing CSH for categories-based menus
New fields were added to the tt_content table to be used when creating
categories-based menus (of pages or content el...
Francois Suter
07:51 Revision 2d6e8dea: [BUGFIX] Replace the table definition manipulation by signals
During installation of extensions the Extension Manager does
not take the Category API into account. The code to do s...
Thomas Maroschik
01:17 Revision c578371a: [TASK] Mark PathUtility::stripPathSitePrefix as internal
This is a follow up to 7efcf2a4 which marks the newly
introduced method as internal.
https://review.typo3.org/25851
...
Markus Klein

2013-12-18

23:30 Revision befa7993: [TASK] oncontextmenu: Avoid duplicating onclick-functionality
Where onclick and oncontextmenu behave the same avoid duplicating
JavaScript-code and simply call the click()-functio...
Stefan Neufeind
23:29 Revision 7efcf2a4: [TASK] Add tool-function to strip PATH_site-part of paths
Avoid having to use the substr/strlen-magic.
Also strlen(PATH_site) can be statically cached.
Change-Id: I0ef942e331...
Stefan Neufeind
23:11 Revision f23f4acd: [BUGFIX] Follow up: Moving files and folders doesn't update hashes
Since #53655, reviewed at https://review.typo3.org/25481 the indexer
takes care of updating file objects and index re...
Stefan Neufeind
22:29 Revision 4a20881b: [TASK] Optimize Package State Migration
Under certain circumstances the Failsafe Package Manager
could interfer with the Update Package Manager in the Instal...
Thomas Maroschik
22:02 Revision 53a6a364: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Markus Klein
22:01 Revision 6be4de6a: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Markus Klein
21:59 Revision a95ab935: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Markus Klein
21:05 Revision a4c96cfa: [FEATURE] Allow the activation of packages during runtime
Due to the nature of the Flow Package Manager, packages cannot
be activated and directly used during runtime. Before ...
Thomas Maroschik
16:38 Revision e6bfc6e7: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv...
Markus Klein
16:38 Revision 2a4d6039: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv...
Markus Klein
15:58 Revision 26406761: [BUGFIX] Use correct file data variable in Indexer
The processChangedAndNewFiles() method in the Indexer class now uses
the $fileIndexEntry variable for retrieving a fi...
Alexander Stehlik
15:45 Revision 3cdab9df: [BUGFIX] Access to sys_files is incompatible to fe_access checks
The system extension filemetadata adds access restriction fields
for selecting frontend user groups as known from tt_...
Steffen Ritter
15:44 Revision fc696569: [BUGFIX] Moving files and folders doesn't update hashes
The ResourceStorage does not properly make use of the Indexer.
As result the indexRecord is not properly updated afte...
Frans Saris
15:27 Revision 52585063: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv...
Markus Klein
15:19 Revision faeb2528: [BUGFIX] Uncaught exception if editor has no file mount
If an editor has got no file mounts, an uncaught exception
is shown in the element browser.
Fix this by checking if ...
Markus Klein
14:46 Revision e4590fe0: [BUGFIX] felogin: Unknown modifier in regular expression
A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b...
Wouter Wolters
14:46 Revision 1294fe75: [BUGFIX] felogin: Unknown modifier in regular expression
A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b...
Wouter Wolters
14:39 Revision bc038aa5: [BUGFIX] felogin: Unknown modifier in regular expression
A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b...
Wouter Wolters
13:59 Revision 7b5276ef: [BUGFIX] Form Wizard saving destroys Radio Buttons
This fixes a wrong parsing of \r\n characters for radio
button options.
Resolves: #53727
Releases: 6.2, 6.1, 6.0
Cha...
Markus Klein
11:55 Revision e8978f9d: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ...
Markus Klein
11:55 Revision 4f8c8723: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ...
Markus Klein
11:22 Revision e8a2b21e: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ...
Markus Klein
09:07 Revision b948dc9c: [BUGFIX] Pagetree pointer cursor broken since ExtJS upgrade
Icons in the pagetree should show cursor:pointer on hover.
This changed with ExtJS-upgrade in #52933 because of
x-uns...
Stefan Neufeind

2013-12-17

01:52 Revision fd014c27: [TASK] Cleanup usage of getPageRenderer()
Change-Id: Id2dc49c9a5e5ca3ede14bc82218dd9ccdc7628ca
Resolves: #54123
Releases: 6.2
Reviewed-on: https://review.typo3...
Stefan Neufeind
01:50 Revision 7317b652: [BUGFIX] fileadmin is hardcoded in install tool
In the class "DefaultFactory", "fileadmin" is hardcoded.
The function "getDefaultStructureDefinition"
must take care ...
Eric Chavaillaz
01:46 Revision d2ec3ede: [TASK] Superfluous comparison in OpendocsController
Fix superfluous comparison against boolean in
OpendocsController::checkAccess
Change-Id: I0682042848f2f25856506d5949...
Wouter Wolters
01:46 Revision 1200db9d: [TASK] Superfluous comparison in DataHandler
Fix superfluous comparison against boolean in
DataHandler::versionizeRecord
Change-Id: I345917b9eb29f3cbb39a137f6249...
Wouter Wolters
01:45 Revision e93dd00b: [TASK] Superfluous comparison in RelationHandler
Fix superfluous comparison against boolean in
RelationHandler::readForeignField
Change-Id: I77f17dee6a14da7779dfe8e3...
Wouter Wolters
01:45 Revision 28929952: [TASK] Superfluous comparison in Language
Fix superfluous comparison against boolean in
Laguage::getLanguages
Change-Id: Idbf4c1f234eb1c60c01ea130095759ef49ce...
Wouter Wolters

2013-12-16

15:42 Revision 942366bc: [BUGFIX] Fix side effect for new class instantiation
With commit 6eb7a54 performance optimized class
instantiation code has been committed. This code
removed the side eff...
Helmut Hummel

2013-12-14

22:24 Revision 6eb7a548: [TASK] Optimize speed for instantiating class with arguments
PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class...
Helmut Hummel
09:47 Revision f2e37267: [BUGFIX] Create valid file reference index data
This patch prevents the creation of sys_refindex entries that point to no
table and no record.
Additionally it fixes...
Alexander Stehlik

2013-12-13

10:10 Revision 77fd61d1: [BUGFIX] Followup Fluid Template Fallback paths
In the previously merged patch are some glitches and a regression:
- The usage (and test for existence) of deprecated...
Anja Leichsenring
09:37 Revision 78b00f38: [BUGFIX] No double htmlspecialchars for filemount select
Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us...
Alexander Stehlik
09:37 Revision be7505a3: [BUGFIX] No double htmlspecialchars for filemount select
Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us...
Alexander Stehlik
09:35 Revision f47faeda: [BUGFIX] No double htmlspecialchars for filemount select
Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us...
Alexander Stehlik
06:34 Revision deb7bf3a: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Georg Ringer

2013-12-12

12:45 Revision d3e94945: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind
12:45 Revision 019d6b7e: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind
02:34 Revision 28ca149e: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind
02:34 Revision 41fe22d3: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind

2013-12-11

09:20 Revision ebd3e1bf: [BUGFIX] Clear statcache after writing file contents
To make sure calls to filesize() etc. return correct values the PHP
method clearstatcache() is called in the LocalDri...
Alexander Stehlik

2013-12-10

11:36 Revision b104b88b: [TASK] Set TYPO3 version to 6.1.8-dev
Change-Id: I31292d3e414fb00cdcad3660ce84f0e5c02a3d38
Reviewed-on: https://review.typo3.org/26238
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:35 Revision 71162ab7: [RELEASE] Release of TYPO3 6.1.7
Change-Id: I4119f8f03f8205e8c0bc9f524bac9267e3d2da9a
Reviewed-on: https://review.typo3.org/26237
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:26 Revision 3df75b8a: [TASK] Set TYPO3 version to 6.0.13-dev
Change-Id: Icdadc54348d6491619dd8dd51595e8664b101968
Reviewed-on: https://review.typo3.org/26235
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:25 Revision 8006e1fc: [RELEASE] Release of TYPO3 6.0.12
Change-Id: I87726750c92e85a2d28f6bd1bd1665cbef1a520a
Reviewed-on: https://review.typo3.org/26234
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:14 Revision b21f5e64: [TASK] Set TYPO3 version to 4.7.18-dev
Change-Id: If1b8bfdaf5bbd7d036e3dd382e72ea2f695ac303
Reviewed-on: https://review.typo3.org/26231
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:14 Revision a17830c5: [RELEASE] Release of TYPO3 4.7.17
Change-Id: I19333c4d3ad23dfddfab620cbe92edd1922d8c8a
Reviewed-on: https://review.typo3.org/26230
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:02 Revision beec43fe: [TASK] Set TYPO3 version to 4.5.33-dev
Change-Id: I3073c38f3df08f909e9d29b58acbd8f1671272c9
Reviewed-on: https://review.typo3.org/26227
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:01 Revision 17341dff: [RELEASE] Release of TYPO3 4.5.32
Change-Id: Ied61f0997ee99da6866d4c3d43fd46ed213c6c83
Reviewed-on: https://review.typo3.org/26226
Reviewed-by: TYPO3 R...
TYPO3 Release Team
10:55 Revision 107ac8e5: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:55 Revision 226d624a: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes:...
Marcus Krause
10:55 Revision fdd3d3f1: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:55 Revision f51afe2f: [SECURITY] XSS in backend user adminstration
Change-Id: I88807af69635d75f1fbefc62b4672e945397fb07
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 715b2c58c...
Marc Bastian Heinrichs
10:54 Revision b4965e06: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Helmut Hummel
10:54 Revision 5f32f0a4: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Helmut Hummel
10:54 Revision 5eae4a87: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:54 Revision 1b626691: [SECURITY] XSS in beuser VH
The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I0dad...
Anja Leichsenring
10:54 Revision db9563ca: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:54 Revision 4d44daa0: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Steffen Ritter
10:54 Revision 74819714: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:54 Revision cb8db286: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: If3da2b476a98efa67815bf84095843ab2f65949f
Fixes:...
Marcus Krause
10:54 Revision 2d29894a: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:54 Revision dca9c889: [SECURITY] XSS in backend user adminstration
Change-Id: Ie4a34a40e167b7fe54da29d16e1e962668218907
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: be70b6e6d...
Marc Bastian Heinrichs
10:54 Revision 450e5d3f: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Helmut Hummel
10:53 Revision 7e7f9e39: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Helmut Hummel
10:53 Revision ad119457: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:53 Revision 18e04918: [SECURITY] XSS in beuser VH
The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I6b99...
Anja Leichsenring
10:53 Revision cbbeefd9: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:53 Revision 163947ae: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Steffen Ritter
10:53 Revision c703d1d0: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:53 Revision 0f1e28b9: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes:...
Marcus Krause
10:53 Revision 1cbe889f: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:53 Revision 79f68504: [SECURITY] XSS in backend user adminstration
Change-Id: I1d31daf0dbc0dfa0ae49c17be9e6e85a85b8bea2
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 6fae30c4a...
Marc Bastian Heinrichs
10:53 Revision b22cbce4: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Helmut Hummel
10:53 Revision e4134aea: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Helmut Hummel
10:52 Revision 2fb02777: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt...
Anja Leichsenring
10:52 Revision bd6095f0: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:52 Revision 872cf3d9: [SECURITY] XSS in beuser VH
The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I2cb3...
Anja Leichsenring
10:52 Revision cb55c536: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:52 Revision 578cc800: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Steffen Ritter
10:52 Revision efa9e0b6: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:52 Revision d207548f: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I0de44c590d5af304ef854628d6f5eab0c0b681ca
Fixes:...
Anja Leichsenring
10:52 Revision 92712d61: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:52 Revision 573f7209: [SECURITY] XSS vulnerability in extension manager
Add escaping on extension meta data when rendering.
Change-Id: I6f65cb5fb4f0d290349c15c03a3d52f4b0d18fda
Fixes: #208...
Marcus Krause
10:52 Revision b7eac594: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Anja Leichsenring
10:51 Revision 319a06c8: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Anja Leichsenring
10:51 Revision 834afa5f: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt...
Steffen Ritter
10:51 Revision aa08f148: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:51 Revision f3b5a6a9: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:51 Revision 0bc4fc4f: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Marcus Krause
10:51 Revision 60576d14: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:51 Revision 77dc1c4e: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: Ia5d181bb74f3cbe2d2b7c75097655f9c7593b70d
Fixes:...
Anja Leichsenring
10:51 Revision 52d3bff4: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:51 Revision cae8739c: [SECURITY] XSS vulnerability in extension manager
Add escaping on extension meta data when rendering.
Change-Id: I64cb5f23281ddb6c63439bf33aaeac1b1fa803b4
Fixes: #208...
Marcus Krause
10:51 Revision ba92f0ab: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Anja Leichsenring
10:51 Revision 63ff9109: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Anja Leichsenring
10:50 Revision c4d13361: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt...
Steffen Ritter
10:50 Revision 53422848: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:50 Revision b360a1a8: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:50 Revision 78ee538c: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Marcus Krause

2013-12-08

16:29 Revision 75fb62de: Revert "[FEATURE] Fallback/default case for SwitchViewhelper"
This reverts commit 8e022bcbea4f7775ce10fee30b4682a6047c461c
Merged a Feature after Feature Freeze is not acceptable...
Anja Leichsenring
14:50 Revision 8e022bcb: [FEATURE] Fallback/default case for SwitchViewhelper
In order to provide the full functionality known from the
switch/case PHP function, a default case possibility is
int...
Jan Kiesewetter
13:50 Revision 5aa4ab2b: [BUGFIX] Fix failing test
Change-Id: I26b7697cdc4b40e007b89898491761105d0ba696
Resolves: #54282
Releases: 4.5
Reviewed-on: https://review.typo3...
Anja Leichsenring
13:45 Revision 6add2213: [BUGFIX] Fix failing test
A superflous function was used, that does not exist in Extbase 1.3.
Change-Id: Ib25d21c53afc47a36fe44e4317abd78e736d...
Anja Leichsenring
09:55 Revision 8b3284ca: [BUGFIX] Allow Editing field creator_tool in sys_file_metadata
The filemetadata extension adds additional fields to the sys_file_metadata
table. The field creator_tool is defined i...
Xavier Perseguers

2013-12-07

09:50 Revision e0c68ddf: [TASK] Add editing of file metadata to ClickMenu
The Context-Menu of files misses the editing pen allowing
to directly edit the metadata of the file. Currently it
onl...
Steffen Ritter

2013-12-06

23:51 Revision 51de0fa8: [BUGFIX] Re-Introduce feature to go one level up in file list
When the file list has been reworked to use FAL instead of
plain PHP file functions the feature to go one level up ha...
Steffen Ritter
23:19 Revision 4d5c8a8b: [TASK] Superfluous comparison in CronCommand
Fix superfluous comparison against boolean in
CronCommand::dayMatchesCronCommand
Change-Id: Ia1d852ffbbc772dd89587d3...
Wouter Wolters

2013-12-04

19:54 Revision 0bbcf358: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self...
Claus Due

2013-12-02

20:20 Revision c400e941: [BUGFIX] ClientUtility does not detect Internet Explorer 11
Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing...
Stefan Neufeind
20:19 Revision 0c3fa95d: [BUGFIX] ClientUtility does not detect Internet Explorer 11
Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing...
Stefan Neufeind
20:19 Revision 9757d0c8: [BUGFIX] ClientUtility does not detect Internet Explorer 11
Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing...
Stefan Neufeind
20:19 Revision d21a628c: [BUGFIX] ClientUtility does not detect Internet Explorer 11
Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing...
Stefan Neufeind
20:19 Revision e832e80e: [BUGFIX] ClientUtility does not detect Internet Explorer 11
Since the Release of Microsoft IE 11 there is no "MSIE" hint in
its user agent header anymore. Therefore the existing...
Stefan Neufeind
15:44 Revision d353ab05: Revert "[BUGFIX] Object passed to date()"
This reverts commit d361b2999c8ba8d1cdb218ead4f60ef1de9fe458
The change I6821bafa51372c50d8903c63d62ea44933bc12b3 do...
Markus Klein
15:44 Revision 124a913b: Revert "[BUGFIX] Object passed to date()"
This reverts commit d361b2999c8ba8d1cdb218ead4f60ef1de9fe458
The change I6821bafa51372c50d8903c63d62ea44933bc12b3 do...
Markus Klein
15:42 Revision 5bf7430c: [BUGFIX] Add missing namespacing for calling GeneralUtility
Regression-fix for change from:
https://review.typo3.org/25057
Resolves: #54117
Releases: 6.1, 6.0
Change-Id: I0de15...
Stefan Neufeind
15:41 Revision e5380209: [BUGFIX] Add missing namespacing for calling GeneralUtility
Regression-fix for change from:
https://review.typo3.org/25057
Resolves: #54117
Releases: 6.1, 6.0
Change-Id: I0de15...
Stefan Neufeind
11:51 Revision ae944d90: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind

2013-12-01

12:24 Revision c7f4df4e: [TASK] Installer: textarea for [FE][defaultTypoScript_setup]
The defaultTypoScript_setup has a different configuration than
defaultTypoScript_constants.
Make them equal.
Resolve...
Markus Klein
11:54 Revision 3f2e9717: Revert "[BUGFIX] Distinguish unassigend columns and colPos 0"
TYPO3 4.7 is in extended maintenance mode, which actually means
only security fixes and blocking fixes upon RM approv...
Steffen Ritter
11:52 Revision a4408f87: [BUGFIX] Faulty and superfluous code in import/export module
There is faulty and superfluous code in import/export module:
* ModuleFunctionController does not work at all, this p...
Oliver Hader
11:49 Revision 0af75913: [TASK] Fix broken references in LegacyClassesForIde
The LegacyClassesForIde.php contains some class definition
which extend non-existing or wrong classes.
Also fix some...
Markus Klein

2013-11-30

17:28 Revision 575f0ba4: [TASK] Remove non-evaluated parameter from _GP function calls
Remove second (no longer evaluated) _GP() function call parameter.
Resolves: #54106
Releases: 6.2
Change-Id: I5b8f64...
Marcus Krause
15:24 Revision ec3a2d40: [BUGFIX] Missing phpinfo() module in install tool
Adds phpinfo() information in System Environment section from
the Install Tool, after warning / error messages.
Fixe...
Tomita Militaru
 

Also available in: Atom