Activity
From 2013-12-09 to 2014-01-07
2014-01-07
- 22:18 Revision 95886120: [TASK] Clean up uses of fe_adminLib properties
- Two Core tables (fe_users and index_config) still use the
"fe_admin_fieldList" property, which has no effect on the
C... - 19:05 Revision 272f80c5: [BUGFIX] PageBrowsing ViewHelper defines unused method argument
- The PHP-Doc comments for the render-method in PageBrowsing
Viewhelper on Indexed Search define a $details argument
fo... - 18:59 Revision e09b3811: [BUGFIX] Repository uses wrong property to calc current result page
- In the IndexedSearchRepository on line 157 an undefined/unused
property $this->resultsPerPage is used for the calcula... - 18:59 Revision 9de93a17: [BUGFIX] Repository uses wrong property to calc current result page
- In the IndexedSearchRepository on line 157 an undefined/unused
property $this->resultsPerPage is used for the calcula... - 18:39 Revision a564071e: [BUGFIX] PageBrowsing ViewHelper defines unused method argument
- The PHP-Doc comments for the render-method in PageBrowsing
Viewhelper on Indexed Search define a $details argument
fo... - 14:35 Revision 185658af: [BUGFIX] Fix dependencies for non-composer extensions
- The method packageRequirementIsComposerPackage of
TYPO3\CMS\Core\Package ignores all non composer package
names and t...
2014-01-06
- 20:33 Revision 76dea628: [BUGFIX] Replace reference to Security Cookbook with Security Guide
- Section "TYPO3 Security" refers to the TYPO3 Security Cookbook, which is
obsolete and has been replaced by the offici...
2014-01-04
- 17:41 Revision c0baab82: [TASK] Cleanup convertParameterReflectionToArray()
- ReflectionService::convertParameterReflectionToArray() checks
functions already returning boolean again for boolean v... - 17:40 Revision 2c40d1b1: [BUGFIX] Allow NULL values in INSERT queries
- Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To m... - 17:36 Revision 81a30e8a: [BUGFIX] Allow NULL values in INSERT queries
- Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To m... - 16:50 Revision dd187dd1: [TASK] Optimize speed for instantiating class with arguments
- PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class... - 16:49 Revision 67ac84c0: [TASK] Optimize speed for instantiating class with arguments
- PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class... - 16:39 Revision 4cd861c0: [BUGFIX] Set uid of BE_USER mock in functional tests
- Datahandler functional tests lack proper initialization of the
BE_USER mock used.
Set a 'uid' for the mock in order ... - 15:36 Revision 8207a2bb: [BUGFIX] Allow NULL values in INSERT queries
- Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To m...
2014-01-03
- 15:44 Revision 6a663554: [BUGFIX] EM does not always show description
- When an extension (like rsaauth) has configuration options in the
extension manager, the description is not shown as ...
2013-12-30
- 18:21 Revision e7128300: [TASK] joinTSarrays() is replaced by array_replace_recursive()
- \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::joinTSarrays is
replaced by the PHP native array_replace_rec...
2013-12-23
- 12:37 Revision c2211f54: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
- When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self... - 12:36 Revision 9283d4b8: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
- When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self...
2013-12-21
- 15:50 Revision f8fdcea7: [BUGFIX] isValidUrl() idna converts whole URI
- GeneralUtility::isValidUrl() idna converts whole URI instead of
domain only.
The expensive idna_convert() is called ... - 14:11 Revision 8379b1af: [BUGFIX] Fix message for install tool warning
- Fix incorrect message for install tool login attempt warning.
Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b... - 11:03 Revision 28b91ac6: [BUGFIX] Folder::getFiles directly calls Factory::createFileObject
- Folder::getFiles implements the logic of creating file objects
itself, after retrieving the information from the driv... - 11:02 Revision b100e06f: [BUGFIX] getFileIndexRecordsForFolder only works for hierarchical path
- The method FileRepository::getFileIndexRecordsForFolder
retrieves the Index Records for files in a given folder using...
2013-12-20
- 13:47 Revision 2a392e44: [BUGFIX] Fix message for install tool warning
- Fix incorrect message for install tool login attempt warning.
Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b... - 11:02 Revision 6aaa9bf4: [TASK] UX enhancement for EXT:documentation
- Rework the documentation module according to the
discussion with the TYPO3 Usability Team.
Resolves: #54067
Releases...
2013-12-19
- 16:22 Revision 57106fbf: [TASK] Set TYPO3 version to 6.2-dev
- Change-Id: Ia6a172bcc88924db714005165d92added4bb4a1a
Reviewed-on: https://review.typo3.org/26493
Reviewed-by: TYPO3 R... - 16:21 Revision b547f600: [RELEASE] Release of TYPO3 6.2.0beta3
- Change-Id: I59ca5042eda854c6d3daf02b54c23bb3acd615ff
Reviewed-on: https://review.typo3.org/26492
Reviewed-by: TYPO3 R... - 15:23 Revision 75f9c586: [TASK] Setup travis notifications
- Since the travis ci service changed the notification
policy to not notify authors of commits on failed
builds, we nee... - 14:51 Revision 9562f0d6: [TASK] Update NEWS.md for system categories
- The following changes to system categories should be mentioned
in NEWS.md:
* activation by default on pages and tt_c... - 14:45 Revision 3cdda5b9: Revert "[BUGFIX] Replace the table definition manipulation by signals"
- This reverts commit 2d6e8deae30794afb1967c38857f49b10060f38d
This merge broke travis unit and functional tests.
Needs... - 14:29 Revision 8b8d2ea9: [BUGFIX] Missing CSH for categories-based menus
- New fields were added to the tt_content table to be used when creating
categories-based menus (of pages or content el... - 07:51 Revision 2d6e8dea: [BUGFIX] Replace the table definition manipulation by signals
- During installation of extensions the Extension Manager does
not take the Category API into account. The code to do s... - 01:17 Revision c578371a: [TASK] Mark PathUtility::stripPathSitePrefix as internal
- This is a follow up to 7efcf2a4 which marks the newly
introduced method as internal.
https://review.typo3.org/25851
...
2013-12-18
- 23:30 Revision befa7993: [TASK] oncontextmenu: Avoid duplicating onclick-functionality
- Where onclick and oncontextmenu behave the same avoid duplicating
JavaScript-code and simply call the click()-functio... - 23:29 Revision 7efcf2a4: [TASK] Add tool-function to strip PATH_site-part of paths
- Avoid having to use the substr/strlen-magic.
Also strlen(PATH_site) can be statically cached.
Change-Id: I0ef942e331... - 23:11 Revision f23f4acd: [BUGFIX] Follow up: Moving files and folders doesn't update hashes
- Since #53655, reviewed at https://review.typo3.org/25481 the indexer
takes care of updating file objects and index re... - 22:29 Revision 4a20881b: [TASK] Optimize Package State Migration
- Under certain circumstances the Failsafe Package Manager
could interfer with the Update Package Manager in the Instal... - 22:02 Revision 53a6a364: [TASK] Fix travis builds
- Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u... - 22:01 Revision 6be4de6a: [TASK] Fix travis builds
- Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u... - 21:59 Revision a95ab935: [TASK] Fix travis builds
- Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u... - 21:05 Revision a4c96cfa: [FEATURE] Allow the activation of packages during runtime
- Due to the nature of the Flow Package Manager, packages cannot
be activated and directly used during runtime. Before ... - 16:38 Revision e6bfc6e7: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
- ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv... - 16:38 Revision 2a4d6039: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
- ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv... - 15:58 Revision 26406761: [BUGFIX] Use correct file data variable in Indexer
- The processChangedAndNewFiles() method in the Indexer class now uses
the $fileIndexEntry variable for retrieving a fi... - 15:45 Revision 3cdab9df: [BUGFIX] Access to sys_files is incompatible to fe_access checks
- The system extension filemetadata adds access restriction fields
for selecting frontend user groups as known from tt_... - 15:44 Revision fc696569: [BUGFIX] Moving files and folders doesn't update hashes
- The ResourceStorage does not properly make use of the Indexer.
As result the indexRecord is not properly updated afte... - 15:27 Revision 52585063: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
- ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv... - 15:19 Revision faeb2528: [BUGFIX] Uncaught exception if editor has no file mount
- If an editor has got no file mounts, an uncaught exception
is shown in the element browser.
Fix this by checking if ... - 14:46 Revision e4590fe0: [BUGFIX] felogin: Unknown modifier in regular expression
- A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b... - 14:46 Revision 1294fe75: [BUGFIX] felogin: Unknown modifier in regular expression
- A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b... - 14:39 Revision bc038aa5: [BUGFIX] felogin: Unknown modifier in regular expression
- A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b... - 13:59 Revision 7b5276ef: [BUGFIX] Form Wizard saving destroys Radio Buttons
- This fixes a wrong parsing of \r\n characters for radio
button options.
Resolves: #53727
Releases: 6.2, 6.1, 6.0
Cha... - 11:55 Revision e8978f9d: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
- ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ... - 11:55 Revision 4f8c8723: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
- ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ... - 11:22 Revision e8a2b21e: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
- ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ... - 09:07 Revision b948dc9c: [BUGFIX] Pagetree pointer cursor broken since ExtJS upgrade
- Icons in the pagetree should show cursor:pointer on hover.
This changed with ExtJS-upgrade in #52933 because of
x-uns...
2013-12-17
- 01:52 Revision fd014c27: [TASK] Cleanup usage of getPageRenderer()
- Change-Id: Id2dc49c9a5e5ca3ede14bc82218dd9ccdc7628ca
Resolves: #54123
Releases: 6.2
Reviewed-on: https://review.typo3... - 01:50 Revision 7317b652: [BUGFIX] fileadmin is hardcoded in install tool
- In the class "DefaultFactory", "fileadmin" is hardcoded.
The function "getDefaultStructureDefinition"
must take care ... - 01:46 Revision d2ec3ede: [TASK] Superfluous comparison in OpendocsController
- Fix superfluous comparison against boolean in
OpendocsController::checkAccess
Change-Id: I0682042848f2f25856506d5949... - 01:46 Revision 1200db9d: [TASK] Superfluous comparison in DataHandler
- Fix superfluous comparison against boolean in
DataHandler::versionizeRecord
Change-Id: I345917b9eb29f3cbb39a137f6249... - 01:45 Revision e93dd00b: [TASK] Superfluous comparison in RelationHandler
- Fix superfluous comparison against boolean in
RelationHandler::readForeignField
Change-Id: I77f17dee6a14da7779dfe8e3... - 01:45 Revision 28929952: [TASK] Superfluous comparison in Language
- Fix superfluous comparison against boolean in
Laguage::getLanguages
Change-Id: Idbf4c1f234eb1c60c01ea130095759ef49ce...
2013-12-16
- 15:42 Revision 942366bc: [BUGFIX] Fix side effect for new class instantiation
- With commit 6eb7a54 performance optimized class
instantiation code has been committed. This code
removed the side eff...
2013-12-14
- 22:24 Revision 6eb7a548: [TASK] Optimize speed for instantiating class with arguments
- PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class... - 09:47 Revision f2e37267: [BUGFIX] Create valid file reference index data
- This patch prevents the creation of sys_refindex entries that point to no
table and no record.
Additionally it fixes...
2013-12-13
- 10:10 Revision 77fd61d1: [BUGFIX] Followup Fluid Template Fallback paths
- In the previously merged patch are some glitches and a regression:
- The usage (and test for existence) of deprecated... - 09:37 Revision 78b00f38: [BUGFIX] No double htmlspecialchars for filemount select
- Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us... - 09:37 Revision be7505a3: [BUGFIX] No double htmlspecialchars for filemount select
- Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us... - 09:35 Revision f47faeda: [BUGFIX] No double htmlspecialchars for filemount select
- Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us... - 06:34 Revision deb7bf3a: [TASK] Fix travis builds
- Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
2013-12-12
- 12:45 Revision d3e94945: [BUGFIX] Cleanly unset cookies on login in cookie-check
- Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett... - 12:45 Revision 019d6b7e: [BUGFIX] Cleanly unset cookies on login in cookie-check
- Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett... - 02:34 Revision 28ca149e: [BUGFIX] Cleanly unset cookies on login in cookie-check
- Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett... - 02:34 Revision 41fe22d3: [BUGFIX] Cleanly unset cookies on login in cookie-check
- Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
2013-12-11
- 09:20 Revision ebd3e1bf: [BUGFIX] Clear statcache after writing file contents
- To make sure calls to filesize() etc. return correct values the PHP
method clearstatcache() is called in the LocalDri...
2013-12-10
- 11:36 Revision b104b88b: [TASK] Set TYPO3 version to 6.1.8-dev
- Change-Id: I31292d3e414fb00cdcad3660ce84f0e5c02a3d38
Reviewed-on: https://review.typo3.org/26238
Reviewed-by: TYPO3 R... - 11:35 Revision 71162ab7: [RELEASE] Release of TYPO3 6.1.7
- Change-Id: I4119f8f03f8205e8c0bc9f524bac9267e3d2da9a
Reviewed-on: https://review.typo3.org/26237
Reviewed-by: TYPO3 R... - 11:26 Revision 3df75b8a: [TASK] Set TYPO3 version to 6.0.13-dev
- Change-Id: Icdadc54348d6491619dd8dd51595e8664b101968
Reviewed-on: https://review.typo3.org/26235
Reviewed-by: TYPO3 R... - 11:25 Revision 8006e1fc: [RELEASE] Release of TYPO3 6.0.12
- Change-Id: I87726750c92e85a2d28f6bd1bd1665cbef1a520a
Reviewed-on: https://review.typo3.org/26234
Reviewed-by: TYPO3 R... - 11:14 Revision b21f5e64: [TASK] Set TYPO3 version to 4.7.18-dev
- Change-Id: If1b8bfdaf5bbd7d036e3dd382e72ea2f695ac303
Reviewed-on: https://review.typo3.org/26231
Reviewed-by: TYPO3 R... - 11:14 Revision a17830c5: [RELEASE] Release of TYPO3 4.7.17
- Change-Id: I19333c4d3ad23dfddfab620cbe92edd1922d8c8a
Reviewed-on: https://review.typo3.org/26230
Reviewed-by: TYPO3 R... - 11:02 Revision beec43fe: [TASK] Set TYPO3 version to 4.5.33-dev
- Change-Id: I3073c38f3df08f909e9d29b58acbd8f1671272c9
Reviewed-on: https://review.typo3.org/26227
Reviewed-by: TYPO3 R... - 11:01 Revision 17341dff: [RELEASE] Release of TYPO3 4.5.32
- Change-Id: Ied61f0997ee99da6866d4c3d43fd46ed213c6c83
Reviewed-on: https://review.typo3.org/26226
Reviewed-by: TYPO3 R... - 10:55 Revision 107ac8e5: [SECURITY] XSS in header link of all content elements
- The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap... - 10:55 Revision 226d624a: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes:... - 10:55 Revision fdd3d3f1: [SECURITY] Prevent editor controlled hmac content
- An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ... - 10:55 Revision f51afe2f: [SECURITY] XSS in backend user adminstration
- Change-Id: I88807af69635d75f1fbefc62b4672e945397fb07
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 715b2c58c... - 10:54 Revision b4965e06: [SECURITY] Information Disclosure in Wizards
- It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA... - 10:54 Revision 5f32f0a4: [SECURITY] Fix open redirection in openid extension
- The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne... - 10:54 Revision 5eae4a87: [SECURITY] XSS in be_layout wizard
- Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th... - 10:54 Revision 1b626691: [SECURITY] XSS in beuser VH
- The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I0dad... - 10:54 Revision db9563ca: [SECURITY] Remove possible XSS from ActionController Error output
- As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err... - 10:54 Revision 4d44daa0: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
- If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th... - 10:54 Revision 74819714: [SECURITY] XSS in header link of all content elements
- The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap... - 10:54 Revision cb8db286: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: If3da2b476a98efa67815bf84095843ab2f65949f
Fixes:... - 10:54 Revision 2d29894a: [SECURITY] Prevent editor controlled hmac content
- An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ... - 10:54 Revision dca9c889: [SECURITY] XSS in backend user adminstration
- Change-Id: Ie4a34a40e167b7fe54da29d16e1e962668218907
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: be70b6e6d... - 10:54 Revision 450e5d3f: [SECURITY] Information Disclosure in Wizards
- It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA... - 10:53 Revision 7e7f9e39: [SECURITY] Fix open redirection in openid extension
- The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne... - 10:53 Revision ad119457: [SECURITY] XSS in be_layout wizard
- Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th... - 10:53 Revision 18e04918: [SECURITY] XSS in beuser VH
- The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I6b99... - 10:53 Revision cbbeefd9: [SECURITY] Remove possible XSS from ActionController Error output
- As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err... - 10:53 Revision 163947ae: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
- If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th... - 10:53 Revision c703d1d0: [SECURITY] XSS in header link of all content elements
- The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap... - 10:53 Revision 0f1e28b9: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes:... - 10:53 Revision 1cbe889f: [SECURITY] Prevent editor controlled hmac content
- An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ... - 10:53 Revision 79f68504: [SECURITY] XSS in backend user adminstration
- Change-Id: I1d31daf0dbc0dfa0ae49c17be9e6e85a85b8bea2
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 6fae30c4a... - 10:53 Revision b22cbce4: [SECURITY] Information Disclosure in Wizards
- It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA... - 10:53 Revision e4134aea: [SECURITY] Fix open redirection in openid extension
- The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne... - 10:52 Revision 2fb02777: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
- The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt... - 10:52 Revision bd6095f0: [SECURITY] XSS in be_layout wizard
- Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th... - 10:52 Revision 872cf3d9: [SECURITY] XSS in beuser VH
- The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I2cb3... - 10:52 Revision cb55c536: [SECURITY] Remove possible XSS from ActionController Error output
- As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err... - 10:52 Revision 578cc800: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
- If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th... - 10:52 Revision efa9e0b6: [SECURITY] Prevent editor controlled hmac content
- An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ... - 10:52 Revision d207548f: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: I0de44c590d5af304ef854628d6f5eab0c0b681ca
Fixes:... - 10:52 Revision 92712d61: [SECURITY] XSS in header link of all content elements
- The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap... - 10:52 Revision 573f7209: [SECURITY] XSS vulnerability in extension manager
- Add escaping on extension meta data when rendering.
Change-Id: I6f65cb5fb4f0d290349c15c03a3d52f4b0d18fda
Fixes: #208... - 10:52 Revision b7eac594: [SECURITY] Information Disclosure in Wizards
- It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA... - 10:51 Revision 319a06c8: [SECURITY] Fix open redirection in openid extension
- The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne... - 10:51 Revision 834afa5f: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
- The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt... - 10:51 Revision aa08f148: [SECURITY] XSS in be_layout wizard
- Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th... - 10:51 Revision f3b5a6a9: [SECURITY] Remove possible XSS from ActionController Error output
- As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err... - 10:51 Revision 0bc4fc4f: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
- If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th... - 10:51 Revision 60576d14: [SECURITY] XSS in header link of all content elements
- The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap... - 10:51 Revision 77dc1c4e: [SECURITY] XSS in colorpicker wizard
- Encode user-input in JavaScript context for colorpicker.
Change-Id: Ia5d181bb74f3cbe2d2b7c75097655f9c7593b70d
Fixes:... - 10:51 Revision 52d3bff4: [SECURITY] Prevent editor controlled hmac content
- An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ... - 10:51 Revision cae8739c: [SECURITY] XSS vulnerability in extension manager
- Add escaping on extension meta data when rendering.
Change-Id: I64cb5f23281ddb6c63439bf33aaeac1b1fa803b4
Fixes: #208... - 10:51 Revision ba92f0ab: [SECURITY] Information Disclosure in Wizards
- It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA... - 10:51 Revision 63ff9109: [SECURITY] Fix open redirection in openid extension
- The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne... - 10:50 Revision c4d13361: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
- The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt... - 10:50 Revision 53422848: [SECURITY] XSS in be_layout wizard
- Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th... - 10:50 Revision b360a1a8: [SECURITY] Remove possible XSS from ActionController Error output
- As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err... - 10:50 Revision 78ee538c: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
- If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Also available in: Atom