Project

General

Profile

Activity

From 2013-12-10 to 2014-01-08

2014-01-08

20:35 Revision 270a7eaa: [BUGFIX] Functional tests cannot write to backend log
Functional test cases cannot write to the backend log. The
log entry also has an information about the currently used...
Oliver Hader
20:10 Revision 05ba10c3: [TASK] Cleanup ContentObject\ContentObjectRenderer
Implement early return for many methods.
Change-Id: I7e0c8549037f4ab15ee8653d124891bad655db83
Resolves: #54823
Relea...
Michiel Roos
19:04 Revision 03d63200: [BUGFIX] foreign_match_fields not fully supported
foreign_match_fields were not fully supported
Resolves: #47694
Relates: #45337
Releases: 6.2, 6.1
Change-Id: I212cbdb...
Stefan Froemken
16:06 Revision 74be2dfb: [BUGFIX] l10n_mode for "pages" table and group fields.
This patch respects the l10modes for pages, and mergeIfNotBlank for
type "group" fields.
Change-Id: I18a4caffc5761f9...
Joh. Feustel
16:04 Revision e9594510: [BUGFIX] Form Wizard saving destroys Radio Buttons
This fixes a wrong parsing of \r\n characters for radio
button options.
Resolves: #53727
Releases: 6.2, 6.1, 6.0
Cha...
Markus Klein
16:04 Revision d1e21106: [BUGFIX] Form Wizard saving destroys Radio Buttons
This fixes a wrong parsing of \r\n characters for radio
button options.
Resolves: #53727
Releases: 6.2, 6.1, 6.0
Cha...
Markus Klein
16:01 Revision 42a3eb3b: [BUGFIX] Display relations' titles when TCA label field is type inline
This change adds a case to treat "inline" TCA types the same way
"select" is treated when building the record's label...
Claus Due
16:01 Revision 96ff9279: [BUGFIX] Display relations' titles when TCA label field is type inline
This change adds a case to treat "inline" TCA types the same way
"select" is treated when building the record's label...
Claus Due
16:01 Revision f3b87113: [BUGFIX] Display relations' titles when TCA label field is type inline
This change adds a case to treat "inline" TCA types the same way
"select" is treated when building the record's label...
Stefan Froemken
16:01 Revision 765882ed: [BUGFIX] Display relations' titles when TCA label field is type inline
This change adds a case to treat "inline" TCA types the same way
"select" is treated when building the record's label...
Stefan Froemken
15:39 Revision 8042d929: [BUGFIX] Render ext icon in EM only if available
Even if the ext icon is required, it can happen that it is still not
there. Currently this leads to an ugly output wh...
Georg Ringer
13:33 Revision ff2933b8: [TASK] Use arrays in str_replace() calls
Multiple consecutive calls to str_replace can be replaced with a single
call if the subject is the same.
This will s...
Michiel Roos
13:13 Revision 2917b074: [TASK] Improve performance of array_merge_recursive_overrule
The method GeneralUtility::array_merge_recursive_overrule()
always works on a copy of the given array(s). This is hig...
Markus Klein
11:27 Revision 9e88bf74: [TASK] Optimize columns in sys_file_reference
MySQL up to version 5.5 allows at maximum 64 characters for table-
and fieldnames. Other DBMS allow less. Since MySQL...
Ingo Schmitt
10:43 Revision 6335a24a: [TASK] Adapt indexes of sys_file_reference
The backend and frontend fire several queries for referenced
files - files with metadata overlay as used in tt_conten...
Ingo Schmitt
00:09 Revision 15b522c4: [TASK] Superfluous comparison in indexed_search
Change-Id: I1934a6201876290b706078519e934e05c28352ab
Resolves: #54053
Releases: 6.2
Reviewed-on: https://review.typo3...
Wouter Wolters
00:05 Revision e36d347f: [TASK] Superfluous comparison in DatabaseRecordList
Fix superfluous comparison against boolean in
DatabaseRecordList::getTable
Change-Id: Icdbf78935da4135a7c6b4902b97c8...
Wouter Wolters

2014-01-07

22:18 Revision 95886120: [TASK] Clean up uses of fe_adminLib properties
Two Core tables (fe_users and index_config) still use the
"fe_admin_fieldList" property, which has no effect on the
C...
Francois Suter
19:05 Revision 272f80c5: [BUGFIX] PageBrowsing ViewHelper defines unused method argument
The PHP-Doc comments for the render-method in PageBrowsing
Viewhelper on Indexed Search define a $details argument
fo...
Benjamin Rau
18:59 Revision e09b3811: [BUGFIX] Repository uses wrong property to calc current result page
In the IndexedSearchRepository on line 157 an undefined/unused
property $this->resultsPerPage is used for the calcula...
Benjamin Rau
18:59 Revision 9de93a17: [BUGFIX] Repository uses wrong property to calc current result page
In the IndexedSearchRepository on line 157 an undefined/unused
property $this->resultsPerPage is used for the calcula...
Benjamin Rau
18:39 Revision a564071e: [BUGFIX] PageBrowsing ViewHelper defines unused method argument
The PHP-Doc comments for the render-method in PageBrowsing
Viewhelper on Indexed Search define a $details argument
fo...
Benjamin Rau
14:35 Revision 185658af: [BUGFIX] Fix dependencies for non-composer extensions
The method packageRequirementIsComposerPackage of
TYPO3\CMS\Core\Package ignores all non composer package
names and t...
Thomas Maroschik

2014-01-06

20:33 Revision 76dea628: [BUGFIX] Replace reference to Security Cookbook with Security Guide
Section "TYPO3 Security" refers to the TYPO3 Security Cookbook, which is
obsolete and has been replaced by the offici...
Michael Schams

2014-01-04

17:41 Revision c0baab82: [TASK] Cleanup convertParameterReflectionToArray()
ReflectionService::convertParameterReflectionToArray() checks
functions already returning boolean again for boolean v...
Michiel Roos
17:40 Revision 2c40d1b1: [BUGFIX] Allow NULL values in INSERT queries
Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To m...
Alexander Stehlik
17:36 Revision 81a30e8a: [BUGFIX] Allow NULL values in INSERT queries
Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To m...
Alexander Stehlik
16:50 Revision dd187dd1: [TASK] Optimize speed for instantiating class with arguments
PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class...
Helmut Hummel
16:49 Revision 67ac84c0: [TASK] Optimize speed for instantiating class with arguments
PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class...
Helmut Hummel
16:39 Revision 4cd861c0: [BUGFIX] Set uid of BE_USER mock in functional tests
Datahandler functional tests lack proper initialization of the
BE_USER mock used.
Set a 'uid' for the mock in order ...
Markus Klein
15:36 Revision 8207a2bb: [BUGFIX] Allow NULL values in INSERT queries
Currently only UPDATE queries pass the $allowNull parameter to the
fullQuoteStr() method in the DatabaseHandler. To m...
Alexander Stehlik

2014-01-03

15:44 Revision 6a663554: [BUGFIX] EM does not always show description
When an extension (like rsaauth) has configuration options in the
extension manager, the description is not shown as ...
Michiel Roos

2013-12-30

18:21 Revision e7128300: [TASK] joinTSarrays() is replaced by array_replace_recursive()
\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::joinTSarrays is
replaced by the PHP native array_replace_rec...
Michiel Roos

2013-12-23

12:37 Revision c2211f54: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self...
Claus Due
12:36 Revision 9283d4b8: [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception
When using aliased ViewHelper class names and old Tx_ namespace in
template and ViewHelper uses closing tag (not self...
Claus Due

2013-12-21

15:50 Revision f8fdcea7: [BUGFIX] isValidUrl() idna converts whole URI
GeneralUtility::isValidUrl() idna converts whole URI instead of
domain only.
The expensive idna_convert() is called ...
Michiel Roos
14:11 Revision 8379b1af: [BUGFIX] Fix message for install tool warning
Fix incorrect message for install tool login attempt warning.
Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b...
Cynthia Mattingly
11:03 Revision 28b91ac6: [BUGFIX] Folder::getFiles directly calls Factory::createFileObject
Folder::getFiles implements the logic of creating file objects
itself, after retrieving the information from the driv...
Steffen Ritter
11:02 Revision b100e06f: [BUGFIX] getFileIndexRecordsForFolder only works for hierarchical path
The method FileRepository::getFileIndexRecordsForFolder
retrieves the Index Records for files in a given folder using...
Steffen Ritter

2013-12-20

13:47 Revision 2a392e44: [BUGFIX] Fix message for install tool warning
Fix incorrect message for install tool login attempt warning.
Resolves: #54531
Releases: 6.2, 6.1
Change-Id: I40f34b...
Cynthia Mattingly
11:02 Revision 6aaa9bf4: [TASK] UX enhancement for EXT:documentation
Rework the documentation module according to the
discussion with the TYPO3 Usability Team.
Resolves: #54067
Releases...
Xavier Perseguers

2013-12-19

16:22 Revision 57106fbf: [TASK] Set TYPO3 version to 6.2-dev
Change-Id: Ia6a172bcc88924db714005165d92added4bb4a1a
Reviewed-on: https://review.typo3.org/26493
Reviewed-by: TYPO3 R...
TYPO3 Release Team
16:21 Revision b547f600: [RELEASE] Release of TYPO3 6.2.0beta3
Change-Id: I59ca5042eda854c6d3daf02b54c23bb3acd615ff
Reviewed-on: https://review.typo3.org/26492
Reviewed-by: TYPO3 R...
TYPO3 Release Team
15:23 Revision 75f9c586: [TASK] Setup travis notifications
Since the travis ci service changed the notification
policy to not notify authors of commits on failed
builds, we nee...
Helmut Hummel
14:51 Revision 9562f0d6: [TASK] Update NEWS.md for system categories
The following changes to system categories should be mentioned
in NEWS.md:
* activation by default on pages and tt_c...
Francois Suter
14:45 Revision 3cdda5b9: Revert "[BUGFIX] Replace the table definition manipulation by signals"
This reverts commit 2d6e8deae30794afb1967c38857f49b10060f38d
This merge broke travis unit and functional tests.
Needs...
Helmut Hummel
14:29 Revision 8b8d2ea9: [BUGFIX] Missing CSH for categories-based menus
New fields were added to the tt_content table to be used when creating
categories-based menus (of pages or content el...
Francois Suter
07:51 Revision 2d6e8dea: [BUGFIX] Replace the table definition manipulation by signals
During installation of extensions the Extension Manager does
not take the Category API into account. The code to do s...
Thomas Maroschik
01:17 Revision c578371a: [TASK] Mark PathUtility::stripPathSitePrefix as internal
This is a follow up to 7efcf2a4 which marks the newly
introduced method as internal.
https://review.typo3.org/25851
...
Markus Klein

2013-12-18

23:30 Revision befa7993: [TASK] oncontextmenu: Avoid duplicating onclick-functionality
Where onclick and oncontextmenu behave the same avoid duplicating
JavaScript-code and simply call the click()-functio...
Stefan Neufeind
23:29 Revision 7efcf2a4: [TASK] Add tool-function to strip PATH_site-part of paths
Avoid having to use the substr/strlen-magic.
Also strlen(PATH_site) can be statically cached.
Change-Id: I0ef942e331...
Stefan Neufeind
23:11 Revision f23f4acd: [BUGFIX] Follow up: Moving files and folders doesn't update hashes
Since #53655, reviewed at https://review.typo3.org/25481 the indexer
takes care of updating file objects and index re...
Stefan Neufeind
22:29 Revision 4a20881b: [TASK] Optimize Package State Migration
Under certain circumstances the Failsafe Package Manager
could interfer with the Update Package Manager in the Instal...
Thomas Maroschik
22:02 Revision 53a6a364: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Markus Klein
22:01 Revision 6be4de6a: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Markus Klein
21:59 Revision a95ab935: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Markus Klein
21:05 Revision a4c96cfa: [FEATURE] Allow the activation of packages during runtime
Due to the nature of the Flow Package Manager, packages cannot
be activated and directly used during runtime. Before ...
Thomas Maroschik
16:38 Revision e6bfc6e7: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv...
Markus Klein
16:38 Revision 2a4d6039: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv...
Markus Klein
15:58 Revision 26406761: [BUGFIX] Use correct file data variable in Indexer
The processChangedAndNewFiles() method in the Indexer class now uses
the $fileIndexEntry variable for retrieving a fi...
Alexander Stehlik
15:45 Revision 3cdab9df: [BUGFIX] Access to sys_files is incompatible to fe_access checks
The system extension filemetadata adds access restriction fields
for selecting frontend user groups as known from tt_...
Steffen Ritter
15:44 Revision fc696569: [BUGFIX] Moving files and folders doesn't update hashes
The ResourceStorage does not properly make use of the Indexer.
As result the indexRecord is not properly updated afte...
Frans Saris
15:27 Revision 52585063: [BUGFIX] ArrayIterator::seek() warning in ElementBrowser
ElementBrowser calls Folder::getFiles() with wrong parameters.
Properly implement the file extensions filter.
Resolv...
Markus Klein
15:19 Revision faeb2528: [BUGFIX] Uncaught exception if editor has no file mount
If an editor has got no file mounts, an uncaught exception
is shown in the element browser.
Fix this by checking if ...
Markus Klein
14:46 Revision e4590fe0: [BUGFIX] felogin: Unknown modifier in regular expression
A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b...
Wouter Wolters
14:46 Revision 1294fe75: [BUGFIX] felogin: Unknown modifier in regular expression
A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b...
Wouter Wolters
14:39 Revision bc038aa5: [BUGFIX] felogin: Unknown modifier in regular expression
A regular expression in FrontendLoginController
contains an unknown modifier. Fix it by replacing the
/ to # at the b...
Wouter Wolters
13:59 Revision 7b5276ef: [BUGFIX] Form Wizard saving destroys Radio Buttons
This fixes a wrong parsing of \r\n characters for radio
button options.
Resolves: #53727
Releases: 6.2, 6.1, 6.0
Cha...
Markus Klein
11:55 Revision e8978f9d: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ...
Markus Klein
11:55 Revision 4f8c8723: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ...
Markus Klein
11:22 Revision e8a2b21e: [BUGFIX] Remove ElementBrowser::isReadOnlyFolder
ElementBrowser::isReadOnlyFolder is not required any more because the
check if the folder is writable has been moved ...
Markus Klein
09:07 Revision b948dc9c: [BUGFIX] Pagetree pointer cursor broken since ExtJS upgrade
Icons in the pagetree should show cursor:pointer on hover.
This changed with ExtJS-upgrade in #52933 because of
x-uns...
Stefan Neufeind

2013-12-17

01:52 Revision fd014c27: [TASK] Cleanup usage of getPageRenderer()
Change-Id: Id2dc49c9a5e5ca3ede14bc82218dd9ccdc7628ca
Resolves: #54123
Releases: 6.2
Reviewed-on: https://review.typo3...
Stefan Neufeind
01:50 Revision 7317b652: [BUGFIX] fileadmin is hardcoded in install tool
In the class "DefaultFactory", "fileadmin" is hardcoded.
The function "getDefaultStructureDefinition"
must take care ...
Eric Chavaillaz
01:46 Revision d2ec3ede: [TASK] Superfluous comparison in OpendocsController
Fix superfluous comparison against boolean in
OpendocsController::checkAccess
Change-Id: I0682042848f2f25856506d5949...
Wouter Wolters
01:46 Revision 1200db9d: [TASK] Superfluous comparison in DataHandler
Fix superfluous comparison against boolean in
DataHandler::versionizeRecord
Change-Id: I345917b9eb29f3cbb39a137f6249...
Wouter Wolters
01:45 Revision e93dd00b: [TASK] Superfluous comparison in RelationHandler
Fix superfluous comparison against boolean in
RelationHandler::readForeignField
Change-Id: I77f17dee6a14da7779dfe8e3...
Wouter Wolters
01:45 Revision 28929952: [TASK] Superfluous comparison in Language
Fix superfluous comparison against boolean in
Laguage::getLanguages
Change-Id: Idbf4c1f234eb1c60c01ea130095759ef49ce...
Wouter Wolters

2013-12-16

15:42 Revision 942366bc: [BUGFIX] Fix side effect for new class instantiation
With commit 6eb7a54 performance optimized class
instantiation code has been committed. This code
removed the side eff...
Helmut Hummel

2013-12-14

22:24 Revision 6eb7a548: [TASK] Optimize speed for instantiating class with arguments
PHP reflection has quite an overhead in performance.
Use a switch construct like in Flow instead to
instantiate class...
Helmut Hummel
09:47 Revision f2e37267: [BUGFIX] Create valid file reference index data
This patch prevents the creation of sys_refindex entries that point to no
table and no record.
Additionally it fixes...
Alexander Stehlik

2013-12-13

10:10 Revision 77fd61d1: [BUGFIX] Followup Fluid Template Fallback paths
In the previously merged patch are some glitches and a regression:
- The usage (and test for existence) of deprecated...
Anja Leichsenring
09:37 Revision 78b00f38: [BUGFIX] No double htmlspecialchars for filemount select
Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us...
Alexander Stehlik
09:37 Revision be7505a3: [BUGFIX] No double htmlspecialchars for filemount select
Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us...
Alexander Stehlik
09:35 Revision f47faeda: [BUGFIX] No double htmlspecialchars for filemount select
Since the labels and values of select items are run through
htmlspecialchars by the FormEngine there is no need to us...
Alexander Stehlik
06:34 Revision deb7bf3a: [TASK] Fix travis builds
Due some regressions on side of travis
(https://github.com/travis-ci/travis-ci/issues/1710) an older git version
is u...
Georg Ringer

2013-12-12

12:45 Revision d3e94945: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind
12:45 Revision 019d6b7e: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind
02:34 Revision 28ca149e: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind
02:34 Revision 41fe22d3: [BUGFIX] Cleanly unset cookies on login in cookie-check
Needed to workaround a login-problem with IE11.
ExtJS tries to clear a cookie with different settings than when
sett...
Stefan Neufeind

2013-12-11

09:20 Revision ebd3e1bf: [BUGFIX] Clear statcache after writing file contents
To make sure calls to filesize() etc. return correct values the PHP
method clearstatcache() is called in the LocalDri...
Alexander Stehlik

2013-12-10

11:36 Revision b104b88b: [TASK] Set TYPO3 version to 6.1.8-dev
Change-Id: I31292d3e414fb00cdcad3660ce84f0e5c02a3d38
Reviewed-on: https://review.typo3.org/26238
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:35 Revision 71162ab7: [RELEASE] Release of TYPO3 6.1.7
Change-Id: I4119f8f03f8205e8c0bc9f524bac9267e3d2da9a
Reviewed-on: https://review.typo3.org/26237
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:26 Revision 3df75b8a: [TASK] Set TYPO3 version to 6.0.13-dev
Change-Id: Icdadc54348d6491619dd8dd51595e8664b101968
Reviewed-on: https://review.typo3.org/26235
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:25 Revision 8006e1fc: [RELEASE] Release of TYPO3 6.0.12
Change-Id: I87726750c92e85a2d28f6bd1bd1665cbef1a520a
Reviewed-on: https://review.typo3.org/26234
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:14 Revision b21f5e64: [TASK] Set TYPO3 version to 4.7.18-dev
Change-Id: If1b8bfdaf5bbd7d036e3dd382e72ea2f695ac303
Reviewed-on: https://review.typo3.org/26231
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:14 Revision a17830c5: [RELEASE] Release of TYPO3 4.7.17
Change-Id: I19333c4d3ad23dfddfab620cbe92edd1922d8c8a
Reviewed-on: https://review.typo3.org/26230
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:02 Revision beec43fe: [TASK] Set TYPO3 version to 4.5.33-dev
Change-Id: I3073c38f3df08f909e9d29b58acbd8f1671272c9
Reviewed-on: https://review.typo3.org/26227
Reviewed-by: TYPO3 R...
TYPO3 Release Team
11:01 Revision 17341dff: [RELEASE] Release of TYPO3 4.5.32
Change-Id: Ied61f0997ee99da6866d4c3d43fd46ed213c6c83
Reviewed-on: https://review.typo3.org/26226
Reviewed-by: TYPO3 R...
TYPO3 Release Team
10:55 Revision 107ac8e5: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:55 Revision 226d624a: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes:...
Marcus Krause
10:55 Revision fdd3d3f1: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:55 Revision f51afe2f: [SECURITY] XSS in backend user adminstration
Change-Id: I88807af69635d75f1fbefc62b4672e945397fb07
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 715b2c58c...
Marc Bastian Heinrichs
10:54 Revision b4965e06: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Helmut Hummel
10:54 Revision 5f32f0a4: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Helmut Hummel
10:54 Revision 5eae4a87: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:54 Revision 1b626691: [SECURITY] XSS in beuser VH
The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I0dad...
Anja Leichsenring
10:54 Revision db9563ca: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:54 Revision 4d44daa0: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Steffen Ritter
10:54 Revision 74819714: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:54 Revision cb8db286: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: If3da2b476a98efa67815bf84095843ab2f65949f
Fixes:...
Marcus Krause
10:54 Revision 2d29894a: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:54 Revision dca9c889: [SECURITY] XSS in backend user adminstration
Change-Id: Ie4a34a40e167b7fe54da29d16e1e962668218907
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: be70b6e6d...
Marc Bastian Heinrichs
10:54 Revision 450e5d3f: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Helmut Hummel
10:53 Revision 7e7f9e39: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Helmut Hummel
10:53 Revision ad119457: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:53 Revision 18e04918: [SECURITY] XSS in beuser VH
The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I6b99...
Anja Leichsenring
10:53 Revision cbbeefd9: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:53 Revision 163947ae: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Steffen Ritter
10:53 Revision c703d1d0: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:53 Revision 0f1e28b9: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes:...
Marcus Krause
10:53 Revision 1cbe889f: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:53 Revision 79f68504: [SECURITY] XSS in backend user adminstration
Change-Id: I1d31daf0dbc0dfa0ae49c17be9e6e85a85b8bea2
Fixes: #48691
Releases: 6.2, 6.1, 6.0
Security-Commit: 6fae30c4a...
Marc Bastian Heinrichs
10:53 Revision b22cbce4: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Helmut Hummel
10:53 Revision e4134aea: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Helmut Hummel
10:52 Revision 2fb02777: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt...
Anja Leichsenring
10:52 Revision bd6095f0: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:52 Revision 872cf3d9: [SECURITY] XSS in beuser VH
The tree Display/* ViewHelpers introduce a XSS vulnerability by
using unescaped parameters in HTML.
Change-Id: I2cb3...
Anja Leichsenring
10:52 Revision cb55c536: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:52 Revision 578cc800: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Steffen Ritter
10:52 Revision efa9e0b6: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:52 Revision d207548f: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I0de44c590d5af304ef854628d6f5eab0c0b681ca
Fixes:...
Anja Leichsenring
10:52 Revision 92712d61: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:52 Revision 573f7209: [SECURITY] XSS vulnerability in extension manager
Add escaping on extension meta data when rendering.
Change-Id: I6f65cb5fb4f0d290349c15c03a3d52f4b0d18fda
Fixes: #208...
Marcus Krause
10:52 Revision b7eac594: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Anja Leichsenring
10:51 Revision 319a06c8: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Anja Leichsenring
10:51 Revision 834afa5f: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt...
Steffen Ritter
10:51 Revision aa08f148: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:51 Revision f3b5a6a9: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:51 Revision 0bc4fc4f: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Marcus Krause
10:51 Revision 60576d14: [SECURITY] XSS in header link of all content elements
The second typolink parameter, that is the target, can be abused to
introduce XSS code into the generated link. Escap...
Anja Leichsenring
10:51 Revision 77dc1c4e: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: Ia5d181bb74f3cbe2d2b7c75097655f9c7593b70d
Fixes:...
Anja Leichsenring
10:51 Revision 52d3bff4: [SECURITY] Prevent editor controlled hmac content
An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. ...
Franz G. Jahn
10:51 Revision cae8739c: [SECURITY] XSS vulnerability in extension manager
Add escaping on extension meta data when rendering.
Change-Id: I64cb5f23281ddb6c63439bf33aaeac1b1fa803b4
Fixes: #208...
Marcus Krause
10:51 Revision ba92f0ab: [SECURITY] Information Disclosure in Wizards
It has been possible for authenticated editors
to show content of arbitrary tables and fields
that are defined in TCA...
Anja Leichsenring
10:51 Revision 63ff9109: [SECURITY] Fix open redirection in openid extension
The eID script of the openid extension does not
validate the given redirect url, leading to
an open redirection vulne...
Anja Leichsenring
10:50 Revision c4d13361: [SECURITY] feuser_adminLib.inc allows to set arbitrary fields
The CMS core ships a utility class helping extension authors
to create frontend-extension which need a mail-based opt...
Steffen Ritter
10:50 Revision 53422848: [SECURITY] XSS in be_layout wizard
Usage of unverified input parameters in wizard URL leads to a possible
XSS vulnerability in backend_layout wizard.
Th...
Anja Leichsenring
10:50 Revision b360a1a8: [SECURITY] Remove possible XSS from ActionController Error output
As parameters passed to an ErrorObject can be user input, the
output of those parameters in the ActionController::err...
Anja Leichsenring
10:50 Revision 78ee538c: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Marcus Krause
 

Also available in: Atom