1.1.0¶
Base Distribution¶
[TASK] Update Upgrading.txt¶
This change adds missing content to the instructions (based on the [!!!] changes from the overview of merged changes) and reorganizes the document a little.
- Commit: 79aad6f
[TASK] Add Phoenix distribution build surf configuration¶
Note: This needs the corresponding change in BuildEssentials as well.
[TASK] Update upgrading instructions¶
Adds instructions to replace DataNotSerializeableException with DataNotSerializableException.
- Commit: 0bfbf2e
[TASK] Adjust release deployment descriptor¶
This adds the configuration needed to push tags based on the PUSH_TAGS environment variable and tweaks some tiny (style) issues.
- Commit: 138dfc3
[TASK] Mention PhpSession configuration change in Upgrading.txt¶
This informs about the PhpSession settings key change.
[TASK] Correct information about frozen packages¶
The upgrading instructions explained that packages were frozen by default, which is no longer true.
- Commit: c5b25bf
[TASK] Update Upgrading.txt with two more adjustments¶
Add the needed changes for getOriginalRequestMappingResults() and getOriginalRequest()->getArguments() to the upgrading instructions.
[BUGFIX] Remove dead symlinks from release archives¶
The default Surf configuration symlinks Data and Configuration to a shared folder. For release archives that leads to dead symlinks being in the archives.
This changes disables both symlink tasks in the release deployment descriptor.
[TASK] Adjust Surf deployment descriptor¶
The deployment descriptor used to release archives of FLOW3 needed a little adjustment.
- Commit: abb312c
[TASK] Amend upgrade instructions¶
This brings the update instructions in sync with the amended version from the wiki.
Some edits have been applied and also synced back to the wiki.
- Commit: 7bd5832
[BUGFIX] Make Settings.yaml.example a working example¶
With this change the Settings.yaml.example can be used as is, because the key “doctrine” is commented out now.
[TASK] Adjust Surf deployment descriptor to new git option¶
The branch option is now git-checkout-branch.
- Commit: d48af1a
[TASK] Add .Shortcuts folder to .gitignore¶
Related to https://review.typo3.org/7164
- Commit: 0f55c7f
[TASK] Update Surf configuration for release job¶
This updates the Surf configuration to interact with the TYPO3.Release package on the FLOW3 website.
[TASK] Split Doctrine package into three parts¶
Following our vendor name concept, the package Doctrine would need to include all of the code from the Doctrine project. Obviously it doesn’t. To solves this (and to make maintenance easier), the package has been split into three separate packages.
This change adjusts the FLOW3 base distributions as needed.
Common¶
[TASK] Refactor FLOW3 Distribution Build into generic and specific parts¶
As we do not only build a single distribution but multiple ones using Jenkins, we should refactor the common environment-variable handling into a base setup to be included in each individual deployment.
[TASK] Disable test timeout when using PHP_Invoker¶
when PHP_Invoker is installed, PHPUnit will by default only let a test run for one second. This kills most of our functional tests when being run in this setup.
Setting this default value to 0 (undefined) fixes the problem.
- Commit: ce42ca6
[TASK] Make TYPO3\FLOW3\var_dump() available in unit tests¶
FLOW3’s var_dump() function could not be used in unit tests because the class loader has no way to derive the path and filename from the function name. In a non-testing context that’s no problem as the containing file is loaded anyway but that was not the case in a unit testing context.
Now the Debugger class is loaded in the unit test bootstrap.
- Commit: faec8c5
[TASK] Rename functional test request handler¶
The functional test request handler was moved to the Tests\Functional namespace after the recent class loader change.
Related to https://review.typo3.org/7252
- Commit: 948a244
[TASK] Adjust Unit Test bootstrap¶
The complete removal of the whitelist in change I7ec62f19 made the generated HTML coverage report unusable and includes any code. But we can ignore coverage for Doctrine and Symfony.
[TASK] Adjust Functional Test bootstrap¶
This adjusts the functional test bootstrap for PHP to fit the new bootstrap and request handling mechanism. Also removes a whitelist filter from the unit test bootstrap which prevented using code coverage while executing single tests.
Doctrine.Common¶
[TASK] Update to 2.2.2¶
DataFixtures is at f201391349f3dc6bd9c9c698927ea7c78104c461.
[TASK] Update to 2.2.1¶
DataFixtures is at ffee818a6e3af526b774de11b690a36512fa6235.
[TASK] Update to 2.2.0¶
DataFixtures is at bed8908ae929562317e5c59dc0bee24f3b63067e.
[TASK] Update to current 2.2.0-DEV¶
Equivalent to upstream commit 3107f295eb17ed40116ae4cd2499e5c5c3adde42.
DataFixtures is at f09c0840df9cb7968c89acb91a9fa262f158b1c5.
Doctrine.DBAL¶
[TASK] Update to 2.2.2¶
Contains one of our own changes to fix connection charset with MySQL for PHP < 5.3.6 (https://review.typo3.org/4587).
Migrations is at fe98141b1e460baf5ab52f9139e1ae238101b28b.
[TASK] Update to 2.2.1¶
Contains one of our own changes to fix connection charset with MySQL for PHP < 5.3.6 (https://review.typo3.org/4587).
Migrations is at 9e81984b0f126b0830d9ac6acc2d1da81aba2b94.
[BUGFIX] Make MySQL connection charset work on PHP < 5.3.6¶
The charset connection option is built into the DSN, but it is ignored in PHP below 5.3.6.
This change adds the charset to a SET NAMES command used as value for \PDO::MYSQL_ATTR_INIT_COMMAND for PHP < 5.3.6 if no init command has been set by the user.
This was once fixed with https://review.typo3.org/4587 and the fix got lost again with https://review.typo3.org/7672.
[TASK] Update to current 2.2.0-DEV¶
Equivalent to upstream commit 15bcd83a392df19de22cde6c9d5b28c1f7207751.
Migrations is at 9610f6bfe3bfb99c98da1f425e6c71bf02e52aaf.
Doctrine.ORM¶
[BUGFIX] Fix clone side effects in PersistentCollection¶
When a PersistentCollection (PC) is loaded and is cloned before it is initialized, anything that is already in that collection will be duplicated if the collection is initialized after it has been marked dirty. The cause is a too late clone operation on the internal (Array)Collection (AC) in the PC.
- PC is loaded, but not initialized. The internal AC is empty.
- PC is cloned. PC’ calls initialize() in __clone()
- PC’ fills AC (as that has not been cloned yet)
- PC’ clones AC
As a result the AC in PC now contains elements, but PC still is uninitialized. If PC is afterwards initialized and dirty, the elements already in AC will be considered new and added again to the AC.
The effect will be constraint violations in join tables due to duplicate entries.
[TASK] Update to 2.2.2¶
Upstream release plus two of our own changes on top:
[TASK] Update to 2.2.1¶
Upstream release plus three of our own changes on top:
[BUGFIX] Fix atomic writes in proxy factory¶
This fixes the atomic writes check so it actually works.
[TASK] Update to 2.2.0¶
Upstream release plus three of our own changes on top:
[TASK] Update to current 2.2.0-DEV¶
Upstream commit d34c39555d356e771452a6f397a4cb1146594304 plus four of our own changes on top.
Symfony.Component.DomCrawler¶
No changes
Symfony.Component.Yaml¶
[BUGFIX] Update YAML component¶
This updates the Symfony YAML component from 1.0.6 to 2.1.0.
TYPO3.Flow¶
[BUGFIX] Fix reflection on PHP 5.3.16¶
The fix for https://bugs.php.net/62715 landed in PHP 5.3.16, and because of https://bugs.php.net/62874 reflection fails (in Production context) with a pretty unhelpful exception:
Fatal error: Uncaught exception … with message ‘Parameter is not optional’ in …
This change adds an additional check with isOptional() to the relevant code part.
[BUGFIX] Alphanumeric-Validator fails on umlauts¶
This change adds support for umlauts in the AlphanumericValidator, by changing the regex pattern to [:alnum:] and adding utf-8 mode flag.
[TASK] Add HTTP status code to exceptions¶
Currently if an exception is rendered with either Debug- or ProductionExceptionHandler the HTTP status is set to “500 Internal Server Error”.
This change adds a property “statusCode” to the FLOW3 base Exception allowing to set a custom HTTP status code.
This also sets status codes for some of the FLOW3 exceptions
[FEATURE] Cookie management support¶
This implements the cookie management feature which previously only existed as a stub in the HTTP foundation.
This patch also contains the corresponding tests and documentation.
[WIP][TASK] New chapter: MVC¶
This adds a new chapter to The Definitive Guide.
Also adjust some mentions of “DocComment” in other chapters and adds a stub for a section about HMAC to the security chapter.
[TASK] Add section about Uri class in HTTP chapter¶
This adds some explanation for the use of the Uri class.
[TASK] New chapter: HTTP¶
This adds a new chapter to The Definitive Guide
[FEATURE] Configurable CLI Subrequest environment variables¶
When debugging with xdebug, a major difficulty is that in development and functional tests, there are always two requests being executed: The main request and a CLI request inside.
Now, most IDEs do not support the (optional) feature of multi-threaded PHP debugging, effectively stopping the sub-request and also the main request in this case.
With this change it’s possible to change xdebug configuration settings for the CLI subrequests making it possible to debug them individually. By default the remote port is now changed from 9000 to 9001 in Development and Testing context. So you can debug the subrequest by configuring your IDE to listen on port 9001.
Apart from that, this change allows you to set arbitrary environment variables by adding entries to the TYPO3.Flow.core.subRequestEnvironmentVariables setting.
[BUGFIX] Fix warning about property injection in test¶
The DependencyInjectionTest testcase has a test called injectionInParentClassIsDoneOnlyOnceOnCreationOfObject, leading to FLOW3 trying to use the inject method for the property “ionInParentClassIsDoneOnlyOnceOnCreationOfObject”…
This change renames the test method to fix this.
[TASK] New chapter: Command Line¶
This is a new chapter for The Definitive Guide. Also marked the executeCommand() method in the Scripts class as an @api function.
[BUGFIX] Disable proxy building for Http classes¶
This disables proxy building for (most of) the classes in the Http part of FLOW3.
They are not needing it and some would circumvent the built proxy because they are instantiated statically.
[BUGFIX] Corrected annotation of assign method in ViewInterface¶
A view is basically intended to be able to get arbitrary values, hence data types assigned, so the annotation gets corrected to accomodate for this.
[BUGFIX] Fix arguments rendering for dumped backtraces¶
When an exception was dumped to Data/Logs/Exceptions/…txt all arguments were doubled, once with parenthesis around them, once without. This change fixes this.
[BUGFIX] FLOW3’s var_dump() still chokes on Doctrine collections¶
Using Doctrine\Common\Util\Debug::export() to render doctrine collections leads to an exception because our Debugger expects a string and doctrine’s debugger returns an array. This change fixes this by post processing the result.
[BUGFIX] RsaWalletService: Save keys only if modified¶
This patch adds a check to the shutdown() method of the RsaWalletServicePhp to make sure that the keys are only saved to disk if they were actually modified.
[BUGFIX] Missing setting namespace in error message¶
When an invalid PHP binary is found, the error message hint at setting the path in settings misses the setting namespace TYPO3 in the beginning.
[TASK] Fix partial validation example¶
The partial validation example was flawed. This change updates the example to an actual working usecase.
Credits to Ruud Alberts for finding.
- Commit: 20da395
[TASK] Update references in documentation¶
This updates command, type converter and Fluid VH references.
Counterpart to If61f27e9f55a42fc7fd0d10eb87b644f946aef7c.
- Commit: e9e3779
[BUGFIX] Fix broken links StandardView template¶
The links pointed to URLs no longer working.
[!!!][BUGFIX] Correct RepositoryInterface¶
Fixes a docblock and adds __call() to the interface (thus the breaking change flag), because everyone probably would expect it to be there.
[!!!][BUGFIX] Fix return values of Doctrine\Repository magic methods¶
Overrides __call from EntityRepository to make the methods return the expected QueryResultInterface. Also adds support for countBy().
This is marked as a breaking change because if you relied on the specific return values before, you need to adjust your code.
Along the way the code inside __call() is simplified.
[BUGFIX] Have Doctrine\Repository::findAll() return a QueryResult¶
This makes the behavior of Doctrine\Repository consistent and allows the use of findAll() e.g. in combination with widgets.
With this change, findAll() also observes the default ordering of a repository.
[TASK] Correct typos in Coding Guidelines¶
This corrects some typos in PartV/CodingGuidelines of the documentation.
[BUGFIX] Injections only on last level of class hierarchy¶
Property injections are no longer called for every level of your class hierarchy, which means they are only executed once now.
[BUGFIX] Skip abstract classes in ensureAggregateRootInheritanceChainConsistency¶
When using an abstract base class for domain models, the checks done in ensureAggregateRootInheritanceChainConsistency() would fail, even though it is fine to have an abstract base class not being aggregate root.
[BUGFIX] Fix order of monitoring and proxy building¶
During bootstrap file monitoring would be run too late, so that while change detection worked fine, the results were not used correctly: Reflection data was updated, but that happened after DI proxy building, so that e.g. added Inject annotations would not have the expected effect.
This change moves file monitoring before reflection initialization to fix this.
[BUGFIX] Allow PublishingConfiguration to be persisted¶
Any resource publishing configuration attached to a resource could not be persisted, because the needed mapping information for Doctrine was missing and the target type of the relation was an interface.
This change adds an AbstractPublishingConfiguration and the needed annotations, plus a schema migration.
[BUGFIX] Remove f:uri.resource title parameter in Guide¶
The resource management documentation described a title parameter for the ResourceViewHelper that ceased to exist a long time ago.
[TASK] Add TypeConverter reference¶
Tweaks the DateTimeConverter docblock to be proper reST.
[BUGFIX] Fix timezone override side effect in DateTimeConverter¶
Specifying a timezone override in DateTimeConverter would lead to wrong times due to the timezone being applied to the finished date instance, not upon creation.
[BUGFIX] Adjust execute bit on some files¶
This fixes the execute bit (and setfilepermissions.sh) so that no differences are created when setting permissions on a fresh clone.
[TASK] Clean up some code¶
Fixes some comments, style issues and API usage.
[FEATURE] Support tearDown for functional tests in generic persistence¶
Implement a tearDown method in the generic persistence according to the Doctrine PersistenceManager. The call is delegated to the underlying backend.
[BUGFIX] MemcachedBackendTest fail¶
MemcachedBackendTest doesn’t use TYPO3\FLOW3\Core\ApplicationContext to initialize MemcacheBackend.
[BUGFIX] Reset InternalRequestEngine for each functional test¶
Currently all functional tests share the same instance of \TYPO3\FLOW3\Mvc\Routing\Router because the InternalRequestEngine is of scope singleton. This leads to unexpected results and failing tests if tests add custom routes.
This change fixes this by making the ObjectManager forget the singleton instance of the request engine after each testrun. This also reverts the changes that were introduced with I5a5bf17d00c5be05748a18122dae42989f429221 as they did not have the expected effect.
[BUGFIX] BaseUri contains default HTTPS port¶
By resolving #37770 now the BaseUri and thus the base tag when using <f:base /> contains the HTTP port if it’s not equal to 80.
This adjusts Request and Uri to omit the port if it is equal to 443 and the request scheme is https.
[TASK] Add “Introduction” to the guide¶
Added introduction section for the guide.
[TASK] Functional tests for Routing Framework¶
Adds testing routes to the provided Testing/Routes.yaml file and adds tests covering mathing and resolving of arbitrary routes.
[BUGFIX] Correct a code migration’s class name¶
A code migration class name didn’t match its file name, this patch corrects this.
[BUGFIX] Reset the router for each functional test¶
Currently all functional tests share the same instance of \TYPO3\FLOW3\Mvc\Routing\Router because the InternalRequestEngine is of scope singleton. This leads to unexpected results and failing tests if tests add custom routes.
This change fixes this by reinitializing the request engine for each test case that has testableHttpEnabled set to TRUE.
[BUGFIX] Fix wrong check in atomic writes code¶
Fixes a wrong check in Cache\FileBackend and RsaWalletServicePhp as well as a bunch of one-line if blocks.
[!!!][TASK] Minor typo corrections in code¶
This trivially corrects some typos in code.
As a consequence, the DataNotSerializeableException was renamed to DataNotSerializableException.
- Commit: fec3f04
[TASK] Remove trailing colon from example headlines¶
It just looked weird this way…
[TASK] Add “Essential Design Patterns” to the guide¶
Re-uses some AOP verbage from part III of the guide.
[BUGFIX] IdentityRoutePart should accept identity array¶
IdentityRoutePart::matchValue() returns an identity array in the format array(‘__identity’ => ‘<Identifier>’) (see #37403).
This change ajusts resolveValue() to accept arrays in that format, too. This is required for widgets that fetch arguments from the current request and pass them to the UriBuilder.
[BUGFIX] Fix code documentation of DatetimeParser¶
The parser code documentation would state the parse methods expect \DateTime instances, but in fact strings are expected.
[BUGFIX] Fix Objects.yaml className example in guide¶
The guide still stated that setting className in Objects.yaml was possible for classes, but it works only for interfaces.
[TASK] Add “Architectural Overview” to the guide¶
Based on the introduction from the old DocBook manual, tweaked and amended.
[TASK] Show up hints for nesting inline ViewHelpers¶
This adds a section with some examples about how to nest and use inline ViewHelpers. Besides, it does some minor typo and formatting corrections.
[BUGFIX] Log route values if a route can’t be resolved¶
This re-introduces logging if a route could not be resolved. This behaviour was lost with I9605731f78cb1be9b0fb5c439d7149a676b6ccb7
[TASK] Add context information to cache clearing commands¶
When using the flow3:cache:flush commands only the current cli context is cleared. This is not clear when using the commands and this change add the context information to the command output.
[TASK] Code cleanup¶
Does code cleanup, mostly to documentation, but also tweaks unused variables, missing return statements and similar things.
[BUGFIX] Only map file uploads to arguments if not empty¶
Currently the HTTP request converts the FILES superglobal to request arguments even if no file has been uploaded. This leads to an exception when submitting a form without uploading a file because the property mapper receives a corrupt source array in that case.
This adjust the HTTP request to only map values from the FILES superglobal to arguments if a file has been uploaded.
This also tweaks the ResourceTypeConverter to accept an empty source. Besides the converter now only outputs filer errors (for too large or corrupt files) to the user. Server errors (e.g. non-existing/read-only tmp directory) are logged to the systemLogger.
[BUGFIX] Inform about possible cause for “No class schema found”¶
When mapping meta data for Doctrine an error about “No class schema found for …” could occur. It would not tell in what model the mapping was taking place, leaving the user to guesswork. This adds output of the currently examined class to the exception.
[TASK] Fix section about Resources in FLOW3 manual¶
This fixes the Fluid code snippet of the resource upload example in the Resource Management section. Besides this adds a sample domain model to make this easier to understand.
[BUGFIX] Routing cache only works for one request¶
Currently the routing uses a TransientMemory cache backend by default. Besides, objects in the routing values are converted to hashes using spl_object_hash() - which generates a new hash for every request.
This change configures the RouterCachingAspect to use a SimpleFile cache backend and adjusts the aspect to use the persistence manager in order to convert objects to their identifiers before creating cache entries.
This also adds a signal to the FunctionalTestCase base class that flushes the routing caches on teardown.
Furthermore this adds two convenience methods getLastMatchedRoute() and getLastResolvedRoute() to the router which should make debugging and testing easier.
[BUGFIX] Property mapper should distinguish between error and NULL¶
Currently, when a nested type converter returns NULL, this is silently caught by the property mapper. Thus, it is not possible to reset e.g. an integer value to NULL again.
This change fixes that behavior, and adds a functional test for it.
[TASK] Documentation corrections, each minor¶
Some additional corrections, basically typo corrections, for the manual.
[TASK] Update Fluid ViewHelper reference¶
This adds format.identifier documentation and a depreciation notice for identity.json to the Fluid VH reference.
[BUGFIX] Non-standard ports are now considered by HttpRequest¶
Ports that are not 80 for HTTP or 443 for HTTPS were simply not passed through to the Request when being created by the create() method.
Also Uri will now set the port to 443 for HTTPS if no port is given in the string handed to the constructor.
[BUGFIX] Uri respects query and fragment even without path¶
Corresponding to the appropriate RFC 3986, section 3.3 the query and fragment indeed may be present also if no path is given.
[BUGFIX] Fix recursion detection in instantiateClass¶
When in ObjectManager->instantiateClass() the speedup case was used, recursion detection would potentially fail, as it returns early without removing the class name from the list of classes currently being instantiated.
[BUGFIX] Corrected “Uri host” regular expression¶
The regular expression verifying the validity of a host name in Uri’s setHost method was of an incorrect syntax leading to a PHP error message. Besides correcting that, this patch adds a Test to proof the intended functionality.
[BUGFIX] Property Mapper chokes on already-converted objects¶
This happens for example when using the TYPO3.Form Project with a DatePicker, which already transforms the value to the correct data type.
[FEATURE] Configuration validation through (adapted) JSON Schema¶
Implementation of a PHP array schema validator modeled using the JSON Schema specification as guideline.
The following CLI commands which utilize the validator are provided:
- configuration:validate validates the configuration of a certain type with respect to the provided schemata. The schema files are searched for in Resources/Private/Schema of all active packages.
- configuration:generateschema is a kickstarter which generates a basic schema to be used as a starting point for further adjustments
Furthermore, this change includes schemata for all FLOW3 settings and the other configuration types (Caches, Objects, Policy and Routes).
[BUGFIX] Correctly implement validator resolver short notation¶
Currently, the short notation for validators which has been introduced with Id807dbfa78ae1388aa8cd53bfc578893eade427c does only support syntax like TYPO3\FLOW3:EmailAddress; but we should rather support TYPO3.Flow:EmailAddress as this is how we use package keys at all other places which are not PHP code.
[TASK] Add note to View chapter about default model properties¶
This note should be made seen the confusion around fixing #35894
[BUGFIX] Make baseUri setting work for resource publishing¶
The baseUri setting was not observed in the filesystem resource publisher.
[BUGFIX] Use exception handling framework for CommandController¶
The CommandRequestHandler brought its own tiny exception handling with the main drawback exceptions not being logged anymore, unlike the Error\AbstractExceptionHandler features.
When handling a CommandRequest, a dedicated CommandExceptionHandler is involved, taking care of occuring exceptions.
[BUGFIX] Internal Request Engine needs to clear security context¶
In order to get the security tokens matching the new request created in the internal request engine, the security context should be cleared using the “clearContext” method. This means that the tokens will be matched with the configuration from the routing based on the new request and not the parent request.
This patch also contains a small enhancement which adds two additional headers to the virtual browser’s response containing the code and message of a possible exception.
[TASK] Update code migration to do two more fixes¶
This adds adjustments for getOriginalRequestMappingResults() and getOriginalRequest()->getArguments().
[TASK] Refactor constructor argument of ExceptionHandler implementors¶
Moves the redundant constructor method of each AbstractExceptionHandler implementor to the AbstractExceptionHandler itself.
[TASK] Fix markup errors in FLOW3 manual¶
This change fixes another markup issue resulting in rendering glitches.
[TASK] Fix markup errors in FLOW3 manual¶
This change fixes a number of markup issues resulting in rendering glitches.
[BUGFIX] Remove unused configuration option from settings¶
This change removes a no longer used/supported option from the shipped Development configuration.
[BUGFIX] Discourage people to expose anything but the Web folder¶
This updates the Quickstart to explicitly push people into using Web as the document root for their web server.
[TASK] Update templating chapter¶
Along with some style and markup tweaks this adds details on XML namespace declaration and XSD generation.
[TASK] Update validation chapter¶
Along with some style and markup tweaks this moves some sections around and adds details on avoiding recursive/duplicate validation.
[TASK] Update object management chapter¶
This updates the section on custom factories.
[TASK] Update persistence chapter¶
Some layout/markup tweaks and removed some outdated parts about the generic PDO persistence we had earlier. Also explain identity and value object handling in more detail.
[TASK] Update FLOW3 manual¶
This change removes the glossary and colophon from the guide and applies mostly markup changes to various parts.
[TASK] Update Security Framework chapter¶
Quick update of the Security Framework chapter to reflect recent changes in FLOW3. Also some minor spelling error fixes.
[BUGFIX] Make PhpSession read settings from “PhpSession”¶
The settings for the PhpSession are read from the key “PhpSession” now, to ensure consistency. Before that they were read from “PHPSession”.
You should adjust your settings, but for backwards compatibility settings from “PHPSession” will still be used if present.
[TASK] Make validator resolver public API¶
People should use it when validation is used in custom code instead of creating validators using new; thus the ValidatorResolver must be marked as public API.
[BUGFIX] Purge Doctrine proxies that are no longer needed¶
With this change the proxy target directory is emptied before Doctrine proxies are (re)built, removing outdated proxy classes.
This solves fatal errors when (proxied) classes are removed, and thus can no longer be found when referenced from their heirs.
[BUGFIX] Packages can be frozen in Development only¶
Freezing packages was not possible in other contexts than Development with the related commands. But if a package was frozen according to PackageStates.php, it would advertise itself as frozen in all contexts.
While this did not seem to have any real effects, it caused confusing output with the cache:flush command in Production context.
This change makes the Package class ignore the frozen state in any context except Development and adds a check in the freezePackage() method of the PackageManager.
[TASK] No longer freeze packages by default¶
Due to the possible pitfalls with frozen packages, no packages will be frozen by default. This way a developer has to learn about frozen packages before he can be confronted with them (and their pitfalls).
[TASK] Add CLI command reference to guide¶
Adds a reference for the CLI commands in the FLOW3 base distribution.
- Commit: 932d713
[TASK] Update Fluid ViewHelper reference¶
This change updates the Fluid VH reference and does some tiny tweaks along the way.
- Commit: 42e16cf
[BUGFIX] Integrity constraint violation deleting resources¶
If you have two resources using the same resource pointer, deleting a Resource will trigger deletion of the connected ResourcePointer which then leads to an integrity constraint violation.
This patch tells doctrine NOT to cascade delete operations. This will lead to orphan resource-pointers which have to be deleted manually or on a regular base.
[BUGFIX] Nested arrays in Annotation options are no longer dropped¶
When giving a nested array of options to an annotation the rendered form in proxy classes was cut off.
[BUGFIX] Fix inconsistent Validate and IgnoreValidation behavior¶
The Validate annotation does an ltrim of “$” on the argument which the IgnoreValidation annotation did not do. This change makes the two behave the same by adding that trim to IgnoreValidation as well.
[BUGFIX] Fix error message about command controller classes¶
If you create a CommandController which is not in the “Controller” directory of a package or where the name does not end in “CommandController” you will get an error saying “Invalid controller class name [...] 1305100019”.
This change makes the error message a little more helpful.
[TASK] IdentityRoutePart should return __identity array¶
IdentityRoutePart::matchValue() currently returns the identifier of the ObjectPathMapping record directly. This makes it difficult to merge arguments with data from the requestBody (e.g. for PUT requests).
This change adjusts the route part so that it sets $this->value to an array in the format array(‘__identity’ => ‘<Identifier>’)
[TASK] Make “all” parameter optional in package:refreeze¶
For freeze, unfreeze and refreeze the default value for the packageKey is now “all”.
[BUGFIX] Fix IP address validation¶
The IP address validation done with filter_var() worked on the development machine running PHP 5.3.12, however, it failed on the integration server running PHP 5.3.5. Apparently, the filter_var options for FILTER_VALIDATE_IP behave differently in these versions.
This patch removes the validation for IPv4 / IPv6 addresses because they didn’t make sense anyway.
In that regard: hooray for PHP behavior changes. They actually exploit bad application code. Sometimes.
[FEATURE] Provide way to determine client IP address¶
This adds a method getClientIpAddress() to the HTTP Request class. It considers various kinds of environment variables which are present when using proxies or certain server setups for determining the actual client IP address.
[!!!][FEATURE] Content Negotiation for Media Types¶
This improves the support for detecting the Media Type (that is, “format” in an ActionRequest context) based on the request’s Accept header.
This implementation supports Quality Values and Media Ranges as specified in RFC 2616.
The way to define the supported formats of a controller has changed: Previously a class property $supportedFormats contained a list of filename extensions which would be supported. This property is not supported anymore. Instead, controllers may now specify a list of IANA Internet Media Types in a property $supportedMediaTypes.
The default setting for these supported media types in ActionController is “text/html”. You’ll need to adjust your controllers accordingly if you relied on the $supportedFormats feature.
Also note that the format in ActionRequest is now NULL by default. The ActionController makes sure to set the correct format, but if you created your own ActionRequest for a special purpose, you need to take care of setting it yourself.
[TASK] Create configuration directories only on save¶
The configuration directories for cached configuration were created inside the constructor of the ConfigurationManager. This caused the unit test to create directories outside the VFS. Moving the creation to the saveConfigurationCache method fixes that. Additionally cleans up some unit tests related to ApplicationContext and ConfigurationManager.
[TASK] Make extending GenericObjectValidator easier¶
This change moves the check for already validated objects out of the isValid() method and into validate() instead. Since in custom validators isValid() is the method to implement, this makes correct implementation less error-prone.
[BUGFIX] Avoid validating instances more often than needed¶
The GenericObjectValidator uses a static variable to store objects being validated. Objects were still validated over and over because at the end of isValid() they were detached again.
This change replaces that detach() call with another concept. Now any validator implementing the new ObjectValidatorInterface can be given an SplObjectStorage to keep track of instances already validated.
If you reset that container when it makes sense (before you actively validate objects) you can avoid validating single instances more than once in one validation run but still validate at various points on your logic flow.
If you have implemented your own object validator you should implement the new ObjectValidatorInterface - the easiest way is to extend the GenericObjectValidator, if you haven’t done that so far.
[BUGFIX] Router overrides request arguments¶
With the reworked Request stack, the router kicks in after the action request have been built, overriding all arguments the respective route specifies.
This works for the most cases, but leads to issues when you try to specify part of a complex target argument via the route and part via request.
For example if you update a domain model via request body but specify the model itself through the URI like http://domain/products/product-1 - now the Identity-RoutePart detects “product-1” and turns it into the corresponding __identity-array but then the Router kicks in and overrides the “product” argument completely resulting in a new object to be created by the property mapper.
This change adjusts the Router to recursively merge arguments with the route values instead, with precedence to the route values.
[BUGFIX] Keep existing PackageStates.php¶
A wrong check for the existence of the configured “packagePath” caused the loss of custom package states configuration on every request in development mode or initially in production.
[!!!][TASK] Switch from MIME to Media Types¶
The term MIME type is outdated, at least if used in a web context. The correct term is “Internet Media Type”. Furthermore, our list of MIME types (or media types) was not up to date.
This patch introduces a new utility class “MediaTypes” which replaces “FileTypes”. Along with the new class comes a script which allows the core team to conveniently update the list of Media Types and filename extensions.
This is a breaking change as the FileTypes class is deprecated with it. The old methods are still available but should not be used anymore. A code migration to use the new ones instead is shipped with the change.
[BUGFIX] Fix QueryTest using add twice for the same object¶
The new check for objects being added to persistence broke one of the tests in the functional QueryTest. Turns out the test was buggy, adding the same object twice (instead of a different one).
[!!!][BUGFIX] Float and Integer converters do not correctly handle errors and empty values¶
When an argument of a controller action is annotated with @param integer $var, the validation never fails if a string is passed to the argument. This is because the IntegerConverter implicitly casts the string to an integer. The same problem exists with floats.
This change fixes this by checking the value and returning an error object if it is not numeric. Besides this tweaks the FloatConverter to accept float and integer values as input and it adds a bunch of unit & functional tests.
Furthermore, empty strings are now correctly converted as NULL values. This is a breaking change if you relied upon the old behavior that empty values are converted to the number 0.
[TASK] Tweak wrong docblock in PersistenceManager->add()¶
The change to fix #34527 introduced a wrong @throws clause in the method docblock.
[BUGFIX] Save relative package path in PackageStates.php¶
Using absolute paths in the PackageStates.php causes problems in a chroot environment where the absolute path is different in CLI then in the HTTPD process.
Also relative paths allow to put PackageStates.php under version control to maintain a specific state even when paths differ on development and production systems.
[BUGFIX] PersistenceManager->add() now requires objects being new¶
The add method in repositories did also update existing entities, this can be dangerous, as it allows an attacker to misuse creation forms (i.e. a register form) and change existing entities.
[FEATURE] Add getHttpResponse() to HttpRequestHandler¶
This adds a getter method to the HTTP request handler which allows for retrieving the response corresponding to the currently handled request.
[FEATURE] Make HTTP responses standards compliant¶
This adds a new API method to the HTTP response which is called by a request handler to assure conformity with RFC 2616 and other related specifications.
While there are a lot of rules to consider, this patch only introduces a first set of important checks which are all explained by a corresponding test.
[FEATURE] Response setExpires() / getExpires()¶
This adds two new convenience methods to the Response API which allow for setting and retrieving the Expires HTTP header.
[FEATURE] Make Message / Response setters chainable¶
This makes the setter methods of the Message and the Response class chainable.
[FEATURE] More convenience methods in Response¶
This adds a few more convenience methods for setting headers and cache control directives in the Response object:
[FEATURE] Support for HTTP Cache-Control headers¶
This adds support for the Cache-Control header. The “Headers” object now handles the Cache-Control header in a special way by keeping track of the various cache directives separately. Those can be set through the method setCacheControlDirective() and get(‘Cache-Control’) returns a rendered version based on the previously set directives.
Alternatively, a whole Cache-Control header can also be set through set() / setHeader(). The given field value will then be parsed and the individual cache directives are stored internally.
This patch also corrects the behavior of set() and get() to convert date / time values always to GMT. Also added a related note in the comments of the respective API methods.
This patch also adds the new API methods setPrivate() and setPublic() to the Response class.
[TASK] Log skipped persistAll() due to closed EntityManager¶
To avoid exceptions we only flush the EM if it is still open. To be able to spot errors more easily, this adds a log entry if the EM was closed and flushing was skipped.
[BUGFIX] Make our var_dump() usable with Doctrine collections¶
For Doctrine\Collection instances we use Doctrine’s export() method now to render the dump.
[BUGFIX] Fix Wrong exception message in Repository->remove()¶
The message would say add() was involved, which is wrong.
[FEATURE] Support for HTTP PUT/DELETE arguments¶
This adds transparent argument support for arguments in PUT and DELETE requests which are passed through the request body. Depending on the content type of the request, the message body is parsed and then mapped into arguments for further use in controllers.
The following content content types are currently supported:
[TASK] Common base class Message for Request / Response¶
This introduces a new class “Message” which acts as a common parent class for the HTTP Request and Response. It provides shared functionality such as setting and getting headers, charset handling and more.
It is in line with the terminology in RFC 2616.
[TASK] Temporarily remove nested response code¶
This temporarily removes the code in HTTP Response which tackles support of nested responses. This feature needs to be implemented only when most of the other features, including Cache Control, are in place.
[FEATURE] Support for HTTP Age and Date header¶
This patch adds API methods and internal handling of the HTTP “Date” and “Age” headers, according to RFC 2616. It also introduces the use of the “Now” singleton as a time reference for age calculations.
[BUGFIX] Http Response can be cast to string again¶
This reverts the removal of the __toString() method for the Http Response. We currently rely on this behavior in the ActionController which combines response content by simple string concatenation.
- Commit: 20c9c7e
[TASK] HTTP Response: Status Code and Content Type¶
This adds a few new methods to the HTTP Response class - including the related unit tests.
[FEATURE] Introduce “Now” as unique time reference¶
This patch introduces a new class called “Now” which inherits DateTime and has the scope Singleton. It can be used in all cases where a reliably comparable value of “now” is needed or where time needs to be mocked in related tests.
[BUGFIX] generateHmac method does not use safe getEncryptionKey¶
The generateHmac function uses encryptionKey property directly and not through the safe getEncryptionKey method, leading to uninitialized access without having an encryptionKey set.
[BUGFIX] generateHmac method does not use safe getEncryptionKey¶
The generateHmac function uses encryptionKey property directly and not through the safe getEncryptionKey method, leading to uninitialized access without having an encryptionKey set.
[BUGFIX] Package refreeze command is too verbose¶
flow3:package:refreeze currently displays the output of cache:flush which contains hints about frozen packages.
This change adds a flag $outputResults to Scripts::executeCommand() that only outputs errors if set to FALSE. The package commands now set this flag in order to skip output from cache:flush.
[BUGFIX] credentialsSource in Account should be nullable¶
Not all authentication mechanisms need a “credentials source” (e.g. the typo3.org SSO provider), so the column for the property should be nullable.
[BUGFIX] Do not use double quotes in Policy.yaml files¶
To avoid potential treatment of backslashes as escape character in YAML files, wrap strings in single quotes.
[BUGFIX] Add “classesPath” to PackageStates.php on creating a package¶
When doing a ./flow3 package:create, the PackageStates.php is updated by adding the new package, but the new entry lacks the “classesPath” field without this change.
[BUGFIX] Session: Do not throw an exception at logging¶
While logging the session destruction there was an exception thrown if no reason was given, because getArgument() can not be called for non existing arguments
Also added a testcase for the LoggingAspect.
Additionally removed the type hint for the proxy object in JoinPoint - although that’s correct, it imposes unnecessary hassle for testing, like in this case.
[BUGFIX] PolicyService could drop ACLs for overlapping resources¶
The PolicyService has to properly reuse all data gathered from parsing the method resources, the traces were dropped for different roles and so something wrong would be reused.
[!!!][FEATURE] (MVC): Whitelist-based Property Mapping Configuration¶
Up to now, property mapping always allowed to modify all properties of a given object. Especially in the MVC stack, this functionality was relied upon for all update and create actions. However, for nested objects, the user needed to configure whether updates and creations should be allowed.
This was an inconsistent behavior, especially because for read-only actions the object could be also modified.
The behavior is now changed to be more predictive:
- the default PropertyMappingConfiguration used in the MVC stack is changed to be very restrictive: we do neither allow creation of any new objects nor modification of existing ones; and all properties which should be modified must be explicitly configured.
- For each form, Fluid now generates a list of trusted properties, based upon which the PropertyMappingConfiguration is set correctly. This means only properties which have been rendered by fluid are allowed to be modified, and creation / insertion is only permitted if needed.
BREAKING CHANGES¶
- PropertyMappingConfiguration::doNotMapProperty (no public API) was removed. Instead, use ::allowAllPropertiesExcept(…).
- Furthermore, an exception is now thrown if a property is not allowed to be mapped. Before, the property was just ignored silently. You should either write your own TypeConverter to deal with that or filter the input data correctly before property mapping.
In a nutshell:
- If you used Fluid forms, everything will still work as expected.
- If you used Fluid forms and needed to adjust the property mapping configuration manually, you can remove these manual adjustments.
- If you manually called the Property Mapper and passed a custom Property Mapping Configuration, you probably need to call …->allowAllProperties() on the property mapping configuration.
- If you did not used Fluid forms but relied upon the old behavior of the Property Mapper (e.g. in a web service), you need to configure the Property Mapper inside your initializeAction correctly now.
Note: You need the accompanying Fluid change for testing this feature as well.
[FEATURE] Inclusion of DomCrawler in Functional Test Browser¶
In order to run meaningful end-to-end functional tests, we need a way to navigate through HTML by clicking links and submitting forms.
We use DomCrawler to make this possible. This needs to be included separately.
[FEATURE] Order package loading by dependencies¶
This change simply reorders the internal packages arrays of the PackageManager in a way that if PackageA depends on PackageB, PackageA comes later then PackageB when iterating over those arrays.
This change does not introduce a sophisticated dependency management, however it makes sure to be be able to load configuration settings in the correct order.
[TASK] Some cleanup to security (tests)¶
No functional changes, just whitespace, spelling and some PHPUnit warnings squashed.
- Commit: e9b691f
[TASK] HTTP Request: hasArgument() and getArgument()¶
This change set provides two new getters for the unified request arguments.
[BUGFIX] Use ActionRequest to validate PasswordToken¶
The (new) PasswordToken was not included in the fix for #36997.
[BUGFIX] Skip functional test if Doctrine is not enabled¶
The Flow3AnnotationDriverTest should be skipped if Doctrine is not enabled to prevent problems if no actual driver or connection can be created.
- Commit: e5cb7f0
[BUGFIX] Make core:migrate work on Windows¶
On Windows redirection to /dev/null does not work. Also some migrations would not be found due to useless type casting.
[TASK] Fix PackageManager unit test¶
One of the tests failed because the order of found packages was not as expected. That order is not relevant, though…
- Commit: 5a7a5a1
[FEATURE] Implement file based encrypted key authentication¶
This commit introduce a new password token, which works like the username password token but only requires a password.
The file based simple key provider authenticates a password token using the file based simple key service to get the matching password in the key which is configurable for every instance of the provider. Furthermore the service is capable of storing, removing, getting, checking and generating keys. Optional values for generation key length and password hashing strategy is configurable for the service.
[BUGFIX] Use ActionRequest to validate authentication tokens¶
Currently the security context passes the HTTP Request to TokenInterface::updateCredentials() in updateTokens(). This has the disadvantage that authentication tokens can only access raw GET / POST parameters from the HTTP request. Arguments that are only available through routing are not accessible.
This change adjusts Security/Context, TokenInterface and the provided implementations accordingly.
[BUGFIX] Fix use of removed Environment methods in CsrfProtectionAspect¶
CsrfProtectionAspect now no longer uses methods from environment that no longer exist since the environment cleanup. It tries to get the arguments from the active RequestHandler instead.
[BUGFIX] Avoid reverse ordering of packages in configuration manager¶
This issue causes some problems when packages are overwriting YAML settings, because in #27490 the package order is reversed in order to put TYPO3.Flow at the top. This has some unnecessary consequences.
[TASK] Some cleanup to PackageManager and it’s unit test¶
Fixes some docblocks, adds a few type hints and fixes / simplifies some unit tests.
- Commit: 67c257c
[FEATURE] Add __toString() and make Resource use more convenient¶
To use a Resource with file operations, one can use the resource:// scheme and the __toString() method of any ResourcePointer.
To make this a little easier, this change adds two new methods to the Resource class:
__toString() returns the SHA1 of the ResourcePointer the Resource is holding (as is documented for ages).
getUri() returns a ready-to-use resource://<sha1> URI of the ResourcePointer the Resource is holding.
[FEATURE] Destroy all sessions on cache:flush command¶
When the typo3.flow3:cache:flush command is called all session data for the currently configured session implementation will be destroyed too.
[FEATURE] Have a way to delete all sessions¶
Introduces the static method destroyAll to the SessionInterface and all implementations and so makes it possible to destroy all session data for a specific implementation.
Resolves #34817
- Commit: 5713941
[BUGFIX] Only use ansi colors for var_dump() if supported¶
\TYPO3\FLOW3\var_dump() currently uses ANSI codes to colorize the output on the CLI. On Windows that’s not supported by default. It renders all special characters instead.
This change disables ansiColors on Windows.
[FEATURE] Makes it possible to wire signals to static slots¶
To use a static slot simply prefix the slot method name with ::
[FEATURE] Introduce the magic role “Anonymous”¶
This introduces a second magic role (besides the role “Everybody”) which is active as long as nobody is authenticated. This allows for designing policies in a way that anonymous users still have access to certain resources.
Also fixes a small bug in the PolicyService which previously did not return the Everybody or Anonymous role on getRoles().
[FEATURE] Improve Property Mapping Exception message¶
The exception message for when a Mapping fails now contains a hint about the concerning target type.
[TASK] Slightly improve documentation of properties¶
The properties used to enable testable HTTP and security influence each other (like the good old image handling settings in v4).
This change adds comments that clarify the behavior.
- Commit: a87b12d
[TASK] Handle exceptions in virtual HTTP browser¶
The virtual HTTP browser now catches any exceptions and returns the exception information in the response rather than letting the actual exception slip through.
[BUGFIX] Authentication: context now reliably stores the intercepted request¶
On authentication the original intercepted request was not stored, when there was no current session. The session now gets automatically initialized via @Flow\Session(autoStart=true).
[TASK] Improve security isolation in functional tests¶
This change makes sure that also the intercepted request (if any) is cleared on clearContext() and renames the authentication provider configured for the Testing context from “DefaultProvider” to “TestingProvider”.
[BUGFIX] Adjust TransientSession unit test to recent change¶
The change in TransientSession to close the session when destroy() is called needed to be reflected in the unit test.
[BUGFIX] Assure fresh session for functional tests¶
The changes done to resolve #35965 came with a functional test that worked fine when run in isolation but failed when run with other tests that would start a session.
This patch moves the $session->destroy() call in the base test case from the tearDown() to the setUp() method and fixes the behavior of destroy() in the TransientSession which did not reset the “started” flag.
[!!!][TASK] Change session autostart handling for authentication providers¶
The session autostart annotation is set at the providers, not at the authentication manager. By this every provider can decide on its own, if a session is needed or not.
Also adds a safeguard in the Session Logging Aspect to prevent errors while trying to log renewId() even though the session was not started yet.
[TASK] Add section on XLIFF plural form handling to guide¶
Adds a short explanation of plural form handling in XLIFF files to the FLOW3 guide.
[FEATURE] Improve logging for translation handling¶
When a translation is not found a warning is logged so that the user gets a clue what is wrong.
[FEATURE] Make migration of a single package possible¶
Now the option “–package-key” can be given to “core:migrate” to migrate a single package.
This allows for migration of single packages, including those in the “Framework” category, which are now skipped by default.
[!!!][FEATURE] (Core): Nested FLOW3 Application Contexts¶
With this change, it is possible to use nested FLOW3 contexts like “Production/Live” or “Production/Staging/Server1”. The main context, has to be one of “Production”, “Development” or “Testing”, whereas arbitrary sub contexts are supported.
If you run in the context “Production/Staging/Server1”, the configuration is inherited in the following way (from most specific to most general):
- Production/Staging/Server1
- Production/Staging
- Production
- as a fallback, the, non-context-specific configuration is used
This change is breaking in the following cases:
You called TYPO3\FLOW3\Core\Bootstrap::getContext() or TYPO3\FLOW3\Object\ObjectManagerInterface::getContext()
In this case, not the context string is returned anymore, but instead the TYPO3\FLOW3\Core\ApplicationContext object. It can be cast to a string to get the old behavior back; but usually you instead want to call $context->isDevelopment(), $context->isProduction() or $context->isTesting().
You wrote your own cache backend
The cache backend constructor now expects the $context object to be of type TYPO3\FLOW3\Core\ApplicationContext.
Additionally, we removed some leftovers from the configuration manager, especially Signals/Slots configuration as this is not used anymore.
[TASK] Fix hints about frozen packages to cache:flush command¶
This enhances the hints about frozen packages introduced in change I4db274dcf0376ada53a3a46ed5c6b945543698d1.
[TASK] Tweak code migration tool code and output¶
This makes the output of the code migration tool a little more readable and shifts some parts of the code around to clean it up.
[TASK] Fix schema migrations adding useless unique indexes¶
This change removes the index creation commands on the Role table from the migrations supplied with Ief9455e10c58f999cf46e0586e632ff3e2ef9ad5, as the involved field is the primary key (and thus a unique index) anyway.
[TASK] Adjust the code migration for FLOW3 1.1¶
This tweaks the code migration a little to be more complete and produce better readable output.
[FEATURE] Provide outputFormatted() function for CLI¶
This introduces a new method for outputting formatted (that is, word wrapped and optionally padded) text to the command line.
[TASK] Add hints about frozen packages to cache:flush command¶
By default precompiled reflection data of frozen packages is not recreated on flushing the cache. This adds a hint to the response of the cache:flush command if there are frozen packages.
[BUGFIX] (Persistence): Fix failing RepositoryTest¶
The test fails since Ic3782452e941574dd85068535092877efd7ca190 which forgot to adjust the Unit Tests.
[FEATURE] Identity annotation should make properties unique¶
With this change all properties annotated with the Identity annotation will be added to an unique constraint in the database.
[TASK] Remove Identity annotation from Resource¶
As preparation to give the Identity annotation some meaning we remove it here to still allow multiple resources with the same pointer and filename / fileExtension.
This doesn’t change the behavior at all as Identity has no technical meaning (yet).
[FEATURE] DateTimeConverter should support DateTime subclasses¶
Currently DateTimeConverter only accepts target types of ‘DateTime’. This change adjusts the converter so that it works for subclasses of \DateTime too.
[FEATURE] Use lifecycle annotations without HasLifecycleCallbacks¶
When using lifecycle annotations on methods, this change removes the need to annotate the class itself with HasLifecycleCallbacks.
[FEATURE] Code migration tool¶
This adds support for “code” migrations. As with database migrations, steps needed to adjust existing code to changes done in some package can be delivered in a migration file with said package.
A new command flow3:core:migrate can be used to apply migrations to all packages still in need of that migration. The tool requires git to be available and will work only on code in clean git working copies.
[TASK] A few more content security examples¶
This adds some very basic notes which could help a few people started with content security.
- Commit: e0e903b
[TASK] Update to support orphanRemoval on ManyToMany associations¶
In Doctrine 2.2.1 support for orphanRemoval on ManyToMany associations was added, thus it is added to our driver as well.
In addition unnamed indexes and unique constraints are now possible, also a “port” from the upstream codebase.
[BUGFIX] Adjust “fileName” spelling to “filename”¶
The spelling for filename differs throughout the code. With this change we use “filename” everywhere possible.
[BUGFIX] Prevent Route class from appending an extra question mark¶
[TASK] Fixes exception message building causing error¶
When the providerClass for an authentication provider is not configured, the building of an exception message caused a notice (and that caused an error).
[TASK] Move XLIFF files so that Pootle copes with the file layout¶
This changes the file layout for translations so that for every language a directory named after the locale identifier is looked up below Resources/Private/Translations. Inside that directory one XLIFF file for each message catalog can be put:
- Resources/Private/Translataions/
- en/
- Main.xlf
- ValidationErrors.xlf
- fr/
- Main.xlf
- ValidationErrors.xlf
[TASK] Fix RestController to work with HTTP foundation¶
This fixes RestController to work again with HTTP foundation.
[BUGFIX] Check that repositories are of singleton scope¶
Repositories must be singletons, otherwise strange things and seemingly weird errors happen. This change adds a check for the scope, so that developers at least know what is wrong.
[BUGFIX] Use lowercase table names to fix functional tests¶
There seems to be a problem with (certain versions of) MySQL and lower / uppercase table names (maybe only on case insensitive filesystems).
This change adjusts some Table annotations used in functional test fixtures to use lowercase identifier.
[TASK] Adjust some leftover uppercase namespace parts¶
There were still some uses of AOP and MVC in the codebase.
[BUGFIX] Query rewriting now works with one additional constraint¶
PersistenceQueryRewritingAspect was broken if only one additional constraint was added, leading to invalid queries that failed with an invalid number of bound parameters.
[BUGFIX] Fix MethodSecurity functional test¶
After #36659 was fixed, the session handling works as expected. That means, however, that if no account is logged in, an AuthorizationRequiredException is thrown on trying to access a restricted method. The tests, however, anticipated an AccessDeniedException.
[!!!][BUGFIX] Fix session handling in functional tests¶
Sessions were kept across test boundaries which had bad side effects on, for example, authentication: previously authenticated roles where still active during the following Test under certain circumstances.
This patch makes sure that sessions are destroyed after each functional test.
It also introduces a previously missing parameter into the destroy() method signature of the SessionInterface. If you implemented your own session handler, you need to adjust the destroy() method accordingly.
[TASK] Fix debug output marking entity/value object¶
This removes the FIXME from debug output and just uses “persistable” as an umbrella term for an entity or value object.
- Commit: ad3c7d9
[BUGFIX] PersistenceQueryRewritingAspect now supports count(0)¶
If the aspect intercepted a count() method and the result (because of lacking access rights) would be “none”, the aspect returned an EmptyQueryResult object which in turn could not be cast into an integer by the client code.
This patch now correctly returns a 0 in that case.
[TASK] Log exception in Doctrine\Query->getResult()¶
When an exception occurs during getResult() it was silently ignored. Now it will be logged to the system log.
- Commit: f20526c
[TASK] Adjust Testing settings¶
Fixes YAML style and makes use of SQL logger in Testing possible.
- Commit: be0c797
[BUGFIX] Implement fallback for password hash migration¶
The new BCrypt default hashing strategy causes problems if a FLOW3 application is migrated from version 1.0 which didn’t use strategy identifiers inside credentials. A new “fallback” configuration option allows to specify the strategy that was used to generate these legacy credentials. It defaults to “pbkdf2” and allows for a seamless migration from 1.0 to 1.1. New passwords will be hashed with the default strategy (“bcrypt” by default) and get the strategy identifier prepended.
[TASK] Add functional tests for content security¶
This add some first basic functional tests for content security.
[BUGFIX] Make getHttpRequest() work in functional tests¶
In some cases functional tests need to access getHttpRequest() on the active RequestHandler. In functional tests this did not work, because the FunctionalTestRequestHandler did not implement the new HttpRequestHandlerInterface.
Now it does and the InternalRequestEngine sets the current request.
[BUGFIX] Fix functional testing for security features¶
The authenticated roles from one test have not been cleared after the test.
Adds a safeguard for getAccount() to the security context along the way.
[FEATURE] (Validation): Context-specific validation through Validation Groups¶
Sometimes, Validation should only be executed on Persist, or on the Controller invocation. Especially when building multi-step forms, one needs to be able to partially validate an object and store the invalid object in the database.
This change set implements “validation groups”, i.e. each validator annotation can have a “validation group” assigned, and when validation happens, the validators get only executed if at least one validation group matches.
Furthermore, it adds a documentation skeleton for partial validation.
[BUGFIX] Fix Typo3OrgSsoToken use of removed method¶
Environment does no longer have getRawGetArguments(), instead using getArguments() on the HTTP request we have available.
[BUGFIX] Fix isClassImplementationOf in ReflectionService¶
In some cases (depending on filesystem load order probably) the Production context would fail to return the correct result in the isClassImplementationOf() method of the ReflectionService.
This change fixes it.
[TASK] Use correct order or static function declaration¶
This is the only occurence of this order for declaring a static method.
- Commit: 319fa7e
[BUGFIX] AdviceChain has to take the proxy from the joinpoint¶
The advice chain object got its proxy instance in the constructor, which was possibly not the correct instance for a given joinpoint. This change removes the constructor parameter and fetches the proxy instance always from the current joinpoint.
[BUGFIX] Call PersistAll after every controller invocation¶
If0020fdedbaf4779ff24d0e4248e2137cdf5bc67 introduced a regression which caused persistAll() to be uncalled.
[TASK] Add clarifying note on PersistenceMagicAspect.cloneObject¶
Adds a note clarifying that this method is not unused.
- Commit: 9761517
[!!!][FEATURE] Turn content security acl logic upside down¶
This change realizes a whitelist approach for content security acls. By this content security acls work with the same logic as method security.
[BUGFIX] Skip token separation without request in Security\Context¶
separateActiveAndInactiveTokens() in Security\Context fails if $this->request is NULL.
With this change, token separation is skipped completely in that case.
[BUGFIX] Fix functional tests with security and sendWebRequest¶
This change fixes some security related aspects of the functional base testcase. Field visibility and method visibility is restored to protected since custom tests need to be able to call some of the dependencies (e.g. to initialize or reset additional test providers). Also sendWebRequest is working again with the new request implementation and without mocks.
[BUGFIX] Adds detection of missing id attributes in XLIFF files¶
XLIFF requires id attributes on trans-unit tags, but if they are missing, FLOW3 does not complain. An exception is now thrown, instead of some unspecified behavior.
[FEATURE] Persist after every controller invocation¶
Wire persistAll() from afterControllerInvocation instead of the finishedRuntimeRun signal.
This is useful because it wraps all changes done in one dispatch in a transaction, thus enabling better rollback in case of errors.
[BUGFIX] Make BCrypt the default hashing strategy (again)¶
In https://review.typo3.org/5756 the default hashing strategy was changed to BCrypt. Later, in https://review.typo3.org/6598, support for multiple strategies was added. But that change make PBKDF2 the default again.
This change fixes that and makes the SaltedMd5 strategy available in the YAML file as well (for completeness).
[BUGFIX] Exceeding roles of accounts are now ignored¶
If an account had one ore more roles which were not defined in a policy, access was denied to this account because the role could not be matched. It is, however, more practical to simply ignore exceeding roles.
This patch makes sure that getRoles() only considers roles of the active tokens which really exist in one of the policies.
[BUGFIX] Guard against missing server global variables¶
Calling Http\Request::createFromEnvironment() gives a notice about an undefined array index for HTTP_HOST and REMOTE_URI if used e.g. in CLI based tests.
This change adds guards against this in the Request implementation.
[BUGFIX] Action arguments of type DateTime throw Exception¶
If an action argument is an object, the ValidatorResolver tries to instantiate that object to use it as Validator without checks.
This change solves this by checking if the specified object implements the ValidatorInterface.
[TASK] Remove leftover session dependency from Http\Request¶
This is actually not used and causes circular dependency problems in some cases.
[FEATURE] Track all configuration changes¶
This change set greatly improves the file monitoring of FLOW3’s system relevant files, such as class files, settings, object configuration, policies and translations.
In Development context, changes to any of the above will be tracked and the related caches are flushed. For performance reasons, the new mechanism does not rely on the tagging feature of the cache framework, but uses the new Simple File Backend and rather flushes a few caches too many than missing an important change.
[!!!][FEATURE] Make cache backends more flexible¶
This change makes cache backends more flexible. It adds a new interface “TaggableBackendInterface” and a new “SimpleFileBackend”. The latter does not support tagging but is faster in certain cases (where with a lot of tags/entries flushing everything is faster than flushing by tag).
If you have implemented a cache backend and support tagging, you must add the “TaggableBackendInterface” to the list of interfaces implemented by your backend.
In addition this change makes the PDO backend a little more robust and resolves some code style issues.
[!!!][FEATURE] FileMonitor now uses identifier and has getIdentifier()¶
This change makes the FileMonitor use the identifier internally and provides a getIdentifier() method. With this, using multiple file monitors becomes feasible.
The “ChangeDetectionStrategyInterface” contains the two new methods “setFileMonitor” and “shutdownObject” now, so if you implemented your own change detection strategy, you need to implement those.
The ModificationTimeStrategy provided with FLOW3 is no longer singleton and thus usable with multiple file monitor instances in parallel.
[!!!][TASK] Clean up Environment after HTTP refactoring¶
With the HTTP foundation quite some things from Environment have become obsolete. The class and it’s “users” are adjusted in this change.
The following methods are removed from Environment (check Http\Request to see if a method you need is available there) with this change:
- setBaseUri
- getHTTP*
- getAcceptedFormats
- getRemoteAddress
- getRemoteHost
- getRequestProtocol
- getRequestUri
- getBaseUri
- getScriptPathAndFileName
- getScriptRequestPathAndFileName
- getScriptRequestPath
- getRequestMethod
- getCommandLineArgumentCount
- getCommandLineArguments
- getSAPIName
- getRawGetArguments
- getRawPostArguments
- getUploadedFiles
- getRawServerEnvironment
Most of those were marked as public API, but we still decided to drop them, as their use cases were only guesswork.
For some things that used to be available, access to the current request is now needed. For this, getHttpRequest() was added to the new HttpRequestHandlerInterface, which returns the current HttpRequest.
[!!!][TASK] Move baseUri setting from Environment to Http\Request¶
The Environment class optionally used a setting to specify a fixed baseUri to be used. With the HTTP foundation this settings was no longer used (consistently).
If in Settings.yaml the “utility:environment:baseUri” settings was used, it must be changed to “http:baseUri”!
[BUGFIX] Uploaded files are not untangled anymore¶
TYPO3\FLOW3\Http\Request is missing the functionality that is implemented in TYPO3\FLOW3\Utility\Environment::untangleFilesArray().
This causes the $source array in TYPO3\FLOW3\Property\PropertyMapper::convert() to have invalid keys from the $_FILES array (name, type, tmp_name, error, size) which causes an exception.
[FEATURE] Introduce HttpRequestHandlerInterface¶
This new interface identifies request handlers which are supporting and working with HTTP requests as such and allows other application parts to retrieve the current HTTP request.
[BUGFIX] Base PrecompiledReflectionData path on temporary path¶
The path to the precompiled reflection data is no longer configured separately but instead always derived from the FLOW3 temporary path.
[BUGFIX] Do not use fallback temporary directory¶
With this change you will get an exception if you miss the temporary path setting in your settings instead of falling back to the system temporary path, because this could lead to problems with multiple FLOW3 instances on the same system.
[TASK] Improve “compilation error message”¶
When the compile run failed, an exception was thrown until now. This lead to confusing output. With this change it doesn’t output useless PHP version info etc. anymore.
[BUGFIX] Update package states after package:import¶
This patch makes sure that the package states information is updated after a new package has been imported.
As before, the new package is not active by default.
[BUGFIX] Don’t rewrite PackageStates.php if not necessary¶
This fix adjusts a comparison so that the PackageStates.php file is only written if truly necessary.
[BUGFIX] Remove precompiled reflection data on force flush¶
This patch makes sure that any precompiled reflection data of frozen packages is removed on a cache:flush –force.
[FEATURE] Adds a quiet flag to doctrine:migrate¶
With the flag set only the version numbers of the executed migrations are output, one per line.
[FEATURE] Allow “configurable” classes path in packages¶
Package instances can be asked for their classes path, which is now set determined by the PackageManager and stored in PackageStates.php.
It can - in the future - thus be read from a Composer file and does no longer have to be the hardcoded “Classes”.
This change removes the use of the .Shortcuts folder again and makes “overlapping” package keys possible (e.g. TYPO3.JobQueue and TYPO3.JobQueue.Beanstalk).
[BUGFIX] Fix content security current.globalObject expansion¶
Using for example current.securityContext in Policy.yaml made FLOW3 crash completely in “eval’d” code.
This fixes the crash and removes the eval code by using the TYPO3\FLOW3\Object\ObjectManager.
[TASK] Add DB migration for PostgreSQL¶
This adds an initial migration for PostgreSQL to create the needed schema for the package.
[BUGFIX] Fixes column type detection when using Column annotation¶
If a Column annotation is used but no type argument is given, the default “string” type was used and did override the detection. Now the detection is used again in those cases.
The only drawback is that you cannot force a column to be “string” any more.
[TASK] Cleans up some smaller issues¶
- This change collects a number of smaller issues:
- clarifies description of migrationGenerateCommand
- an exception is thrown on invalid Package.php file
- Commit: aafecb5
Fixes code style issues¶
This change adds a ton of @throws to docblocks and fixes other documentation issues. Some code cleanup, like removing unused variables and tweaking use statements is done as well.
[TASK] Derive maximum table name length from Doctrine.DBAL¶
Doctrine.DBAL drivers have informations about the maxmimum allowed table length, so the annotation driver uses this information now.
[!!!][BUGFIX] Changes the default for nullable columns to FALSE¶
This change makes columns not nullable by default, as is the case with vanilla Doctrine 2.
This is a breaking change if you rely on NULL values to be returned to detect special cases, like for not using unset date properties. In those cases you need to mark your property with the Doctrine annotation: Column(nullable=true)
[TASK] Fix functional test for HTTP RequestHandler¶
The HTTP RequestHandler test can only be executed if the global routes configuration include the routes from the FLOW3 package. That might not be the case in other than the FLOW3 distribution and then this test fails.
Fixed this by skipping the test if it can’t succeed.
- Commit: dd014d2
[TASK] Remove a rather dubious unit test for Redis cache backend¶
Fixes a catch statement around connect as well.
- Commit: e06bd9b
[FEATURE] Improve value object support¶
This allows to handle value objects as intended. Create a new one and persistence will take care to check if the value object exists already.
[BUGFIX] Fixed empty exception for CLI commands¶
When issuing an invalid command line (missing or wrong arguments), FLOW3 displayed an exception #0 without further explanation. The reason was an uncaught StopActionException thrown in the CommandController::forward() method.
This patch fixes that bug and additionally eliminates some duplicate code in CommandRequestHandler.
[BUGFIX] Skip CSRF protection if not authenticated¶
CSRF protection prevented the triggering of authentication entry points in some cases. As CSRF protection is not needed, if nobody is authenticated, we completely skip this feature in those cases.
[TASK] Stability improvement to functional persistence test¶
Adds ordering to TestEntityRepository to make results predictable.
- Commit: 49d0b48
[TASK] Make output of doctrine:migration status more compact¶
This change removes some superfluous newlines that made the migration status output rather long…
- Commit: 3ca5db8
[TASK] Give hint with exception on aggregate roots in hierarchies¶
The message “In a class hierarchy either all or no classes must be an aggregate root, “Foo” is one but the parent class “Bar” is not.” is not really helpful for developers.
This change adds a hint on how to solve the problem.
[SECURITY] Protect arguments of form __referrer with HMAC¶
The request arguments of the referring request are a serialized string written to one of the hidden fields in a Fluid form. This string has to be protected by a HMAC to protect FLOW3 from possible unserialize attacks.
Note: For now there is no object known within the FLOW3 Distribution, that could be used for an unserialize exploit!
- Security-Bulletin: FLOW3-SA-2012-001
- Fixes: #35300
- Commit: dc46450
[TASK] add “Group” tag to excluded tags, as PHPunit now requires to tag big testcases¶
- Commit: 5d6c3ea
[TASK] Add missing getParentRequest() method in HTTP Response¶
Furthermore, some documentation cleanup.
[FEATURE] HTTP Client for Functional Testing¶
This adds a virtual HTTP client which supports pluggable request engines for different purposes. The first scenario in which we’ll use this new “Browser” is for seamless functional testing of controllers and other features which should be tested through the whole request / response chain.
The FunctionalTestCase now provides a new class property called “testableHttpEnabled” which, if set to TRUE, initializes a new browser for each test and provides it as $this->browser.
Also adds a bunch of functional tests for the MVC ActionController using this new feature.
[FEATURE] Provide method getContent() for HTTP request¶
This implements a method for retrieving the HTTP request body.
[!!!][BUGFIX] Alternative entry points can be configured again¶
This fix allows for using other than the pre-defined WebRedirect entry points (for example the HTTP Basic entry point).
In order to avoid confusion, this patch also streamlines the setting names for authentication providers. It makes sure that only one entry point can be defined at all and adjusts the naming of other settings to be in line with other FLOW3 setting conventions.
The keys of settings for the authentication provider have changed as follows:
- DefaultProvider:
- provider: ‘(a class name)’ providerOptions: [ ... options ... ] token: ‘(a class name)’ entryPoint: ‘(a class name)’ entryPointOptions: [ ... options ... ]
[!!!][FEATURE] HTTP 1.1 Support – Foundations¶
This commit contains the foundations for a better HTTP support in FLOW3. It extracts request and response handling into a dedicated sub package “Http” and clearly distinguishes between HTTP requests and “action requests”.
While this change set does contain a few new features which are related to HTTP support, it is by far not complete and rather serves as a foundation for further features which are following.
[!!!][TASK] Sub package name case and location adjustments¶
This change set contains (mostly) renames and relocations of FLOW3 sub namespaces. These changes are necessary to meet the FLOW3 coding guidelines and naming conventions and to support the new CLI / HTTP and MVC structure.
- \TYPO3\FLOW3\AOP -> \TYPO3\FLOW3\Aop
- \TYPO3\FLOW3\MVC -> \TYPO3\FLOW3\Mvc
- \TYPO3\FLOW3\MVC\CLI -> \TYPO3\FLOW3\Cli
- \TYPO3\FLOW3\MVC\Web\Routing -> \TYPO3\FLOW3\Mvc\Routing
- \TYPO3\FLOW3\MVC\Web\Request -> \TYPO3\FLOW3\Mvc\ActionRequest
- \TYPO3\FLOW3\MVC\Web\Response -> \TYPO3\FLOW3\Http\Response
- \TYPO3\FLOW3\MVC\Web\SubRequest -> \TYPO3\FLOW3\Mvc\ActionRequest
- \TYPO3\FLOW3\MVC\Web\SubResponse -> TYPO3\FLOW3\Http\Response
- \TYPO3\FLOW3\MVC\Controller\CommandController -> \TYPO3\FLOW3\Cli\CommandController
- \TYPO3\FLOW3\Property\DataType\Uri -> \TYPO3\FLOW3\Http\Uri
- \TYPO3\FLOW3\MVC\Web\RequestBuilder doesn’t exist anymore. If you need to create requests, do “new ActionRequest($parentRequest)”
- \TYPO3\FLOW3\MVC\Web\SubRequestBuilder doesn’t exist anymore. If you need to create sub requests, do “new ActionRequest($parentRequest)”“
Note that this change set contains most but not every single adjustment to the new locations as it is part of a bigger change for the respective feature.
[FEATURE] –force option for flow3:cache:flush¶
Packages containing invalid PHP code which cause fatal errors can prevent FLOW3 from flushing code caches with ./flow3 typo3.flow3:cache:flush
This patch provides a new –force option which skips all non- essential initialization and flushes caches directly, including emptying the whole temporary directory.
[TASK] Remove Selenium Test Case¶
This removes the unsupported, unnecessary and unfunctional Selenium Test Case.
[BUGFIX] Virtual host configuration contains Production context definition¶
[BUGFIX] Proxy methods with referenced arguments should work¶
Arguments given by reference would result in an exception if the method was proxied due to AOP.
[TASK] Improve TextValidator unit tests¶
This introduces more test texts for the TextValidator tests.
[BUGFIX] DateTimeValidator throws exception when validating DateTime objects¶
The DateTimeValidator tries to parse DateTime objects with the L18n DatesParser which throws an exception.
This change fixes this by checking if the specified value is an instance of DateTime first.
[TASK] Fix doc comments for authentication providers¶
Fixes the wrong return doc annotation for the getTokenClassnames method
[TASK] Cosmetic changes in test cases¶
This removes the @category annotation from a bunch of security related tests and replace an inject method in the PackageCommandController by property injection.
- Commit: 30a007d
[FEATURE] inject() convenience method in Base Test Case¶
Testing code which uses dependency injection requires some additional lines of code for manually injecting the dependencies needed to run a unit test.
This patch provides a new convenience method – inject() – which takes care of manual injection of dependencies in unit test cases.
[BUGFIX] Clear .Shortcuts on cache flush command¶
In case some directories were renamed you are able to get back to a defined state with the cache:flush command.
It will also clean the .Shortcuts directory to prevent mismatches.
[BUGFIX] StreamWrapperAdapter::stream_lock does not return result¶
StreamWrapperAdapter::stream_lock() does not return the results of the actual stream wrapper. But according to the docs this should return TRUE on success and FALSE on failure.
This change fixes this and adds unit tests for all public methods of the adapter.
[FEATURE] Configurable hint about log message origin¶
This feature allows for enabling the additional hint for the origin of logged messages handled by the FileBackend. By default these hints are now omitted.
[FEATURE] Automatic session expiration on user inactivity¶
This feature lets sessions expire automatically after a certain time of user inactivity. The actual timeout can be specified through a new setting called “inactivityTimeout”.
This patch also sets the default cookie lifetime to infinite, as expiration can be better controlled through the new timeout feature.
[BUGFIX] Context::hasRole() now checks roles recursively¶
Previously, hasRole() only considered the first level of roles of a token. getRoles() instead always considered all roles, including those on a lower level.
This patch fixes the behavior of hasRole() by checking for roles recursively. As before, the “Everybody” role is a role even non- authenticated and anonymous users have.
This also fixes <f:security.ifHasRole>, as this ViewHelper directly uses Context::getRoles.
[BUGFIX] YamlSource creates invalid YAML files¶
YamlSource::save() currently creates Windows style EOLs and indentation is lost in YAML files.
[FEATURE] Precompiled reflection data for frozen packages¶
This feature introduces “frozen packages”. Through the command line command “package:freeze” one ore more packages can be set into a frozen state. A frozen package is excluded from file monitoring and its reflection data is stored in a file separate from the regular caches. After caches have been flushed, this precompiled reflection data is loaded in order to speed up the compile run during that first hit.
With “package:unfreeze” packages can be unfrozen and “package:refreeze” will refresh the precompiled reflection data of an already frozen package.
Package freezing is only supported for Development context.
[FEATURE] Optimize AOP proxy building¶
This simply makes AOP proxy building a lot faster.
[FEATURE] Allow setting dataType from outside¶
This change introduces a public setter method for the dataType property, making it possible to influence the target type for propery mapper.
[FEATURE] Package help in CLI¶
This extends the CLI to display a list of all commands of a specified package including their short description. Also if more commands match a given identifier, now the list of all matching commands with short descriptions is displayed.
[BUGFIX] Removes “ghost command” getflow3¶
The fix for #33048 in Ia8561a7878b7dd9ba8a6f3bb926c9da10b46bd0c caused a ghost command to appear in all command controllers…
[BUGFIX] HTML should be escaped in Debug Exception¶
HTML in the code that is output as part of the stack trace is escaped now.
[BUGFIX] Make flow3.bat output usage texts matching Windows¶
When using flow3.bat on Windows the usage information would tell the user to call ”./flow3”, which doesn’t fit the Windows world.
[TASK] Remove deprecated methods and unused code¶
Things which have been deprecated prior to the 1.0.0 release are removed with this change:
[BUGFIX] PackageManager should update .Shortcuts when needed¶
The PackageManager needs to update the shortcuts when saving package states. Besides that the PackageManager should ignore inactive packages when creating shortcuts.
[BUGFIX] Package.php template should have correct use statements¶
The Package.php template will generate clean use statements with same usage of backslashes.
- Commit: b6191e9
[BUGFIX] typo in return statement for getAccessDecisionVoters()¶
Fix return value to array. Fix type hinting for var $securityContext and $authenticationManager
[BUGFIX] ResourceStreamWrapper returns wrong value for fseek¶
Calling fseek will always return the wrong value, as fseek return 0 on success otherwise -1. The stream_wrapper expects a boolean value. So 0 will be evaluated to false and -1 will be evaluated to true
[BUGFIX] wrong variable name inside rename function¶
Use the propper variable name to create the stream wrapper.
[BUGFIX] Fixes getPasswordHashingStrategyAndIdentifier() return value¶
getPasswordHashingStrategyAndIdentifier() is supposed to return an array, but in case a strategy identifier has been requested already, an object will be returned and break the calling code.
This change fixes that.
[BUGFIX] NotFoundView sets 404 status¶
The default NotFoundView, which renders a 404 template, sets now also the HTTP status to 404.
[TASK] Remove collection validation from Lazy collections¶
The change to validate collections introduced unwanted behavior by validating lazy annotated and not yet initialized collections. This basically disables lazy loading and introduces a major memory problem.
[BUGFIX] Add missing $context field to ObjectManager¶
The ObjectManager refers to $this->context which didn’t exist.
[BUGFIX] isAuthenticated should work in authentication request¶
AuthenticationManager::isAuthenticated now checks for resumable and new sessions before returning FALSE, so it works also in the request that triggers the authentication.
[!!!][BUGFIX] (Security): Remove default authentication provider¶
[TASK] Add abstract classes for entrypoint, provider & token in security authentication¶
[BUGFIX] Fixes missing function visibility declarations¶
Some methods were missing their visibility declarations, this change adds them.
[TASK] Fix doc comments¶
Fixes doc comments issues, like missing or wrong @param annotations. Removes @author annotations.
- Commit: 9c9decd
[BUGFIX] Now filters correctly for ‘__destruct’ in pointcut filter¶
The filter for proxyable methods in SessionObjectMethodsPointcutFilter skips the method ‘__desctruct’ instead of ‘__destruct’
[BUGFIX] Keep class doc comments when building proxies¶
Currently the doc comment of a class is replaced with “Autogenerated Proxy Class” when the proxy class is generated. This change fixes this and keeps the original doc comment.
That is particulary useful if you rely on the original comment when creating automatic class documentations.
[BUGFIX] Makes translateById() work if no arguments need to be replaced¶
If translateById() is able to find a translation but is not given any arguments to embed in the output, NULL is returned without this change.
[BUGFIX] Fixes wrong locale in XLIFF models¶
If a translation is requested but no (exact) match is found, a different locale may take effect (e.g. en instead of en_UK).
The XLIFF model created will refer to the en XLIFF file, but claim it’s locale is en_UK. This leads to further problems with translations (like missing labels if no target elements are present in XLIFF files).
This change fixes that…
[FEATURE] Adds fallback rules for locale resolution¶
Allows to set a fallback order for locale resolving. If not set, the implicit inheritance of locales will be used. That is, if a locale of en_UK is requested, matches will be searched for in en_UK and en before trying the default locale configured in FLOW3.
If FLOW3 is given an order of [dk, za, fr_CA] a request for en_UK will be looked up in en_UK, en, dk, za, fr_CA, fr before trying the default locale.
If strict rule adherence is requested, the above example would instead look in en_UK, dk, za, fr_CA before trying the default locale. In other words, the implicit fallback is not applied to the locales in the fallback rule.
[!!!][FEATURE] Adds i18n configuration holder¶
To control the behavior of the i18n component a way to configure the “current” locale, fallback rules for resolving of translations and possible more is needed.
This change adds a Configuration object to the i18n code which encapsulates the configurable parts.
For early adopters this change means the calls to getDefaultLocale() and getCurrentLocale() on I18n\Service need to be routed to Service->getConfiguration()->… instead.
[FEATURE] Makes quantity optional in translation methods¶
When using plural forms, the quantity to be used for finding the correct plural form had to be given explicitly. This was cumbersome when using a single numeric argument, as it meant to pass the same value twice.
With this change the quantity is determined automatically if a single numeric argument is given to translateById() or translateByOriginalLabel() in Translator.
Also fixes a few I18n unit tests along the way.
[FEATURE] Shorthand syntax for custom validators¶
This change allows the Validate annotation for properties to be given a value like “Mypkg:My”. This is equivalent to using “Mypkg\Validation\Validator\MyValidator” - just shorter.
Thanks to Martin Kutschker for reporting and inspiring patch.
[BUGFIX] (Reflection): ObjectAccess::setProperty must work with numeric indexes¶
When trying to set a value to an ArrayAccess object with a numeric index, the ObjectAccess::setProperty() method throws an exception because $propertyName must be a string.
However, we should allow integers there as well.
[BUGFIX] Fixes handling of numeric annotation parameters¶
Annotations like @FooBar(amount=2) lost their parameter value in renderAnnotation(). This change fixes that.
[TASK] Implement best practices in XLIFF files¶
Adds some “required” attributes to the XLIFF files.
[BUGFIX] Fixes duplicate error id in StringValidator¶
StringValidator uses the error id 1238108068, but that is used in StringLengthValidator. This change makes the former use 1238108070 instead.
[TASK] Add better handling of XML parse errors to I18n¶
When parsing XML files the exception thrown in case of errors did not differentiate between filesystem and parsing errors, now it does.
In case of XML errors, a detailed list of errors reported by libxml are added to the thrown exception.
[FEATURE] Make tag ignores configurable¶
Makes the list of ignored tags configurable. This can be used to add tags to the list if needed by your package by simply setting TYPO3.Flow.reflection.ignoredTags to an array of tag names in your Settings.yaml.
[!!!][BUGFIX] Validators should allow empty values¶
Currently most of the provided validators do not accept empty values. This makes it impossible to have an optional email address property for example (without using the disjunction validator).
This change adjusts all Validators to consider empty values (NULL or an empty string) valid.
This is a breaking change if you expected the previous behavior. In order to make a property required you now need to add the NotEmptyValidator explicitly!
E.g. previously:
/**
* @Flow\\Validate(type="EmailAddress")
*/
protected $propertyToValidate;
Now:
/**
* @Flow\\Validate(type="NotEmpty")
* @Flow\\Validate(type="EmailAddress")
*/
protected $propertyToValidate;
[TASK] Remove CGL DocBook XML files from package¶
They have been transformed to reST long ago…
[BUGFIX] Fix default lifetime use in cache backend¶
This fixes the FileBackend so it actually uses the default lifetime in cases it should do that.
ArrayAccess detection for configuration in AbstractBackend is fixed along the way and the RedisBackend code cleaned up a little.
[BUGFIX] Makes account expiry work as expected¶
The expiry if an account was checked in a way that left an account enabled until after it’s last day. Now it will expire exactly when it should.
[BUGFIX] Fixes wrong \TYPO3\FLOW3\I18n\Xml\* namespace use¶
The mentioned namespace doesn’t exist and the resulting error e.g. breaks the Admin package.
Along the way some doc comments are fixed.
[TASK] Throw exception when private properties have @Inject¶
Properties annotated for injection do obviously have to be at least protected in order for the proxy class having access to it. This patch makes an exception thrown when such private properties occur.
[BUGFIX] Fixed logging of incorrect doc comments in reflection¶
If one enables logIncorrectDocCommentHints nothing happens, as the settings are not available in the ReflectionService. This change fixes that.
[TASK] Adjust test fixture to Doctrine.ORM 2.2.0¶
The proxy interface in Common is now used, the fixture needs to be adjusted.
[TASK] Clean up i18n settings¶
This renames the locale settings section to i18n and changes the defaultLocaleIdentifier setting to be defaultLocale.
[BUGFIX] CLDR locale chaining doesn’t work correctly¶
When collecting CLDR resource files, the required chaining is corrected (i.e. de_DE.xml also requires de.xml to be included).
[FEATURE] Add validators for objects inside of collections¶
Model validation stops as soon as a property is of type collection. What one would expect here is, that all objects inside this collection get validated as well.
[FEATURE] Add currentLocale to I18n translation service¶
Also add localeIdentifier validator.
[FEATURE] Add Getter for validator options and child validators¶
Validation options are set through the constructor but there is currently no way of accessing the options afterwards. This change introduces the respective getters.
[TASK] Replace bool by boolean in docblocks¶
A CGL conformity fix. Just because I noticed. :)
[TASK] Add early returns to Security\Context::hasRole¶
Change the behavior of hasRole so it has an early return when the authenticationManager is not yet authenticated (and thus no role can be assigned to the authenticated user).
Also an earlier return on the Everyone role.
[BUGFIX] Hint at possible exception cause¶
When using @MappedSuperclass without @Entity an exception is thrown. Since FLOW3 needs the @Entity annotation even with a mapped superclass, this change adds a hint to the exception message.
[TASK] Some cleanup around authentication¶
Does some coding style cleanup, amends a docblock and makes the authenticateAction() use $this->errorMethodName() instead of hardcoding $this->errorAction()
[BUGFIX] Make QueryResult::offsetGet() behavior consistent¶
offsetGet() on QueryResult for Doctrine persistence now checks if the offset exists and returns NULL if not, instead of running into an error.
[FEATURE] Create .Shortcuts directory if it is missing¶
The .Shortcuts directory will now be built if it is missing. That allows developers to just trash a broken .Shortcuts directory if they messed with package directories manually.
[TASK] Regard return type of preg_match¶
As of PHP-documentation, preg_match() may return int 0 or 1 or boolean FALSE. This patch takes care of this behaviour.
[FEATURE] Add support for not mapped properties¶
The PropertyMappingConfiguration now has a doNotMapProperty() method that tells the mapper to ignore the data / property
[BUGFIX] Make updating a Doctrine Lazy Loading Proxy work¶
When a Doctrine lazy loading proxy is persisted again, a fatal error is thrown because the Reflection Service cannot handle Doctrine Proxies.
We work around this issue by asking the Doctrine Entity Manager to resolve the class name.
A Functional Test reproducing the issue is included.
[TASK] Adjust YAML handling and files to updated parser¶
The fix for #31289 requires some adjustments to FLOW3 and the existing YAML files.
Additionally adjust boolean and NULL values to all uppercase according to CGLs.
[TASK] Adjust to updated Doctrine libraries¶
This adjusts the FLOW3 annotation driver and the ClassMetadata implementation to the changes in Doctrine 2.
[BUGFIX] (Utility): ArrayMergeRecursiveOverrule does not override arrays with simple types¶
If the first element contains an array, and the second element contains a simple type at a certain position, the ORIGINAL array is used. That bug prevents to reset array in configuration for example.
A full example is given in issue #32984.
I also added first unit tests for the ArrayMergeRecursiveOverrule function.
[FEATURE] DateTimeRange Validator¶
This offers validation for Date/Time ranges, e.g. if a given date is ahead or prior to a reference date or between to boundaries.
[FEATURE] (CLI): Add configuration:show command for debugging¶
Adds the cli command “configuration:show” with the options –type and –path. The patch adds the method getAvailableConfigurationTypes to the configurationManager which is used by the cli-command.
[TASK] Move Translations folder up one level¶
This moves the folder for translations into Resources/Private and renames the remaining Resources/Private/Locale folder to I18n along the way.
[BUGFIX] Fix UriBuilder with subrequests¶
This change fixes the argument handling of the UriBuilder for nested subrequests. The namespaces of all parent requests get added recursively.
[TASK] Enhance help texts and parameter names for Doctrine commands¶
[FEATURE] Command to mark all migrations as executed¶
- It is now possible to mark all migrations as (not) executed with
- ./flow3 doctrine:migrationversion all –delete ./flow3 doctrine:migrationversion all –add
[BUGFIX] Unit tests remove their temporary files¶
Some unit tests create many temporary files outside vfs:// that are now removed after running the test.
[BUGFIX] Doctrine@PostLoad calls DI and AOP initialization explicitly.¶
When a Doctrine lazy loading proxy for an object is created for some specific purpose (e.g. when initializing session objects relating to an entity) but filled afterwards “on the fly” if this object is part of a wide range “findBy” call through some query, Doctrine initializes the lazy loading proxy but does not call __wakeup and therefore not initialize AOP and DI. We work around this issue, by initializing those objects with a Doctrine PostLoad hook explicitly.
[FEATURE] Support multiple password hashing strategies¶
Add configurable password hashing strategies to the HashService.
[BUGFIX] Make emptyDirectoryRecursively() ignore . and ..¶
The check for this breaks when the iterator returns . and .., they are then handled like files, which cannot work.
[FEATURE] Add createResourceFromContent to ResourceManager¶
This enables the ResourceManager to put files into the persistent resource storage out of a given content string.
[BUGFIX] Functional tests die with fatal error¶
The breaking tests lacked parent::setUp() in their own setup method.
[BUGFIX] The declaring class for an advice is the interface for introductions¶
[BUGFIX] Files::is_link() returns TRUE for vfs paths on Windows¶
This adds a check to \TYPO3\FLOW3\Utility\Files::is_link() that prevents the method from returning TRUE for virtual paths (e.g. streamwrapper like “vfs://”).
[BUGFIX] Update package states only when needed¶
While scanning of available packages will still happen on every request in non-production contexts, the package state will only be saved if there has actually been a change.
[BUGFIX] Change code in emptyDirectoryRecursively()¶
This change reverts Iadcfe9b6d143e1fa856a3ce93f51888a18bb5e35 which reintruduced the bug explained in #32550. It fixes the issue at hand by simplifying the code a bit.
[BUGFIX] Logout doesn’t work anymore¶
Since eab9bf9 calling AuthenticationProviderManager::logout() without initializing the Security Context first, returns without actually destroying the authentication cookie. This change fixes this by introducing a new convenience method isAuthenticated() to the AuthentcationManagerInterface allowing the AuthenticationProviderManager to check whether a user is authenticated before trying to fetch the session.
[BUGFIX] (Command): Improve explanations of doctrine:migrationgenerate¶
Instead of:
Generated new migration class to ...
the command output now reads like:
Generated new migration class!
Next Steps:
- Move ... to YourPackage/Migrations/Mysql/
- Review and adjust the generated migration.
- (optional) execute the migration using ./flow3
doctrine:migrate
This is much more understandable, and less error-prone, especially to new users.
[FEATURE] Add doctrine metadata dumping feature¶
This is purely a debugging aid, neither smart nor pretty: If you give the –dump-mapping-data option to docrine:entitystatus the collected mapping data will be dumped to the console.
- Commit: 2f83c8e
[FEATURE] Optimized Reflection Service¶
A new Reflection Service which specifically supports development and production scenarios. While the development version is tailored to flexibility and partial flushing, the production variant works with frozen caches and loads per-class information only on demand.
Memory consumption in Production context will be notably lower and also the overall performance is better.
This change set updates but also removes several unit tests. Those removed should be replaced by a more meaningful and better maintainable functional test.
[BUGFIX] Only flush() the Doctrine ORM if it is open¶
In some cases it can happen, that the EntityManager is closed at the end of a request This can be a valid situation (see #30933 for more).
This change makes persistAll() check if the EntityManager is open before calling flush() on it.
[BUGFIX] Reorder code in emptyDirectoryRecursively()¶
The change in Iad2e358ec8a94fe91dd27eda5737f075f277f2dc did break one test, after all. This fixes it for me, I hope it works on Windows.
[BUGFIX] Files::emptyDirectoryRecursively affects targets of symlinks¶
\TYPO3\FLOW3\Utility\Files::removeDirectoryRecursively() fails to properly unlink directory symlinks on Windows.
Thus \TYPO3\FLOW3\Utility\Files::emptyDirectoryRecursively() iterates through the target files of a symlinked folder and removes them!
This change fixes this by introducing a custom unlink() function that can remove a symlink regardless of it’s type (file/directory).
[BUGFIX] “Wrong” EOL characters break parsing of doc comments¶
When \r\n was used as EOL instead of just \n the parsed doc comments would retain the \r which would cause confusing exceptions in some cases later on.
[BUGFIX] getObjectByIdentifier() does not pass $objectType to backend¶
The parameter is optional and historically unused in Generic persistence, but still it should be passed along.
[TASK] Removed unused configuration types “Package”, “PackageStates”¶
The patch removes unused parts from the configurationManager:
- Removed unused configuration types “Package” and “PackageStates”
- Removed methods “setConfiguration” and “saveConfiguration”. The methods were only intended to work with packageStates which is unused.
- Adjusted unit tests of configurationManager
[FEATURE] Making property mapping exception more verbose¶
When an exception occurs during property mapping it’s hard for the developer to track what a specific type the intended value at runtime is.
This change adds the object’s class name to the exception, if it is an object; otherwise the scalar type name is added.
[BUGFIX] Fix unit tests failures with new class loader¶
Two unit tests failed with the new class loader[1]. One because there was a check for ignored classes, but it came too late. The other because for the shortcut link creation the package path is now needed right after activation of a package.
[BUGFIX] Fix functional tests with new class loader¶
This change moves the FunctionalTestRequestHandler to the Tests\Functional namespace and registers functional test classes again.
Needs https://review.typo3.org/7258
Related to https://review.typo3.org/7164
- Commit: 7771616
[TASK] Improved Class Loader¶
This patch introduces an improved loading strategy based on symbolic links leading directly to the Classes directory of each package. The symlinks reside in a ”.Shortcuts” directory below the general Packages folder and are created whenever the PackageStates.php file is saved by the Package Manager.
This patch also contains minor speed improvements in the Proxy Compiler and the Object Manager (getCaseSensitiveObjectName).
- Commit: 70c98b6
[BUGFIX] ACL file permissions do not work correctly¶
When setting file permissions the setting of ACL would succeed but the set permissions did not work as expected. This changes fixes that.
In addition it makes the calls in a chain so that the check for the return value of the chmod commands is more robust. The directories that are created are now always owned by the command line user.
[BUGFIX] Remove MockWebRequestHandler, use FunctionalTestRequestHandler¶
[BUGFIX] Fix check for stripped comments¶
The bootstrap checks for the presence of doc comments, to avoid problems with some bytecode caches that strip comments.
That check did not work correctly (FALSE is returned but the check expects an empty string). In case an error is seen, the exception cannot be thrown as well (no classloader available at that point). That exception issue has been been fixed for another check as well.
On top of this the check for magic_quotes_gpc has been adjusted a tiny bit.
[BUGFIX] Trigger allObjectsPersisted after every functional test¶
The tearDown() method of the base functional test case clears the persistence manager’s state so it is ready for the next test, avoiding side effects.
However, certain repositories (such as the TYPO3CR NodeRepository) rely on the signal “allObjectsPersisted” which triggers their internal cleanup function. If this signal is not, sent, the next test will still see added objects stored directly in the repository.
The solution is to call persistAll() in the tearDown() method, even if the just executed test doesn’t require it.
[FEATURE] Freezable Cache Backend¶
This introduces a new type of cache backends which supports freezing. In a frozen state no modifications are allowed and thus enables the cache implementation to optimize its tasks for speed.
The FileBackend was extended to support freezing and is now used for the class cache in Production context. Measured on the blog example, this change improved number of transactions per second by 29 %.
[FEATURE] (MVC): Introduce some more Signals for performance measurements¶
This change set introduces signals which can be used to measure the controller and Request Builder runtime.
- Commit: dc43c26
[FEATURE][!!!] Modular and configurable bootstrap¶
This extracts all specific initialization methods from the bootstrap into a “Scripts” class and instead of hard-wiring each initialization step, introduces a loose, configurable coupling by means of a sequence and steps. The responsibility for the actual boot sequence now lies at the request handler taking care of the request.
Request handlers must now be explicitly registered in the package class. The interface to be implemented was moved to the Core namespace.
[TASK] Optimized package manager and configuration manager initialization¶
This patch introduces a somewhat lazier initialization for the Configuration Manager’s cache and the scanning of available packages and loading of package state information.
NOTE: On the first hit, the modified Package Manager will introduce a new format for the PackageStates.php. From now on the configuration in that file also contains a version number which allows for automatic migration of that file in the future.
[TASK] Configuration Manager throws exception on permission problems¶
If the compiled configuration could not be written, the configuration manager now throws an exception instead of silently ignoring it.
- Commit: c27a965
[FEATURE] Implement base URI setting¶
This change adds a configurable base URI to FLOW3. The environment will use the setting instead of trying to guess the base URI from the current request if it is configured.
[FEATURE] Make target in XLIFF optional if source equals target language¶
This allows for less duplication when using XLIFF as a message catalog when the target language is the file’s source language.
[FEATURE] Add XLIFF files with common labels for translation¶
This adds XLIFF files with a few basic labels and a german translation. This shows the principle and can be used as a base for a generic label catalog to use in all FLOW3 applications.
[BUGFIX] Make date formatting in translations work¶
When using date formatting in translations the system would break really bad.
[BUGFIX] Fix handling of plural forms¶
Internal handling of plurals forms was broken.
[TASK] Clean up some smaller things in I18n¶
Fixes a method name not renamed in an earlier refactoring, makes some @return annotations fully qualified, simplifies some unit tests, ...
[FEATURE] Allow translation files (XLIFF) on a per package basis¶
Fixes issue in which XliffTranslationProvider prefaces a hardcoded base path of resource://FLOW3/Private/Locale/Translations before the sourceName argument passed to getTranslationByOriginalLabel and getTranslationById methods.
This fix modifies the translateById and translateByOriginalLabel methods in the TYPO3\FLOW3\I18n\Translator to use packageKey as an argument. The XliffTranslationProvider will construct a base path of “<packageName>/Private/Locale/Translations”. This base path is prepended to the value of the sourceName argument to create the translation file resource string.
Unit tests have been adjusted as well to accommodate these changes to the XliffTranslationProvider and Translator classes. The TranslationProviderInterface has been adjusted as well.
[BUGFIX] Fix boolean default values in YAML config¶
The previously used YAML parser accepted ‘n’ and ‘y’ as legitimate boolean values resulting in FALSE and TRUE respectively.
The Symfony parser does not recognize these values as boolean but expects ‘no’ and ‘yes’ instead.
- Commit: 8784c29
[BUGFIX] Make validation upon persistence work again¶
The validation upon persistence was dropped (more or less by accident) when we switched to Doctrine. This change brings it back.
In addition it fixes the exception message produced in the generic AbstractBackend when validation fails.
[TASK] Move ObjectValidationFailedException out of Generic¶
The exception is not specific to generic persistence, thus it should not be inside the Generic namespace.
[FEATURE] Add routing:show, routing:route and routing:resolve commands¶
Adds 3 CLI commands: - routing:show show informations for a single route - routing:getPath show the generated route-path for a given package, controller and action - routing:routePath take a route-path and show package, controller and action
The patch alters the routing:list command to show the index number for the routes.
[BUGFIX] Fix link to issue tracker¶
Adapts the project link after a renaming of the FLOW3 package in forge.
[TASK] Escape phpBinaryPathAndFilename in Command execution¶
Currently the bootstrap fails to properly escape the php path when dispatching sub requests in command execution. This leads to exceptions when the path contains spaces or other special characters. This is fixed by putting the command in quotes and replacing backslashes.
[BUGFIX] Allow usage of query parameter “_”¶
Assert that the length of $argumentName is >= 2 before accessing it at position 1
[BUGFIX] Fix Persistence\Doctrine\Query serialization cycle¶
If you assign a QueryResult to a ViewHelper and later on use $result->getQuery(), this query is not executable any more, if you used complex “where”-clauses involving joins, as these joins are not reapplied to the object during the __wakeup() call.
This patch ensures the query being callable like the original one after __wakeup() by saving all joins in array and reapplies them after wakeup. A functional test is included.
[BUGFIX] (CLI): CLI arguments should be usable with equals sign (=)¶
With this fix the last argument may use the equals sign (=) again to separate between argument name and value.
Besides writing an additional test case which reproduces the issue, the other test cases have been strengthened by replacing assertEquals() by assertSame().
[FEATURE] (Security): HMAC Convenience methods in HashService¶
This adds the methods appendHmac() and validateAndStripHmac() to the Cryptography\HashService allowing users to deal with HMAC validation more conveniently.
[FEATURE] Add BCrypt hashing strategy¶
This adds a wrapper for the BCrypt hashing algorithm and makes it the default password hashing strategy. Also provides a fallback when using hashes generated by PBKDF2.
[FEATURE] Support mapping to specific subtypes by property (__type)¶
When type hierarchies are used for modeling, it’s sometimes necessary to use a special subclass when creating new entities (e.g. from user selection). This change enables the use of a special (request) property “__type” in the source array of a type converter. For security reasons, this feature must be configured explicitly through a mapping configuration.
[FEATURE] Persistence Manager knows about unmanaged, new objects¶
This patch enhances the persistence aspect and the related code in the Persistence Manager so that getObjectByIdentifier() also returns those objects which have been created but not yet added to any repository.
That allows, among other things, to render URIs pointing to not yet persisted objects which have been carried around in a session container.
[TASK] Add clearState() to PersistenceManagerInterface¶
Also implements it for both PersistenceManager implementations.
- Commit: d2d33bc
[TASK] Clean up of the Abstract Persistence Manager¶
Removed unused dependency to Reflection Service and move the dependency to System Logger into the concrete Persistence Manager.
- Commit: 53403be
[TASK] Unify usage of random byte generator¶
We already use the randomizer library, now all calls to it are wrapped in Utilities\Algorithms.
[BUGFIX] Reset argument list before initializing action arguments¶
This change fixes a problem with functional tests of controller actions. It’s also needed to reset the state of the controller when multiple requests are dispatched.
It also refactors a unit test to use the actual arguments class instead of a mock which is more expressive.
[BUGFIX] Use correct method to get CLI arguments for DQL command¶
Call TYPO3\FLOW3\MVC\CLI\Request::getExceedingArguments() instead of the removed TYPO3\FLOW3\MVC\CLI\Request::getCommandLineArguments()
[FEATURE] AOP: Make JoinPoint methodArguments settable¶
As at least BeforeAdvices and AroundAdvices can be used to manipulate the behavior of the original method, the advice method should be able to change the original method’s arguments.
[BUGFIX] Enhance entity classname detection in repository constructor¶
Fix bug where all occurrences of the word “Repository” were stripped out during the automatic retrieval of the entity classname. This changes the behavior in the way, that only removes the last occurrence.
[BUGFIX] Use annotations in ActionController for IgnoreValidation¶
Use annotations for the action method instead of method tags values which return wrong results if an explicit argumentName is given to the annotation. See the functional test that is added.
[TASK] Optimized AOP Pointcut Filter matching¶
This change set greatly reduces compilation time for AOP proxies for applications intensively using AOP and security policies. It is a quick fix rather than the ultimate solution.
Class name and method name matching have been simplified, matching against annotations does not support regular expressions any more (wasn’t supported officially anyway) and the order of a few point cut expressions has been optimized.
[BUGFIX] Logout must not rely on a session¶
AuthenticationProvider::logout() currently throws an Exception if no session has been initialized yet. This change fixes this by checking whether the Security Context has been initialized.
[BUGFIX] Proxy class builder should retain original annotations¶
Original metadata information on proxied methods should be retained to allow for code inspection and usage of metadata for dynamic code generation.
[FEATURE] Make path for migrate-annotations configurable¶
Optional parameter –packages-path to configure an individual absolute path to the folder with the packages.
TYPO3.Fluid¶
[BUGFIX] TemplateParser unquoteString does not trim escaped quotes correctly¶
This change fixes wrong trimming of trailing quotes in escaped sequences by replacing trim() calls with a preg_replace() alternative.
[BUGFIX] Action URI of the form ViewHelper is not reset¶
Form ViewHelpers store the action URI attribute for performance reasons. But because instances of ViewHelpers are reused, this value needs to be reset. Besides this removes an obsolete property “formActionUriArguments”
[BUGFIX] Make TextareaViewHelper HTML5 aware¶
This makes the arguments “rows” and “cols” of the form.textarea ViewHelper optional.
[TASK] Correct StripTags test because of unintended incompletion result¶
A test’s data provider’s method name began with the character sequence ‘test’, was hence regarded as test to be executed. This resulted into an “Incomplete” result when running the tests.
- Commit: 492a8da
[BUGFIX] Replace placeholders in fallback for id translation¶
When using id based translation and no translation is defined in XLIFF, the tag value is used as a fallback in TranslateViewHelper.
With this change, the fallback is passed to label based translation, making placeholder replacement work also if no translation does exist yet.
[BUGFIX] Make use of dashes in attribute names possible¶
When using e.g. data-foo in VH tags, the parser would choke. This change fixes this.
[BUGFIX] Remove (wrong) use of Internal annotation¶
The internal annotation is used to declare command methods as internal, not to mark things as not being public API.
Furthermore, it is not allowed to be used on properties and with #38667 fixed Fluid would cause exceptions.
[BUGFIX] Remove eval from StandaloneViewTest¶
Removes the use of eval from the StandaloneViewTest so that now a Fixture class is used that extends the StandaloneView.
[TASK] Code cleanup¶
Does code cleanup, mostly to documentation, but also tweaks unused variables, missing return statements and similar things.
[BUGFIX] Fix unusable checkbox/radio if formObject is NULL¶
When using a form object inside of a form view helper inside an index action template and a checkbox is referring to a property $sth of $someFormObject, the form object can be NULL with code like:
indexAction(\\Some\\Type $someFormObject = NULL) { ... }
<f:form ... object="{someFormObject}">
<f:form.checkbox property="{sth}" value="yes" checked="{sth.value} == yes"/>
</f:form>
Initially calling the index action makes someFormObject NULL. If the submitted form had validation errors someFormObject is NULL, too. This possibility was ignored in a call for the formObject from within the CheckboxViewHelper as well as from the RadioViewHelper.
So you would get an exception telling you:
No value found for key "TYPO3\\Fluid\\ViewHelpers\\FormViewHelper->formObject"
This change fixes that bug and thus also sets the checkbox and radio “checked” attribute properly when a validation error occurred.
[FEATURE] Add a ViewHelper for entity identifier retrieval¶
This adds a ViewHelper “format.identifier” that returns the plain identifier for a given entity.
[BUGFIX] ViewHelper exceptions should not be caught in testing context¶
While it is correct that ViewHelper exceptions are silently logged in production context, they should be displayed in development and testing context; and not only in development context.
[TASK] Standalone View: enable escaping for “html”¶
Since the introduction of Content Negotiation to FLOW3 (I7d753155aa72f41e3df85b076e8067bcbfe7ac04), the default Format of the ActionRequest is not “html” but undefined. The Standalone View relied on the default “html” format.
This change enables the escape interceptor if the format is either “html” or not set at all * Related: #37561
- Commit: 6f1b39d
[BUGFIX] Avoid empty output of TranslateViewHelper¶
If translation by ID is used but no translation is found, the ID will now be returned if the view helper tag has no content. Before this change it would just return nothing (printable, at least).
[TASK] Clean up some coding style issues¶
Add spaces to ”){” and to “foreach(”, fixes some docblocks and indentation. Also avoids a possible uninitialised variable warning.
[!!!][FEATURE] (MVC): Whitelist-based Property Mapping Configuration¶
See the corresponding FLOW3 change at https://review.typo3.org/#/c/10926/ for a detailed explanation.
Furthermore, this change adds comprehensive end-to-end Functional Tests for the Fluid and FLOW3 Form Handling
Note: You need the accompanying FLOW3 change for testing this feature as well.
[BUGFIX] Fix request handling for Ajax widgets¶
Requests to AJAX widgets were not handled properly because the routing configuration was not available to the request handler being in charge for handling that request.
This patch removes the specialized WidgetRequestHandler completely and implements the specialized handling of AJAX widget requests through an aspect which advices the original Router.
This change set also introduces functional tests which cover the basic widget request handling executed through the full request / response stack.
[!!!][TASK] Move link.widget & uri.widget Widget subfolder¶
This moves widget related ViewHelpers link.widget & uri.widget to the Widget subfolder (as in v4).
Instead of link.widget you should use widget.link, instead of uri.widget widget.uri from now on.
This is not a breaking change right now as the old classes are still there (with @deprecated annotation). But if you used one of the ViewHelpers you should adjust your code.
[FEATURE] DebugViewHelper allows output of type only¶
Because sometimes var_dump is too verbose, this patch adds a flag where only the type of the intended variable can be output.
[FEATURE] Declare namespaces in XML tag¶
This makes it possible to declare Fluid namespace identifiers with the common xmlns syntax <html xmlns:foo=”http://some/unique/namespace”> That works as a replacement for xml/html based Fluid templates which can be used instead of the {namespace foo=Bar} syntax.
This syntax triggers auto-completion in most IDEs if the xml namespace is bound to a valid XSD schema!
Usage:
- Create a XSD file for your ViewHelpers by executing ./flow3 documenation:generatexsd Your\\Package\\ViewHelpers –target-file some/directory/your.package.xsd
- Import the XSD file in your favorite IDE and map it to the namespace “http://typo3.org/ns/Your/Package/ViewHelpers“
- Add the namespace to your Fluid template by adding the “xmlns:” attribute to the root tag (usually <xml ...> or <html ...>).
If you want to use this inside partials, you can use the “section” argument of the render ViewHelper in order to only render the content of the partial:
Partial:
<html xmlns:x="http://typo3.org/ns/Your/Package/ViewHelpers">
<f:section name="content">
<x:yourViewHelper />
</f:section>
Template:
<f:render partial="PartialName" section="content" />
Note:
You are able to use a different XML namespace pattern by specifying the –xsd-namespace argument in the generatexsd command.
The default pattern “http://typo3.org/ns/<php namespace>” is resolved automatically by the Fluid parser. If you use a custom XML namespace, you need to configure the namespace mapping.
The (YAML) syntax for that is:
TYPO3:
Fluid:
namespaces:
'http://some/unique/namespace': 'My\\Php\\Namespace'
[FEATURE] Command for XSD Schema generation¶
This adds a command controller for rendering XSD schemas for ViewHelpers.
Usage: ./flow3 documentation:generatexsd ‘Some\Namespace’
This also removes the no longer needed and forever broken Controllers from the package.
[TASK] adjustments to refactored FLOW3 Context¶
As the Context is now an object and not a string anymore, we adjust our context checks appropriately.
[TASK] Add code migration to adjust templates to Fluid 1.1¶
This changes form.textbox to form.textfield in HTML files.
[BUGFIX] Adjust filename spelling to changes in FLOW3¶
Adapt the usage of fileName to filename to match FLOW3
[BUGFIX] Fixes doc comment of Form.ValidationResultsViewHelper¶
The example in the class doc comment was outdated and is fixed with this change.
[BUGFIX] Render childnodes in validation results VH¶
The adjustments to the new HTTP implementation in FLOW3 introduced a regression that prevents the child nodes of the ValidationResults ViewHelper from being rendered if no validation errors occurred. This change reverts this breaking behavior and adds unit tests for the ViewHelper.
[SECURITY] Protect arguments of form __referrer with HMAC¶
The request arguments of the referring request are a serialized string written to one of the hidden fields in a Fluid form. This string has to be protected by a HMAC to protect FLOW3 from possible unserialize attacks.
Note: For now there is no object known within the FLOW3 Distribution, that could be used for an unserialize exploit!
- Security-Bulletin: FLOW3-SA-2012-001
- Related: #35300
- Commit: 7390198
[TASK] Adjust to FLOW3’s new HTTP framework¶
This adjusts API usage within Fluid to the refactored MVC and new HTTP support in FLOW3 1.1.
[TASK] Sub package name case and location adjustments¶
This adjusts code to use the corrected namespaces and class names in FLOW3.
Also contains a few cosmetic changes.
[FEATURE] Make renderSection callable outside of template context¶
This makes it possible to call $this->renderSection(‘sectionName’) to render only only a single section out of a complex template.
This change is needed for the refactored TypoScript rendering.
[TASK] Remove occurences of removed form.textbox ViewHelper¶
There are still some places referring to the no longer existing Textbox form ViewHelper. This adjusts code accordingly by replacing textbox with textfield where applicable.
[FEATURE] Add translation support to SelectViewHelper¶
The change adds support for translation of the options labels produced in SelectViewHelper.
The view helper can be given a “translate” argument with configuration on how to translate option labels. The array can have the following keys:
- “by” defines if translation by message id or original label is to be used (“id” or “label”)
- “using” defines if the option tag’s “value” or “label” should be used as translation input, defaults to “value”
- “locale” defines the locale identifier to use, optional, defaults to current locale
- “source” defines the translation source name, optional, defaults to “Main”
- “package” defines the package key of the translation source, optional, defaults to current package
- “prefix” optionally defines a prefix to use for the message id
[TASK] Fix types in variable annotations (missing prepending backslash)¶
Minor changes due to automated scan for missing backslash.
[FEATURE] Hint about achieving string comparison in IfViewHelper¶
IfViewHelper’s condition doesn’t support real string comparison. There’s a known workaround which is now mentioned in the VH’s code examples.
[TASK] Fix doc comments¶
Fixes doc comments issues, like missing or wrong @param annotations. Removes @author annotations.
- Commit: 1049dbd
[TASK] Remove utterly useless line of code¶
In I24acacf9fe10ffd1f8daa640b86f1a6709cf2a8a a small fix was made. Only to leave an utterly useless line of code behind. This change remedies that.
[TASK] Rename key to id in TranslateViewHelper¶
The key attribute refers to the trans-unit id in XLIFF and thus should be named id.
Along the way a type cast of quantity to integer is removed, as it doesn’t make sense (plural form handling can take care of floats just fine).
[TASK] Cleanup/Fix ViewHelper doc comments¶
This tweakes some ViewHelper doc comments so that they can be rendered with the new Reference command introduced with #33675. No functional changes.
[TASK] Remove deprecated methods and unused code¶
Things which have been deprecated prior to the 1.0.0 release are removed with this change.
[BUGFIX] UploadViewHelper must not convert resources if errors occurred¶
If getMappingResultsForProperty() contains errors, uploaded resources should not been converted to resource objects but instead the hidden fields should be empty.
[BUGFIX] AbstractFormFieldViewHelper always converts entities¶
AbstractFormFieldViewHelper::getValue() currently always tries to convert objects to identities by calling PersistenceManager::getIdentifierByObject(). This makes it impossible for custom ViewHelpers to access the unmodified value that was previously submitted (or bound to the form field view helper).
This change introduces an argument $convertObjects that allows experienced developers to disable this behavior in custom view helpers.
[FEATURE] GroupedForViewHelper accepts property path as groupBy argument¶
This change allows the GroupedForViewHelper to accept not only a property/array key as argument but also a property path. This reduces memory consumption for more complex object graphs. Also, It enables a developer to create a custom algorithm (getter) to provide the value to compare. The change is backwards compatible.
[FEATURE] (View): Implement StandaloneView¶
This view can be used to render E-Mails or other things outside a controller scope.
It is mostly forward-ported from TYPO3 v4, just with Functional Tests added.
[BUGFIX] FormFieldViewHelpers do not resolve property path¶
When binding a form to an object the form elements fail to correctly resolve the property path if no “formObjectName” is specified.
[BUGFIX] form.checkbox ViewHelper throws Exception in newAction¶
This adds an argument “multiple” to the checkbox ViewHelper which makes it possible to mark the property as multi value even if the bound object is NULL.
Besides the ViewHelper can now be bound to all scalar properties, arrays and Traversable objects. This change is backwards-compatible.
[FEATURE] form.button ViewHelper¶
Adds a ViewHelper that renders <button /> form elements
[TASK] Rename default attribute to value in TranslateViewHelper¶
The default attribute for the TranslateViewHelper is renamed to value, because it is more intuitive if not translating by key when using inline notation.
[FEATURE] TranslateViewHelper accepts package argument¶
This change allows the TranslateViewHelper to accept an optional package argument, which is passed to the Translator class for lookups. If the package argument is NULL, the view helper will default to the current controller’s package key.
[TASK] Adjust Tests to optimized Reflection Service¶
This fixes unit tests that are broken with Idbaa7906dcdad82131eaf74a8dbfa371b78fe94e applied.
[BUGFIX] Fix WidgetRequestHandler unit tests¶
This change fixes unit tests that were broken with eeadd2b
[BUGFIX] (Widget): Adjust Ajax Widgets to rewritten Bootstrap¶
As the concept of Request Handlers has been updated and extended, we need to adjust the WidgetRequestHandler accordingly.
This bugfix is testable with the Viewhelpertest package, using the manual test “Widgets: AJAX widget context is reset correctly”.
[FEATURE] (Core): Stateless AJAX Widgets¶
Currently an AJAX Widget stores the WidgetContext in the WidgetContextHolder which again puts it in the current user session. This change adds a property “stateless” to the AbstractWidgetViewHelper. If that’s TRUE, the widget context won’t be stored in the session anymore. Instead, the WidgetRequestBuilder then expects the “internal argument” __widgetContext to be specified (with a valid HMAC appended).
The Widget Link/Uri-Viewhelpers now add the serialized and HMAC’ed WidgetContext to the generated URI if the new argument “includeWidgetContext” is set.
Besides this change renames the widgetId argument from “typo3-fluid-widget-id” to “__widgetId” as discussed. Note: This would be a breaking change, if you relied on that specific GET argument (which is however very unlikely)!
Lastly the WidgetRequestBuilder now interprets merged GET + POST arguments instead of relying on GET only. This makes it possible to pass the widgetId/Context via POST.
[FEATURE] (ViewHelpers): Render FlashMessage title and severity¶
Currently the FlashMessages ViewHelper only renders the body of the respective Flash Messages. This change modifies the ViewHelper in a backwards compatible way so that it outputs the message title if specified. Additionally the severity (notice, warning, error, ok) is added to each list item.
Additionally free rendering foreach style is possible now.
[BUGFIX] ViewHelper Exceptions should be logged in Production¶
In Production context all Exceptions from ViewHelpers will be silently logged. In Development they will be re-thrown so the global exception handler will be triggered.
[FEATURE] Widgets: Reset WidgetViewHelpers when being reused from ViewHelperNode¶
- Introduce an AbstractViewHelper::resetState method to handle any kind of statefull interaction, empty by default.
- Make ViewHelperNode call resetState when reusing a ViewHelper, and also call it when reusing it in a compiled template.
- AbstractWidgetViewHelper implements resetState for creating a new WidgetContext object.
As ViewHelpers are supposed to be stateless they were create once per RenderingContext and reused whenever the RenderingContext fits. Some ViewHelpers are not stateless, e.g. AJAX widgets.
AJAX widgets push their WidgetContext into an AjaxWidgetContextHolder before they get rendered.
As soon as AJAX-WidgetViewHelpers were used multiple times within the same RenderingContext (widgets in ForViewHelpers for example) differet widgets share the same ViewHelper containing the same WidgetContext. Because the WidgetContext contains all statefull information about a widget, only the last rendered widget gets stored in the ContextHolder. That makes equal AJAX widgets within a for-loop impossible because each GUI representation interacts with only the last rendered PHP object.
A test case has been committed to Viewhelpertest with http://review.typo3.org/6594
[BUGFIX] pre-selecting entities does not work with multiple flag set¶
The SelectViewHelper is not able to retrieve the selected uuid values for a collection of objects
TYPO3.Kickstart¶
[BUGFIX] kickstart:package gives wrong hint for valid package key¶
The kickstarter wrongly claims that a valid package key may contain underscores. This patch corrects the respective messages.
[FEATURE] Generate layout on kickstart:package¶
With this change the kickstart:package command generates a layout from the same template as the kickstart:action command. So resulting view has a base tag included which allows for easier usage of the resulting StandardController.
[TASK] Sub package name case and location adjustments¶
This adjusts code to use the corrected namespaces and class names in FLOW3.
[BUGFIX] Fix variable annotations (missing prepending backslash)¶
Minor changes due to automated scan for missing backslash.
[TASK] Fix doc comments¶
Fixes doc comments issues, like missing or wrong @param annotations.
- Commit: 617e8dd
[FEATURE] Create empty test case when creating a domain model¶
In order to encourage TDD, we create an empty base test case when creating a domain model.
[BUGFIX] scope prototype annotation should not be generated¶
Kickstarter should not generate scope prototype in models, as prototype is the default scope.
[BUGFIX] Generated Entities should contain Doctrine use statement¶
Generated Entities should contain “use Doctrine\ORM\Mapping as ORM;” statement, as the user most probably needs this later when adjusting the kickstarter output.
TYPO3.Party¶
[TASK] Make usagetype on ElectronicAddress nullable¶
The usage property has no default value and thus should be nullable to make “any” usage possible.
Adds a functional test (thanks Adrian Föder) as well.
[BUGFIX] Duplicate email address throws exception¶
Since #29547 is resolved, trying to store an email address that already exists throws an exception. This change drops the unique indexes for “identifier”, “type” and “usagetype” from the ElectronicAddress domain model.
[TASK] Add migrations to create unique indexes¶
Identity annotations now create an unique index, this change adds a migration to adjust the database schema accordingly.
[TASK] Add DB migration for PostgreSQL¶
This adds an initial migration for PostgreSQL to create the needed schema for the package.
[BUGFIX] PrimaryElectronicAddress should check before adding¶
With setPrimaryElectronicAddress the electronic address is also added to the electronicAddress collection but it should check first if it is already in to avoid creating duplicate entries.
[TASK] Implement best practices in XLIFF files¶
Adds some “required” attributes to the XLIFF files.
[BUGFIX] Make PartyRepository a singleton¶
The PartyRepository lacked the Scope annotation it should have had.
[TASK] Move Translations folder up one level¶
This moves the folder for translations into Resources/Private.
TYPO3.Welcome¶
[TASK] adjustments to refactored FLOW3 Context¶
As the Context is now an object and not a string anymore, we adjust our context checks appropriately.
[TASK] Adjust to HTTP implementation¶
Adjusts a call to getBaseUri() to be done on the correct object.
[BUGFIX] Fix links on Welcome screen¶
The links to the FLOW3 website were mostly wrong.
[TASK] Add hint to remove SubRoute definition after deactivating package¶
When a SubRoute definition refers to a non-existing or disabled package an exception is thrown, which confused some followers of the mini tutorial of the Welcome screen.
This change adds a notice to remove the SubRoute definition after deactivating the Welcome package.
Besides this renames “Remove the Welcome package ...” to “Disable the Welcome package ...”.
Note: Some infos have been added to the exception wiki page at http://wiki.typo3.org/wiki/Exception1318414040
