Releases: in2code-de/femanager
7.1.1 Maintenance Release
[BUGFIX] Notification email to admin now sends changes again
[BUGFIX] Notification email to admin is also sent when adding recipient's address to flex form only
[TASK] Removes configPID from ext_typoscript_setup.typoscript
6.3.6 Maintenance Release
[BUGFIX] Removes configPID from ext_typoscript_setup.typoscript: The removed configuration can only be overwritten by another preset file in another extension, it can not be overwritten by PageTS.
6.3.5 Maintenance Release
[BUGFIX] Notification email to admin is also sent when adding recipient's address to flex form only
[BUGFIX] v5 backport: Notification mail to admin shows changes
6.3.4 Security Update
!!! Breaking change in fluid template for the invitation controller
!!! Security Update please update as soon as possible
- thx to Max Schäfer & Dennis Schober-Wenger for reporting
Upgrade Instruction:
Invitation Template
If you are using customized templates for the invitation function, please check the Resources/Private/Templates/Invitation/Edit.html
You need to add
<f:form.hidden name="hash" value="{hash}"/>
in order,that the function is working.
5.5.3 Security Update
!!! Breaking change in fluid template for the invitation controller (please read the upgrade instruction)
!!! Security Update please update as soon as possible
thx to Max Schäfer & Dennis Schober-Wenger for reporting
7.1 Feauture and Security Release
- [FEATURE] Add support for PHP 8 and 8.1 - thx to Stefan Busemann, Bastien Lutz, Mathias Bolt Lesniak, Thomas Löffler, Johannes Seipelt
- [BUGFIX] Re-fetch session from database to update 'userSession' property of TSFE. Thx to Thomas Off thomas.off@retiolum.de
- [BUGFIX] Add hash check for inivtation action - thx to Max Schäfer & Dennis Schober-Wenger
- [REFACTOR] Remove deprecated code and introduce rector - thx to Thomas Löffler
Upgrade Instruction:
If you are using customized templates for the invitation function, please check the Resources/Private/Templates/Invitation/Edit.html
You need to add
<f:form.hidden name="hash" value="{hash}"/>
in order,that the function is working.
6.3.3 Security Release
- [BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
- [BUGFIX] CleanUserGroup DataProcessor - thx to Daniel Hoffmann (in2code)
5.5.2 Security Update
[BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
7.0.1 Security Release
- [BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
- [BUGFIX] login after registration (Re-fetch session from database to update 'userSession' property of TSFE) - thx to Thomas Off
- [BUGFIX] CleanUserGroup DataProcessor - thx to Daniel Hoffmann (in2code)
2.7.0 Security Release
You will find here security backports for TYPO3 7.6 LTS. If you use TYPO3 8 or 9 please use version 5.x
Upgrade
Due to changes in some templates, you need to adjust your templates, if you use your own ones.
- Added element id for new / edit / invitation templates: If you use your own HTML templates of new/edit/invitation-templates you should compare them with the one from EXT:femanager. There is a new additional attribute inside the form viewhelper: data-femanager-plugin, which contains the content element id.
- If you use a modified version of the Validation.js, there are also changes: plugin and action parameter is send to
the eID-Script now - The edit template has to be adjusted, as there is a new parameter 'token' is introduced. (see example below)
Example
Please update these partials:
:file:/Partials/Misc/DeleteLink.html
The argument token was introduced :html:(token:token)
old template code
<f:link.action
action="delete"
arguments="{user:user}"
class="btn btn-warning btn-large"
additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
<i class="icon-trash icon-white"></i>
<f:translate key="deleteProfile" />
</f:link.action>
new template code:
<f:link.action
action="delete"
arguments="{user:user, token:token}"
class="btn btn-warning btn-large"
additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
<i class="icon-trash icon-white"></i>
<f:translate key="deleteProfile" />
</f:link.action>
:file:/Templates/Edit/Edit.html
You need to add: :html:<f:form.hidden name="token" value="{token}" />
between the form tag.
Example:
<f:form
name="user"
object="{user}"
action="update"
enctype="multipart/form-data"
additionalAttributes="{data-femanager-plugin:data.uid}"
class="form-horizontal {f:if(condition:'{settings.edit.validation._enable.client}',then:'feManagerValidation',else:'')}">
<fieldset>
<legend>
<f:translate key="titleUpdateProfile" />
</legend>
<f:form.hidden name="token" value="{token}" />
more stuff here in the template file…
</f:form>