TYPO3 4.3.2

Release Notes

Version 4.3.2

This version is not supported anymore.

The TYPO3 CMS community supported from 2009-11-30 until 2010-06-22. Please consider updating to a newer version.

Release Notes for TYPO3 4.3.2

This document contains information about TYPO3 version 4.3.2 which was released on February 23, 2010.

News

This release is a combined bugfix and security release.

Notes

Due to several security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.4-alpha1, 4.3.2 and 4.2.12.\ Find more details in the security bulletin: <https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/&gt;

Download

<https://typo3.org/download/&gt;

MD5 checksums

3d00a4aa8f2ef70f27894c1b5ce483c1  dummy-4.3.2.tar.gz
aaf71b79456d910bbdd70426aa0e5b0c  dummy-4.3.2.zip
ec02e4e91f2f280340d3557f4ecbe1b4  typo3_src-4.3.2.tar.gz
4bcc3d24774e880a1187d2b55a151485  typo3_src-4.3.2.zip
925e07e10d00a51415cc29f46303235f  typo3_src+dummy-4.3.2.zip

Upgrading

The usual upgrading procedure applies; no database updates are necessary.

Changelog

2010-02-23  Oliver Hader  &lt;oliver@typo3.org&gt;

    * Release of TYPO3 4.3.2

2010-02-23  Oliver Hader  &lt;oliver@typo3.org&gt;

    * Fixed bug #13372: saltedpasswords - Authentication Bypass in frontend user authentication (thanks to Marcus Krause &amp; Dmitry Dulepov)
    * Fixed bug #13394: Information disclosure in sysext:sys_actions (thanks to Georg Ringer)
    * Fixed bug #13042: XSS in index.php (thanks to Georg Ringer)
    * Fixed bug #11617: XSS in template module (thanks to Georg Ringer)
    * Fixed bug #13249: XSS in TS Object Browser (thanks to Marcus Krause)
    * Fixed bug #11621: XSS vulnerabilities in workspace module (thanks to Georg Ringer)
    * Fixed bug #11620: XSS vulnerability in task center module (thanks to Georg Ringer)
    * Fixed bug #12628: XSS in sysext sys_action (thanks to Georg Ringer)
    * Fixed bug #12634: XSS in the access module (thanks to Georg Ringer)
    * Fixed bug #13558: XSS in t3lib_querygenerator (thanks to Georg Ringer)
    * Fixed bug #12630: XSS in filelist module (thanks to Marcus Krause &amp; Georg Ringer)

2010-02-22  Dmitry Dulepov  &lt;dmitry.dulepov@gmail.com&gt;

    * Fixed bug #12958: Catchable fatal error in indexed_search

2010-02-21  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #13310: htmlArea RTE: Additional Inline Elements issue with overlapping ranges
    * Updated htmlArea RTE version to 1.8.8

2010-02-21  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #13252: default CSS only loadable for media screen / changed behaviour in 4.3 (Thanks to Ralf Hettinger)
    * Fixed bug #13570: Bug: HTML validation error in the BE with the ajax.php inclusion (Thanks to Oliver Klee)
    * Fixed bug #13289: Usage of deprecated method - getSetUpdateSignal() (Thanks to Stefan Galinski)
    * Fixed bug #13444: Filemounts are unsorted

2010-02-21  Benjamin Mack  &lt;benni@typo3.org&gt;

    * Fixed bug #13406: thumbs.php: Thumbnails for images with transparent background look ugly (Thanks to Andreas Wolf and Steffen Ritter)
    * Fixed bug #13423: Make ext_tables.sql syntax parsing more compliable (Thanks to Joachim Mathes)
    * Fixed bug #13201: Reports module - Use same install tool check for reports as used in About module (Thanks to Moreno Feltscher)
    * Fixed bug #13574: html warning, because a plain &amp; inside an url (Thanks to Stefan Galinski)
    * Fixed bug #12625: JSMENU&#039;s fallback menu name is not unique

2010-02-21  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #12220: String literals quoted as identifiers

2010-02-20  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #13333: Datepicker button color is wrong

2010-02-19  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #12007: Docblock comments in TCEforms suggest class are wrong (Thanks to Andreas Wolf)
    * Fixed bug #13205: RTE 1.8.6 not focusing correctly with IE8
    * Fixed bug #13478: htmlArea RTE: Inline styles not available if text marked with keyboard
    * Fixed bug #13480: htmlArea RTE: Automatic linking ignores/replaces protocol
    * Fixed bug #13282: htmlArea RTE: buttons.formattext.restrictTo not evaluated correctly (Thanks to Jˆrg Wagner)

2010-02-19  Benjamin Mack  &lt;benni@typo3.org&gt;

    * Fixed bug #12870: Login News missing styling for links (Thanks to Steffen Gebert)

2010-02-14  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Follow-up to #13448: Do not unset $typo3CacheFactory singleton

2010-02-14  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Raised DBAL version from 1.0.3 to 1.0.4
    * Fixed bug #12829: ALTER TABLE is not able to parse length restriction in index creation

2010-02-14  Andreas Otto  &lt;andreas@otto-hanika.de&gt;

    * Fixed bug #13380: Recursive deletion of alternative page languages

2010-02-13  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #13529: DISTINCT should not be used as a function

2010-02-09  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #13490: Where clause 0=0 cannot be parsed

2010-02-08  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #13464: ORA-00920: invalid relational operator in module statistics [indexed_search]
    * Fixed bug #13463: Modfunc2 (statistics) is not compatible with DBAL [indexed_search]

2010-02-08  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Reverted Follow-up to #13448: Unset another variable

2010-02-08  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #13456: Typo in rsaauth ext_tables.sql
    * Fixed bug #13257: PHP warning stristr() in Configuration -&gt; Search under PHP 5.3 (thanks to Steffen Gebert)

2010-02-07  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Follow-up to #13448: Unset another variable
    * Fixed bug #13365: Table headers in t3lib_fullsearch (thanks to Georg Ringer)
    * Fixed bug #13448: Typo in BE cache init section
    * Fixed bug #13193: Day of week in scheduler cron command is not calculated correctly

2010-02-06  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #13430: Cannot parse INSERT when VALUES has no space before left parenthesis

2010-02-05  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #13391: JS-error in common.js crashes flash uploader

2010-02-05  Francois Suter  &lt;francois@typo3.org&gt;

    * Fixed bug #13323: &quot;Allow preview of whole workspace&quot; misses checkbox
    * Cleanup #13377: Provide a manual for system extension saltedpasswords (thanks to Marcus Krause)

2010-02-02  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #13368: Method filelink of tslib_content uses &#039;target&#039; instead of &#039;fileTarget&#039;
    * Fixed bug #12903: ORA-00918: column ambiguously defined [indexed_search]

2010-02-01  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #13388: Missing colon in locallang for DB and File mount (thanks to Georg Ringer)

2010-01-27  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #12681: Select/Deselect all should be visible as link (Thanks to Georg Ringer)

2010-01-26  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #12688: MM relations: rollback not working / sys_history wrong (thanks to Ralf Hettinger)
    * Update #13327: Update ExtCore to version 3.0.0

2010-01-23  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #13230: Using TYPO3_version with &quot;xxx-dev&quot; won&#039;t be parsed correct in EM

2010-01-20  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #13270: t3lib_cache_backend_dbbackendtestcase does not reflect current db backend table definitions

2010-01-18  Benjamin Mack  &lt;benni@typo3.org&gt;

    * Fixed #11089: Fixing the built-in shopping basket (Thanks to Mathias Schreiber)

2010-01-17  Benjamin Mack  &lt;benni@typo3.org&gt;

    * Fixed bug #13093: Massuploader: Window is not closable (Thanks to Steffen Gebert)
    * Fixed bug #12742: BE-login screen: Login box with spinner becomes to small and label not centered (Thanks to Steffen Gebert)
    * Fixed bug #13167: Flash Uploader error messages should be more descriptive / Improve error handling of massuploader (Thanks to Steffen Gebert)

2010-01-17  Andreas Otto  &lt;andreas@otto-hanika.de&gt;

    * Fixed bug #13254: Flash Messages in wizard &quot;create multiple pages&quot; (Thanks to Georg Ringer)

2010-01-16  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #12553: Text &quot;A simple table with up to 8 columns&quot; is wrong (Thanks to Georg Ringer)
    * Fixed bug #13255: Wrong text in wizard &quot;create multiple pages&quot; (Thanks to Georg Ringer)

2010-01-15  Francois Suter  &lt;francois@typo3.org&gt;

    * Fixed bug #11815: Saving translation settings in EM: strcmp() throws warning with PHP5.3 (Thanks to Steffen Gebert, Stefan Geith and Rupert Germann)