Martin Auswöger

> How can we _fully support it for all fields_ if the HTML standard does not? See https://github.com/contao/contao/issues/4868#issuecomment-1264333797 for checkboxes `onclick="return false"` should be sufficient.

So we need to call `framework->setLoginConstants()` in the `PrettyErrorScreenListener`?

Shouldn’t we remove our own logic then so that these mechanisms don’t interfere with each other? https://github.com/contao/contao/blob/09696f510b318cd94c594d9aa83a49d040c2a9f6/core-bundle/src/Security/User/UserChecker.php#L50

For legacy content elements the visibility is checked here: https://github.com/contao/contao/blob/6646d850737f9f718a296a3e952552e171512f84/core-bundle/contao/elements/ContentElement.php#L239 But this seems to be missing from the `AbstractContentElementController`. We’d also like to discuss if this should be handled from...

> A page with a form containing a security hash should probably be private in the first place, right? I don’t think so. The hash just has to match the...

Casting `intId` to integer (in DC_Table, not DC_Folder) would be great I think. But are we sure that DC_Table cannot be used with string primary keys?

See #5437

I think a simple solution as a bug fix for 5.0 would be great. Creating the file with just the `{% extends … %}` line would be enough IMO. All...

I don’t think we should change the logic of the form generator here. You can mark optional fields via placeholder or add an “(optional)” to the label and still mark...

> The pull request needs to be rebased onto the correct branch. Couldn’t this also be seen as a bugfix? Because it is currently not possible to distinguish between backend...