Security in TypoScript: Applying stdWrap functions like htmlSpecialChars to data in dataWrap
A frequently used feature of TypoScript is stdWrap. It provides many functions and wrappers to parse your data. It serves as a multipurpose parsing suite with helpers of any kind. dataWrap is one of the most powerful among them, but it's also one of the most tricky ones. Read on for a little demonstration on how to add security to your TypoScript by applying the stdWrap function "htmlSpecialChars" to data in dataWrap...
Little case study on using static file cache to increase performance of TYPO3
The average number of requests on www.t3node.com is growing more and more. Since the website is hosted on a tiny virtual machine shared with others, the overall server performance is bad. Today I decided to serve pages from file cache to reduce the load. This little case study describes the problem by example and gives some key data for illustration.
Prevent SQL injection in TypoScript when using strings from GET parameters
Whenever you are using GET/POST parameters in SQL queries, you have to face the risk of running into SQL injection. The golden rule here is not to trust user parameters, but always properly check and escape values. This article introduces a TYPO3 extension, which helps to sanitize parameters by extending TypoScript stdWrap.
Fixed broken comment form on this site (update)
The comment form of this blog was broken the last two days. The reason was that I disabled the no_cache parameter in the install tool. It seems the ve_guestbook extension somehow relies on this parameter. The comments are now working properly again. Sorry for the inconvenience.
Using the new TCA wizard "suggest" for autocompletion in BE fields of TYPO3 4.3
There's a new type of wizard in the TYPO3 core called "suggest", which has been added to TCA with 4.3beta-1. This wizard adds a magic input field for autocompletion to fields of type "group" or "select", also called find-as-you-type. It helps to quickly find a record by typing its name/title in the suggest field, getting an AJAX dropdown list with all possible results. This article demonstrates how to implement this wizard in your TYPO3 extension.
TYPO3 Blog www.t3node.com mentioned in "The Ultimate TYPO3 Resource List" ;-)
While searching for some resource lists on TYPO3, I stumbled upon "The Ultimate TYPO3 Resource List" in the Acqal Blog. Surprisingly, www.t3node.com is also mentioned there. Woooooo! Thanks to Virgil Houston.
"Save and view" button for records of TYPO3 extensions
When editing a page in the TYPO3 backend, there's a whole bunch of save buttons available. The "save document and view page" button allows to save the content and open a preview popup with one click. Unfortunately this does only work for regular pages and content elements, but not for database records of extensions which are stored inside sysfolders. The following tutorial describes a way to get that button also running for those records.
On Twitter...
- Feb, 5th: Proposing @fsuter as the #TYPO3 MVP of the year for his valuable work on official documentation.
- Feb, 4th: New blog post about #Security in #TypoScript: Applying stdWrap functions to data in dataWrap #TYPO3 http://bit.ly/d3uzPY
- Feb, 3rd: Provided a patch for #TYPO3 bug 8597: "Alternative icons in indexed_search results". Pending in core list. http://bit.ly/a9Za11
Follow my Twitter 
and RSS 
feed.
About this site
T3node is a TYPO3 blog by Steffen Müller. Beside TYPO3, technical and nontechnical topics about free software and networked communication are discussed. It's build with TYPO3.
The content of this website is distributed under the Creative Commons Attribution - NonCommercial - ShareAlike 3.0 Unported licence.
About Steffen Müller
Since 2002, I am a user and developer of the TYPO3 content management system. I understand content management as an interdisciplinary task under the terms of a knowledge society. This task combines technical, economical and social aspects as well as profund analysis, planning and implementation.
Therefore I do not focus on plain coding, but on various aspects like usability, accessibility, customizability or empirical analysis, following actual findings in communication science. I am also very interested in the subjects of knowledge communication in open source communities and knowledge management in general.
Since the very beginning I am a strong enthusiast and an active member of the TYPO3 community. I have been a member of the official TYPO3 security team from 2004-2008. Since May, 2009 I am a TYPO3 TRYDIVER ;-).
Article tags
--> Find a list of all blog articles
About TYPO3
TYPO3 is my favorite tool for content management. It combines enterprise level features with a well networked, highly active and progressive open source community.
