Combining Fluid ViewHelpers and TypoScript in TYPO3 - 5 basic examples
Here comes another blog article about TYPO3 after a long time of absence. This time I introduce the Fluid cObject ViewHelper, which brings together the power of TypoScript and Fluid. I will demonstrate the usage of this ViewHelper in five basic examples.[more]
Apache authentication against TYPO3 using mod_auth_mysql
Web applications often need user accounts to be able to authorize users. TYPO3 for example needs backend users which are stored in the be_users database table. Each application usually has its own user accounts and authorization schemes. But maintaining multiple accounts of the same user for each web application is a pain and should be avoided. Apache can deal with that situation by shipping plenty of authentication modules. Have a look at a little demonstration of mod_auth_mysql.[more]
Enhanced password recovery for Frontend users in TYPO3 4.3
Password recovery for frontend users before TYPO3 4.3 was poor and insecure: Passwords were sent by e-mail in plain text, the recovery form could be abused and revealed private information to public. While implementing the felogin sysext for a community website, I surprisingly found some fundamental changes in the recovery method in TYPO3 4.3.[more]
Security in TypoScript: Applying stdWrap functions like htmlSpecialChars to data in dataWrap
A frequently used feature of TypoScript is stdWrap. It provides many functions and wrappers to parse your data. It serves as a multipurpose parsing suite with helpers of any kind. dataWrap is one of the most powerful among them, but it's also one of the most tricky ones. Read on for a little demonstration on how to add security to your TypoScript by applying the stdWrap function "htmlSpecialChars" to data in dataWrap...[more]
Little case study on using static file cache to increase performance of TYPO3
The average number of requests on www.t3node.com is growing more and more. Since the website is hosted on a tiny virtual machine shared with others, the overall server performance is bad. Today I decided to serve pages from file cache to reduce the load. This little case study describes the problem by example and gives some key data for illustration.[more]
Prevent SQL injection in TypoScript when using strings from GET parameters
Whenever you are using GET/POST parameters in SQL queries, you have to face the risk of running into SQL injection. The golden rule here is not to trust user parameters, but always properly check and escape values. This article introduces a TYPO3 extension, which helps to sanitize parameters by extending TypoScript stdWrap. PLEASE ALSO READ THE COMMENTS ON THIS ARTICLE FOR UPDATES IN THE TYPO3 CORE TO TACKLE THIS ISSUE![more]
Fixed broken comment form on this site (update)
The comment form of this blog was broken the last two days. The reason was that I disabled the no_cache parameter in the install tool. It seems the ve_guestbook extension somehow relies on this parameter. The comments are now working properly again. Sorry for the inconvenience.[more]
On Twitter...
- Feb, 2nd: @T3RevNeverEnd sure #nosql
- Feb, 2nd: Und #Debian hat bereits neue Pakete ausgeliefert. #like RT @domainfactory Kritische Sicherheitsl�cke in PHP 5.3.9: http://t.co/UgUltzY8
- Feb, 2nd: Yeah. Which topic? RT @alexander_wahl Submitted my Call for Papers for #T3DD12. Excited :-)
About this blog
T3node is a TYPO3 blog by Steffen Müller, which was started in May 2007. Beside TYPO3, some technical and non-technical topics on free software and the web are discussed. It's build entirely with TYPO3. Guest writers are welcome! Just drop me a mail with the topic of your article.
The content of this website is distributed under the Creative Commons Attribution - ShareAlike 3.0 Unported licence.
About Steffen Müller
Since 2002, I am a software developer and architect for the TYPO3 content management system. In my work I consider user experience, performance, security and programming patterns. Beside TYPO3 I am interested in topics about LAMP, couchDB, mobile web, IT security, performance tuning, but also non technical stuff like scrum, open source communities, communication science and knowledge management.
Since the very beginning I am a strong enthusiast and an active member of the TYPO3 community. I have been a member of the official TYPO3 security team from 2004-2008. I contribute to the TYPO3 core and various community extensions. My main project at the moment is the TYPO3 core logging project. Since April, 2010 I am a supporting member of the TYPO3 Association.
About TYPO3
The Open Source CMS TYPO3 is my favourite tool for content management. It combines enterprise level features with a well networked, highly active and progressive open source community.
