Steffen Gebert

I am a member of the official TYPO3 Server Administration team since the Developer Days this year. With this article I not only want to look back, but also share some insights in what we are / I am doing in this team. I have not planned this article at all, but there’s the funny thing called Twitter and after Olivier’s tweet last night, I decided to shed some light on our work. The question was: where can i find info about the actual team and its goals, roadmap and actions? So here is a short story of how I...…

There occur situations when your TYPO3 is awful slow and you have to figure out, why this is the case. Using a PHP profiler is the heavy hammer to gain the insights you need in this case. Xdebug brings a PHP debugger and profiler. While I personally love the debugger together with PHP storm, the profiler output also needs a dedicated tool to browse through its results, e.g. KCachegrind or, again, PhpStorm. So for profiling I learned to love XHProf, a PHP profiler developed by Facebook. Its advantage is that it has a PHP interface to show the results, which...…

Recently a security issue in TYPO3 has been fixed, where it was possible to circumvent checks, which should ensure file names to match specific patterns (e.g. denying .php file extensions to be uploaded or renamed to). As this problem is heavily caused by PHP’s laxity, this blog entry aims to provide some explanations to you as developer to prevent you from placing similar security holes in your software or TYPO3 extensions. Imagine you are programming a very basic file upload script and use the following piece of code: $filename = $_POST['filename']; $contents = $_POST['contents']; file_put_contents($filename, $contents); It is obvious that...…