During the last two days, I had the opportunity to participate in a meeting of a special type of TYPO3 users: German universities. Thanks to RRZN / University of Hannover, around 50 people from allover Germany met for an event called “TYPO3 an Hochschulen” to talk about various topics regaring the use of TYPO3 in universities. Besides a couple of known faces, a lot of people, who where new to me, participated and presented various kinds of topics in two parallel tracks. The type of talk varied, besides introductions to Extbase/Fluid or Git, showcases about Solr/Nutch or Shibboleth integration, also...…
A retrospect of half a year as Server Team member
I am a member of the official TYPO3 Server Administration team since the Developer Days this year. With this article I not only want to look back, but also share some insights in what we are / I am doing in this team. I have not planned this article at all, but there’s the funny thing called Twitter and after Olivier’s tweet last night, I decided to shed some light on our work. The question was: where can i find info about the actual team and its goals, roadmap and actions? So here is a short story of how I...…
Profiling TYPO3 with XHProf
There occur situations when your TYPO3 is awful slow and you have to figure out, why this is the case. Using a PHP profiler is the heavy hammer to gain the insights you need in this case. Xdebug brings a PHP debugger and profiler. While I personally love the debugger together with PHP storm, the profiler output also needs a dedicated tool to browse through its results, e.g. KCachegrind or, again, PhpStorm. So for profiling I learned to love XHProf, a PHP profiler developed by Facebook. Its advantage is that it has a PHP interface to show the results, which...…
Doing Filename Checks Securely (in PHP)
Recently a security issue in TYPO3 has been fixed, where it was possible to circumvent checks, which should ensure file names to match specific patterns (e.g. denying .php file extensions to be uploaded or renamed to). As this problem is heavily caused by PHP’s laxity, this blog entry aims to provide some explanations to you as developer to prevent you from placing similar security holes in your software or TYPO3 extensions. Imagine you are programming a very basic file upload script and use the following piece of code: $filename = $_POST['filename']; $contents = $_POST['contents']; file_put_contents($filename, $contents); It is obvious that...…