blog.dev001.net

The problem: If you have pages which are only accessible for certain FE user groups, some of your users may bookmark these protected pages and return when they are not logged in (or you may send the URLs in a newsletter, etc.). Typo3 handles this case as a “404 Page not found” situation (I don’t know why they think 401/403 and 404 are the same, but I can’t change it).

So if you want to show a login form in this case, but a 404 error page if the page is “really” not there, you have to write a user-defined page-not-found-handling … Continue Reading

It took me some hours and the documentation is not very good, but finally I have found out how to mark up table rows from RTE tables (not elements with content type “table”) with alternating CSS classes. Put this into your page TSConfig:
RTE.classes.zebra-rows {
  name = Zebra table
  alternating.rows {
    startAt = 1
    oddClass = odd
    evenClass = even
  }
}

RTE.default {
  ignoreMainStyleOverride = 0
  inlineStyle.zebra-tables (
    table.zebra-rows { }
    table.zebra-rows tr { background: lime; } /* or whatever color */
    table.zebra-rows tr.odd { background: red; } /* or whatever color */
  )
  classesTable = zebra-rows
  classesTR = odd, even
  proc.allowedClasses … Continue Reading

How to accelerate Typo3 for a page with relative high load?

No statistically significant data but just a few benchmarks (made with ab) for the feeling:

Typo3 (no_cache = 1): ~ 1 rq/s
Typo3 (with cache): ~ 3 rq/s
Typo3 (with cache and eAccelerator): ~ 50 rq/s
Typo3 (with cache, eAccelerator and Squid reverse proxy): ~ 2000 rq/s

I always use UTF-8 with my Typo3 installations even if it’s not needed in the first version of the Web site because translation is a requirement often arises at a later time.

The way I create my new, empty Typo3 4.2 installation that fully supports UTF-8:

• Create the database with
  CREATE DATABASE tt_new_site DEFAULT CHARSET ‘UTF-8’;
  GRANT ALL ON tt_new_site.* TO ‘new_site’@’localhost’ IDENTIFIED BY ‘password’;
• Unzip the dummy.zip from typo3.org into the new installation’s directory
• Create correct typo3_src symlink
• Set permissions correctly (I made a script for this)
• Create typo3conf/ENABLE_INSTALL_TOOL
• Do necessary Web server setup
• Go to http://new_site/
• Do not use the 1-2-3 setup, but go to the Install Tool directly
• In … Continue Reading
  

A quick scan of sites made with Typo3 told me that 99 of 330 pages are still vulnerable to the last Typo3 security bug that allows to read all .php files, including localconf.php (where the database password and other things ard stored) at the moment.

That means that about 30 % of all Typo3 pages show their database passwords (and other things) in clear text 5 days after the security bulletin has been sent out.