Skip to main content

DrupalCon San Francisco 2010

Typo3

Security issues in third party TYPO3 extensions

Bryan's picture
By Bryan - Posted on 24 June 2009

It's not too often that you see notices from the TYPO3 group on security issues related to their CMS framework. That's why their notice last week about various security issues with several third party TYPO3 extensions caught my attention.

Several vulnerabilities have been found in the following third party TYPO3 extensions:

  • Virtual Civil Services (civserv)
  • Modern Guestbook / Commenting system (ve_guestbook)
  • CWT Community (cwt_community)
  • FrontEnd MP3 Player (fe_mp3player)
  • Search In Tables (fesearchintable)
  • Content Search (gst_contentsearch)
  • Multilingual Alias (multilingual_alias)
  • Myth Repository (myth_repository)
  • References database (t3references)

Further information on the security issues can be found at TYPO3.org.

Rich Extensions using the TYPO3 API

Saalim Shaikh's picture
By Saalim Shaikh - Posted on 16 October 2008

TYPO3 Extension Development is a new book from Packt that teaches users all about extension categories and the file structure for extensions. Written by TYPO3 core developer Dmitry Dulepov, this book will walk users through the complete extension development process from planning and generating an extension through development to writing documentation.

TYPO3 is a free and open source content management system written in PHP. It is large, feature-rich and very flexible - a lot of this flexibility comes through extensions written by the community. Extensions make it possible to use TYPO3 to drive any type of website, including e-commerce, blogs, social networks, catalogs, and many more.

TYPO3 Version 4.2 Released

Bryan's picture
By Bryan - Posted on 23 April 2008

There is a new version of TYPO3 available, version 4.2.  There are lots of usability and performance improvements in this latest package. 

The main focus of the new 4.2 version is improving usability, but there are also many enhancements for system administrators and developers. Including bug fixes, there are nearly 650 enhancements in TYPO3 4.2.

What is very interesting about this version of TYPO3 is that it is one of the first CMS that have dropped full support for PHP 4 in a stable release.  TYPO3 and a number of other Web projects took the "goPHP5" pledge earlier this year and we watched it happen.  To run TYPO3 you will want need to make sure you have PHP 5.2 or greater on your Web server. 

TYPO3 version 4.2 can be downloaded from TYPO3.org. Technical documentation and the release notes can be found at typo3.org/development/articles/release-notes-42.

Is bridging a GPL application with a non-GPL application legal?

Bryan's picture
By Bryan - Posted on 06 August 2007
Amy Stephen over at Open Source Community has put together a good summary for how differing open source CMS projects have interpreted the impact the GPL has on third-party extensions/modules/plugins/add-ons.  Movement in the Joomla community ensuring GPL compliance for extensions is what prompted her comparisons of license interpretation between Drupal, Joomla, Plone, Typo3, Wordpress, and XOOPS.
Joomla!'s announcement from June 15, 2007 that began Joomla! is moving to ensure the future of the project by committing to compliance with the GNU/GPL license was a bit shocking to many accustomed to the Mambo proprietary extension licensing exception.
Sometimes I wish I was a lawyer because it really is difficult to know who is right and who is wrong in their interpretation of the GPL.  Probably the most confusing interpretation is in the area of bridges where a third-party module is used to connect a GPL application with a non-GPL application.  The significant impact of a strict interpretation of the GPL license can be clearly seen though Simple Machine's announcement of a SMF Bridge for Joomla! being discontinued due to the license interpretation change.  If you read the correspondence between SMF's developers and the Freedom Software Foundation representatives you come to the conclusion that even though the bridge is GPL you could still have legal issues if both applications being bridged are not under the GPL.

Mastering TYPO3 TypoScript

Bryan's picture
By Bryan - Posted on 27 March 2007
Kshipra Singh from Packt Publishing sent me an e-mail the other day asking us to publish another one of their sample chapters here at CMS Report.   If you recall, we posted an article on one of the sample chapters from a book on Alfresco.  The book this time around is Mastering TypoScript: TYPO3 Website, Template, and Extension Development.  Long name for a title so why don't we dig a little deeper and find out what this book is really about.
TypoScript is a declarative programming language that offers developers, administrators, and designers full control over the configuration of TYPO3 and its template engine. Only with a good command of TypoScript can you leverage the powerful capabilities of the TYPO3 engine, to customize and control all aspects of your TYPO3 sites. If you're serious about TYPO3 as your content platform, you need to master TypoScript.
As before, I don't have the book in front of me and this should not be considered a review of the book.  Instead, I'm only allowing Packt Publishing through this post to give you a taste of what the book has to offer.  You need to decide for yourself if you want to buy the book.  The following is what the book intends for the reader to learn:

TYPO3 4.1

Bryan's picture
By Bryan - Posted on 23 March 2007
Anoop Atre wrote the following in our comments section about Typo3 that deserves some attention on the Front Page.
Just wanted make a note that the TYPO3 Association has released Version 4.1.

Focus on Usability and Performance Improvements, in addition the new release contains dozens of smaller features, system enhancements, and bug fixes. This version focuses clearly on usability in every aspect of the system as the one goal that has been set by the Development Team for all 4.x releases.

Release Notes: http://typo3.org/development/articles/release-notes-41/

News Release