Skip to main navigation Skip to main content Skip to page footer

TYPO3 News & Events Hub

What’s New & What’s Coming

Stay up to date with the latest TYPO3 news and announcements by subscribing to our RSS feed.

Subscribe to the TYPO3 news RSS feed 

TYPO3-20051114-1: TYPO3 Security Bulletin

The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set, this will create a backup copy and append a "~" to the original file name. This leads to file names that may be delivered as text files by a web server. Thus, sensitive information (e.g. the content of localconf.php) may be disclosed.

Mehr erfahren

TYPO3-20051107-2: th_mailformplus

A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.

TYPO3-20051107-1: chc_forum

A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code.

Scalable Inman Flash Replacement

TYPO3 implementation of Scalable Inman Flash Replacement, a method to insert rich typography into web pages without sacrificing accessibility, search engine friendliness, or markup semantics. In an email interview I recently had with Maximo Cuadros Ortiz, the author of the sIFR extension, he tells us a little bit about his work and motivation.

Acronym Manager

Making a Web site accessible can be simple or complex, depending on many factors such as the type of content, the size and complexity of the site, and the development tools and environment. One common problem is to mark abbrevations, acronyms an foreign language terms - this could generate a massive amount of work when done manually on bigger sites.

CSS styled IMGTEXT - Part3

I just released version 0.4.0 of CSS Styled Image Text. For who don't know yet, this is a working CSS based implementation of the "Text with Image" and "Image" content types (from tt_content).

TYPO3-20051010-10: TYPO3 Security Bulletin

A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version (fe_rtenews) is derived from fe_news, it is affected as well.