t3olayout issues
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues
2019-11-29T11:04:04Z
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/618
Allow to close feedback
2019-11-29T11:04:04Z
Feedback from Website
Allow to close feedback
As a visitor, I want to hide the feedback form, due it's screen consumption
AC:
* add a close icon
* if the form is clicked, it will disappear for the length of this session
* alternatively - transform this into a very small overlay
...
As a visitor, I want to hide the feedback form, due it's screen consumption
AC:
* add a close icon
* if the form is clicked, it will disappear for the length of this session
* alternatively - transform this into a very small overlay
from:
[Biber Esser](mailto:typo3.org-2019-11-11@apric.de) reported an issue
>
> Forced Page overlay "please Provide feedback" cannot be closed/Hidden and Covers large Part of the screen
>
> Reported URL:https://my.typo3.org/my-profile/use-typo3-slack?tx_t3oslack_pi1%5Baction%5D=message&tx_t3oslack_pi1%5Bcontroller%5D=SlackUser&cHash=738b2b79debaf46407db6c24a5c27cc8
>
> User Agent:Mozilla/5.0 (Android 9; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/616
Mobile Login Link routing
2019-11-05T21:00:00Z
Stefan Busemann
Mobile Login Link routing
### Summary
Reported by OTRS Ticket#20190823609000183 from Rafa Terrero
### Steps to reproduce
1. Use the smartphone view and navigate to any suppage
1. Click at mobile menu and select login
1. You will end in a 404
### Example ...
### Summary
Reported by OTRS Ticket#20190823609000183 from Rafa Terrero
### Steps to reproduce
1. Use the smartphone view and navigate to any suppage
1. Click at mobile menu and select login
1. You will end in a 404
### Example URL
https://typo3.org/community/values/code-of-conduct/
### What is the current *bug* behavior?
The user ends in a 404
### What is the expected *correct* behavior?
the requested page in a logged in state
**Acceptence Criterias**
* [x] click at login should route to http://typo3.org/login/
_Ready for sprint
Felix Ranesberger
Felix Ranesberger
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/614
Solve deprecations in t3olayout
2020-07-15T19:16:40Z
pixeldesu
Solve deprecations in t3olayout
In order to update typo3.org to v9 as smoothly as possible, all extensions it requires should support v9 properly.
TYPO3Scanner result for `t3olayout`:
```
Found 3 matches in 1.81s when checking for changes and deprecations in TYPO3 9
...
In order to update typo3.org to v9 as smoothly as possible, all extensions it requires should support v9 properly.
TYPO3Scanner result for `t3olayout`:
```
Found 3 matches in 1.81s when checking for changes and deprecations in TYPO3 9
strong weak IMPORTANT
0.0% (0) 100.0% (3) 100.0% (3)
Classes/Domain/Finishers/GitlabFinisher.php
Fetch of property "response" (weak)
109 $result = json_decode($res->response, true);
Important: #83869 - Removed request type specific code in Bootstrap
https://docs.typo3.org/typo3cms/extensions/core/Changelog/9.2/Important-83869-RemovedRequestTypeSpecificCodeInBootstrap.html
Fetch of property "response" (weak)
116 $issue = json_decode($issue->response, true);
Important: #83869 - Removed request type specific code in Bootstrap
https://docs.typo3.org/typo3cms/extensions/core/Changelog/9.2/Important-83869-RemovedRequestTypeSpecificCodeInBootstrap.html
Classes/Services/ApiClientService.php
Fetch of property "response" (weak)
130 $client->response = curl_exec($client->handle);
Important: #83869 - Removed request type specific code in Bootstrap
https://docs.typo3.org/typo3cms/extensions/core/Changelog/9.2/Important-83869-RemovedRequestTypeSpecificCodeInBootstrap.html
```
These deprecations should either be solved in the update branch `develop-v9` directly, or have a Merge Request pointed to that branch in the `t3olayout` repository.
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/610
Add LinkedIn to Social Share
2019-11-05T17:38:02Z
Tomas Norre Mikkelsen
Add LinkedIn to Social Share
### Add LinkedIn to Social Share
As LinkedIn is more international that xing, we should also add LinkedIn to the Social Share option.
Xing is more a German thing, and we want to get away from the reputation that TYPO3 is German only.
...
### Add LinkedIn to Social Share
As LinkedIn is more international that xing, we should also add LinkedIn to the Social Share option.
Xing is more a German thing, and we want to get away from the reputation that TYPO3 is German only.
![Screenshot_2019-07-23_at_12.28.34](/uploads/7960a9a279d774c6325ceca3e2aa38d6/Screenshot_2019-07-23_at_12.28.34.png)
_Ready for sprint
Felix Ranesberger
Felix Ranesberger
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/606
Login form: Increase time the result message is shown
2019-11-18T13:24:17Z
Christian Buelter
Login form: Increase time the result message is shown
As a user I want to be able to read the result message after I log in as a frontend user in order to be able to understand if the login worked correctly.
## Acceptance criteria
- The message after submitting the login form is shown for ...
As a user I want to be able to read the result message after I log in as a frontend user in order to be able to understand if the login worked correctly.
## Acceptance criteria
- The message after submitting the login form is shown for a longer time.
OR
- A "Confirm" button is shown, so that the user needs to close the message actively.
## More information
The result message is shown in a flash message which only very briefly appears on the website. It's very hard to read in that short time.
_Ready for sprint
NITSAN
sanjay@nitsan.in
NITSAN
sanjay@nitsan.in
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/579
Redesign News and Events for Startpage
2024-03-25T20:27:21Z
Stefan Busemann
Redesign News and Events for Startpage
### Problem to solve
Same height for news and Events is not given at the start page, which looks ugly. Further we promote only three news and three events at the startpage
### Proposal
* Create a new design for news: Allow images for ...
### Problem to solve
Same height for news and Events is not given at the start page, which looks ugly. Further we promote only three news and three events at the startpage
### Proposal
* Create a new design for news: Allow images for three, create a top news, create a small news list with additional items
* Create a new design for events: create top events with images, create a longer event list with upcoming events
**Acceptence Criterias**
* [ ] Draft with a new design
### Links / references
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/550
Display content ownership / responsibilities
2024-03-25T20:16:22Z
Stefan Busemann
Display content ownership / responsibilities
As an editor i want to define a content ownership in backend and display it in FE and BE. An owner ship must be a person and (or) a group.
AC:
* Select a fe_user as content owner for a page
* select optional a fe_group for a page
* dis...
As an editor i want to define a content ownership in backend and display it in FE and BE. An owner ship must be a person and (or) a group.
AC:
* Select a fe_user as content owner for a page
* select optional a fe_group for a page
* display the content ownership in list and page module as info in BE
* display the content ownership in frontend (maybe in footer somewhere)
* add a contact form, to get in touch with content owner
![Content_Owner](/uploads/0f352b6576ad40b38255b580387bb474/Content_Owner.png)
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/549
Styleguide: Fill Layouts Section
2024-03-25T20:18:07Z
pixeldesu
Styleguide: Fill Layouts Section
Now, after the Styleguide has been introduced with !451, it's time to fill the content!
## Layouts
* [ ] Body (`Scss/layout/_body.scss`)
* [ ] Sections (`Scss/layout/_sections.scss`)
* [ ] Header (`Scss/layout/_header.scss`)
* [ ] Meta...
Now, after the Styleguide has been introduced with !451, it's time to fill the content!
## Layouts
* [ ] Body (`Scss/layout/_body.scss`)
* [ ] Sections (`Scss/layout/_sections.scss`)
* [ ] Header (`Scss/layout/_header.scss`)
* [ ] Meta (`Scss/layout/_meta.scss`)
* [ ] Navigation (`Scss/layout/_navigation.scss`)
* [ ] Breadcrumb (`Scss/layout/_breadcrumb.scss`)
* [ ] Footer (`Scss/layout/_footer.scss`)
* [ ] Intro (`Scss/layout/_intro.scss`)
* [ ] Navigation Tabs (`Scss/layout/_navTabs.scss`)
* [ ] Events (`Scss/layout/_event.scss`)
* [ ] 404 (`Scss/layout/_404.scss`)
* [ ] TYPO3 Default (`Scss/layout/_typo3_default.scss`)
* [ ] Solr (`Scss/layout/_solr.scss`)
* [ ] TYPO3 Messages (`Scss/layout/_typo3-messages.scss`)
* [ ] Info Banner (`Scss/layout/_infoBanner.scss`)
* [ ] Fixed Alerts (`Scss/layout/_alert-fixed.scss`)
* [ ] Lightbox (`Scss/layout/_lightbox.scss`)
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/529
[Desktop] IE - Add missing images, Correct Image location
2020-09-30T10:26:26Z
NITSAN
sanjay@nitsan.in
[Desktop] IE - Add missing images, Correct Image location
Page: Technology Supporters [https://typo3.org/project/technology-supporters/]
Issue: Internet Explorer does not display complete page. An image is missing in first half of the page. Additionally, We need to correct position of other im...
Page: Technology Supporters [https://typo3.org/project/technology-supporters/]
Issue: Internet Explorer does not display complete page. An image is missing in first half of the page. Additionally, We need to correct position of other images. Internet Explorer Version = 11.112.17134.0
Recording: http://recordit.co/UCIiGk12yX
_Ready for sprint
pixeldesu
pixeldesu
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/436
Suggestion_Add "back to all News/Press/etc" button/link on detail view of news
2024-03-25T20:11:45Z
Olena Bulat
Suggestion_Add "back to all News/Press/etc" button/link on detail view of news
It concerns the pages with news list.
**User story:** user goes to the press, News, etc pages with the list, open news to read, and want to go back to the all list. But he can make it only with backspace on the browser.
-> It has low u...
It concerns the pages with news list.
**User story:** user goes to the press, News, etc pages with the list, open news to read, and want to go back to the all list. But he can make it only with backspace on the browser.
-> It has low user experience and usability.
**Environment:** desktop, especially tablets and mobiles.
Approach for a solution:
* https://daschmi.de/typo3-extnews-back-link-zurueck-link-dynamisch-uebergeben/
Impact: This would add another Get Params to the url. Possible impact on google search results?
_Ready for sprint
Thomas Löffler
Thomas Löffler
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/414
News Listing Review
2020-06-15T18:44:58Z
Lorenz Losmann
News Listing Review
https://stage.typo3.org/project/news/
* [x] Remove JS-injected height.
* [x] Remove Source Code Pro font
* [x] 1 Fontsize for all text information except headline
* [x] remove orange for date (indicates link)
* [x] remove .m-3 { margin:...
https://stage.typo3.org/project/news/
* [x] Remove JS-injected height.
* [x] Remove Source Code Pro font
* [x] 1 Fontsize for all text information except headline
* [x] remove orange for date (indicates link)
* [x] remove .m-3 { margin: 1rem!important;
* [x] remove .article padding
* [x] remove margin-top: from headline
first iteration should look similar to attached screenshot
![Bildschirmfoto_2018-01-18_um_20.43.15](/uploads/d118404b9c149bef5e37f8f18eda31e4/Bildschirmfoto_2018-01-18_um_20.43.15.png)
_Ready for sprint
pixeldesu
pixeldesu
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/406
Bugs_Internet Explorer 11 (FE bugs with displaying elements)
2020-09-09T11:56:49Z
Olena Bulat
Bugs_Internet Explorer 11 (FE bugs with displaying elements)
According to supported browsers on Bootstrap 4: IE 10-11 and Edge.
**Screenshot_2** - Edge 16 browser, in the main_navbar is present scrollbar
![Screenshot_2](/uploads/10df9bb3dd5098070d86b9abdde2993c/Screenshot_2.png)
**Screenshot_3**: ...
According to supported browsers on Bootstrap 4: IE 10-11 and Edge.
**Screenshot_2** - Edge 16 browser, in the main_navbar is present scrollbar
![Screenshot_2](/uploads/10df9bb3dd5098070d86b9abdde2993c/Screenshot_2.png)
**Screenshot_3**: IE11 browser
1. in the main_navbar is present scroll bar
2. cropping TYPO3 logo
3. the incorrect height of the main menu (should be 80 px)
4,5. missing Search and User account icons
![Screenshot_3](/uploads/9cda711bf92b032545e9ec9f12d7f511/Screenshot_3.png)
**Screenshot_4** - missing arrows on the News and Events list on the Homepage
![Screenshot_4](/uploads/f23899ccc5937c624af7be583d2e1882/Screenshot_4.png)
**Screenshot_5** - body text element is misaligned
![Screenshot_5](/uploads/d9994af062027daf57d6e359d23e5e0e/Screenshot_5.png)
**Screenshot_6** - placeholder text is missing
![Screenshot_6](/uploads/7101cc7c44c3b9f9ec1485065e13db6e/Screenshot_6.png)
**Screenshot_7** - login fields should be aligned by center; missing user icon
![Screenshot_29](/uploads/2010a6facb138ab6df79f440f2e3c832/Screenshot_29.png)
_Ready for sprint
Jignesh Boricha
Jignesh Boricha
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/385
Newslist
2024-03-25T20:11:28Z
Lorenz Losmann
Newslist
* [x] Reduce margins up until breakpoint XL
* [x] Remove hover-bg
* [ ] hover font-color to $brand-primary
* [ ] headline margin-bottom: .25rem
* [x] See #395: Fix list-element margins
![Bildschirmfoto_2017-12-21_um_22.39.17](/uploads/5...
* [x] Reduce margins up until breakpoint XL
* [x] Remove hover-bg
* [ ] hover font-color to $brand-primary
* [ ] headline margin-bottom: .25rem
* [x] See #395: Fix list-element margins
![Bildschirmfoto_2017-12-21_um_22.39.17](/uploads/5096c64381f4c507f7c6074eaf900fba/Bildschirmfoto_2017-12-21_um_22.39.17.png)
_Ready for sprint
Siddharth Sheth
Siddharth Sheth
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/334
Implement Brute Force Protection for BE and FE login
2024-03-25T20:07:35Z
Stefan Busemann
Implement Brute Force Protection for BE and FE login
It should be possible to implement such a protection using hooks in unser authentication
This is not critical, but nice to have as we provide quite some services t3org accounts.
From https://forge.typo3.org/issues/55944
Hi Christian,...
It should be possible to implement such a protection using hooks in unser authentication
This is not critical, but nice to have as we provide quite some services t3org accounts.
From https://forge.typo3.org/issues/55944
Hi Christian,
thanks for looking into this.
First off: The main goal of my request is to protect user accounts because a compromised account can cause a lot of issues, especially for "valuable" accounts with lots of permissions bound to it.
Brute force protection consists of three parts:
Monitoring
Detection of "irregular" patterns
Notifications or other actions based on these patterns
Christian Zenker wrote:
Brute Forcing an account: An attacker tries to get access to a specific account. Easy to detect by number of failed logins for a specific username.
A specific username, may it exist or not.
Brute Forcing any account (single IP): An attacker tries to get access to any account. Easy to detect by number of failed logins by IP.
Brute Forcing any account (multiple IPs): Multiple attackers try to get access to any account. Detection hard to impossible.
From my understanding, these two do not differ too much and do not necessarily be distinguished when creating a pattern.
Regarding the main goal I mentioned above they are also not so relevant, if we assume that users have reasonable passwords.
They are of course relevant if we also want to protect accounts with (very) weak passwords (which could be implemented on top)
Regarding the possibility to detect these scenarios: If we would implement monitoring of failed login attempts and build metrics from this data
I think it would still be possible to detect deviance from "normal" patterns and at least could notify admins.
But I agree that this would involve quite some work.
Counter Measures
Blocking username. Problem: A malicious attacker could easily block access to a user account.
Blocking IPs. Problem: Proxies aka. company networks
Captchas. Problem: Heavy logic and deep integration in extension if you want them optional for only some users/IPs.
Regularily changing passwords. Problem: user acceptance.
Authentication delay aka "Wait 3 seconds before showing a result". Problem: does not work for parallelized attacks. Possible DOS on webserver.
Should admin accounts also be affected?
Should there be a whitelist of IPs?
Should there be a way to "unblock" users/ips? Who takes care of this?
It's really hard to do this right (I would even say it is impossible). So what do you expect from a solution? How much user convenience are we willing to sacrifice?
Yes, it involves work. Is it possible to make it 100% secure? No. This is not possible at all, for nothing.
Can we implement a solution that mitigates most of the attack vectors and does not involve 10 people constantly watching failed login patterns 24/7?
I absolutely think so.
If we focus on protecting single accounts I would suggest following countermeasures:
Log and count failed logins of (valid/existing) user accounts (mandatory)
Reset the counter after a certain period of time and after a successful login. (mandatory)
Present a captcha after 5 failed logins (optional but makes sense)
Block access to the account after 10 failed logins and at the same time inform the account owner by mail about that with a link to re-activate the account (mandatory)
Is this perfect? Probably not. But it is much better than nothing and users are only bothered when really something strange is going on.
Also, are you aware of any TYPO3 extensions that could be used? Other frameworks/infrastructure that might help?
Unfortunately not. A quick search revealed https://github.com/codeconsortium/CCDNUserSecurityBundle which might be interesting, but I have not looked at it.
Hi Helmut.
I'd like to ask for some of your ideas on details.
Attack Scenarios
Brute Forcing an account: An attacker tries to get access to a specific account. Easy to detect by number of failed logins for a specific username.
Brute Forcing any account (single IP): An attacker tries to get access to any account. Easy to detect by number of failed logins by IP.
Brute Forcing any account (multiple IPs): Multiple attackers try to get access to any account. Detection hard to impossible.
Anything else?
Counter Measures
Blocking username. Problem: A malicious attacker could easily block access to a user account.
Blocking IPs. Problem: Proxies aka. company networks
Captchas. Problem: Heavy logic and deep integration in extension if you want them optional for only some users/IPs.
Regularily changing passwords. Problem: user acceptance.
Authentication delay aka "Wait 3 seconds before showing a result". Problem: does not work for parallelized attacks. Possible DOS on webserver.
Anything else?
Other problems
Should admin accounts also be affected?
Should there be a whitelist of IPs?
Should there be a way to "unblock" users/ips? Who takes care of this?
Anything else?
Sum up
It's really hard to do this right (I would even say it is impossible). So what do you expect from a solution? How much user convenience are we willing to sacrifice?
Also, are you aware of any TYPO3 extensions that could be used? Other frameworks/infrastructure that might help?
Further reading/ideas
https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Brute_Force_Login
https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/333
Ask the user if the resource currently used was helpfull
2024-03-25T20:07:27Z
Stefan Busemann
Ask the user if the resource currently used was helpfull
http://typo3.org/extension-manuals/th_feedback/0.0.3/view/1/4/
Big companies like google and microsoft use things like that for quality assurance to enhance their articles.
![2013-08-29_17-06-40](/uploads/637de704236470220ff7163cb1e537...
http://typo3.org/extension-manuals/th_feedback/0.0.3/view/1/4/
Big companies like google and microsoft use things like that for quality assurance to enhance their articles.
![2013-08-29_17-06-40](/uploads/637de704236470220ff7163cb1e537be/2013-08-29_17-06-40.png)
https://forge.typo3.org/issues/46527
_Ready for sprint
NITSAN
sanjay@nitsan.in
NITSAN
sanjay@nitsan.in
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/322
Provide copyright infos of pictures
2024-03-25T20:05:14Z
Stefan Busemann
Provide copyright infos of pictures
This is a small example ts from @mabolek
```
lib.footer.copyright = TEXT
lib.footer.copyright {
data = date:U
strftime = %Y
noTrimWrap= |<p class="copyright"> &copy; | {$themes.configuration.footer.copyright}</p>|
appen...
This is a small example ts from @mabolek
```
lib.footer.copyright = TEXT
lib.footer.copyright {
data = date:U
strftime = %Y
noTrimWrap= |<p class="copyright"> © | {$themes.configuration.footer.copyright}</p>|
append = CONTENT
append {
table = tt_content
select {
selectFields = sys_file_metadata.*, tt_content.uid as contentuid
pidInList = this
orderBy = tt_content.sorting
join = sys_file_reference ON sys_file_reference.uid_foreign = tt_content.uid JOIN sys_file_metadata ON sys_file_reference.uid_local = sys_file_metadata.file
where = sys_file_reference.tablenames = 'tt_content' AND sys_file_reference.table_local = 'sys_file' AND sys_file_metadata.copyright != '' AND sys_file_reference.deleted = 0 AND sys_file_reference.hidden = 0
groupBy = sys_file_reference.uid_local
}
renderObj = COA
renderObj {
10 = IMAGE
10 {
file {
import.field = file
height = 20
}
}
20 = TEXT
20 {
field = copyright
noTrimWrap = | ©| |
htmlSpecialChars = 1
}
stdWrap.required = 1
stdWrap.typolink {
parameter.field = contentuid
parameter.wrap = #c|
}
stdWrap.wrap = <span>|</span>
}
stdWrap.required = 1
stdWrap.noTrimWrap = |<p class="copyright">Photo Copyright: |</p>|
}
}
```
We could provide copyright information of the used photos
Todos:
* decide if needed
* Define a design
_Ready for sprint