t3olayout issues
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues
2024-03-25T20:27:21Z
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/579
Redesign News and Events for Startpage
2024-03-25T20:27:21Z
Stefan Busemann
Redesign News and Events for Startpage
### Problem to solve
Same height for news and Events is not given at the start page, which looks ugly. Further we promote only three news and three events at the startpage
### Proposal
* Create a new design for news: Allow images for ...
### Problem to solve
Same height for news and Events is not given at the start page, which looks ugly. Further we promote only three news and three events at the startpage
### Proposal
* Create a new design for news: Allow images for three, create a top news, create a small news list with additional items
* Create a new design for events: create top events with images, create a longer event list with upcoming events
**Acceptence Criterias**
* [ ] Draft with a new design
### Links / references
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/549
Styleguide: Fill Layouts Section
2024-03-25T20:18:07Z
pixeldesu
Styleguide: Fill Layouts Section
Now, after the Styleguide has been introduced with !451, it's time to fill the content!
## Layouts
* [ ] Body (`Scss/layout/_body.scss`)
* [ ] Sections (`Scss/layout/_sections.scss`)
* [ ] Header (`Scss/layout/_header.scss`)
* [ ] Meta...
Now, after the Styleguide has been introduced with !451, it's time to fill the content!
## Layouts
* [ ] Body (`Scss/layout/_body.scss`)
* [ ] Sections (`Scss/layout/_sections.scss`)
* [ ] Header (`Scss/layout/_header.scss`)
* [ ] Meta (`Scss/layout/_meta.scss`)
* [ ] Navigation (`Scss/layout/_navigation.scss`)
* [ ] Breadcrumb (`Scss/layout/_breadcrumb.scss`)
* [ ] Footer (`Scss/layout/_footer.scss`)
* [ ] Intro (`Scss/layout/_intro.scss`)
* [ ] Navigation Tabs (`Scss/layout/_navTabs.scss`)
* [ ] Events (`Scss/layout/_event.scss`)
* [ ] 404 (`Scss/layout/_404.scss`)
* [ ] TYPO3 Default (`Scss/layout/_typo3_default.scss`)
* [ ] Solr (`Scss/layout/_solr.scss`)
* [ ] TYPO3 Messages (`Scss/layout/_typo3-messages.scss`)
* [ ] Info Banner (`Scss/layout/_infoBanner.scss`)
* [ ] Fixed Alerts (`Scss/layout/_alert-fixed.scss`)
* [ ] Lightbox (`Scss/layout/_lightbox.scss`)
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/550
Display content ownership / responsibilities
2024-03-25T20:16:22Z
Stefan Busemann
Display content ownership / responsibilities
As an editor i want to define a content ownership in backend and display it in FE and BE. An owner ship must be a person and (or) a group.
AC:
* Select a fe_user as content owner for a page
* select optional a fe_group for a page
* dis...
As an editor i want to define a content ownership in backend and display it in FE and BE. An owner ship must be a person and (or) a group.
AC:
* Select a fe_user as content owner for a page
* select optional a fe_group for a page
* display the content ownership in list and page module as info in BE
* display the content ownership in frontend (maybe in footer somewhere)
* add a contact form, to get in touch with content owner
![Content_Owner](/uploads/0f352b6576ad40b38255b580387bb474/Content_Owner.png)
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/475
As a website user I want to have the possibility to remember the login for st...
2024-03-25T20:13:40Z
Feedback from Website
As a website user I want to have the possibility to remember the login for staying logged in a long time
[Simon](mailto:simonschaufi+typo3@gmail.com) reported an issue
I find it really annoying to continuously login into trusted websites. I want to stay logged in at least 1 year when I check the box "Stay logged in". At the new website the...
[Simon](mailto:simonschaufi+typo3@gmail.com) reported an issue
I find it really annoying to continuously login into trusted websites. I want to stay logged in at least 1 year when I check the box "Stay logged in". At the new website there isn't even a stay logged in checkbox. Please include it and set the timeout to 1 year.
Reported URL:https://new.typo3.org/
User Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Backlog
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/436
Suggestion_Add "back to all News/Press/etc" button/link on detail view of news
2024-03-25T20:11:45Z
Olena Bulat
Suggestion_Add "back to all News/Press/etc" button/link on detail view of news
It concerns the pages with news list.
**User story:** user goes to the press, News, etc pages with the list, open news to read, and want to go back to the all list. But he can make it only with backspace on the browser.
-> It has low u...
It concerns the pages with news list.
**User story:** user goes to the press, News, etc pages with the list, open news to read, and want to go back to the all list. But he can make it only with backspace on the browser.
-> It has low user experience and usability.
**Environment:** desktop, especially tablets and mobiles.
Approach for a solution:
* https://daschmi.de/typo3-extnews-back-link-zurueck-link-dynamisch-uebergeben/
Impact: This would add another Get Params to the url. Possible impact on google search results?
_Ready for sprint
Thomas Löffler
Thomas Löffler
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/385
Newslist
2024-03-25T20:11:28Z
Lorenz Losmann
Newslist
* [x] Reduce margins up until breakpoint XL
* [x] Remove hover-bg
* [ ] hover font-color to $brand-primary
* [ ] headline margin-bottom: .25rem
* [x] See #395: Fix list-element margins
![Bildschirmfoto_2017-12-21_um_22.39.17](/uploads/5...
* [x] Reduce margins up until breakpoint XL
* [x] Remove hover-bg
* [ ] hover font-color to $brand-primary
* [ ] headline margin-bottom: .25rem
* [x] See #395: Fix list-element margins
![Bildschirmfoto_2017-12-21_um_22.39.17](/uploads/5096c64381f4c507f7c6074eaf900fba/Bildschirmfoto_2017-12-21_um_22.39.17.png)
_Ready for sprint
Siddharth Sheth
Siddharth Sheth
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/340
Stratch landing items in slider to full height
2024-03-25T20:11:16Z
Yaroslav Trach
yar.trach@gmail.com
Stratch landing items in slider to full height
I know how to do it more flexible. It will work with all amount of items inside landing block.
Take a look on images below
![full-height-landing](/uploads/d00144527df7e57009e67aed6da32bb7/full-height-landing.png)
![slider-full-landing...
I know how to do it more flexible. It will work with all amount of items inside landing block.
Take a look on images below
![full-height-landing](/uploads/d00144527df7e57009e67aed6da32bb7/full-height-landing.png)
![slider-full-landing-done](/uploads/12129bed4ff27ca5f595c075362b27e4/slider-full-landing-done.png)
Backlog
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/334
Implement Brute Force Protection for BE and FE login
2024-03-25T20:07:35Z
Stefan Busemann
Implement Brute Force Protection for BE and FE login
It should be possible to implement such a protection using hooks in unser authentication
This is not critical, but nice to have as we provide quite some services t3org accounts.
From https://forge.typo3.org/issues/55944
Hi Christian,...
It should be possible to implement such a protection using hooks in unser authentication
This is not critical, but nice to have as we provide quite some services t3org accounts.
From https://forge.typo3.org/issues/55944
Hi Christian,
thanks for looking into this.
First off: The main goal of my request is to protect user accounts because a compromised account can cause a lot of issues, especially for "valuable" accounts with lots of permissions bound to it.
Brute force protection consists of three parts:
Monitoring
Detection of "irregular" patterns
Notifications or other actions based on these patterns
Christian Zenker wrote:
Brute Forcing an account: An attacker tries to get access to a specific account. Easy to detect by number of failed logins for a specific username.
A specific username, may it exist or not.
Brute Forcing any account (single IP): An attacker tries to get access to any account. Easy to detect by number of failed logins by IP.
Brute Forcing any account (multiple IPs): Multiple attackers try to get access to any account. Detection hard to impossible.
From my understanding, these two do not differ too much and do not necessarily be distinguished when creating a pattern.
Regarding the main goal I mentioned above they are also not so relevant, if we assume that users have reasonable passwords.
They are of course relevant if we also want to protect accounts with (very) weak passwords (which could be implemented on top)
Regarding the possibility to detect these scenarios: If we would implement monitoring of failed login attempts and build metrics from this data
I think it would still be possible to detect deviance from "normal" patterns and at least could notify admins.
But I agree that this would involve quite some work.
Counter Measures
Blocking username. Problem: A malicious attacker could easily block access to a user account.
Blocking IPs. Problem: Proxies aka. company networks
Captchas. Problem: Heavy logic and deep integration in extension if you want them optional for only some users/IPs.
Regularily changing passwords. Problem: user acceptance.
Authentication delay aka "Wait 3 seconds before showing a result". Problem: does not work for parallelized attacks. Possible DOS on webserver.
Should admin accounts also be affected?
Should there be a whitelist of IPs?
Should there be a way to "unblock" users/ips? Who takes care of this?
It's really hard to do this right (I would even say it is impossible). So what do you expect from a solution? How much user convenience are we willing to sacrifice?
Yes, it involves work. Is it possible to make it 100% secure? No. This is not possible at all, for nothing.
Can we implement a solution that mitigates most of the attack vectors and does not involve 10 people constantly watching failed login patterns 24/7?
I absolutely think so.
If we focus on protecting single accounts I would suggest following countermeasures:
Log and count failed logins of (valid/existing) user accounts (mandatory)
Reset the counter after a certain period of time and after a successful login. (mandatory)
Present a captcha after 5 failed logins (optional but makes sense)
Block access to the account after 10 failed logins and at the same time inform the account owner by mail about that with a link to re-activate the account (mandatory)
Is this perfect? Probably not. But it is much better than nothing and users are only bothered when really something strange is going on.
Also, are you aware of any TYPO3 extensions that could be used? Other frameworks/infrastructure that might help?
Unfortunately not. A quick search revealed https://github.com/codeconsortium/CCDNUserSecurityBundle which might be interesting, but I have not looked at it.
Hi Helmut.
I'd like to ask for some of your ideas on details.
Attack Scenarios
Brute Forcing an account: An attacker tries to get access to a specific account. Easy to detect by number of failed logins for a specific username.
Brute Forcing any account (single IP): An attacker tries to get access to any account. Easy to detect by number of failed logins by IP.
Brute Forcing any account (multiple IPs): Multiple attackers try to get access to any account. Detection hard to impossible.
Anything else?
Counter Measures
Blocking username. Problem: A malicious attacker could easily block access to a user account.
Blocking IPs. Problem: Proxies aka. company networks
Captchas. Problem: Heavy logic and deep integration in extension if you want them optional for only some users/IPs.
Regularily changing passwords. Problem: user acceptance.
Authentication delay aka "Wait 3 seconds before showing a result". Problem: does not work for parallelized attacks. Possible DOS on webserver.
Anything else?
Other problems
Should admin accounts also be affected?
Should there be a whitelist of IPs?
Should there be a way to "unblock" users/ips? Who takes care of this?
Anything else?
Sum up
It's really hard to do this right (I would even say it is impossible). So what do you expect from a solution? How much user convenience are we willing to sacrifice?
Also, are you aware of any TYPO3 extensions that could be used? Other frameworks/infrastructure that might help?
Further reading/ideas
https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Brute_Force_Login
https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/333
Ask the user if the resource currently used was helpfull
2024-03-25T20:07:27Z
Stefan Busemann
Ask the user if the resource currently used was helpfull
http://typo3.org/extension-manuals/th_feedback/0.0.3/view/1/4/
Big companies like google and microsoft use things like that for quality assurance to enhance their articles.
![2013-08-29_17-06-40](/uploads/637de704236470220ff7163cb1e537...
http://typo3.org/extension-manuals/th_feedback/0.0.3/view/1/4/
Big companies like google and microsoft use things like that for quality assurance to enhance their articles.
![2013-08-29_17-06-40](/uploads/637de704236470220ff7163cb1e537be/2013-08-29_17-06-40.png)
https://forge.typo3.org/issues/46527
_Ready for sprint
NITSAN
sanjay@nitsan.in
NITSAN
sanjay@nitsan.in
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/322
Provide copyright infos of pictures
2024-03-25T20:05:14Z
Stefan Busemann
Provide copyright infos of pictures
This is a small example ts from @mabolek
```
lib.footer.copyright = TEXT
lib.footer.copyright {
data = date:U
strftime = %Y
noTrimWrap= |<p class="copyright"> &copy; | {$themes.configuration.footer.copyright}</p>|
appen...
This is a small example ts from @mabolek
```
lib.footer.copyright = TEXT
lib.footer.copyright {
data = date:U
strftime = %Y
noTrimWrap= |<p class="copyright"> © | {$themes.configuration.footer.copyright}</p>|
append = CONTENT
append {
table = tt_content
select {
selectFields = sys_file_metadata.*, tt_content.uid as contentuid
pidInList = this
orderBy = tt_content.sorting
join = sys_file_reference ON sys_file_reference.uid_foreign = tt_content.uid JOIN sys_file_metadata ON sys_file_reference.uid_local = sys_file_metadata.file
where = sys_file_reference.tablenames = 'tt_content' AND sys_file_reference.table_local = 'sys_file' AND sys_file_metadata.copyright != '' AND sys_file_reference.deleted = 0 AND sys_file_reference.hidden = 0
groupBy = sys_file_reference.uid_local
}
renderObj = COA
renderObj {
10 = IMAGE
10 {
file {
import.field = file
height = 20
}
}
20 = TEXT
20 {
field = copyright
noTrimWrap = | ©| |
htmlSpecialChars = 1
}
stdWrap.required = 1
stdWrap.typolink {
parameter.field = contentuid
parameter.wrap = #c|
}
stdWrap.wrap = <span>|</span>
}
stdWrap.required = 1
stdWrap.noTrimWrap = |<p class="copyright">Photo Copyright: |</p>|
}
}
```
We could provide copyright information of the used photos
Todos:
* decide if needed
* Define a design
_Ready for sprint
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/142
Create design for contact box
2024-03-25T19:40:49Z
Stefan Busemann
Create design for contact box
At each page there should be a contact person box. Aim is to lower the barrier to contribution. So the right person (or team) can be found easily, if I want to report an error or if I want to contribute.
UAC:
* [ ] a new record type "co...
At each page there should be a contact person box. Aim is to lower the barrier to contribution. So the right person (or team) can be found easily, if I want to report an error or if I want to contribute.
UAC:
* [ ] a new record type "content owner" exists with these properties: title, contact url
* [ ] Page properties offer a select box "content owner" with these options: display no contact box, inherit from parent page and a list of "content owner" record
* [ ] implement box behaviour from page properties:
** if "display no contact box" is selected - no contact box is rendered
** if "inherit from parent page" is selected - the behaviour from the parent page (recursive) is used
** if a "content owner" record is selected - the title in the box is rendered
* [ ] if a user clicks at feedback, a feedback form is opened and the content of the form is send to the contact url of the content owner record.
Zepplin link: https://app.zeplin.io/project/5939344233eb6a07fc53ba53/screen/5b75a1397acbcc02a72a6280
source: https://forge.typo3.org/issues/51598
Design: ![Content_Owner](/uploads/a3fe6ed75572ef0228b3a3c500f755b6/Content_Owner.png)
Backlog
NITSAN
sanjay@nitsan.in
NITSAN
sanjay@nitsan.in
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/666
Type error prevents creation of new fe_users
2023-06-25T18:49:38Z
Stefan Busemann
Type error prevents creation of new fe_users
### Summary
Related to https://git.typo3.org/services/t3o-sites/extensions.typo3.org/ter/-/issues/588
### Steps to reproduce
try to login at extensions.typo3.org as a new fe_user
**Acceptence Criterias**
* [ ] Login works again
### Summary
Related to https://git.typo3.org/services/t3o-sites/extensions.typo3.org/ter/-/issues/588
### Steps to reproduce
try to login at extensions.typo3.org as a new fe_user
**Acceptence Criterias**
* [ ] Login works again
June 2023
Stefan Busemann
Stefan Busemann
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/665
SQL error when start-date/time is removed from a slider record on the landing...
2023-04-25T20:30:18Z
Michael Schams
SQL error when start-date/time is removed from a slider record on the landing page
When I try to remove the start-date/time from a slider record on the landing page (as the slider is "hidden" anyway), I get a SQL error.
![image](/uploads/4a396adcee5b1a3f2a309c979c6d9544/image.png)
How to reproduce: unfold the item (e...
When I try to remove the start-date/time from a slider record on the landing page (as the slider is "hidden" anyway), I get a SQL error.
![image](/uploads/4a396adcee5b1a3f2a309c979c6d9544/image.png)
How to reproduce: unfold the item (e.g. TYPO3 v12.2), open the **Access** tab, click on "x" to empty the start date/time field, click the **save** button. Result: SQL error at the top and date/time not removed.
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/661
Increase menu height
2022-06-17T13:19:26Z
Felix Ranesberger
Increase menu height
The menu content height should be increased from 60vh to 80vh in order to support larger contents placed inside.
The menu content height should be increased from 60vh to 80vh in order to support larger contents placed inside.
t3o remote days June 2022
Felix Ranesberger
Felix Ranesberger
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/654
SSO for *.typo3.org sites
2022-04-07T14:01:24Z
Stefan Busemann
SSO for *.typo3.org sites
As a user, I want to use SSO to login at typo3.org sites.
AC:
- [ ] oauth2 extension is installed and configured
- [ ] login box adjusted (username and password is removed / login button points to login.typo3.com)
As a user, I want to use SSO to login at typo3.org sites.
AC:
- [ ] oauth2 extension is installed and configured
- [ ] login box adjusted (username and password is removed / login button points to login.typo3.com)
t3o Sprint Düsseldorf April 2022
Stefan Busemann
Stefan Busemann
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/650
Migrate EXT:gridelements to EXT:container
2022-04-06T12:53:19Z
Thomas Löffler
Migrate EXT:gridelements to EXT:container
t3o Sprint April
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/365
Shows search results in suggest mode into flyout
2022-04-05T16:25:53Z
Thomas Löffler
Shows search results in suggest mode into flyout
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/660
Improve Platinum banner display
2022-04-05T10:21:34Z
Peter Kraume
Improve Platinum banner display
### Summary
There are currently two major issues with the display of Platinum member logos on the typo3.org startpage:
- If the image is too big, it's cropped
- Sometimes there are big gaps between the banners when a logo is missing
#...
### Summary
There are currently two major issues with the display of Platinum member logos on the typo3.org startpage:
- If the image is too big, it's cropped
- Sometimes there are big gaps between the banners when a logo is missing
### Steps to reproduce
![Screenshot_2022-02-24_09.59.24](/uploads/11e167e2124e2915922dd6161ad1535f/Screenshot_2022-02-24_09.59.24.png)
![Screenshot_2022-02-24_09.59.40](/uploads/73e0e5283ad11c07efa7ccef855d30ca/Screenshot_2022-02-24_09.59.40.png)
### Example URL
https://typo3.org/
### Possible fixes
Suggested behavior:
- scale logos to fit a maximum height or increase the maximum height
- if a logo is missing, skip it. Better show nothing instead of the big whitespace
t3o Sprint Düsseldorf April 2022
Felix Ranesberger
Felix Ranesberger
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/659
Integrate EXT:trusted_url_params for all websites
2021-12-15T22:01:07Z
Thomas Löffler
Integrate EXT:trusted_url_params for all websites
https://extensions.typo3.org/extension/trusted_url_params
https://extensions.typo3.org/extension/trusted_url_params
t3o Remote Day Dec 15, 2021
Thomas Löffler
Thomas Löffler
2021-12-15
https://git.typo3.org/services/t3o-sites/common/t3olayout/-/issues/574
Full width background colors for cTypes
2021-07-15T18:52:52Z
Boris Schauer
Full width background colors for cTypes
We need the possibility to add a background color to a cType. Colors are defined in the Styleguide from the design team. Background must be full width.
CSS classes are already there > #569
We need the possibility to add a background color to a cType. Colors are defined in the Styleguide from the design team. Background must be full width.
CSS classes are already there > #569
t3o Remote Day Jul 15, 2021