The Perils of Partnership

If you’ve ever received an email offering to partner with you or to join an affiliate network or to help you earn money for your plugin, it’s probably a scam.

In the last three months, we’ve seen a serious uptick in emails like “please join our affiliate network” or “I can help you earn money” or “increase your plugin’s SEO” sent to plugin developers. On review, every last one that looked iffy has turned out to be by a nefarious or malicious group of people, who want to either install backdoors into plugins or black hat SEO links.

These deals should sound too good to be true, and they are. They can irreparably harm you, your reputation, and your standing on Our reaction, when we see it, is to remove the plugin and revoke all SVN access from the developers involved. We don’t always restore access, especially if we feel you may fall for such a scam again or your online behavior is inherently insecure.

I know some of you are reading this thinking “Who falls for stupid stuff like that!” and the reality is anyone. All it takes is one mistake, one moment where you’re not thinking all the way through, and you’ve shot yourself in the foot.

There are some simple tips you can take to protect yourself.

  • Never let anyone else use your SVN account. If you work with a team, everyone should use their own account. This will help you track changes too.
  • Look up the people. Check that they seem legit. Are they using wordpress in their domain name (which you know is not permitted)? Do they already have any plugins? Are they active in the community?
  • What other kinds of plugins do they own? If the plugins are all over the place, ask yourself: Why would they want MY plugin? Companies that make a grab for a lot of different plugins are often trying to find ones with a high user count in order to spam.
  • Preview the code. Never add anything you’re not 100% sure is safe. If the code that gets added has links that look like http://api.wp' . '' . 'ate or 'ht'.'tp:// then it’s not trustworthy (those aren’t the real URLs).
  • Does the email look like a form letter? WordPress is such a small community that people generally reach out like human beings. If someone’s spam-blasting a form, it’s sketchy.
  • Check spelling and grammar. If it’s `Wordpress` with a lower case P, or `JetPack` with an uppercase one, it might just be an innocent mistake, but it might not. Businesses should care about these things. After all, you do.

Above all, if you see something, say something. If you get an email like that, forward it on to with as much information as possible. We would love to see some code samples, for example, as we can add it to our scan routines.

Powered by WPeMatico

[20161002] – Core – Elevated Privileges

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Elevated Privileges
  • Reported Date: 2016-October-21
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-8869


Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3


Upgrade to version 3.6.4


The JSST at the Joomla! Security Centre.

Reported By: Davide Tampellini

Powered by WPeMatico

[20161001] – Core – Account Creation

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Account Creation
  • Reported Date: 2016-October-18
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-8870


Inadequate checks allows for users to register on a site when registration has been disabled.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3


Upgrade to version 3.6.4


The JSST at the Joomla! Security Centre.

Reported By: Demis Palma

Powered by WPeMatico

This Week in TYPO3 (2016 Q4 events)

This Week in TYPO3 gives an overview of Q4 2016, of past events and coming events. More about the TYPO3 conference and the Award evening, TYPO3 East Europe, marketing sprint and TYPO3camp Rhein Ruhr.

TYPO3 Developer Days 2016 and 2017

Before heading of into quarter 4 of 2016 we take one step back and two steps forward with the Developer Days. This years Developer Days 2016 was as successful as developer days are. Held for the second time in youth hostel on a hill in Nuremberg it was again pretty perfect. The great advantage of the youth hostel is that everyone is in the same building for the duration of the event, providing a good bonding experience. Perfect also describes Latte Art champion and Barista extraordinaire Christian Ullrich, who was there almost all of the time serving coffee and getting creative with everyone’s coffee.

Pic by Josef Glatz

T3DD is THE go to meetup and community event for TYPO3 developers. A few stats for thie T3DD16: 261 attendees – 10% Women, 13 Helping Hands (5 Women) 1500 L of bear, 6 birthdays. Nice weather – round about 25 Degrees, 100 cigars. It is good looking back at an event like this where community spirit permeates through the whole event.

It came as a nice surprise that Robert Lindh, CEO of Pixelant, announced the Developer Days 2017 will be held in Malmö, Sweden. It will be the second time T3DD ventures outside of the german speaking area (DACH) after T3DD14 in the Netherlands. T3DD17 will be an important move for TYPO3 to raise more awareness internationally.

TYPO3 Conference (October 26-27, Munich)

The TYPO3 conference is consists business day and a future day, all complemented with a stylish award evening where outstanding TYPO3 projects get the appreciation they deserve.

Why attend the TYPO3 Conference?

The TYPO3 conference in it’s current form covers all aspects the TYPO3 project relies on from a business perspective, future innovations to acknowledgement for the work community members, TYPO3 agencies and free-lancers have done to raise awareness of TYPO3.

You will learn more about the features of the latest LTS version and what the future holds for TYPO3 version 8 and beyond.

T3CON16 is just as exciting for clients as for agencies, who consider using TYPO3 or who already use TYPO3. Compelling case-studies will be presented showing the strengths of TYPO3 as an enterprise CMS.

Besides the LIVE podium the conference also features an expo area where agencies and hosters are more than willing to answer any questions.


Besides many of the well known TYPO3 leaders, presenting diverse topics from the newly formed TYPO3 company to varied applications and extensions enhancing TYPO3, there are also a number of speakers outside of the TYPO3 eco-system, like André Paetzel of Grey Advertising Company speaking about ‘The need for a strong brand in an agile world’ and Erik Händeler, famous author and futurologist about ‘The History of Future’. The expo are also features a stage where a number of presentations will be held.


Both days feature a workshop. On Day One, the business day, there will be a workshop about TYPO3 as a company and on the future day a workshop about TYPO3 as a product exploring research and development.

TYPO3 Award (October 27)

After a successful first year for the TYPO3 Awards at the TYPO3 conference Amsterdam 2015, the TYPO3 Awards are organised for the second time. The International TYPO3 Award is the official gala event for celebrating and awarding the most outstanding TYPO3 projects of agencies and customers in 2015 / 2016. On the evening of October 27, the who-is-who of the TYPO3 world walks the red carpet of the Löwenbräukeller Munich and will witness this prestigious awards ceremony.

TYPO3 projects are nominated in 10 categories with the community voted category “small website” as a new category.

  1. Website of the Year
  2. Ecommerce
  3. NGO
  4. Enterprise/Industry
  5. Education
  6. Government
  7. Tourism
  8. Finance
  9. Community Award for Small Websites
  10. Best TYPO3 Event

and here are the nominees

Not a coder? Join the marketing sprint

The marketing team organises a sprint from the 16th to the 18th of November 2016 at Haus Heiland, Oberursel in Germany. The sprint is a collaboration between Grey Advertising Company, the TYPO3 GmbH and the marketing team. Everybody is focused on one goal: “Making TYPO3 the best CMS worldwide’

As a technical project we have a lot of programmers working on and contributing to the core. Coders is not all we need, however. If you are not a coder this could be your chance. You can be part of this sprint!

Are you into marketing, public relations, sales, conception, writing, organizing or do you have skills along mentioned lines? Join the marketing sprint. You could be a company CEO or you just love TYPO3 like we do – Join in.

Do not hesitate!

Apply at

TYPO3camp RheinRuhr (November 4-6, Essen)

Just a quick mention of the TYPO3camp RheinRuhr as it is already sold out and german only. It is however the favourite camp among many. The location in the  Unperfekthaus, provides a creative space where the attendees feel comfortable and at home.

TYPO3 East Europe (November 10-12, Cluj-Napoca, Romania)

Already at the 4th edition, TYPO3 East Europe (T3EE) gathers TYPO3 developers and enthusiasts from all over Europe with the aim to promote the development of TYPO3 in countries where it is not yet well known, to encourage the growth of the local communities, help them get more involved and also boost TYPO3 among TYPO3 among developers and on the market.

T3EE is a warm and welcoming event with a very diverse crowd. For an impression of last year’s event please read AOE’s Stefan Rotsch’s ‘TYPO3 East Europe 2015: A Look back at conference highlights

International TYPO3 University Day (November 10)

TYPO3 CMS is used by many universities worldwide and still growing. This day invites universities to get involved in the development of the CMS and the organization of the TYPO3 community, but also wants to attract more universities in using TYPO3 as the CMS of their organization.

To kick off this platform, T3EE will start with a dedicated day for universities at November 10.

The day will be focused university topics organized in open spaces, workshops and discussion panels with topics like:

  • Technical – Server management, connection with external systems, TYPO3 development
  • Organizational and logistic – Development and communication processes
  • Communication – Between universities and the TYPO3 world (TYPO3 Association, core development, other universities)

The organisation has opened the “call for papers” where you can propose a talk/workshop/discussion.

Check the University Day section for more info

Powered by WPeMatico

Participate at the TYPO3 Marketingsprint !

TYPO3 has been growing and growing during the past 3 years…

The founding of the TYPO3 Inc had a huge impact on the community and the product itself so we’re able to look back on a large quantity of big achievements in the development process and can all look forward to a bright and thriving future.

The collaboration between a professional branding agency, the TYPO3 Inc and the marketing team has set one single goal: to make TYPO3 the best CMS worldwide. We strive to achieve this goal not because it is easy, but because it is hard!

Here we need your help. The marketing sprint is the place to be if you’re not a coder but want to take action and contribute to the project. You know marketing? PR? Sales? Conception, writing, organizing or have other skills that fit into the roster? Join in. If for example you’re the CEO of a company that works with TYPO3 or just loves TYPO3 like we do – Join in. Do not hesitate!

The marketing sprint takes place from the 16th to the 18th of November 2016 at Haus Heiland, Oberursel in Germany. We have booked the entire house for us. Accommodation and food are free of charge for all participants, of course.

Take a look at our website to get an overview of the tasks as well as the location.

Join our team to get in touch with open-minded and heart-warming people, let’s get stuff done and let’s spend 3 inspiring days with passion for the TYPO3 product. Together!

Register now! 

Powered by WPeMatico

Phoca Cart Wish List

Phoca Cart Wish List Module – a Joomla! CMS module which displays selected products of Phoca Cart to display them in wish list.

Phoca Cart component installation is required to run this module.

Powered by WPeMatico

Releasing TYPO3 v8.4

What’s new?

Use the TYPO3 Backend from your mobile phone

The core contributors finally made it possible to go fully mobile for the TYPO3 backend.

The fine line between “responsive” and a mobile-ready version has been resolved, as the navigation menu and the full backend functionality adapts not just for tablets, but adapts based on the screen resolution to have the best user experience depending on the device.

The dusted ExtJS viewport functionality has been completely replaced with a native JavaScript / jQuery + CSS solution. Kudos to Kay Strobach and Benjamin Kott for putting lots of days and nights into this work.

As for the removal of ExtJS in the TYPO3 Core, the only parts left are the Page Tree, the form extension drag+drop functionality and the ExtDirect functionality, which will be worked on as part of the next steps.

Doctrine DBAL

Big improvements have been seen by migrating all database calls of the TYPO3 Core to Doctrine DBAL, however some major accomplishments have been achieved in the last weeks:

  • Extbase’s persistence is now also built completely on Doctrine DBAL’s QueryBuilder, allowing to have prepared statements for all Extbase queries out-of-the-box – while still keeping major backwards-compatibility for most Extbase extensions.
  • As the whole TYPO3 core now uses doctrine, the previously shipped and now obsolete extensions “dbal” and its foundation “adodb” have been moved to the TER into separate community extensions and repositories. If you’ve been using them previously, there is an update wizard to re-install these extensions.


Although coding is fun, documentation is a key part of introducing new APIs and how they should behave, but also how extension developers can use the API properly. We have released a new section in our Core API documentation on how to use the new Doctrine DBAL API – it’s quite extensive and should cover all sections and best practices needed for developers – you can find them here: 

Easier migrations

The install tool, which is also a heavily used feature during updates between TYPO3 versions, has received some more beauty, basically finding all documented changes with a cool filter to show what is relevant for an integrator, extension author or site owner. Although this is already pretty cool, stay tuned for even better features to make migrations even easier between TYPO3 versions!

The migration and deprecation of existing options and switching within the TCA definitions we have in place since TYPO3 v7, is also visible in the Install Tool now.

Further changes

As usual, we have some small but nice changes in TYPO3. For a full changelog, see our documentations for more information:

Download it now

You can find TYPO3 v8.4 on our downloads page, get it via Composer or try out the virtual machine to play around with the latest development version. Please make sure you have PHP7 running on your target system, as this is the base requirement for TYPO3 v8.

What’s next

You might have read the official kickoff for TYPO3 v8 to use as a cloud provider out-of-the-box, be sure to read what’s coming up next – we have some more goodies in the pipelines.

TYPO3 8.5 is scheduled for December 20th, 2016, and will surely be packed with even more functionality while also stabilizing the changes we have done so far.

Powered by WPeMatico

Public Board Meeting Update

On September 28, 2016, The Drupal Association board hosted a public board meeting during DrupalCon Dublin. It was wonderful to connect with the community in person to share updates and answer questions.

Over the last few months, we provided an update on The Association’s current focus followed by department-specific updates. This board meeting shared highlights of specific areas including:

  • DrupalCon New Orleans
  • front page improvements
  • Membership campaigns

This public board packet provides links to those presentations along with updates on other programs. It also includes a dashboard of all our current work. You can also watch the video recording here.

We love hearing from the community. Contact us anytime to share your feedback or ask questions via email or @drupalassoc.

The next public board meeting will be on 21 November, 2016 at 7:00 am PT / 15:00 GMT. You can register for the meeting here.


Powered by WPeMatico