[TYPO3-core] Call for help: Migrate core extensions to extbase

Helmut Hummel helmut.hummel at typo3.org
Fri May 4 23:50:53 CEST 2012

Hi Christian,

thanks for the nice status update.

On 04.05.12 21:54, Christian Kuhn wrote:

> It seems we have at least two bigger issues here:

I'd like to add a few more things that came to my mind when looking at 
the current status of already merged or pending extbase backend modules:

* The viewpage module has a DocHeader layout in it's own extension 
folder. Would be good to have a global layout folder for all backend 
modules to reduce duplicate fluid templates.

* Get rid of t3lib_div::_GP('id') calls in the controller. In extbase we 
have a request object we should use. If the request namespace should be 
a problem, we need a solution for that.

* Backend modules need to take care of a lot of security stuff. 
Permissions, access checks, CSRF protection etc. We should introduce the 
needed security layer(s) with a solid API and put in a good place (maybe 

* We should definitely get rid of creating URLs by concatenating 
strings; that's a pain. The UriBuilder must work for backend URLs. By 
using the UriBuilder we could e.g. easily handle adding the CSRF 
protection token on a central place.

OK, that's it for now.

Kind regards,

Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

More information about the TYPO3-team-core mailing list