Skip to content

Instantly share code, notes, and snippets.

View ohader's full-sized avatar

Oliver Hader ohader

View GitHub Profile
@ohader
ohader / cherry-split.sh
Created February 5, 2023 08:58
TYPO3 Git Commit Splitter
#!/bin/sh
###
# TYPO3 Git Cherry-Picked Commit Splitter ("Cherry-Split")
# @author Oliver Hader <oliver@typo3.org>
# @license GPL v2 on any later version
#
# Usage
# - cherry-pick change to local Git working copy
# - execute this script `./cherry-split.sh` which processed the tip commit
@ohader
ohader / lupine.php
Created November 24, 2022 18:04
Lupine: Detect endless loops
<?php
class Node
{
/**
* @var list<Node>
*/
public array $prev = [];
/**
* @var list<Node>
@ohader
ohader / rename-git-master-branch.sh
Created November 29, 2021 11:31
Rename Git master to main branch via GitHub API
#!/bin/bash
#
# replace `GITHUBTOKEN` with custom token from https://github.com/settings/tokens, having `repo` admin access
#
for repo in $(curl -s -H "Authorization: token GITHUBTOKEN" 'https://api.github.com/orgs/TYPO3-CMS/repos?per_page=100' | jq -r '.[] | .url' | sort)
do
echo "Renaming ${repo}..."
response=$(curl -s -X POST \
@ohader
ohader / MyDefaultBuilder.php
Last active January 9, 2023 10:49
TYPO3 override DefaultSanitizerBuilder via custom site-extension - origin https://forge.typo3.org/issues/94917
<?php
// in my_extension/Classes/MyDefaultBuilder.php
namespace OliverHader\MyExtension;
class MyDefaultBuilder extends \TYPO3\CMS\Core\Html\DefaultSanitizerBuilder
{
protected function createBehavior(): \TYPO3\HtmlSanitizer\Behavior
{
// overrides TYPO3's default builder
// allows `iframe` tag with attrs `src` and `sandbox`
@ohader
ohader / README.md
Last active June 10, 2021 14:06
Proxy Refresh
  • in directory C:\Program Files\WindowsPowerShell
  • create new directory Refresh-Proxy (same name as module)
  • put Refresh-Proxy.psm1 module
  • verify functionality in PowerShell using command Refresh-Proxy
  • create scheduled task
    • command powershell
  • argument Refresh-Proxy
@ohader
ohader / class-deserialize.php
Created May 18, 2020 07:09
Example of Insecure Deserialization
<?php
class MyClass
{
/**
* @var string
*/
protected $dontTouch;
public function __destruct()
{
@ohader
ohader / .htaccess
Last active June 2, 2021 22:15
Apache HTML, SVG, PHP restricted handlers
# Additions to existing Apache's .htaccess rules
# Security: Enforce file types matching at end of filename only
# see https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-extension-handling
# see https://httpd.apache.org/docs/2.4/mod/mod_mime.html#multipleext
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm

Keybase proof

I hereby claim:

  • I am ohader on github.
  • I am oliverhader (https://keybase.io/oliverhader) on keybase.
  • I have a public key ASCgxOJEqyHBxnXOt2ow3t9IPa5HSnVLIqlQyYeaGkjA3Qo

To claim this, I am signing this object:

@ohader
ohader / use-native-symlinks.bat
Last active April 25, 2019 09:27
Use native symlinks (junction) on Windows host systems (scope: Docker/DDEV environment using TYPO3 & Composer)