Feature: #84545 - Allow temporary files to be stored outside the document root

See forge#84545

Description

The environment variable called TYPO3_PATH_APP, which was previously introduced with the Environment API, is now used to allow to store data outside of the document root.

All regular composer-based installations now benefit from this functionality directly, as data which was previously stored and hard-coded within typo3temp/var/ is now stored within the project root folder var/.

For non-composer installations, it is possible to set the environment variable to a folder usually one level upwards than the regular web root. This increases security for any TYPO3 installation as files are not publicly accessible (for example via web browser) anymore.

A typical example:

  • TYPO3_PATH_APP is set to /var/www/my-project.

  • The web folder is then set to TYPO3_PATH_ROOT /var/www/my-project/public.

Non-public files are then put to

  • /var/www/my-project/var/session (like Maintenance Tool Session files)

  • /var/www/my-project/var/cache (Caching Framework data)

  • /var/www/my-project/var/lock (Files related to locking)

  • /var/www/my-project/var/log (Files related to logging)

  • /var/www/my-project/var/extensionmanager (Files related to extension manager data)

  • /var/www/my-project/var/transient (Files related to import/export, core updater, FAL)

If the option is not set, the typo3temp/var/ folder is still used, but with some minor differences regarding the naming scheme of the folders.

Impact

For installations having the environment variable set, the folder is now not within typo3temp/var/ anymore but outside of the document root in a folder called var/.

For installations without this setting in use, there are minor differences in the folder structure:

  • typo3temp/var/cache is now used instead of typo3temp/var/Cache

  • typo3temp/var/log is now used instead of typo3temp/var/logs

  • typo3temp/var/lock is now used instead of typo3temp/var/locks

  • typo3temp/var/session is now used instead of typo3temp/var/InstallToolSessions

  • typo3temp/var/extensionmanager is now used instead of typo3temp/var/ExtensionManager

Although it is a most common understanding in the TYPO3 world that typo3temp/ can be removed at any time, it is considered bad practice to remove the whole folder. Only folders relevant for the current development changes should selectively be removed.