The following features are only tested / supported on linux hosts:

  • General: QFQ is coded to run on Linux hosts, preferable on Debian derivates like Ubuntu.
  • HTML to PDF conversion - command wkhtmltopdf.
  • Concatenation of PDF files - command pdfunite.
  • Convert of images to PDF files - command img2pdf.
  • PDF decrypt (used for merge with pdfunite) - command qpdf.
  • PDF decrypt (used for merge with pdfunite) - command gs - in case qpdf is not successful.
  • Mime type detection for uploads - command file.
  • Split PDF into JPG - command convert.
  • Repair PDF - command pdftocairo.
  • Convert HEIC/HEIF to png - command heif-info and heif-convert.


Report & Form

To normalize UTF8 input, php-intl package is needed by

  • normalizer::normalize()

For the Download function, the programs img2pdf, pdfunite, qpdf, gs and file are necessary to concatenate PDF files.

Preparation for Ubuntu:

sudo apt install php-intl
# for file upload, PDF and 'HTML to PDF' (wkhtmltopdf), PDF split
sudo apt install poppler-utils libxrender1 file pdf2svg qpdf ghostscript img2pdf libheif-examples
sudo apt install inkscape imagemagick            # to render thumbnails


wkhtmltopdf will be used by QFQ to offer ‘website print’ and ‘HTML to PDF’ conversion. The program is not included in QFQ and has to be manually installed.

  • The Ubuntu package wkhtmltopdf needs a running Xserver - this does not work on a headless webserver.
    • Best is to install the QT version from the named website above.
    • In case of trouble with wkhtmltopdf, also install ‘libxrender1’.
    • The current version 0.12.4 might have trouble with https connections. Version 0.12.5-dev (github master branch) seems more reliable. Please contact the QFQ authors if you need a compiled Ubuntu version of wkhtmltopdf.

In Configuration specify:

config.cmdWkhtmltopdf:  /opt/wkhtmltox/bin/wkhtmltopdf

If wkhtml has been compiled with dedicated libraries (not part of LD_LIBRARY_PATH), specify the LD_LIBRARY_PATH together with the path-filename:

config.cmdWkhtmltopdf: LD_LIBRARY_PATH=/opt/wkhtmltox/lib /opt/wkhtmltox/bin/wkhtmltopdf


To access FE_GROUP protected pages or content, it’s necessary to disable the [FE][lockIP] check! wkhtml will access the Typo3 page locally (localhost) and that IP address is different from the client (=user) IP.

Configure via Typo3 Installtool All configuration > $TYPO3_CONF_VARS[‘FE’]:

[FE][lockIP] = 0


[FE][lockIP] = 0 disables an important anti-‘session hijacking’ protection. The security level of the whole installation will be lowered! Again, this is only needed if wkhtml needs access to FE_GROUP protected pages & content. As an alternative to lower the security level, create a separated page subtree which is only accessible (configured via Typoscript) from specific IPs or if a FE-User is logged in.

If there are problems with converting/downloading FE_GROUP protected pages, check Configuration showDebugInfo = download to debug.


Converting HTML to PDF gives no error message but RC=-1? Check carefully all includes of CSS, JS, images and so on! Typically some of them fails to load and wkhtml stops running! Verify the correct loading of all elements by calling the site via a regular browser and bypassing any browser cache (Ctrl F5).


On Ubuntu, Apache is started by default with LANG=C. This is true even when the OS default locale is set to en_US.UTF-8. Furthermore, all child processes of Apache will inherit LANG=C. Some PHP functions (like ‘escapeshellarg()’) or wkhtml will strip all non-ASCII characters (e.g. commandline arguments).

Let Apache run with the system locale: /etc/apache/envvars, activate the line . /etc/default/locale and restart Apache.

Checklist wkhtml problems

  • config.baseUrl is configured and correct. The baseUrl has to be the same protocol as the website (http or https).
  • To track down problems:
    • In Configuration set debug.showDebugInfo=auto,download.
    • Do the download.
    • Check QFQ Log for any output.
    • Grab the URL given in the QFQ Log, open a browser in private mode (no existing browser session) and open the URL.
    • Check the –cookie-jar ‘/tmp/qfq.cookie….’ file for the cookie.
    • Call wkhtml manually on the webserver, with the same options as given in the QFQ Log.

HTML to PDF conversion

wkhtmltopdf converts a website (local or remote) to a (multi)-page PDF file. It’s mainly used in Download.


Different browser prints the same page in different variations. To prevent this, QFQ implements a small PHP wrapper print.php with uses wkhtmltopdf to convert HTML to PDF.

Provide a print this page-link (replace ‘current pageId’ ):

<a href="typo3conf/ext/qfq/Classes/Api/print.php?id={current pageId}">Print this page</a>

Any parameter specified after print.php will be delivered to wkhtmltopdf as part of the URL.

Typoscript code to implement a print link on every page:

10 = TEXT
10 {
  wrap = <a href="typo3conf/ext/qfq/Classes/Api/print.php?id=|&type=99"><span class="glyphicon glyphicon-print" aria-hidden="true"></span> Printview</a>
  data = page:uid

Send Email

QFQ sends mail via sendEmail - a small perl script without a central configuration.

By default, sendEmail uses the local installed MTA, writes a logfile to fileadmin/protected/qfqProject/log/mail.log and handles attachments via commandline options. A basic HTML email support is implemented.

NOTE: The log directory has been moved into qfqProject with a recent upgrade of QFQ. For backwards compatibility logs are still stored in fileadmin/protected/log/ if that directory already exists.

The latest version is v1.56, which has at least one bug. That one is patched in the QFQ internal version v1.56p1 (see QFQ GIT sources in directory ‘patches/sendEmail.patch’).

Nevertheless, on latest system the TLS support is broken - please check sendEmail: Error => TLS setup failed.

The Typo3 sendmail eco-system is not used at all by QFQ.


Thumbnails will be rendered via ImageMagick ( ‘convert’ and ‘inkscape’ ( ‘inkscape’ is only used for ‘.svg’ files.

The Typo3 graphic eco-system is not used at all by QFQ.

Usage: Column: _thumbnail.


  • Install the extension via the Extension Manager.
    • If you install the extension by manual download/upload and get an error message “can’t activate extension”: rename the downloaded zip file to or qfq_<version>.zip (e.g. version: 18.12.0).
    • If the Extension Manager stops after importing: check your memory limit in php.ini.
  • Copy/rename the file <site path>/fileadmin/protected/qfqProject/conf/example.qfq.json to <site path>/fileadmin/protected/qfqProject/conf/qfq.json. Configure the necessary settings Configuration The configuration file is outside of the extension directory, to not loose it during de-install and install again.
  • When the QFQ Extension is called the first time on the Typo3 frontend, the file <ext_dir>/Classes/Sql/formEditor.sql will played and fills the database with the Form editor records. This also happens automatically after each update of QFQ.
  • Configure Typoscript to include Bootstrap, jQuery, QFQ javascript and CSS files.

Setup CSS & JS

page.meta {
    X-UA-Compatible = IE=edge
    X-UA-Compatible.attribute = http-equiv
    viewport=width=device-width, initial-scale=1

page.includeCSS {
    file01 = typo3conf/ext/qfq/Resources/Public/Css/bootstrap.min.css
    file02 = typo3conf/ext/qfq/Resources/Public/Css/bootstrap-theme.min.css
    file03 = typo3conf/ext/qfq/Resources/Public/Css/jqx.base.css
    file04 = typo3conf/ext/qfq/Resources/Public/Css/jqx.bootstrap.css
    file05 = typo3conf/ext/qfq/Resources/Public/Css/qfq-bs.css
    file06 = typo3conf/ext/qfq/Resources/Public/Css/tablesorter-bootstrap.css
    file07 = typo3conf/ext/qfq/Resources/Public/Css/font-awesome.min.css

    # Only needed in case FullCalendar is used
    file08 = typo3conf/ext/qfq/Resources/Public/Css/fullcalendar.min.css

page.includeJS {
    file01 = typo3conf/ext/qfq/Resources/Public/JavaScript/jquery.min.js
    file02 = typo3conf/ext/qfq/Resources/Public/JavaScript/bootstrap.min.js
    file03 = typo3conf/ext/qfq/Resources/Public/JavaScript/validator.min.js
    file04 = typo3conf/ext/qfq/Resources/Public/JavaScript/jqx-all.js
    file05 = typo3conf/ext/qfq/Resources/Public/JavaScript/globalize.js
    file06 = typo3conf/ext/qfq/Resources/Public/JavaScript/tinymce.min.js
    file07 = typo3conf/ext/qfq/Resources/Public/JavaScript/EventEmitter.min.js
    file08 = typo3conf/ext/qfq/Resources/Public/JavaScript/typeahead.bundle.min.js
    file09 = typo3conf/ext/qfq/Resources/Public/JavaScript/qfq.min.js
    file10 = typo3conf/ext/qfq/Resources/Public/JavaScript/jquery.tablesorter.combined.min.js
    file11 = typo3conf/ext/qfq/Resources/Public/JavaScript/jquery.tablesorter.pager.min.js
    file12 = typo3conf/ext/qfq/Resources/Public/JavaScript/widget-columnSelector.min.js
    file13 = typo3conf/ext/qfq/Resources/Public/JavaScript/widget-output.min.js

    # Only needed in case FormElement 'annotate' is used.
    file14 = typo3conf/ext/qfq/Resources/Public/JavaScript/fabric.min.js
    file15 = typo3conf/ext/qfq/Resources/Public/JavaScript/qfq.fabric.min.js

    # Only needed in case FullCalendar is used
    file16 = typo3conf/ext/qfq/Resources/Public/JavaScript/moment.min.js
    file17 = typo3conf/ext/qfq/Resources/Public/JavaScript/fullcalendar.min.js


Setup a report to manage all forms:

  • Create a Typo3 page.

  • Set the ‘URL Alias’ to form (recommended) or the individual defined value in parameter editFormPage (configuration).

  • Insert a content record of type qfq.

  • In the bodytext insert the following code (see explanation of code: Report As File):


Installation: Check List

  • Protect the directory <T3 installation>/fileadmin/protected in Apache against direct file access.
    • <T3 installation>/fileadmin/protected/ should be used for confidential (uploaded / generated) data.
    • <T3 installation>/fileadmin/protected/qfqProject/log/… is the default place for QFQ log files.
  • Protect the directory <T3 installation>/fileadmin in Apache to not execute PHP Scripts - malicious uploads won’t be executed.
  • Setup a log rotation rule for sqlLog.
  • Check that sqlLogMode is set to modify on productive sites. With none you have no chance to find out who changed which data and all really logs a mass of data.



The file qfq.project.path.php provides the path to the qfqProject directory.

  • The qfqProject directory contains the qfq configuration file (see qfq.json) as well as forms and reports which are saved as files. See Form As File and Report As File.
  • The file qfq.project.path.php is located/created in the root directory of the application. (Where index.php is located)
  • This file only returns the path to the qfq project directory where logs, config (qfq.json), report files and form files are located.
  • If the file does not exist, it is created and the project path is set as follows:
    • Does the deprecated config file typo3conf/config.qfq.php exist? Then set the qfq project path to fileadmin/protected/qfqProject (config is migrated automatically to qfqProject).
    • If not, does fileadmin/protected exist? Then set the qfq project path to fileadmin/protected/qfqProject.
    • If not, then set qfq project path to ../ (i.e. outside the app directory where index.php is located)

Example: typo3conf/config.qfq.php:


QFQ project path configuration
!! ATTENTION !!: The files in the project directory should NOT be served by your http server!
Only exception: The app directory inside the project directory may be served.

return 'fileadmin/protected/qfqProject'; // path relative to app directory (i.e. location of this file).


  • Additionally to the keywords bellow one can also override the configuration values defined in the Typo3 extension manager: Extension Manager: QFQ Configuration * e.g. if qfq.json contains “flagProduction”:”no” then this value is taken instead of the one set in the extension manager.
Keyword Example Description
DB_<n>_USER “DB_1_USER”=”qfqUser” Credentials configured in MySQL
DB_<n>_PASSWORD “DB_1_PASSWORD”=”1234567890” Credentials configured in MySQL
DB_<n>_SERVER “DB_1_SERVER”=”localhost” Hostname of MySQL Server
DB_<n>_NAME “DB_1_NAME”=”qfq_db” Database name
LDAP_1_RDN LDAP_1_PASSWORD “LDAP_1_RDN”=”ou=Admin,ou=example,dc=com ” “LDAP_1_PASSWORD”=”mySecurePassword” Credentials for non-anonymous LDAP access. Only one set supported.
PASSWORD_HASH_TYPE “PASSWORD_HASH_TYPE”=”PASSWORD_BCRYPT” Password hashing algorithm used for “p” action class. See: Escape/Action class Possible values: “PASSWORD_ARGON2I” (QFQ default), “PASSWORD_BCRYPT”, “PASSWORD_DEFAULT” (PHP default)

Example: fileadmin/protected/qfqProject/qfq.json:

  "DB_1_USER": "<DBUSER>",
  "DB_1_PASSWORD": "<DBPW>",
  "DB_1_NAME": "<DB>",


  "LDAP_1_RDN": "<OPTIONAL> ou=Admin,ou=example,dc=com",
  "LDAP_1_PASSWORD": "<OPTIONAL> mySecurePassword"


DEPRECATED : use qfq.json as described above. qfq.json

Extension Manager: QFQ Configuration

  • These configuration values can be overwritten by qfq.json. qfq.json
Keyword Default / Example Description
flagProduction yes yes|no: used to differentiate production and development site.
render single both|single: QFQ will show form and/or report. In most cases only one at a time is needed. Options: ‘single’ (default) or ‘both’ (legacy). In mode ‘single’ prefer ‘form’ over ‘report’.
maxFileSize 10M If empty, take minimum of ‘post_max_size’ and ‘upload_max_filesize’.
baseUrl URL where wkhtmltopdf will fetch the HTML (no parameter, those comes later)
dateFormat yyyy-mm-dd Possible options: yyyy-mm-dd,
thumbnailDirSecure fileadmin/protected/qfqThumbnail Important: secure directory ‘protected’ (recursive) against direct access.
thumbnailDirPublic typo3temp/qfqThumbnail Both thumbnail directories will be created if not existing.
cmdInkscape inkscape If inkscape is not available, specify an empty string.
cmdConvert convert Image-/GraphicsMagics ‘convert’ is recommended.
cmdPdf2svg pdf2svg Convert PDF to SVG.
cmdPdftocairo pdftocairo Poppler based.
cmdWkhtmltopdf /usr/bin/wkhtmltopdf PathFilename of wkhtmltopdf. Optional variables like LD_LIBRARY_PATH=…
cmdQpdf qpdf PathFilename of qpdf. Optional variables like LD_LIBRARY_PATH=…
cmdGs gs PathFilename of gs. Optional variables like LD_LIBRARY_PATH=…
cmdPdfunite pdfunite PathFilename of pdfunite. Optional variables like LD_LIBRARY_PATH=…
cmdImg2pdf img2pdf PathFilename of img2pdf. Optional variables like LD_LIBRARY_PATH=…
cmdHeifConvert heif-convert PathFilename of heif-convert. Optional variables like LD_LIBRARY_PATH=… . During upload, HEIF/HEIC images will be silently converted to PNG. To disable the conversion, leave the field blank.
sendEMailOptions -o tls=yes General options. Check:
reportAsFileAutoExport no Auto export of qfq reports to files. See Report As File
fillStoreSystemBySql1/2/3 SELECT AS … Specific values read from the database to fill the system store during QFQ load. See Fill STORE_SYSTEM by SQL for a usecase.
fillStoreSystemBySqlErrorMsg1/2/3 No current period found Only define an error message, if QFQ should stop running in case of an SQL error or not exact one record.
throwExceptionGeneralError auto
yes: ‘general errors’ in QFQ (PHP) will throw an exception.
auto: becomes ‘yes’, if ‘flagProduction’!=’yes’, else ‘no’.
no: ‘general errors’ in QFQ (PHP) will be silently ignored.
formSubmitLogMode all
all: every form submission will be logged.
none: no logging.
See Form Submit Log page for example QFQ code to display the log.
redirectAllMailTo If set, redirect all QFQ generated mails (Form, Report) to the specified.
sqlLogMode modify
all: every statement will be logged - this might be a lot.
modifyAll: log all statements which might change data, even if 0 rows
modify: log only statements which change data (affected rows > 0).
error: log only DB errors.
none: no SQL log at all.
sqlLogModeAutoCron error Applies only to AutoCron Jobs. For production ‘error’ should be fine.
sqlLog fileadmin/protected/qfqProject/log/sql.log Filename to log SQL commands: relative to <site path> or absolute. If the directory does not exist, create it.
qfqLog fileadmin/protected/qfqProject/log/qfq.log Filename to log general QFQ events:relative to <site path> or absolute. If the directory does not exist, create it.
mailLog fileadmin/protected/qfqProject/log/mail.log Filename to log sendEmail commands: relative to <site path> or absolute. If the directory does not exist, create it.
showDebugInfo auto FE - Possible values: yes|no|auto|download. For ‘auto’: If a BE User is logged in, a debug information will be shown on the FE.
reportMinPhpVersion auto Possible values: yes|no|auto. For ‘auto’: If a BE User is logged in, it becomes ‘yes’. If installed PHP version is too low, report and stop QFQ.
init init=SET names utf8; SET sql_mode = “NO_ENGINE_SUBSTITUTION” Global init for using the database. For ‘sql_mode=”NO_ENGINE_SUBSTITUTION”’ see #7407.
update auto
auto: apply DB Updates only if there is a newer version.
always: apply DB Updates always, especially play formEditor.sql every time QFQ is called - not recommended!
never: never apply DB Updates.
indexData 1 Optional. Default: 1. Retrieve the current setting via {{dbNameData:Y}}.
indexQfq 1 Optional. Default: 1. Retrieve the current setting via {{dbNameQfq:Y}}.
escapeTypeDefault m All variables {{…}} get this escape class by default. See Escape/Action class.
securityVarsHoneypot email,username,password If empty: no check. All named variables will rendered as INPUT elements.
securityAttackDelay 5 If an attack is detected, sleep ‘x’ seconds and exit PHP process.
securityShowMessage true If an attack is detected, show a message.
securityGetMaxLength 50 GET vars longer than ‘x’ chars triggers an attack-recognized. Exception for SECURITY_GET_MAX_LENGTH.
securityFailedAuthDelay 3 If REST authorization fails, sleep ‘x’ seconds before answering.
recordLockTimeoutSeconds 900 Timeout for record locking. After this time, a record will be replaced.
sessionTimeoutSeconds 1800 Timeout for FE User session. See FE-User: Session timeout seconds
enterAsSubmit enterAsSubmit = 1 0: off, 1: Pressing enter in a form means save and close.
editFormPage form T3 Pagealias to edit a form.
formDataPatternError please check pattern error Customizable error message used in validator.js. ‘pattern’ violation.
formDataRequiredError missing value Customizable error message used in validator.js. ‘required’ fields.
formDataMatchError type error Customizable error message used in validator.js. ‘match’ retype mismatch.
formDataError generic error Customizable error message used in validator.js. ‘no specific’ given.
labelAlign left Label align (left/center/right)/ Default: left. Will be inherited to Form.
cssClassQfqContainer container
QFQ with own Bootstrap: ‘container’.
QFQ already nested in Bootstrap of mainpage: <empty>.
cssClassQfqForm qfq-color-base Wrap around QFQ ‘Form’.
cssClassQfqFormPill qfq-color-grey-1 Wrap around title bar for pills: CSS Class, typically a background color.
cssClassQfqFormBody qfq-color-grey-2 Wrap around FormElements: CSS Class, typically a background color.
formBsColumns col-md-12 col-lg-10 The whole form will be wrapped. See Custom field width
formBsLabelColumns col-md-3 col-lg-3 The column get the width. See Custom field width
formBsInputColumns col-md-6 col-lg-6
formBsNoteColumns col-md-3 col-lg-3
extraButtonInfoInline <img src=”info.png”> Image for extraButtonInfo (inline).
extraButtonInfoBelow <img src=”info.png”> Image for extraButtonInfo (below).
extraButtonInfoPosition below ‘auto’ (default) or ‘below’. See extraButtonInfo.
extraButtonInfoClass pull-right ‘’ (default) or ‘pull-right’. See extraButtonInfo.
formLanguage[ABCD]Id E.g.: 1 In Typo3 configured pageLanguage id. The number after the ‘L’ parameter.
formLanguage[ABCD]Label E.G.: english Label shown in Form editor, on the ‘basic’ tab.
saveButtonText   Text on the form save button. Typically none.
saveButtonTooltip Save Tooltip on the form save button.
saveButtonClass btn btn-default navbar-btn Bootstrap CSS class for save button on top of the form.
buttonOnChangeClass alert-info btn-info Bootstrap CSS class for save button showing ‘data changed’.
saveButtonGlyphIcon glyphicon-ok Icon for the form save button.
closeButtonText   Text on the form close button. Typically none.
closeButtonTooltip close Tooltip on the form close button.
closeButtonClass btn btn-default navbar-btn Bootstrap CSS class for close button on top of the form.
closeButtonGlyphIcon glyphicon-remove Icon for the form close button.
deleteButtonText   Text on the form delete button. Typically none.
deleteButtonTooltip delete Tooltip on the form delete button.
deleteButtonClass btn btn-default navbar-btn Bootstrap CSS class for delete button on top of the form.
deleteButtonGlyphIcon glyphicon-trash Icon for the form delete button.
newButtonText   Text on the form new button. Typically none.
newButtonTooltip new Tooltip on the form new button.
newButtonClass btn btn-default navbar-btn Bootstrap CSS class for new button on top of the form.
newButtonGlyphIcon glyphicon-plus Icon for the form new button.
showIdInFormTitle 0 (off), 1 (on) Append at the form title the current record id.
cssClassColumnId text-muted A column in a subrecord with the name id|ID|Id gets this class.
clearMe 0 (off), 1 (on) Default to show a small ‘x’ in every input or textarea to clear field.

After parsing the configuration, the following variables will be set automatically in STORE_SYSTEM:

Keyword Description
dbNameData Name of the ‘data’-database. ‘{{dbNameData:Y}}
dbNameQfq Name of the ‘QFQ’-database. ‘{{dbNameQfq:Y}}
dbNameT3 Name of the ‘T3’-database. ‘{{dbNameT3:Y}}
sitePath Absolute path of the current T3 instance. ‘{{sitePath:Y}}
extPath Absolute path of the QFQ extension. ‘{{extPath:Y}}

Custom variables

Up to 30 custom variables can be defined in Configuration.

E.g. to setup a contact address and reuse the information inside your installation do:

custom2: ADMINISTRATIVE_ADDRESS = John Doe, Hollywood Blvd. 1, L.A.
  • Somewhere in a Form or in Report:


It’s also possible to configure such variables directly in config.qfq.php.


A specified SELECT statement in Configuration in variable fillStoreSystemBySql1 (or 2, or 3) will be fired. The query should have 0 (nothing happens) or 1 row. All columns will be added to the existing STORE_SYSTEM. Existing variables will be overwritten. Be careful not to overwrite system values.

This option is useful to make generic custom values, saved in the database, accessible to all QFQ Report and Forms. Access such variables via {{<varname>:Y}}.

In case QFQ should stop working if a given query does not select exact one record (e.g. a missing period), define an error message:

fillStoreSystemBySql1: SELECT name FROM Person WHERE name='Doe'
fillStoreSystemBySqlErrorMsg1: Too many or to few "Doe's" in our database


This is

  • a usecase, implemented via Fill STORE_SYSTEM by SQL,
  • a way to access with respect to the current period (the period itself is custom defined).

After a full QFQ installation:

  • a table Period (extend / change it to your needs, fill them with your periods),
  • one sample record in table Period,

Websites, delivering semester data, school year schedules, or any other type or periods, often need an index to the current period.

In Configuration:

fillStoreSystemBySql1: SELECT id AS periodId FROM Period WHERE start<=NOW() ORDER BY start DESC LIMIT 1

a variable ‘periodId’ will automatically computed and filled in STORE SYSTEM. Access it via {{periodId:Y0}}. To get the name and current period:

SELECT name, ' / ', start FROM Period WHERE id={{periodId:Y0}}

Typically, it’s necessary to offer a ‘previous’ / ‘next’ link. In this example, the STORE SIP holds the new periodId:

SELECT CONCAT('p:{{pageAlias:T}}&periodId=', {{periodId:SY0}}-1, '|Next') AS _page, ' ', name, ' ',
  CONCAT('p:{{pageAlias:T}}&periodId=', {{periodId:SY0}}+1, '|Next') AS _page FROM Period AS s WHERE{{periodId:SY0}}

Take care for minimum and maximum indexes (do not render the links if out of range).

DB USER privileges

The specified DB User needs privileges

  • to the QFQ database of at least: SELECT / INSERT / UPDATE / DELETE / SHOW.
  • to the Typo3 database of at least table tt_content with SELECT.

To apply automatically QFQ-‘DB UPDATE’ the following rights are mandatory too: CREATE / ALTER

To get access to the Typo3 installation, ‘dbuser’ should also have access to the Typo3 Database with at least SELECT / INSERT / UPDATE / DELETE.


If it is necessary to use a GET variable which exceeds securityGetMaxLength limit, name the variable with ‘_<num>’ at the end. E.g. my_long_variable_130. Such a variable has an allowed length of 130 chars. Access the variable as usual with the variable name: {{my_long_variable_130:C:…}}.

FE-User: Session timeout seconds

There is no timeout for website users who are not logged in (but typically those users don’t have access to protected content).

For logged in users, the default timeout is the php.ini settings for session.cookie_lifetime and session.gc_maxlifetime (minimum of both). These timeout only affects QFQ related content and can be specified a) globally (QFQ configuration) and b) specific per Form.

The maximum timeout depends on the minimal value of php.ini session.cookie_lifetime and session.gc_maxlifetime. Specifying a higher value produces an error in the front end.

Every access to QFQ related content resets the timeout.

After FE login, the next access to QFQ related content starts the timeout counter.

Cron Job: Remove Form Backup Files

The following cron job may be used to automatically remove form backup files (see Form As File) which are older than 31 days. Be sure to adjust the path accordingly:

0 19 * * * find /var/www/html/fileadmin/protected/qfqProject/form/.backup/ -type f -mtime +31  -exec rm {} \;