Martin Auswöger

To keep it simple we could add rate limiting that can limit based on different keys, for example rate limits: - Per username, a low limit like 5 attempts all...

> > But the rate limit per password is very difficult to get right. Because it could itself be used to find out used passwords via timing attacks. So I’m...

> The issue that remains is that `$GLOBALS['TL_LANG']` will potentially be populated with the wrong translations. I think I could live with that if we deprecate the usage of `$GLOBALS['TL_LANG']`...

Can we deprecate `$GLOBALS['TL_LANG']` everywhere then? Or everywhere except translation files themselfes and DCA files?

Backing up and restoring `$GLOBALS['TL_LANG']` without breaking the references to it is not trivial I think. It would also break the internal cache of `System::loadLanguageFile`. And performance wise probably not...

> And what's the issue with just reloading it? It only needs to be done in case the locale differs so it shouldn't be a super common case? If I...

This is handled by the twig templates for the new content elements I think. Maybe we should use something like `{{ (as_editor_view ? text : text|insert_tag)|raw }}` in the default...

> In Contao 5 you _must_ use `FrontendTemplate::getResponse()` - which will always replace the insert tags. It would only replace the insert tags in Contao 4, right? But I see,...

I see, we should add a check for the backend scope here then I think: https://github.com/contao/contao/blob/fe1e9e02b88c3d5ef950a3ec50504428d271b872/core-bundle/contao/library/Contao/TemplateInheritance.php#L145-L149

> We discussed that before (including for 4.9+) - but I think we were against that for some reason 🤔 But this code only exists in Contao 5 (as we...