[Typo3-dev] Deny field list
Mathias Schreiber [wmdb]
mathias.schreiber at wmdb.de
Sat Dec 18 12:45:15 CET 2004
Kasper Skårhøj wrote:
> I wonder if anyone could want to fix this and provide the fix to CVS?
>
> Let me see (from memory);
>
> - The configuration of each element in the wizard is in an array
> - The parameters defining each type is passed as plain GET variable
> presets.
>
> This could be changed in this way:
> - Function calls build the array
> - A paraemter to the function call is an array with field-default values
> as field/value pairs.
> - The function adding the entry calls the auth API inside BE_USER for
> each field/value pair and checks that value. If any of them fails the
> entry is not added.
>
> I can't remember how you check for a single of these values but surely
> that would only take a few minutes browsing to figure out since it is
> used at other places, eg. in tcemain/alt_doc.php
>
>
> Now, this small change is not something that can push TYPO3 over and out
> of function, hence someone else could be trusted to do this.
> I'm just trying to extend my hand with a chance to tamper with the core
> in and important and annoying but not critical matter.
Hi Kasper,
I did send a patch to Mr. stucki when 3.7.0 came out.
But I still think my solution is somewhat "sluggish".
What I do:
I build an array of the denied CEs and keep it global.
Then I walk through the array that builds the wizard entries and regex
for the commands that are passed via GET (like
&tt_content[CType]=whatever)and crosscheck if they are listed in the
global "deny" array.
If so, I unset the current key in the "wizard-array" and it works.
My implementation took very short and doesn't match up plugins yet but I
have to admit that I wanted to know whether this is the right way or if
I would have to deny the fields at an earlier state somewhere.
If you're fine with the solution I could supply a patch that matches up
CEs and plugins and send it to Mr. Stucki since CVS is still a rather
closed matter to me and I don't want to break stuff (I leave this up to
you ;-))
peace
Mathias
--
No Subject - No Realname - No Service!
Respect the List/Newsgroup Rules!
>> http://typo3.org/1438.0.html <<
More information about the TYPO3-dev
mailing list