[Typo3-dev] Welcome back in the "goto-age"?
Kraft Bernhard
kraftb at gmx.net
Tue Mar 22 15:13:27 CET 2005
Sven Wilhelm wrote:
> When currently reading code I sometimes feel back to the age where goto
> statements in the code were ok.
What's wrong with goto ? ;-)
> xclassing as one example. extending extensions and extending the
> extended extension.
>
> Do the developer not want to work together?
>
> Could many of the "enrich the core with expected
> functionality"-extensions not move the functionality to the core?
I don't like to say it but somehow I "fear" contributing to the core.
What if I make some contribution and after a few months it comes out that one of those
contributions is responsible for opening a big security hole in Typo3.
As you have already seen from the last "Security alert" (DB-cross site scripting in an extension)
it really goes wild if some major bug is found. Just think if this bug wouldn't have been
in a (not so often used) extension but in the Core ...
Michael (Stucki) already meant that the "KB Better stdWrap" extension with which you can replace
{pattern} markers in a stdWrap field by any arbitrary value from Typo3 (every field from all objects, arrays),
should go into the core. But he also pointed out some security issues.
I wouldn't like to see that this goes into the core and afterwards I'm the bad guy because
of openeing a big security hole.
Of course this risk gets reduced by having several people review the code but it is still there.
If I make an extension it is a "use on your own risk" thingy.
I personally really like the concept of hooks as they offer the flexibility to do many things while still
keeping the core clean. I nicely worked together with Ingmar Schlecht for introducing some hooks in the newloginbox
which allows the MD5 FE Password extension to use newloginbox without completly overwritting the classes ... This
will save a lot of work cause I won't need to update the extension on every new version of newloginbox ...
Pherhaps the problem with many extension authors is that they don't react upon mails sent to them regarding some
of their extensions... Pherhaps they even aren't in the Typo3 world anymore ... Such extensions should get marked
"Unsupported"
> Is there really a need to reach the 100% flexibility? Other software
> systems also have restrictions?
I really like the feature richness of Typo3 and that it is configurable in every corner ...
I won't miss that ...
greets,
Bernhard
--
Kraft Bernhard
MOKKA Medienagentur <http://www.mokka.at>
T: +43 - 1 - 895 33 33 - 50
More information about the TYPO3-dev
mailing list