[TYPO3-dev] WARNING!?? tslib_patcher, pp_chashchecker
Elmar Hinz
elmar07 at googlemail.com
Thu Aug 23 11:25:47 CEST 2007
Popy wrote:
> 2007/8/23, Elmar Hinz <elmar07 at googlemail.com>:
>>
>> Hi Popy,
>>
>> Popy wrote:
>>
>> > No cHash means same cache than no params. If we don't check its
>> > validity if it is not in the url, it is a way to corrupt cache.
>>
>> If you use a USER plugin, without sending cHash you make a mistake.
>
>
> And if a malicious user remove the cHash from the url ? I know my work,
> all my cHashes are corrects
Every USER object has to call $GLOBALS['TSFE']->reqCHash();
http://typo3.org/development/articles/the-mysteries-of-chash/page/3/
The target is that pages with parameters are only cached if the parameters
are signed by a cHash. That works this far. No problem here. But the
problems are related to this.
Regards
Elmar
More information about the TYPO3-dev
mailing list