[TYPO3-dev] Ugly hack in alt_main.php
Tapio Markula
tapio.markula at atwebteam.com
Fri Jan 12 10:43:55 CET 2007
Martin Kutschker kirjoitti:
> Tapio Markula schrieb:
>> Hi
>>
>> Typo3 4.x has bad solution for start module
>>
>> $module = preg_replace('/[^[:alnum:]_]/','',t3lib_div::_GET('module'));
>> if (!$module && $BE_USER->uc['startInTaskCenter']) {
>> $module = 'user_task';
>> }
>>
>> That really bad because this can't configure user level or users needs
>> annoying way
>> to set get params. This way should *not* do new options.
>> This is just an ugly hack!
>
> Possibly, but I guess that 99% of the list subscribers have no idea what
> you are talking about.
>
> Masi
I you define starting module this way
1) I has hack using preg_replace('/[^[:alnum:]_]/' to get name of the
starting module
2) If you define at this way, the control is *out of the hands of the
administator* because he can't control, what parameter users feed
3) people can try to go module, which has no rights
at least there should be option administrator to control this with
proper config
$module = preg_replace('/[^[:alnum:]_]/','',t3lib_div::_GET('module'));
if ($BE_USER->uc['startInTaskCenter']) {
$module = 'user_task';
}
elseif($BE_USER->uc['startModule']) {
$module =$BE_USER->uc['startModule']
}
Setting of the administrator should have higher priority as
$_GET parameters! This is really shameful hack!
More information about the TYPO3-dev
mailing list