[TYPO3-dev] Ugly hack in alt_main.php

[Tapio Markula]

Martin Kutschker kirjoitti:
> Tapio Markula schrieb:
>> Hi
>>
>> Typo3 4.x has  bad solution for start module
>>
>> $module = preg_replace('/[^[:alnum:]_]/','',t3lib_div::_GET('module'));
>>         if (!$module && $BE_USER->uc['startInTaskCenter']) {
>>             $module = 'user_task';
>>         }
>>
>> That really bad because this can't configure user level or users needs 
>> annoying way
>> to set get params. This way should *not* do new options.
>> This is just an ugly hack!
> 
> Possibly, but I guess that 99% of the list subscribers have no idea what 
> you are talking about.
> 
> Masi

I you define starting module this way
1) I has hack using preg_replace('/[^[:alnum:]_]/' to get name of the 
starting module
2) If you define at this way, the control is *out of the hands of the 
administator* because he can't control, what parameter users feed
3) people can try to go module, which has no rights

at least there should be option administrator to control this with 
proper config

$module = preg_replace('/[^[:alnum:]_]/','',t3lib_div::_GET('module'));


         if ($BE_USER->uc['startInTaskCenter']) {
             $module = 'user_task';
          }
elseif($BE_USER->uc['startModule']) {
	$module =$BE_USER->uc['startModule']
}

Setting of the administrator should have higher priority as
$_GET parameters! This is really shameful hack!