[TYPO3-dev] Improvement against SQL injections
Elmar Hinz
elmar.DOT.hinz at team.MINUS.red.DOT.net
Mon Jun 18 14:43:19 CEST 2007
>
> FE queries are not supposed to *modify* system tables any way. If they
> do, they can easily break references, irre, workspaces, templavoila,
> etc. They should do it through TCEmain (it is possible to instantiate
> TCEmain in FE too but with some more code).
>
Yes, that's possible. For the T3 indegene people at least. IMHO there is
no official documentation, that shows the common programmer, how to do
this. It took me half a day to find a solution and I am not sure if my way
is the best way to do it.
Because of the absence of documentation for this, I think it's likely that
a lot of people who end up with unclean homemade solutions, when they need
to update system tables from the frontend, instead of using TCEmain.
Regards
Elmar
More information about the TYPO3-dev
mailing list