[TYPO3-dev] Bug/Feature request for t3lib_div::_GP (and alike)
Franz Koch
typo.removeformessage at fx-graefix.de
Fri Jun 6 12:13:44 CEST 2008
Hey guys,
recently I had a problem with TS conditions. In the condition I checked
for a GPvar of a extension, that is transmitted over $_GET. Everything
worked fine that far, until I was submitting a form of the same
extension, additionally submitting some vars over $_POST. When
submitting the form, the condition failed.
After having a look at the source I finally found the bug in
t3lib_div::_GP() (and simmilar). All those t3lib_div-methods dealing
with GPvars use a construct like this:
--------
$value = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
--------
So if you have any _POST var from your extension, but would like to
check against a _GET var from the same extension, you will always fail.
Wouldn't it be much wiser to do something like this?
--------
$value = t3lib_div::GParrayMerged($var);
--------
so you really get ALL your extension/key related values? I'm just
curious why it's been done how it's done. For me this clearly is a bug
and I don't see any security or other issues with it because _POST is
overruling _GET in the merged array. What do you guys think?
--
kind regards,
Franz Koch
More information about the TYPO3-dev
mailing list