[TYPO3-dev] Trying to make plugins compatible with Typo3 4.2
Dmitry Dulepov [typo3]
dmitry at typo3.org
Sat Mar 1 13:56:51 CET 2008
Hi!
Franz Holzinger wrote:
> I think if a method deals with user passwords then it should be
> certified that no other installed TYPO3 extension can modify the
> password by overriding one of the methods which are allowed to modify
> the password. This is better security. It would be harder to always
> check the code of each extension before you install it,
I agree.
And we always have to remember one particular case:
protected function foo() {
$var = $this->bar();
return '"' . $var . '"';
}
private function bar() {
return 'mypassword';
}
While it is legal to override foo() here, in practice it cannot be done. bar() cannot be used from overriden foo() in XCLASS. One choice would be to call parent::foo() and use regular expressions on its result but this is not always best solution...
--
Dmitry Dulepov
TYPO3 core team
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
"Nothing is impossible. There are only limits to our knowledge"
More information about the TYPO3-dev
mailing list