[TYPO3-dev] Trying to make plugins compatible with Typo3 4.2
Malte Jansen
mail at maltejansen.de
Sun Mar 2 14:50:58 CET 2008
Dmitry Dulepov [typo3] schrieb:
> Hi!
>
> Franz Holzinger wrote:
>> I think if a method deals with user passwords then it should be
>> certified that no other installed TYPO3 extension can modify the
>> password by overriding one of the methods which are allowed to modify
>> the password. This is better security. It would be harder to always
>> check the code of each extension before you install it,
>
> I agree.
>
> And we always have to remember one particular case:
>
> protected function foo() {
> $var = $this->bar();
> return '"' . $var . '"';
> }
>
> private function bar() {
> return 'mypassword';
> }
>
> While it is legal to override foo() here, in practice it cannot be done.
> bar() cannot be used from overriden foo() in XCLASS. One choice would be
> to call parent::foo() and use regular expressions on its result but this
> is not always best solution...
>
Hi!
You could also use:
protected final function bar() {
return 'yourpassword'
}
So the function is accessable, but not rewritable....
Cheers,
Malte
More information about the TYPO3-dev
mailing list