[TYPO3] Address-hounters, this is interesting for you: feevcal.. (and all the others: better fix this..)

zabined deeken at oligoform.de
Thu Jul 13 15:44:29 CEST 2006

hi dimitry,
no panic (or did you install feevcal in an "open" section without 
changing the template but don't want to tell the users data... hm than 
better fix this..)
next time I will contact security (thanks for the adress), but this is 
the first time in my life I (maybe) found a security-injection.

In other extensions (forum and frontend-user-registration, i guess) a 
list of frontendusers is a feature..
I decided to post here because I thought it to be a rather undocumented 
feature, that would be good to be aware of for people who use the extension.

feevcal is a very open tool, all people who can see it can put in their 
events on the page, and for that reason I'm quite sure that the most 
Typo3-Admins put in into a frontend-users area of the website where 
Information about the other community-people is not tragic, or even wanted.

other thing: there are hundreds of warnings in the web to be careful 
with unreviewed code.. (when I installed feevcal I was aware..)


More information about the TYPO3-english mailing list