[TYPO3] wfqbe bug(?)
Mauro Lorenzutti
mauro.lorenzutti at webformat.com
Mon Feb 18 10:07:11 CET 2008
Hi Gerhard,
> Hello Mauro,
>
> while playing around with the wfqbe extension I ran into a small
> problem, I think it's a small bug:
>
> It is possible to set a redirect page and parameter after an insert or a
> delete. As mentioned in your tutorial it is possible to use one of the
> following markers for the redirect parameter:
> 1) ###ID### - the uid of the inserted data row
> 2) ###WFQBE_FIELD_XXXX### - fieldname of an existing field
>
> Nr. 1 is working.
> Nr. 2 is not working, because the parameter will be surrounded by ' in
> the moment of redirection.
> e.g.
> tx_wfqbe_pi1[uid]=###WFQBE_FIELD_fieldname###
> will result in
> tx_wfqbe_pi1[uid]='123' which is not correct. The resulting SQL will be
> SELECT * FROM table WHERE uid=\'123\'
>
>
Yes, it's a bug of the new version (I added some checks against SQL
injection that conflicts with this feature). I'll send you the corrected
code to your private email. Please let me know if it works so I can
update the extension in the TER.
> BTW: in your user manual at typo3.org you wrote that the redirect
> parameter should look like this &tx_wfqbe_pi1[uid]=###ID### which is a
> fault, because the '&' will be concatenated by your extension code. The
> result will be http://127.0.0.1/index.php?id=1&&tx_wfqbe_pi1[uid]=6, so
> there is one '&' too much.
>
You are right, thank you for your feedback.
Regards,
--
Mauro Lorenzutti
e-mail: mauro.lorenzutti at webformat.com
---------------------------------------------------------
WEBFORMAT srl | Corte Europa, 12 | I-33097 SPILIMBERGO PN
Tel +39-0427-926.389 -- Fax +39-0427-927.653
info at webformat.com -- http://www.webformat.com
---------------------------------------------------------
More information about the TYPO3-english
mailing list