[TYPO3-english] fluid/extbase: Securityquestion - example autocomplete
Georg Ringer
typo3 at ringerge.org
Fri Mar 16 08:43:09 CET 2012
Hi,
first of all: If you have any concerns that you found a security issue
in the core or extensions, please contact the securityteam at
security at typo3.org first and don't write it in mailinglists, blogs,
twitter or anything else! thanks!
Am 16.03.2012 08:37, schrieb Hauke Hain:
> Will the searchterm be directly in a SQL statement later? Do I have to
> use some sort of ViewHelper to make the user input save for the
> application?
When you look up Tx_Extbase_Persistence_Storage_Typo3DbBackend you fill
find in function replacePlaceholders()
-----------
foreach ($parameter as $item) {
$items[] = $this->databaseHandle->fullQuoteStr($item, 'foo');
}
-----------
so this is fine
Georg
More information about the TYPO3-english
mailing list