[TYPO3-ttnews] EXT:News, Tags als Meta-Keywords, kommasepariert
Jigal van Hemert
jigal.van.hemert at typo3.org
Sat Nov 3 15:16:13 CET 2012
Hi,
On 2-11-2012 12:09, Georg Ringer wrote:
> Hallo,
>
> Am 02.11.2012 12:03, schrieb David Greiner:
>> über folgendes Typoscript frage ich auf Artikeldetail-Seiten die dem
>> Artikel zugeordneten Tags ab.
>> andWhere.dataWrap =
>> tx_news_domain_model_news_tag_mm.uid_local = {GP:tx_news_pi1|news}
>> andWhere.insertData = 1
>> }
>
> und hast damit eine wunderbare SQL Injection, besser via cObject basteln
> und dann ein intval = 1
You don't have to build anything complex. Just use markers [1][2]:
select {
[...]
where = tx_news_domain_model_news_tag_mm.uid_local = ###newsitem###
[...]
markers {
newsitem.data = GP:tx_news_pi1|news
}
}
Every property of select supports these markers and markers have full
stdWrap support. Every marker value is properly escaped and quoted.
Don't tell anybody, but this feature has been around since TYPO3 4.4.
[1]
http://buzz.typo3.org/teams/core/article/safety-and-flexibility-in-typoscript-queries/
[2]
http://typo3.org/documentation/document-library/core-documentation/doc_core_tsref/4.7.0/view/1/5/#id552862
--
Jigal van Hemert
TYPO3 Core Team member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-tt-news
mailing list