[TYPO3-mvc] Transition Guide for Persistance Rewrite
Jochen Rau
jochen.rau at typoplanet.de
Tue Aug 4 12:19:08 CEST 2009
Hi Bastian.
Bastian Waidelich wrote:
> Jochen Rau wrote:
>
> Hi Jochen,
>
>> BTW The GET/POST parameter are already escaped in index_ts.php.
>
> in index_ts.php GET/POST parameters are escaped if get_magic_quotes_gpc
> is not enabled by calling t3lib_div::addSlashesOnArray(); (which itself
> calls PHPs native addslashes() for each item of the array).
>
> But I think, that's not enough for all cases. See
> http://www.php.net/manual/en/function.addslashes.php ("It's highly
> recommeneded to use DBMS specific escape function[...]")
Yes. That's what I thought, too. But how to proceed with this? IMO this
is an issue in core.
Jochen
--
Every nit picked is a bug fixed
More information about the TYPO3-project-typo3v4mvc
mailing list