[TYPO3-50-general] Discussion to CondingStandards
Robert Lemke
robert at typo3.org
Mon Jan 14 09:44:01 CET 2008
Hi Malte and Tim,
from the Wiki:
(MJ) Security-Issue: All extensions have to use special-functions
of the framework/lib for it. List of
possible disallowed variables: * $_GET * $_POST * $_SERVER
(TE) i implemented it, but we need to have some kind of exclusion
rule because at some point this really
have to be used in the core...
We can remove that rule again because the Framework will replace these
superglobals anyway and if someoneelse's code tries to access them, an
exception will be thrown. This feature is only disabled currently
because it made development easier for me.
robert
--
http://typo3.org/gimmefive
http://buzz.typo3.org/people/robert-lemke/
More information about the TYPO3-project-5_0-general
mailing list