[TYPO3-50-general] Discussion to CondingStandards
Malte Jansen
mail at maltejansen.de
Mon Jan 14 10:58:37 CET 2008
Robert Lemke schrieb:
> Hi Malte and Tim,
>
> from the Wiki:
>
> (MJ) Security-Issue: All extensions have to use special-functions of
> the framework/lib for it. List of
> possible disallowed variables: * $_GET * $_POST * $_SERVER
> (TE) i implemented it, but we need to have some kind of exclusion
> rule because at some point this really
> have to be used in the core...
>
> We can remove that rule again because the Framework will replace these
> superglobals anyway and if someoneelse's code tries to access them, an
> exception will be thrown. This feature is only disabled currently
> because it made development easier for me.
>
> robert
Hi Robert,
this Rule is already implemented ;) Perhaps it can be used for TPR, that
the Package properbly works and a Package does not work well.
And should be mention in the Rules, that you have an overview about what
is allowed and disallowed.
What about PHPmyadmin etc. I think they are using them... Does the
Framework throws an error using them?
Cheers,
Malte
More information about the TYPO3-project-5_0-general
mailing list