[TYPO3-50-general] Discussion to CondingStandards

Malte Jansen mail at maltejansen.de
Mon Jan 14 10:58:37 CET 2008

Robert Lemke schrieb:
> Hi Malte and Tim,
> from the Wiki:
>    (MJ) Security-Issue: All extensions have to use special-functions of 
> the framework/lib for it. List of
>    possible disallowed variables: * $_GET * $_POST * $_SERVER
>    (TE) i implemented it, but we need to have some kind of exclusion 
> rule because at some point this really
>    have to be used in the core...
> We can remove that rule again because the Framework will replace these 
> superglobals anyway and if someoneelse's code tries to access them, an 
> exception will be thrown. This feature is only disabled currently 
> because it made development easier for me.
> robert

Hi Robert,

this Rule is already implemented ;) Perhaps it can be used for TPR, that 
the Package properbly works and a Package does not work well.

And should be mention in the Rules, that you have an overview about what 
is allowed and disallowed.

What about PHPmyadmin etc. I think they are using them... Does the 
Framework throws an error using them?



More information about the TYPO3-project-5_0-general mailing list