[TYPO3-50-general] Discussion to CondingStandards
Ernesto Baschny [cron IT]
ernst at cron-it.de
Mon Jan 14 14:15:18 CET 2008
Malte Jansen wrote: on 14.01.2008 10:58:
>> from the Wiki:
>>
>> (MJ) Security-Issue: All extensions have to use special-functions
>> of the framework/lib for it. List of
>> possible disallowed variables: * $_GET * $_POST * $_SERVER
>> (TE) i implemented it, but we need to have some kind of exclusion
>> rule because at some point this really
>> have to be used in the core...
>>
>> We can remove that rule again because the Framework will replace these
>> superglobals anyway and if someoneelse's code tries to access them, an
>> exception will be thrown. This feature is only disabled currently
>> because it made development easier for me.
>>
>> robert
>
> Hi Robert,
>
> this Rule is already implemented ;) Perhaps it can be used for TPR, that
> the Package properbly works and a Package does not work well.
>
> And should be mention in the Rules, that you have an overview about what
> is allowed and disallowed.
>
> What about PHPmyadmin etc. I think they are using them... Does the
> Framework throws an error using them?
I have also noticed this when Robert showed that feature on some
previous T3DD: doing that error throwing on access will make integration
of "existing" PHP projects (e.g. gallery, captcha, etc) impossible. Or
is there already some way of dealing with these cases?
Cheers,
Ernesto
More information about the TYPO3-project-5_0-general
mailing list