[TYPO3-50-general] Discussion to CondingStandards
Malte Jansen
mail at maltejansen.de
Mon Jan 14 16:04:16 CET 2008
Ernesto Baschny [cron IT] schrieb:
> Malte Jansen wrote: on 14.01.2008 10:58:
>
>>> from the Wiki:
>>>
>>> (MJ) Security-Issue: All extensions have to use special-functions
>>> of the framework/lib for it. List of
>>> possible disallowed variables: * $_GET * $_POST * $_SERVER
>>> (TE) i implemented it, but we need to have some kind of exclusion
>>> rule because at some point this really
>>> have to be used in the core...
>>>
>>> We can remove that rule again because the Framework will replace
>>> these superglobals anyway and if someoneelse's code tries to access
>>> them, an exception will be thrown. This feature is only disabled
>>> currently because it made development easier for me.
>>>
>>> robert
>>
>> Hi Robert,
>>
>> this Rule is already implemented ;) Perhaps it can be used for TPR,
>> that the Package properbly works and a Package does not work well.
>>
>> And should be mention in the Rules, that you have an overview about
>> what is allowed and disallowed.
>>
>> What about PHPmyadmin etc. I think they are using them... Does the
>> Framework throws an error using them?
>
> I have also noticed this when Robert showed that feature on some
> previous T3DD: doing that error throwing on access will make integration
> of "existing" PHP projects (e.g. gallery, captcha, etc) impossible. Or
> is there already some way of dealing with these cases?
>
> Cheers,
> Ernesto
I think the 'Resources/PHP/'-Directory must ignored for this issue
More information about the TYPO3-project-5_0-general
mailing list