[TYPO3-50-general] Discussion to CondingStandards

Malte Jansen mail at maltejansen.de
Mon Jan 14 16:04:16 CET 2008

Ernesto Baschny [cron IT] schrieb:
> Malte Jansen wrote: on 14.01.2008 10:58:
>>> from the Wiki:
>>>    (MJ) Security-Issue: All extensions have to use special-functions 
>>> of the framework/lib for it. List of
>>>    possible disallowed variables: * $_GET * $_POST * $_SERVER
>>>    (TE) i implemented it, but we need to have some kind of exclusion 
>>> rule because at some point this really
>>>    have to be used in the core...
>>> We can remove that rule again because the Framework will replace 
>>> these superglobals anyway and if someoneelse's code tries to access 
>>> them, an exception will be thrown. This feature is only disabled 
>>> currently because it made development easier for me.
>>> robert
>> Hi Robert,
>> this Rule is already implemented ;) Perhaps it can be used for TPR, 
>> that the Package properbly works and a Package does not work well.
>> And should be mention in the Rules, that you have an overview about 
>> what is allowed and disallowed.
>> What about PHPmyadmin etc. I think they are using them... Does the 
>> Framework throws an error using them?
> I have also noticed this when Robert showed that feature on some 
> previous T3DD: doing that error throwing on access will make integration 
> of "existing" PHP projects (e.g. gallery, captcha, etc) impossible. Or 
> is there already some way of dealing with these cases?
> Cheers,
> Ernesto

I think the 'Resources/PHP/'-Directory must ignored for this issue

More information about the TYPO3-project-5_0-general mailing list