[TYPO3-50-general] Discussion to CondingStandards
Tim Eilers
tim.eilers at web.de
Mon Jan 14 21:07:01 CET 2008
Malte Jansen schrieb:
> Ernesto Baschny [cron IT] schrieb:
>> Malte Jansen wrote: on 14.01.2008 10:58:
>>
>>>> from the Wiki:
>>>>
>>>> (MJ) Security-Issue: All extensions have to use special-functions
>>>> of the framework/lib for it. List of
>>>> possible disallowed variables: * $_GET * $_POST * $_SERVER
>>>> (TE) i implemented it, but we need to have some kind of exclusion
>>>> rule because at some point this really
>>>> have to be used in the core...
>>>>
>>>> We can remove that rule again because the Framework will replace
>>>> these superglobals anyway and if someoneelse's code tries to access
>>>> them, an exception will be thrown. This feature is only disabled
>>>> currently because it made development easier for me.
>>>>
>>>> robert
>>>
>>> Hi Robert,
>>>
>>> this Rule is already implemented ;) Perhaps it can be used for TPR,
>>> that the Package properbly works and a Package does not work well.
>>>
>>> And should be mention in the Rules, that you have an overview about
>>> what is allowed and disallowed.
>>>
>>> What about PHPmyadmin etc. I think they are using them... Does the
>>> Framework throws an error using them?
>>
>> I have also noticed this when Robert showed that feature on some
>> previous T3DD: doing that error throwing on access will make
>> integration of "existing" PHP projects (e.g. gallery, captcha, etc)
>> impossible. Or is there already some way of dealing with these cases?
>>
>> Cheers,
>> Ernesto
>
> I think the 'Resources/PHP/'-Directory must ignored for this issue
Since that topic is unclear i will deactivate that alreay written sniff
for the first time.
(And a Framework Exception later is also a "sniff" in a special way ;D)
More information about the TYPO3-project-5_0-general
mailing list