[TYPO3-50-general] Discussion to CondingStandards

Tim Eilers tim.eilers at web.de
Mon Jan 14 21:07:01 CET 2008

Malte Jansen schrieb:
> Ernesto Baschny [cron IT] schrieb:
>> Malte Jansen wrote: on 14.01.2008 10:58:
>>>> from the Wiki:
>>>>    (MJ) Security-Issue: All extensions have to use special-functions
>>>> of the framework/lib for it. List of
>>>>    possible disallowed variables: * $_GET * $_POST * $_SERVER
>>>>    (TE) i implemented it, but we need to have some kind of exclusion
>>>> rule because at some point this really
>>>>    have to be used in the core...
>>>> We can remove that rule again because the Framework will replace
>>>> these superglobals anyway and if someoneelse's code tries to access
>>>> them, an exception will be thrown. This feature is only disabled
>>>> currently because it made development easier for me.
>>>> robert
>>> Hi Robert,
>>> this Rule is already implemented ;) Perhaps it can be used for TPR,
>>> that the Package properbly works and a Package does not work well.
>>> And should be mention in the Rules, that you have an overview about
>>> what is allowed and disallowed.
>>> What about PHPmyadmin etc. I think they are using them... Does the
>>> Framework throws an error using them?
>> I have also noticed this when Robert showed that feature on some
>> previous T3DD: doing that error throwing on access will make
>> integration of "existing" PHP projects (e.g. gallery, captcha, etc)
>> impossible. Or is there already some way of dealing with these cases?
>> Cheers,
>> Ernesto
> I think the 'Resources/PHP/'-Directory must ignored for this issue

Since that topic is unclear i will deactivate that alreay written sniff
for the first time.
(And a Framework Exception later is also a "sniff" in a special way ;D)

More information about the TYPO3-project-5_0-general mailing list