[TYPO3-dev] A skin problem in page tree

Tapio Markula tapio.markula at dnainternet.net
Sun May 28 22:26:11 CEST 2006


Martin Kutschker wrote:
> Tapio Markula schrieb:
> 
>> Martin Kutschker wrote:
>>
>>> If you need to read the config unserialize the data first.
>>
>>
>> from what documentation.
> 
> 
> If can do a strstr on an undocumented serialized config array, you can 
> do proper checking on an undocumented array.

Sorry, I'm not so good.


$TYPO3_CONF_VARS['EXT']['extConf']['tm_contentaccess'] = 
unserialize($TYPO3_CONF_VARS['EXT']['extConf']['tm_contentaccess'])

What next? how to detect individual items.
Anyway, what basically wrong is to use strstr() on a serialized config 
array?
Why you regard it as bad hack?
It is not any security risk.




More information about the TYPO3-dev mailing list