[TYPO3-dev] A skin problem in page tree
Tapio Markula
tapio.markula at dnainternet.net
Sun May 28 22:26:11 CEST 2006
Martin Kutschker wrote:
> Tapio Markula schrieb:
>
>> Martin Kutschker wrote:
>>
>>> If you need to read the config unserialize the data first.
>>
>>
>> from what documentation.
>
>
> If can do a strstr on an undocumented serialized config array, you can
> do proper checking on an undocumented array.
Sorry, I'm not so good.
$TYPO3_CONF_VARS['EXT']['extConf']['tm_contentaccess'] =
unserialize($TYPO3_CONF_VARS['EXT']['extConf']['tm_contentaccess'])
What next? how to detect individual items.
Anyway, what basically wrong is to use strstr() on a serialized config
array?
Why you regard it as bad hack?
It is not any security risk.
More information about the TYPO3-dev
mailing list