[TYPO3-dev] [TYPO3-core] RFC #12094: Bug: stdWrap function fullQuoteStr

Peter Niederlag typo3-list at niekom.de
Mon Oct 5 10:24:37 CEST 2009


Hi,

[...]
> It is not the first and not the last time when different security
> issues are discussed openly. Sometimes people simply do not
> understand that it is dangerous.
[...]

???

First of all: this is not about any security issue, it is about a new
feature and its implementation!

I guess consulting with sec team on this matter _could_ be beneficial
just to get their opinion but this open discussion is in now way
dangerous! Rather the oppsoite as it might raise the awareness for the
matter.

IMO providing stdWrap.fullQuoteStr and alike is a *huge* improvement and
definitly a *must* before easing the way TS-developer can incorporate
(EVIL!) GP-data in queries! And I would pretty much assume the security
team thinks the same way.

Greets,
Peter
-- 
Peter Niederlag
http://www.niekom.de * TYPO3 & EDV Dienstleistungen *




More information about the TYPO3-dev mailing list