[TYPO3-dev] config.baseURL, lt_basetag and security

[Xavier Perseguers]

Hi,

Marc Wöhlken wrote:
> Hi!
> Ries van Twisk schrieb:
>> I am not sure how the spoofing actually works, but from the looks of it
>> this extension could introduce the exact same problem.
> Bad extension coding style like using $_SERVER[HTTP_HOST] instead of
> $_SERVER["HTTP_HOST"] does not give me a warm and fuzzy feeling, too.

I'm sure you meant "instead of t3lib_div::getIndpEnv('HTTP_HOST')", didn't you? ;-)

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en

One contribution a day keeps the fork away