[TYPO3-dev] Any security risk in creating links to files using path, provided by user?
Victor Livakovsky
v-tyok at mail.ru
Sat Dec 4 09:31:17 CET 2010
Hi, Jigal
> - tslib_cObj::typoLink() this is the implementation of the TypoScript
> function typolink, so it will be easy for most people to configure it.
>
> The same is true for displaying images:
> - tslib_cObj::IMAGE()
> - tslib_cObj::IMG_RESOURCE()
> can be used to generate img-tags with all necessary options.
>
> The other challenge you mention is to make sure the URLs point to your
> local installation. The system extension felogin has to make similar
> checks for the redirect URL. You can borrow some code from
> typo3/sysext/felogin/pi1/class.tx_felogin_pi1.php function
> validateRedirectUrl() (and the functions it calls) to make sure you have a
> local URL. There is one difference: your code is meant to be run in the
> backend, so some checks might not be possible.
Many thanks to your response and explanations. I was too stupid, because I
thought, that I can't use any of tslib_content methods in BE. Now it looks
much easier :)
Regards.
More information about the TYPO3-dev
mailing list