[TYPO3-dev] Restrictions for CONTENT.table
Sebastian Gebhard
sebastiangebhard at hoch2.de
Thu Feb 25 08:17:43 CET 2010
Am 24.02.10 20:57, schrieb Georg Ringer:
> IMO there shouldn't be a restriction at all because TS is done by an
> admin anyway and he needs to think before coding. If TS doesn't allow
> him to get what he wants/needs, he can still create an insecure extension.
>
> this is just my personal opinion!
> Georg
I absolutely agree.
But some people in this community think TS needs security restrictions.
Compare the discussion about stdWrap properties for
CONTENT.select.where. It still does not have stdWrap, because of
possible SQLinjection vulnerabilities when using GPVar directly.
More information about the TYPO3-dev
mailing list