[TYPO3-dev] CONTENT object and SQL injection prevention
Peter Russ
peter.russ at 4many.net
Mon Mar 29 20:11:15 CEST 2010
--- Original Nachricht ---
Absender: Jigal van Hemert
Datum: 27.03.2010 16:03:
[...]
> - I'd like to nominate andWhere to be marked as deprecated with this
> feature, because the support of stdWrap allows SQL injection problems to
> occur; with named markers the functionality of andWhere is moved to a
> safer place.
I don't like that: there may be reasons WHY this might be required. Just
tell admin/devs that this is dangerous and it is THEIR responsibility.
Otherwise we should forbid smoking at any TYPO3 event ;-)
Peter.
--
docendo discimus
_____________________________
uon GbR
http://www.uon.li
http://www.xing.com/profile/Peter_Russ
More information about the TYPO3-dev
mailing list