[TYPO3-dev] CONTENT object and SQL injection prevention

Peter Russ peter.russ at 4many.net
Mon Mar 29 20:11:15 CEST 2010


--- Original Nachricht ---
Absender:   Jigal van Hemert
Datum:       27.03.2010 16:03:
[...]
> - I'd like to nominate andWhere to be marked as deprecated with this 
> feature, because the support of stdWrap allows SQL injection problems to 
> occur; with named markers the functionality of andWhere is moved to a 
> safer place.

I don't like that: there may be reasons WHY this might be required. Just 
tell admin/devs that this is dangerous and it is THEIR responsibility. 
Otherwise we should forbid smoking at any TYPO3 event ;-)

Peter.

-- 
docendo discimus

_____________________________
uon GbR
http://www.uon.li
http://www.xing.com/profile/Peter_Russ




More information about the TYPO3-dev mailing list