[TYPO3-english] REALURL - No hashcode/parameters passed -- Exclude Page from url
Dmitry Dulepov
dmitry.dulepov at gmail.com
Thu Mar 24 16:43:10 CET 2011
Hi!
Tobias Dörner wrote:
> Hi,
> /* SQL injection in it...*/
> fixed?
Yes. But due to messy code we were not able to audit the rest of the
extension for other issues. It is too difficult to understand what it does,
even for experienced TYPO3/PHP developers. I remember asking Jan to
reformat the code according to TYPO3 CGL and write comments but he said he
has no time.
May be the code changed since those time, I do not know. Never used CoolURI
again. I mostly rely on RealURL autoconfiguration. Usually it works out of
the box.
--
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-english
mailing list