[TYPO3-english] Insert Content via TypoScript - sys_language_uid
Tomas Norre Mikkelsen
tomasnorre at gmail.com
Thu Feb 9 11:36:27 CET 2012
On 02/09/2012 11:29 AM, Georg Ringer wrote:
> Am 09.02.2012 11:24, schrieb Tomas Norre Mikkelsen:
>> andWhere.dataWrap = tt_content.sys_language_uid = {GP:L}
>
> which is a perfect sql injection!
hmm. thanks for hints, think a have an link to article on TS and Injections.
http://www.t3node.com/blog/is-sql-injection-possible-in-typoscript-objects/
Better?
page.10 = CONTENT
page.10 {
table=tt_content
select{
pidInList = 107
orderBy = sorting
andWhere.data = GP:L
andWhere.wrap = tt_content.sys_language_uid = |
andWhere.intval = 1
}
}
--
Venlig Hilsen / Best Regards
Tomas Norre Mikkelsen
Tomasnorre at gmail.com
TYPO3 Developer @netimage.dk
TYPO3 Profile:
http://forge.typo3.org/users/4289
Follow me at twitter
Twitter.com/tomasnorre
More information about the TYPO3-english
mailing list