[TYPO3-english] Insert Content via TypoScript - sys_language_uid
Philipp Gampe
typo3.lists at philippgampe.info
Thu Feb 9 22:28:32 CET 2012
Hi Tomas,
Tomas Norre Mikkelsen wrote:
> On 02/09/2012 11:29 AM, Georg Ringer wrote:
>> Am 09.02.2012 11:24, schrieb Tomas Norre Mikkelsen:
>>> andWhere.dataWrap = tt_content.sys_language_uid = {GP:L}
>>
>> which is a perfect sql injection!
>
> hmm. thanks for hints, think a have an link to article on TS and
> Injections.
>
> http://www.t3node.com/blog/is-sql-injection-possible-in-typoscript-
objects/
>
> Better?
>
> page.10 = CONTENT
> page.10 {
> table=tt_content
> select{
> pidInList = 107
> orderBy = sorting
> andWhere.data = GP:L
> andWhere.wrap = tt_content.sys_language_uid = |
> andWhere.intval = 1
> }
> }
Yes, looks good :)
Best regards
--
Philipp Gampe – PGP-Key 0AD96065
More information about the TYPO3-english
mailing list