[TYPO3-templavoila] Giving the TO as a GET/POST parameter
Jean-Baptiste Rio
triphot69 at hotmail.com
Wed Mar 15 18:45:45 CET 2006
Dmitry Dulepov wrote:
> Depends on your site. For example, if you have TO for normal, advanced
> and admin templates and you show normal to everyone, advanced to logged
> in, then one could easily view admin version too.
>
Dmitry,
I'm not convinced by your example, because they'are so much ways to do
such "errors" in typoscript that i don't believe that we've to protect
users against a misuse of what we provide.
My idea was to allow the webmaster to select a set of allowed TO in the
whole list of TO linked to the selected DS. In that case, if he chooses
to open a security breach by allowing an admin TO, it's his choice, not
a bug in the function.
Regards,
JB
More information about the TYPO3-project-templavoila
mailing list