[TYPO3-templavoila] Giving the TO as a GET/POST parameter

[Dmitry Dulepov]

Hi!

Jean-Baptiste Rio wrote:
> I'm not convinced by your example, because they'are so much ways to do
> such "errors" in typoscript that i don't believe that we've to protect
> users against a misuse of what we provide.

This is not comparable. Ts is not open to anyone like browser's query
string.

> My idea was to allow the webmaster to select a set of allowed TO in the
> whole list of TO linked to the selected DS. In that case, if he chooses
> to open a security breach by allowing an admin TO, it's his choice, not
> a bug in the function.

You can do it in your own extension if you want but I will insist that
this is a wrong way.

Dmitry.
-- 
"It is our choices, that show what we truly are,
far more than our abilities." (A.P.W.B.D.)