[TYPO3-shop] Is there any input validation?
Franz Holzinger
franz at fholzinger.com
Thu Jan 4 18:46:39 CET 2007
Hello Reinhard,
> I scanned through the code, but did not
> find any proper input validation.
> I'm working with version 2.5.1., if that's important
All the input goes through the function t3lib_div::_GP('param');
Some checks are done in the file class.tx_ttproducts_control.php:
case 'products_payment':
$this->pibase->load_noLinkExtCobj(); // TODO
$pidagb = intval($this->conf['PIDagb']);
$checkRequired = $address->checkRequired();
$checkAllowed = $address->checkAllowed();
if ($this->paymentshipping->useCreditcard ()) {
$cardRequired = $card->checkRequired();
}
if ($this->paymentshipping->useAccount ()) {
$accountRequired = $account->checkRequired();
}
if ($checkRequired == '' && $checkAllowed == '' && $cardRequired == ''
&& $accountRequired == '' &&
- Franz
More information about the TYPO3-project-tt-products
mailing list