[TYPO3-mvc] Extbase objects only partly (uid, pid) filled
Helmut Hummel
helmut.hummel at typo3.org
Wed Nov 12 16:19:19 CET 2014
Hi Philipp!
On 12.11.14 08:37, Philipp Wrann wrote:
> Dont know for sure about the correct usage of those:
> $GLOBALS['TSFE']->connectToDB();
> Frontend\Utility\EidUtility::connectDB();
>
> But this does the job inlcl. TCA/DB/Typoscript.... so basically a full Bootstrap:
I strongly suggest to not doing this. It is error prone, has no benefit
in terms of performance[1] …
> I didnt integrate a Access controll for plugin/controller/action combinations, if you use Controllers with CRUD methods, you may want to look at that.
>
>
> /**
> * Todo:
> * - Access Protection
> */
… and sometimes misses some crutial code. Using this will open up your
Extbase Backend Modules to the world. We alread published an advisory
where such an issue was fixed in yag[2].
Instead I recommend typoscript_rendering[3] which covers all needs I'm
aware of, is leightweight and easy to use[4] and highly compatible and
less hassle than configuring a dedicated page type for each plugin which
would else be an alternative.
Kind regards,
Helmut
[1]http://typo3.helmut-hummel.de/post/93861037135/the-tale-of-eid-performance
[2]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/
[3]http://typo3.helmut-hummel.de/post/90365109335/out-of-bound-typoscript-rendering
[4]http://typo3.helmut-hummel.de/post/93417538000/ajax-examples-for-out-of-bound-typoscript-rendering
--
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 CMS Active Contributor, TYPO3 Security Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-typo3v4mvc
mailing list