[TYPO3-core] RFC: Check required ?
Franz Holzinger
franz at fholzinger.com
Sat May 6 07:10:05 CEST 2006
Hello Bernhard,
>I was just making a site and wanted to output contents of "sys_domain" records using a CONTENT
>object when I had to find this line in tslib/class.tslib_content.php line 1153 :
>
>
>if ($conf['table']=='pages' || substr($conf['table'],0,3)=='tt_' || substr($conf['table'],0,3)=='fe_' || substr($conf['table'],0,3)=='tx_' || substr($conf['table'],0,4)=='ttx_' || substr($conf['table'],0,5)=='user_') {
>
>
>So now I'm wondering what this is for ... I mean TS can only get inserted by admin. And admins should know wheter
>they want to display contents of a table or not.
>
>
This looks like a check for allowed TYPO3 table names, doesn't it?
>So is there any obvious reason for this check ? Pherhaps other security issues I can't think of ....
>
>If not I would like to remove it ....
>
>
>
So you want to allow all table names?
Greets,
Franz
More information about the TYPO3-team-core
mailing list