[TYPO3-core] RFC: Check required ?
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Tue May 16 09:54:55 CEST 2006
Bernhard Kraft schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
>
> I was just making a site and wanted to output contents of "sys_domain" records using a CONTENT
> object when I had to find this line in tslib/class.tslib_content.php line 1153 :
>
>
> if ($conf['table']=='pages' || substr($conf['table'],0,3)=='tt_' || substr($conf['table'],0,3)=='fe_' || substr($conf['table'],0,3)=='tx_' || substr($conf['table'],0,4)=='ttx_' || substr($conf['table'],0,5)=='user_') {
>
>
> So now I'm wondering what this is for ... I mean TS can only get inserted by admin. And admins should know wheter
> they want to display contents of a table or not.
>
> So is there any obvious reason for this check ? Pherhaps other security issues I can't think of ....
>
> If not I would like to remove it ....
You only got two +1 for adding "sys_"...
Masi
More information about the TYPO3-team-core
mailing list