[TYPO3-core] RFC: Check required ?

Martin Kutschker Martin.Kutschker at n0spam-blackbox.net
Tue May 16 09:54:55 CEST 2006


Bernhard Kraft schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> 
> I was just making a site and wanted to output contents of "sys_domain" records using a CONTENT
> object when I had to find this line in tslib/class.tslib_content.php line 1153 :
> 
> 
> if ($conf['table']=='pages' || substr($conf['table'],0,3)=='tt_' || substr($conf['table'],0,3)=='fe_' || substr($conf['table'],0,3)=='tx_' || substr($conf['table'],0,4)=='ttx_' || substr($conf['table'],0,5)=='user_')   {
> 
> 
> So now I'm wondering what this is for ... I mean TS can only get inserted by admin. And admins should know wheter
> they want to display contents of a table or not.
> 
> So is there any obvious reason for this check ? Pherhaps other security issues I can't think of ....
> 
> If not I would like to remove it ....

You only got two +1 for adding "sys_"...

Masi



More information about the TYPO3-team-core mailing list