[TYPO3-core] [TYPO3-security] RFC: EM displays insecure extensions
Karsten Dambekalns
karsten at typo3.org
Tue Feb 20 11:49:00 CET 2007
Hi.
On 16.02.2007, at 16:11, Rupert Germann wrote:
> But I you configure your EM to show '... extensions without review
> (basic
> security check):' (as the text next to the checkbox states) ALL
> extensions
> will be listed also those with reviewstate set to -1 (= they have
> NOT passed
> a basic security check and are known to be insecure/dangerous/crap...)
I checked for 4.1, with the DB-based extension list cache. Two
problems are addresses by the attached patch:
* the database field for reviewstate was unsigned, thus it never
stored -1
* the code didn't filter a reviewstate of < 0
For 4.0 the needed change affects the code only to ignore review
states < 0 completely. See attached diff.
Regards,
Karsten
--
Karsten Dambekalns
Gimme Five!
http://typo3.org/gimmefive
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reviewstate-4.1.diff
Type: application/octet-stream
Size: 2505 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070220/281bae14/attachment-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reviewstate-4.0.diff
Type: application/octet-stream
Size: 1257 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070220/281bae14/attachment-0003.obj
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 304 bytes
Desc: This is a digitally signed message part
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070220/281bae14/attachment-0001.pgp
More information about the TYPO3-team-core
mailing list