[TYPO3-core] [TYPO3-security] RFC: EM displays insecure extensions
Rupert Germann
rg at rupert-germann.de
Tue Feb 20 12:20:32 CET 2007
Hi Karsten,
checked both patches: they work.
+1 for both
greets
rupert
On Tuesday 20 February 2007 11:49, Karsten Dambekalns wrote:
> Hi.
>
> On 16.02.2007, at 16:11, Rupert Germann wrote:
> > But I you configure your EM to show '... extensions without review
> > (basic
> > security check):' (as the text next to the checkbox states) ALL
> > extensions
> > will be listed also those with reviewstate set to -1 (= they have
> > NOT passed
> > a basic security check and are known to be insecure/dangerous/crap...)
>
> I checked for 4.1, with the DB-based extension list cache. Two
> problems are addresses by the attached patch:
> * the database field for reviewstate was unsigned, thus it never
> stored -1
> * the code didn't filter a reviewstate of < 0
>
> For 4.0 the needed change affects the code only to ignore review
> states < 0 completely. See attached diff.
>
> Regards,
> Karsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070220/a9abb88d/attachment.pgp
More information about the TYPO3-team-core
mailing list