[TYPO3-core] RFC: Bugfix: #10417: Remove debugging code from sysext t3skin
Dmitry Dulepov
dmitry at typo3.org
Thu Feb 12 10:17:47 CET 2009
Hi!
Marcus Krause wrote:
> Bugtracker reference: http://bugs.typo3.org/view.php?id=10417
>
> Problem:
> Class Print_a_class (debuglib.php) provides debugging functionality
> (show variables, etc..). It's not needed for sysext t3skin to work, nor
> it's used at all throughout the Core.
> I guess PHP and TYPO3 do provide enough possibilities to debug code;
> additional unmaintained code is not needed.
>
> Furthermore, it's a potential security flaw as it puts request
> parameters into global scope. See Print_a_class::show_vars(). (=
> simulates register_global)
>
> Solution:
> Get rid of it before someone actually uses this code.
+1 to the ext_table.php part of the patch. typo3/sysext/t3skin/debuglib.php should be removed using "svn rm typo3/sysext/t3skin/debuglib.php". The patch will leave such file in the core but empty. Instead we should remove it completely.
--
Dmitry Dulepov
TYPO3 core team
"Sometimes they go bad. No one knows why" (Cameron, TSCC, "Dungeons&Dragons")
More information about the TYPO3-team-core
mailing list