[TYPO3-core] RFC: #11019: User Setup Rewrite #4
Rupert Germann
rupi at gmx.li
Thu May 21 16:07:11 CEST 2009
hi Steffen,
Steffen Kamper wrote:
...
>> * RTEenabled and noMenuMode are always shown.
>> unset($fieldArray['noMenuMode']); fails of course, because there is no
>> key called 'noMenuMode' anymore.
>>
> solved too
ok, but ... ;-)
did you know that there's a function called t3lib_div::rmFromList() ?
or alternatively: t3lib_div::removeArrayEntryByValue() would also be an
option here since $fieldList is converted to an array anyway.
>> * most of the htmlspecialchars() calls are not needed because they are
>> applied to strings which are ascii anyway eg. columnnames.
> as you said: don't trust. It's more secure to do this to avoid tamper
> manipulated data.
yes that's of cource true for things that come from outside or have
non-predictable content like csh items but something like
htmlspecialchars($config['type']) is definetively unnecessary since $config
can't be manipulated from outside.
One little thing more: I changed the position of the closing div which wraps
the complete module output because it was added after the closing <html>
tag.
I attached a v6 patch which includes the mentioned changes.
greets
rupert
More information about the TYPO3-team-core
mailing list