[TYPO3-core] RFC: #11019: User Setup Rewrite #4
Rupert Germann
rupi at gmx.li
Thu May 21 16:37:40 CEST 2009
;-)
activating htmlspecialchars on LANG->sL() as I did in v6 is of course crap -
removed it in attached v7
greets
rupert
Rupert Germann wrote:
> hi Steffen,
>
> Steffen Kamper wrote:
> ...
>>> * RTEenabled and noMenuMode are always shown.
>>> unset($fieldArray['noMenuMode']); fails of course, because there is no
>>> key called 'noMenuMode' anymore.
>>>
>> solved too
>
> ok, but ... ;-)
> did you know that there's a function called t3lib_div::rmFromList() ?
> or alternatively: t3lib_div::removeArrayEntryByValue() would also be an
> option here since $fieldList is converted to an array anyway.
>
>>> * most of the htmlspecialchars() calls are not needed because they are
>>> applied to strings which are ascii anyway eg. columnnames.
>> as you said: don't trust. It's more secure to do this to avoid tamper
>> manipulated data.
>
> yes that's of cource true for things that come from outside or have
> non-predictable content like csh items but something like
> htmlspecialchars($config['type']) is definetively unnecessary since
> $config can't be manipulated from outside.
>
> One little thing more: I changed the position of the closing div which
> wraps the complete module output because it was added after the closing
> <html> tag.
>
> I attached a v6 patch which includes the mentioned changes.
>
> greets
> rupert
More information about the TYPO3-team-core
mailing list