[TYPO3-core] RFC: #11019: User Setup Rewrite #4
Rupert Germann
rupi at gmx.li
Thu May 21 18:39:34 CEST 2009
Steffen Kamper wrote:
...
> funny, i searched for it but overlooked. naming rm... okay :)
first I searched for "remove..." too - but since I was shure that it was
there I tried it with "list..." ;-)
> removeArrayEntryByValue would be the wrong as it would be
> removeArrayEntryByKey needed.
no. you explode $fieldList to $fieldArray which results in an array with the
fieldnames as values. otherwise I'd simply use unset().
...
>> yes that's of cource true for things that come from outside or have
>> non-predictable content like csh items but something like
>> htmlspecialchars($config['type']) is definetively unnecessary since
>> $config can't be manipulated from outside.
>
> think of editor who tries to hack into on the way getting admin rights.
> Security isn't bad at all.
but - as far as I can see - all input that can be manipulated by users IS
htmlspecialchared. And thats enough. If you still see possibilities to
tamper data... please let me know.
> i tested v7 but didn't applied clean, did you used latest trunk? i'll
> try it online now.
yes, I thought so. I used svn diff from trunk root.
there seems to be a whitespace problem .
"patch -p0 -l < 11019_v7.diff" works for me
-l = ignore whitespaces
> Thx for your help, teamwork gets the best out of it.
yeah, virtual hiFive!! :-)
greets
rupert
More information about the TYPO3-team-core
mailing list