[TYPO3-core] RFC #12094: Bug (<- Feature, not bug...) : stdWrap function fullQuoteStr
Steffen Müller
typo3 at t3node.com
Fri Nov 13 12:07:02 CET 2009
Hi.
On 01.10.2009 17:26 Bastian Waidelich wrote:
>
> BTW: I think, "fullQuoteStr" & "quoteStr" are fine here.. They are not
> the best method names really, but TYPO3 devs know what they mean..
>
+1 by reading and testing
I plead for pushing this into 4.3 since it is security related and a
nobrainer.
The patch makes it far more easier to quote stuff in TS and write secure
DB requests. Although userfunc is possible, an explicit (and documented)
option will attract more attention and make it easier to implement
quoting/escaping.
We have two +1 from non core, though Bastian is v5 core member.
Steffen Kamper gave -1, but maybe he changed his mind meanwhile?
I will write some text + examples for the TSref once this patch made it
into 4.3.
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Blubber on Twitter: http://twitter.com/t3node
More information about the TYPO3-team-core
mailing list