[TYPO3-core] RFC: #12169: Sitemap: Recently updated pages broken
Oliver Hader
oliver at typo3.org
Wed Oct 14 15:51:21 CEST 2009
Hi Berndhard,
Bernhard Kraft schrieb:
> As just mentioned in my reply to the #10050 thread, this patch also
> introduced a litte bit of security issue - not a big issue. But an admin
> could use TypoScript to output BE-User records on a FE page
I could not reproduce this (as also mentioned in the thread of RFC
#10050). Checking the valid pids would search for pages with the uid "0"
- but this page does not exist - and exectly for that case #10050
introduced that check for the tables pages. So, I don't see a security
issue here.
> Shame on me! So we should just Revert this directly and nothing will be
> broken anymore *uff*
I agree, since it could reproducte the problem of this RFC and reverting
#10050 solves it.
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-team-core
mailing list