[TYPO3-core] RFC #11586: Problem with fix of the SQL injection bug
Xavier Perseguers
typo3 at perseguers.ch
Fri Oct 23 11:25:04 CEST 2009
Hi Ernesto,
>> But in reality the addition of the new member variable TSFE_EDIT
>> "slipped through", I haven't thought about this consequence. Please open
>> a new bug report for beta2 with the real problem description. Adding a
>> reference to #11586 as origin of the problem.
>>
>> It only affects trunk and only TemplaVoila with FE-Editing-Advanced
>> because we have in
>> feeditadvanced/templavoila/class.tx_templavoila_frontendedit.php:
>>
>> tx_templavoila_frontendedit extends t3lib_frontendedit
>>
>> which then needs access to this property.
>
> My mistake, it also affects regular feediting, because that property is
> accessed through:
>
> $TSFE_EDIT = $GLOBALS['BE_USER']->frontendEdit->TSFE_EDIT;
>
> by feedit and feeditadvanced. I would add a new method to the
> frontendEdit API to be able to retrieve this property instead of
> accessing it directly.
>
> Xavier, if you can, please open the new issue anyway.
Done with RFC #12321.
--
Xavier Perseguers
http://xavier.perseguers.ch/en
One contribution a day keeps the fork away
More information about the TYPO3-team-core
mailing list