[TYPO3-core] RFC: Feature Request #6882: Enable stdWrap for select.where
Dan Osipov
dosipov at phillyburbs.com
Wed Sep 2 14:30:37 CEST 2009
I read the note - and I see the problem. A good solution would be to
escape the values - but that's not part of this patch.
Dan Osipov
Calkins Media
http://danosipov.com/blog/
Oliver Hader wrote:
> Hi,
>
> Joey posted some notes to #11193 which is similar to this issue.
> He mentioned the possibility of introducing SQL injections for
> TypoScript beginners. And he's just right with his statement.
>
> The negative side-effect of applying this RFC to Trunk would be that SQL
> injections then possible in TypoScript as well. I don't think this is a
> good idea.
>
> Since I don't know about a suitable solution I don't want to integrate
> features like this or #11193 as they are.
>
> Maybe someone else has a good idea...
>
> olly
>
>
> Dan Osipov schrieb:
>> What's the status of this?
More information about the TYPO3-team-core
mailing list