[TYPO3-core] RFC: #11896: User Setup miss save of be_users fields and miss handling of default value
Steffen Gebert
steffen at steffen-gebert.de
Sat Sep 19 15:06:17 CEST 2009
On Sat, 19 Sep 2009 15:03:56 +0200, Steffen Kamper <info at sk-typo3.de>
wrote:
> Hi,
>
> here comes v2 which also use a hook for access. See OpenID (#10585_v6)
> which use the access check for render the OpenID identifier field with
> access check (not only admin).
> Further the access check is done while writing the be_users fields, so
> there is no way to tamper the POST data.
>
> Best way to test is this patch and then 10585_v6 which uses it.
+1 by reading & testing.
Thanks
Steffen
More information about the TYPO3-team-core
mailing list