[TYPO3-core] RFC #12065: HMENU - sectionIndex does not allow to select other CEs than colPos = 0
JoH asenau
info at cybercraft.de
Fri Sep 25 18:30:01 CEST 2009
> HMENU.sectionIndex is a real cool feature, however it is impossible to
> modify the WHERE clause when selecting the Content Elements on that
> page to create the elements in the sectionIndex.
>
> Thus, this patch adds an additional TypoScript option
> "sectionIndex.where (string + stdWrap)" to allow to override the where
> clause and to specifically select items based on other criteria than
> the default "colPos=0 and sys_language_uid=...".
By introducing stdWrap to a WHERE clause it would be possible to use
stdWrap.data = GPvar:blah or other nasty stuff. And if this would be
possible you can almost be sure that people will do it ;-)
This is why I guess it would be better to properly escape the result to
avoid MySQL injection here.
so
-1 by reading
Joey
--
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have no clues: simply shut your gob sometimes!)
Dieter Nuhr, German comedian
Xing: http://contact.cybercraft.de
Twitter: http://twitter.com/bunnyfield
TYPO3 cookbook (2nd edition): http://www.typo3experts.com
TYPO3 workshops: http://workshops.eqony.com
More information about the TYPO3-team-core
mailing list