[TYPO3-core] RFC #13940 Preventing SQL injections in CONTENT object
Jigal van Hemert
jigal at xs4all.nl
Tue Apr 13 22:08:12 CEST 2010
Version 4 attached.
After discussing things with Susanne tonight the following functionality
is included:
CONTENT.select has a new property 'markers'. This is an array of marker
names. Each marker name has a property 'value' to set a value directly
and supports all stdWrap properties. To interpret the data as a comma
separated list an extra property 'commaSeparatedList' is added; when set
the value is quoted as a comma separated list.
Example:
10 = CONTENT
10 {
table = tt_news
select {
selectFields = *
pidInList = 4
where = title > ###name### AND uid IN (###list###)
markers {
name.data = GP:first
name.wrap = a|a
list.value = 1,2
list.commaSeparatedList = 1
}
}
}
Documentation for TSref:
markers : array of marker names; each name supports:
value
type: value
description: The value of the marker
commaSeparatedList
type: bool
description: If set the value is parsed as a comma separated list
(stdWrap properties)
Thanks to Martin, Steffen, Susanne and others for their feedback and
arguments.
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 13940_trunk_v4.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100413/43b1be40/attachment-0001.txt>
More information about the TYPO3-team-core
mailing list