[TYPO3-core] RFC #13754: Secure Install Tool Login
Xavier Perseguers
typo3 at perseguers.ch
Sat Mar 6 22:02:02 CET 2010
Hi Bernhard,
>> *typo3/sysext/saltedpasswords/sv1/class.tx_saltedpasswords_sv1.php*:
>>
>> $GLOBALS['TYPO3_DB']->exec_UPDATEquery( 'be_users', sprintf('uid =
>> %u', $uid), $updateFields);
>
> This is not my code - I just changed the indent. The original author
> should take care of this. I mean I can correct this - but AFAIR there
> one must not worry about CGL issues commited by someone else in code
> around my changes ... else I would have to fix all CGL issues made by
> someone else!!!
Well, you must not fix CGL issues when they are not part of the patch or are around the code you added but I would fix it for all lines having a "+" in the patch file I submit as it means I did
something on that line, even if it's only reindenting...
>> *typo3/sysext/install/mod/class.tx_install.php*:
>>
>> - single line test instead of using {}
>
> AFAIK you should NEVER make single line tests without using curly
> braces. Else you could run into the dangling else problem:
But you did. I wrote what you did, not what you should have done ;-)
>> - using "true" and "false" instead of "TRUE" and "FALSE"
>
> I did not read the CGL for long time. 3 years ago this wasn't important :)
This is more nitpicking but...
>> $passwordOk = ($this->hashedPassword ===
>> $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']);
>
> I did not knew this is allowed according to the CGL. I find the other
> more readable.
I don't think CGL says something about this. This is more a personal taste ;-)
>> - Using == instead of === at many places
>
> Usually I know when I want to do strongly-typed compared.
> I know that
>
> if ("bla" == 0) {
> echo "is true!";
> }
>
> which one usually does not expect. I usually think about my "=="
> compares and use "===" only when it is required. Are there any
> preferences by the CGL? What of both is faster?
I don't know whether one is faster than the other. CGL says that === should be preferred for string comparisons at least.
Greets
--
Xavier Perseguers
http://xavier.perseguers.ch/en
More information about the TYPO3-team-core
mailing list