[TYPO3-core] RFC #14387: Remove the feature "Enable extensions without review (basic security check)" from EM
Steffen Gebert
steffen at steffen-gebert.de
Fri May 21 08:16:18 CEST 2010
Am 13.05.2010, 20:21 Uhr, schrieb Lars Houmark <lars at houmark.com>:
> Type: Bugfix / Clean up
>
> BT reference: http://bugs.typo3.org/view.php?id=14387
>
> Branches: trunk
>
> Problem:
> The Extension Manager has a feature (which is enabled by default) to
> only lookup "reviewed" extensions. The problem is though, no extensions
> is reviewed anymore. In relation to that, the update feature of the EM
> uses the same logic to only update extensions that is reviewed if the
> setting is set to "reviewed only". This can prevent users from updating
> to the newest release of an extension, which is bad, because the latest
> release may be a security release.
>
> Solution:
> Remove the feature.
>
Hi Lars,
although this is not the desired core review.
> + // Show extensions without a review or that have passed a review, but
> not insecure extensions
> + $where .= ' AND reviewstate >= 0';
Why not just leave the reviewstate out of WHERE?
Removing checkReviewState() and checkReviewStateGlobal() - are we allowed
to do so, or do we have to deprecate them? Think they are internal helper
functions, so I'm fine with it. But is this the "official" view?
> $GLOBALS['LANG']->getLL('list_or_look_up_extensions') . ':</label>
Can't you include the ":" in the LL?
But in general
+1 by reading and testing.
Steffen
More information about the TYPO3-team-core
mailing list