[TYPO3-core] RFC: Feature: #0016183: Edit TypoScript file content in t3editor
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Nov 10 11:16:56 CET 2010
Hi,
I think it is a dangerous feature to allow the TypoScript editor to
write "random files" on the filesystem. I haven't reviewed that feature,
but wouldn't that allow the TS-editor to overwrite "localconf.php"?
Writing "new files" without checking is also dangerous and should not be
a new hidden new feature inside a follow-up to an already closed and
committed RFC. Please consider handlign that in a separate RFC.
Cheers,
Ernesto
Tobias Liebig schrieb am 10.11.2010 10:47:
> +1 by reading and testing. (its almost a no-brainer)
>
> although i think new files should only be created, if they contain some code. So it should not create 0 byte sized files.
> But i think thats an other issue and can be fixed/changed later (after discuss pros and cons :-)
>
> regards
> tobias
>
> P.S.: i'm not sure about the rules in this case:
> am i allowed to commit this patch as a follow-up right away or do we need to wait for another +1 and commit it as a "feature" (before b1 is released)
>
>
> Am 09.11.2010 um 20:54 schrieb Fabrizio Branca:
>
>> And here's the patch file...
>>
>> Bye,
>>
>> Fabrizio
>>
>>
>>
>> On 08.11.2010 09:37, Fabrizio Branca wrote:
>>> One little follow-up issue:
>>>
>>> If we change
>>>
>>> if·(!is_writable($realFileName))·{
>>> throw·new·Exception(sprintf('"%s"·is·not·writable.',·$fileName));
>>> }
>>>
>>> to
>>>
>>> if·(is_file($realFileName) && !is_writable($realFileName))·{
>>> throw·new·Exception(sprintf('"%s"·is·not·writable.',·$fileName));
>>> }
>>>
>>> we would be able to simple create those files (even if the don't exist)
>>> by simply wrapping
>>>
>>> ### <INCLUDE_TYPOSCRIPT: source="FILE:fileadmin/newfiles.ts"> BEGIN:
>>> ...Content that should go into a newly created file...
>>> ### <INCLUDE_TYPOSCRIPT: source="FILE:fileadmin/newfiles.ts"> END:
>>>
>>> Currently this is not possible, because the check will throw an
>>> exception as a non existent file is not writable.
>>>
>>> Bye,
>>>
>>> Fabrizio
>>
>> <16183_followup.patch>_______________________________________________
>> Before posting to this list, please have a look to the posting rules
>> on the following websites:
>>
>> http://typo3.org/teams/core/core-mailinglist-rules/
>> http://typo3.org/development/bug-fixing/diff-and-patch/
>> _______________________________________________
>> TYPO3-team-core mailing list
>> TYPO3-team-core at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-team-core
>
More information about the TYPO3-team-core
mailing list