[TYPO3-core] RFC #4272: Inconsistent return values of ini_get() produce false positives for safe_mode detection
Marcus Krause
marcus#exp2010 at t3sec.info
Fri Oct 1 16:45:34 CEST 2010
Hi!
Peter Beernink schrieb am 10/01/2010 02:15 PM Uhr:
> Hi,
> [...]
> Problem: Inconsistent return values of ini_get() produce false positives for
> safe_mode detection[...]
In the patch I'd use PHP's ext/filter instead of string comparisons.
Example:
public static function isSafeModeEnabled() {
return filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN,
FILTER_REQUIRE_SCALAR | FILTER_NULL_ON_FAILURE);
}
Marcus.
--
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/
More information about the TYPO3-team-core
mailing list