[TYPO3-core] RFC #4272: Inconsistent return values of ini_get() produce false positives for safe_mode detection

Marcus Krause marcus#exp2010 at t3sec.info
Fri Oct 1 16:45:34 CEST 2010


Hi!

Peter Beernink schrieb am 10/01/2010 02:15 PM Uhr:
> Hi,
> [...]
> Problem: Inconsistent return values of ini_get() produce false positives for
> safe_mode detection[...]

In the patch I'd use PHP's ext/filter instead of string comparisons.

Example:
public static function isSafeModeEnabled() {
	return filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN,
FILTER_REQUIRE_SCALAR | FILTER_NULL_ON_FAILURE);
}

Marcus.

-- 
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/


More information about the TYPO3-team-core mailing list