[TYPO3-core] stdWrap implementing php-functions?

Georg Ringer mail at ringerge.org
Thu Jul 14 07:21:17 CEST 2011


Am 13.07.2011 19:31, schrieb Tolleiv Nietsch:
> But wouldn't it make more sense to go a more generic way and provide
> something like "stdWrap.php.<functionName>" and encapsulate all the
> native stuff there (whitelisted of course) ?

have thought about that too but IMO the problem is that many php 
functions need more than one argument, so not possible anymore and I 
wouldn't like something like:
lib.fo = TEXT
lib.fo {
  value = bar
  php.function = whatever
  php.function.argument1 = some
  php.function.argument2 = thing

> Just in short the benefits we have:
> * Clearer API

is this really clearer or just lazy

> * Possible security risks if we whitelist wrong stuff

there is no need for whitelist IMO as TS = admin and you can do a 
perfect sql injection, XSS with it.

* TS functions are dependent on php versions. I don't like that very 
much. TS should work (in same TYPO3 version) the same.


More information about the TYPO3-team-core mailing list