[TYPO3-core] stdWrap implementing php-functions?
mail at ringerge.org
Thu Jul 14 07:21:17 CEST 2011
Am 13.07.2011 19:31, schrieb Tolleiv Nietsch:
> But wouldn't it make more sense to go a more generic way and provide
> something like "stdWrap.php.<functionName>" and encapsulate all the
> native stuff there (whitelisted of course) ?
have thought about that too but IMO the problem is that many php
functions need more than one argument, so not possible anymore and I
wouldn't like something like:
lib.fo = TEXT
value = bar
php.function = whatever
php.function.argument1 = some
php.function.argument2 = thing
> Just in short the benefits we have:
> * Clearer API
is this really clearer or just lazy
> * Possible security risks if we whitelist wrong stuff
there is no need for whitelist IMO as TS = admin and you can do a
perfect sql injection, XSS with it.
* TS functions are dependent on php versions. I don't like that very
much. TS should work (in same TYPO3 version) the same.
More information about the TYPO3-team-core