[TYPO3-core] Announcing TYPO3 4.5.18, 4.6.11 and 4.7.3
Helmut Hummel
helmut.hummel at typo3.org
Wed Aug 8 22:47:38 CEST 2012
Hi,
On 08.08.12 21:39, Oliver Hader wrote:
> can you please create a new report on Forge and post the values of
> $selectPart that are used to call tslib_cObj::sanitizeSelectPart()?
I fear the regex used for tslib_cObj::sanitizeSelectPart() is ureliable
and, that we will never catch all possible cases without doing a real
SQL parsing, which imho too much overhead for fixing the original issue.
Regex can not do this job properly[1]
We must either live with these regression for the next several releases
(it's the third release, which introduced a different kind of regression
in the same area) or just remove this method and add to the
documentation that in case wokrspace preview is needed, the respective
fields need to be added manually.
I would prefer a working tslib_cObj::sanitizeSelectPart() of course, but
have no idea to get this done reliably. That is why I would vote vor
reverting it completely.
Kind regards,
Helmut
[1]http://stackoverflow.com/questions/139926/regular-expression-to-match-common-sql-syntax
--
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list