[TYPO3-core] Announcing TYPO3 4.5.18, 4.6.11 and 4.7.3

Helmut Hummel helmut.hummel at typo3.org
Wed Aug 8 22:47:38 CEST 2012


Hi,

On 08.08.12 21:39, Oliver Hader wrote:

> can you please create a new report on Forge and post the values of
> $selectPart that are used to call tslib_cObj::sanitizeSelectPart()?

I fear the regex used for tslib_cObj::sanitizeSelectPart() is ureliable 
and, that we will never catch all possible cases without doing a real 
SQL parsing, which imho too much overhead for fixing the original issue. 
Regex can not do this job properly[1]

We must either live with these regression for the next several releases 
(it's the third release, which introduced a different kind of regression 
in the same area) or just remove this method and add to the 
documentation that in case wokrspace preview is needed, the respective 
fields need to be added manually.

I would prefer a working tslib_cObj::sanitizeSelectPart() of course, but 
have no idea to get this done reliably. That is why I would vote vor 
reverting it completely.

Kind regards,
Helmut

[1]http://stackoverflow.com/questions/139926/regular-expression-to-match-common-sql-syntax

-- 
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Leader

TYPO3 .... inspiring people to share!
Get involved: typo3.org


More information about the TYPO3-team-core mailing list