[TYPO3-core] Call for help: Migrate core extensions to extbase
Helmut Hummel
helmut.hummel at typo3.org
Fri May 4 23:50:53 CEST 2012
Hi Christian,
thanks for the nice status update.
On 04.05.12 21:54, Christian Kuhn wrote:
> It seems we have at least two bigger issues here:
I'd like to add a few more things that came to my mind when looking at
the current status of already merged or pending extbase backend modules:
* The viewpage module has a DocHeader layout in it's own extension
folder. Would be good to have a global layout folder for all backend
modules to reduce duplicate fluid templates.
* Get rid of t3lib_div::_GP('id') calls in the controller. In extbase we
have a request object we should use. If the request namespace should be
a problem, we need a solution for that.
* Backend modules need to take care of a lot of security stuff.
Permissions, access checks, CSRF protection etc. We should introduce the
needed security layer(s) with a solid API and put in a good place (maybe
extbase).
* We should definitely get rid of creating URLs by concatenating
strings; that's a pain. The UriBuilder must work for backend URLs. By
using the UriBuilder we could e.g. easily handle adding the CSRF
protection token on a central place.
OK, that's it for now.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list