Project

General

Profile

Actions

Feature #17881

closed

Enable stdWrap for select.where

Added by Oliver Hader over 16 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2007-12-03
Due date:
% Done:

100%

Estimated time:
PHP Version:
4.3
Tags:
Complexity:
Sprint Focus:

Description

stdWrap is not possible for select.where.
Example:
10 = CONTENT
10 {
table = tt_content
select.where.data = register:colPos
select.where.wrap = colPos=|
}

(issue imported from #M6882)


Files

0006882.patch (580 Bytes) 0006882.patch Administrator Admin, 2007-12-03 18:54
v43_0006882.patch (1.06 KB) v43_0006882.patch Administrator Admin, 2009-09-28 22:42

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Feature #22338: Added marker in CONTENT objectClosedSteffen Kamper2010-03-29

Actions
Related to TYPO3 Core - Feature #18822: Add stdWrap to each of the properties of TypoScript "select"ClosedErnesto Baschny2008-05-21

Actions
Actions #1

Updated by Ronald Steiner over 15 years ago

Seems still not to be included in Typo3 Version 4.2.1

or is there a work around, how to solve the above example without stdWrap?

Actions #2

Updated by Ralf Hettinger over 15 years ago

workaround: select.andWhere has stdWrap property

Actions #3

Updated by Martin Holtz about 15 years ago

just for notice, that feature would make it possible to write sql-statements in this way:

select.where.cObject = COA
select.where.cObject {
10 = TEXT
10.value = colPos={field:colPos}
20 = TEXT
20.value = AND pid IN ({field:pages})
stdWrap.insertData = 1
}

Actions #4

Updated by Sebastian Michaelsen over 14 years ago

Added a patch for current 4.3 trunk and with warning comments to avoid using GPvars to avoid SQL-Injections

Actions #5

Updated by Oliver Hader over 14 years ago

Thanks Sebastian! However, who is looking into the source code while typing TypoScript? The proper place would be TSref - but then it's still possible to produce insecure settings...

Actions #6

Updated by Martin Holtz over 14 years ago

well, it is possible to produce SQL-Injections right now - use andWhere.stdWrap for proper SQL Injection vulerability;)

perhaps it would make sense to integrate
fullQuoteStr as an stdWrap option - than you would not need an userFunction for that

Actions #7

Updated by Martin Holtz over 14 years ago

ok, i opened a ticket for that: #21169

Actions #8

Updated by Marc Bastian Heinrichs about 13 years ago

Could this be closed because of the markers concept in #22338?

Actions #9

Updated by Chris topher about 13 years ago

I just wanted to ask the same which Bastian already asked above:

Is this done with #22338?

Actions #10

Updated by Xavier Perseguers over 12 years ago

  • Category deleted (Communication)
  • Status changed from Accepted to Needs Feedback
  • Target version changed from 4.6.0 to 4.6.0-beta1
Actions #11

Updated by Stefan Neufeind over 12 years ago

Function-wise it cann all be done with markers (#22338), I agree. But having andWhere with stdWrap-support but not where sounds unlogic to me. Markers are imho a "heavy" way to solve even just small problems where somebody might just want to do something simple with an ID or typeNum he got from somewhere it (not GPvar). I like the idea of having where also support stdWrap "to have it clean".

(If there are strong objectionions, then those people please file another proposal to deprecate andWhere-stdWrap-support :-))

Actions #12

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change I22c0e2c1c49fdd44ab67b823043a2e07f304e8c8 has been pushed to the review server.
It is available at http://review.typo3.org/3337

Actions #13

Updated by Mr. Hudson over 12 years ago

Patch set 2 of change I22c0e2c1c49fdd44ab67b823043a2e07f304e8c8 has been pushed to the review server.
It is available at http://review.typo3.org/3337

Actions #14

Updated by Mr. Hudson over 12 years ago

Patch set 3 of change I22c0e2c1c49fdd44ab67b823043a2e07f304e8c8 has been pushed to the review server.
It is available at http://review.typo3.org/3337

Actions #15

Updated by Stefan Neufeind over 12 years ago

  • Status changed from Needs Feedback to Resolved
  • % Done changed from 0 to 100
Actions #16

Updated by Chris topher over 12 years ago

The documentation has been added to the wiki.

Actions #17

Updated by Xavier Perseguers about 12 years ago

  • Status changed from Resolved to Closed
Actions #18

Updated by Ernesto Baschny almost 11 years ago

  • Target version deleted (4.6.0-beta1)
Actions

Also available in: Atom PDF