Comments (6)
ah, nice! I was looking for just that and realized "uid" is not defined in TCA so can't currently filter by it. There currently is no way to filter by uid in the core (without getting other results which have the same number in the title), see also https://forge.typo3.org/issues/22985
from pagetreefilter.
Feel free to give it a try.
...If a field is not in TCA then the table scheme should be checked If the field exists.... If yes, then serve a Response. If not, then set filterErrorneous.
...Do we need a field whitelist regarding to security and editor accounts (information disclosure)? Would say no..
from pagetreefilter.
I do think it would be good to consider the security (information disclosure) aspect. Extensions might extend the DB structure, we do not know what might be stored additionally (though you cannot see the content, but you could for example select pages / content created by specific user). I think it is difficult to conceive all possible ways where this might be a problem now or in the future, so it might be good to take a restrictive approach.
(For the fields which are in the TCA I saw you also consider the permissions of the current user)
If you make it configurable with restrictive default settings, it's not your problem, it's the problem of the site administrator 😄
From security point of view, whitelist (or include-list) is better than blacklist (exclude list), this has also been applied when justifying changes in the core.
For me, I would also be happy with just adding the uid as additional field.
It is - after all - your extension, but I could create a PR and you can see if you would like to approve.
from pagetreefilter.
If you make it configurable with restrictive default settings, it's not your problem, it's the problem of the site administrator
You are right, let's go the stricter way :) admins can filter for everything, editors for uid (I dont know what's more interesting for them) and if one has good reasons or needs it he/she may realize a whitelist setting 👍
from pagetreefilter.
Thank you! I have released new versions for 11.5 and 10.4
from pagetreefilter.
Cool. Will check it out 😄
from pagetreefilter.
Related Issues (20)
- Extension breaks reports module in TYPO3 10.4.20 HOT 1
- TypeError because of return value of isWizardEnabled() HOT 1
- Add filter for page types
- Show only used elements/records in wizard
- Call to undefined method Doctrine\DBAL\Driver\Mysqli\MysqliStatement::fetchAllAssociative() HOT 1
- PHP 8 error with undefined array index HOT 1
- Problems with large results sets HOT 4
- Button Initialisation sometimes fail
- Feature: Custom filters
- Append applied filter to backend link share function
- Invalid argument supplied for foreach in WizardController::keepOnlyListTypeAndCTypeInDefaultValues HOT 1
- Wizard not functional in v12.3+
- Filter with sys_language_uid in table pages does not work
- Feature Request: Filter for beLayouts
- Fix running acceptance tests
- Tree context
- Autocomplete column names and values
- Not equal operator
- Mass editing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pagetreefilter.