Coder Social home page Coder Social logo

Comments (6)

sypets avatar sypets commented on May 31, 2024

ah, nice! I was looking for just that and realized "uid" is not defined in TCA so can't currently filter by it. There currently is no way to filter by uid in the core (without getting other results which have the same number in the title), see also https://forge.typo3.org/issues/22985

from pagetreefilter.

christophlehmann avatar christophlehmann commented on May 31, 2024

Feel free to give it a try.

...If a field is not in TCA then the table scheme should be checked If the field exists.... If yes, then serve a Response. If not, then set filterErrorneous.

...Do we need a field whitelist regarding to security and editor accounts (information disclosure)? Would say no..

from pagetreefilter.

sypets avatar sypets commented on May 31, 2024

I do think it would be good to consider the security (information disclosure) aspect. Extensions might extend the DB structure, we do not know what might be stored additionally (though you cannot see the content, but you could for example select pages / content created by specific user). I think it is difficult to conceive all possible ways where this might be a problem now or in the future, so it might be good to take a restrictive approach.

(For the fields which are in the TCA I saw you also consider the permissions of the current user)

If you make it configurable with restrictive default settings, it's not your problem, it's the problem of the site administrator 😄

From security point of view, whitelist (or include-list) is better than blacklist (exclude list), this has also been applied when justifying changes in the core.

For me, I would also be happy with just adding the uid as additional field.

It is - after all - your extension, but I could create a PR and you can see if you would like to approve.

from pagetreefilter.

christophlehmann avatar christophlehmann commented on May 31, 2024

If you make it configurable with restrictive default settings, it's not your problem, it's the problem of the site administrator

You are right, let's go the stricter way :) admins can filter for everything, editors for uid (I dont know what's more interesting for them) and if one has good reasons or needs it he/she may realize a whitelist setting 👍

from pagetreefilter.

christophlehmann avatar christophlehmann commented on May 31, 2024

Thank you! I have released new versions for 11.5 and 10.4

from pagetreefilter.

sypets avatar sypets commented on May 31, 2024

Cool. Will check it out 😄

from pagetreefilter.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.