[TYPO3-dev] Extension manager
Bernhard Kraft
kraftb at kraftb.at
Sun Jul 9 00:05:22 CEST 2006
Ingmar Schlecht wrote:
>>So is there another way of gaining access to an extension (or installing/uninstalling one)
>>except typo3/mod/tools/em/index.php
>
>
> Of course there is. Every TYPO3 admin is able to upload PHP files as
> *.inc and execute them in the Frontend by inserting something like:
> page.includeLibs.myHack = fileadmin/myhack.inc.
>
> That means with some custom PHP code you can gain access to the whole
> installation including its PHP code if you're a TYPO3 admin.
thanks ... one thing I didn't think about :)
do you think there is another "workaround" if I disbale file-uploads completely.
(Simply by setting $_FILES to false in typo3/init.php)
greets,
Bernhard
--
----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
----------------------------------------------------------------------
[[ http://think-open.at | Open source company ]]
More information about the TYPO3-dev
mailing list