<p dir="ltr">If you acces these files direct and error display is on it can expose paths etc as there are calls made to methods etc that will result in fatal errors.</p>
<p dir="ltr">Gr. Frans</p>
<div class="gmail_quote">Op 12 jun. 2014 18:10 schreef "Bernhard Kraft" <<a href="mailto:kraftb@think-open.at">kraftb@think-open.at</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 06/12/2014 05:09 PM, Benjamin Mack wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Why was this added to all files initially anyway? Wasn't it because you<br>
could include files like<br>
</blockquote>
<br>
Well. I can just guess. But lets look: What protection does it offer?<br>
<br>
- If the server is configured wrong and does not parse .php file the statement wont get executed anyways and the whole file will get dumped as plain text.<br>
<br>
- If some external application has access to the files it could simply do a define TYPO3_MODE and can include them for spying out variables.<br>
<br>
- It clobbers configuration files<br>
<br>
+ It inhibits direct access to those files. Including the file from another server won't work - doing an include('http://...') will just include the parsed output of the script.<br>
<br>
<br>
Any other ideas about those? Maybe someone remembers more "+" reasons for those.<br>
<br>
<br>
greetings,<br>
Bernhard<br>
______________________________<u></u>_________________<br>
Before posting to this list, please have a look to the posting rules<br>
on the following websites:<br>
<br>
<a href="http://typo3.org/teams/core/core-mailinglist-rules/" target="_blank">http://typo3.org/teams/core/<u></u>core-mailinglist-rules/</a><br>
<a href="http://typo3.org/development/bug-fixing/diff-and-patch/" target="_blank">http://typo3.org/development/<u></u>bug-fixing/diff-and-patch/</a><br>
______________________________<u></u>_________________<br>
TYPO3-team-core mailing list<br>
<a href="mailto:TYPO3-team-core@lists.typo3.org" target="_blank">TYPO3-team-core@lists.typo3.<u></u>org</a><br>
<a href="http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-team-core" target="_blank">http://lists.typo3.org/cgi-<u></u>bin/mailman/listinfo/typo3-<u></u>team-core</a><br>
</blockquote></div>