[TYPO3-core] RFC: allow .htaccess while uploading extensions
Dmitry Dulepov [typo3]
dmitry at typo3.org
Tue Aug 28 13:39:31 CEST 2007
Hi!
This is SVN patch request.
Branches: trunk
Problem: currently EM excludes all files starting from "." when
uploading files. If extension author wants to enhance security and
include a .htaccess (for example, with "deny from all" statement), it is
not possible with default installation of typo3. EM will not give any
warnings about ommited files, it will simply ignore them. Thus
developer's expectations will not fulfil and they will be unlikely to
find about it.
Solution: enable ".htaccess" uploading in Em by modifying configuration
value.
Notes:
- it is possible to individually configure typo3 installations to enable
this functionality. This requires entering proper regular expression in
Install tool, which may be tricky
- I understand that this patch is "fifty-fifty" on good and bad but I
think may it is "fifty one" for good, so I decided to propose it
If we decide not to include it, may be security cookbook can be updated
to say that extension developers should modify their installation to
allow uploading of .htaccess.
--
Dmitry Dulepov
TYPO3 freelancer / TYPO3 core team member
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: allow_htaccess_in_em.diff
Type: text/x-diff
Size: 1802 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070828/7b5b94ea/attachment.diff
More information about the TYPO3-team-core
mailing list