[TYPO3-core] RFC: allow .htaccess while uploading extensions

Benjamin Mack mack at xnos.org
Tue Aug 28 13:51:42 CEST 2007

Hey Dmitry,

I'd like a solution better where the .htaccess file gets renamed to 
_.htaccess to keep it consistent with TYPO3 core installation. Extension 
writers should rename it to _.htaccess anyway and if they don't, your 
proposed patch would then rename it. Otherwise it is used right from 
that extension directory. Most of the time they want the user to paste 
it in the main htaccess file anyway.

What do you think?


www.xnos.de // www.xnos.org

Dmitry Dulepov [typo3] wrote:
> Hi!
> This is SVN patch request.
> Branches: trunk
> Problem: currently EM excludes all files starting from "." when 
> uploading files. If extension author wants to enhance security and 
> include a .htaccess (for example, with "deny from all" statement), it is 
> not possible with default installation of typo3. EM will not give any 
> warnings about ommited files, it will simply ignore them. Thus 
> developer's expectations will not fulfil and they will be unlikely to 
> find about it.
> Solution: enable ".htaccess" uploading in Em by modifying configuration 
> value.
> Notes:
> - it is possible to individually configure typo3 installations to enable 
> this functionality. This requires entering proper regular expression in 
> Install tool, which may be tricky
> - I understand that this patch is "fifty-fifty" on good and bad but I 
> think may it is "fifty one" for good, so I decided to propose it
> If we decide not to include it, may be security cookbook can be updated 
> to say that extension developers should modify their installation to 
> allow uploading of .htaccess.
> ------------------------------------------------------------------------
> _______________________________________________
> TYPO3-team-core mailing list
> TYPO3-team-core at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-team-core

More information about the TYPO3-team-core mailing list