[TYPO3-core] RFC #8802: Fileadmin: extensions of new files
Michael Stucki
michael at typo3.org
Thu Aug 20 14:17:21 CEST 2009
Hi Steffen,
>> *.inc files normally are php-files to (or pearl) but that doesn't
>> matter because I think fileadmin should read the file deny pattern
>> from localconf.php.
>> A restricted rule can be used as fallback when no correspondending
>> settings are found in localconf.php.
>
> this is already the case (I wondered myself, why .inc is not denied).
.inc files normally cannot be executed directly but .php files can. This
means, you are unable to write and execute a backdoor using a .inc file.
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list