[TYPO3-core] RFC #11369: jumpUrl should only allow files matching fileDenyPattern
Ingmar Schlecht
ingmar at typo3.org
Sun Jun 21 19:40:35 CEST 2009
This is an SVN patch request.
Type: Minor security improvement
Bugtracker references:
http://bugs.typo3.org/view.php?id=11369
Branches:
TYPO3_4-0, TYPO3_4-1, TYPO3_4-2 and trunk
Problem:
jumpUrl should only allow files matching fileDenyPattern, so e.g. PHP
files can not be downloaded with jumpUrl any more.
Solution:
This patch introduces that check and the accompanying error message.
cheers
Ingmar
More information about the TYPO3-team-core
mailing list