[TYPO3-core] RFC #11369: jumpUrl should only allow files matching fileDenyPattern
Bastian Waidelich
bastian at typo3.org
Mon Jun 22 00:18:07 CEST 2009
Ingmar Schlecht wrote:
Hi Ingmar,
> Problem:
> jumpUrl should only allow files matching fileDenyPattern, so e.g. PHP
> files can not be downloaded with jumpUrl any more.
+1 by reading and testing.
Is there a specific reason why you did not make use of
t3lib_div::verifyFilenameAgainstDenyPattern?
if (!preg_match('/'.$this->TYPO3_CONF_VARS['BE']['fileDenyPattern'] .
'/i', $this->jumpurl)) {
vs.
if (t3lib_div::verifyFilenameAgainstDenyPattern($this->jumpurl)) {
best,
Bastian
More information about the TYPO3-team-core
mailing list