[TYPO3-core] RFC #11369: jumpUrl should only allow files matching fileDenyPattern
Michael Stucki
michael at typo3.org
Mon Jun 22 13:45:38 CEST 2009
I have now tested the patch on all versions which are targetted for that
patch: TYPO3_4-0, TYPO3_4-1, TYPO3_4-2 as well as Trunk.
Patches for these versions are attached. I need one more +1 before it is
ready for commit.
- michael
Michael Stucki schrieb:
> Attached is a new version which implements a suggestion by Olly to
> disallow access also if the parent directory name is "typo3conf". This
> assures that also backups (*~ etc.) of localconf.php - which we consider
> most delicate - are also unaccessible.
>
> - michael
>
> Michael Stucki schrieb:
>> Hi Marcus,
>>
>>>> Problem:
>>>> jumpUrl should only allow files matching fileDenyPattern, so e.g. PHP
>>>> files can not be downloaded with jumpUrl any more.
>>>
>>> The title should be read as
>>> "jumpUrl should only allow files *not* matching fileDenyPattern"
>>> Am I right?
>>
>> Certainly, yes :-)
>>
>>> I really appreciate the patch.
>>>
>>> +1 by reading if you consider Bastian's comment
>>
>> Oops. Neither Ingmar nor me noticed that although we copied the line
>> exactly from this function :-) Good point!
>>
>> New patch is attached. +1 from me as well (just reading, no testing).
>>
>> - michael
>>
>
>
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-0.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-0_w.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0001.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-1.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0002.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-1_w.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0003.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-2.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0004.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-2_w.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0005.txt
More information about the TYPO3-team-core
mailing list