[TYPO3-core] RFC #11369: jumpUrl should only allow files matching fileDenyPattern

Michael Stucki michael at typo3.org
Mon Jun 22 13:45:38 CEST 2009


I have now tested the patch on all versions which are targetted for that 
patch: TYPO3_4-0, TYPO3_4-1, TYPO3_4-2 as well as Trunk.

Patches for these versions are attached. I need one more +1 before it is 
ready for commit.

- michael

Michael Stucki schrieb:
> Attached is a new version which implements a suggestion by Olly to 
> disallow access also if the parent directory name is "typo3conf". This 
> assures that also backups (*~ etc.) of localconf.php - which we consider 
> most delicate - are also unaccessible.
> 
> - michael
> 
> Michael Stucki schrieb:
>> Hi Marcus,
>>
>>>> Problem:
>>>> jumpUrl should only allow files matching fileDenyPattern, so e.g. PHP
>>>> files can not be downloaded with jumpUrl any more.
>>>
>>> The title should be read as
>>> "jumpUrl should only allow files *not* matching fileDenyPattern"
>>> Am I right?
>>
>> Certainly, yes :-)
>>
>>> I really appreciate the patch.
>>>
>>> +1 by reading if you consider Bastian's comment
>>
>> Oops. Neither Ingmar nor me noticed that although we copied the line 
>> exactly from this function :-) Good point!
>>
>> New patch is attached. +1 from me as well (just reading, no testing).
>>
>> - michael
>>
> 
> 


-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-0.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-0_w.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0001.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-1.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0002.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-1_w.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0003.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-2.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0004.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11369_v3_4-2_w.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/6df2d582/attachment-0005.txt 


More information about the TYPO3-team-core mailing list