[TYPO3-core] RFC #11369: jumpUrl should only allow files matching fileDenyPattern

Michael Stucki michael at typo3.org
Tue Jun 23 16:12:30 CEST 2009


Thanks for testing!

* Committed to Trunk (rev. 5629)
* Committed to TYPO3_4-2 (rev. 5628)
* Committed to TYPO3_4-1 (rev. 5627)
* Committed to TYPO3_4-0 (rev. 5626)

- michael

Ingmar Schlecht schrieb:
> This is an SVN patch request.
> 
> Type: Minor security improvement
> 
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11369
> 
> Branches:
> TYPO3_4-0, TYPO3_4-1, TYPO3_4-2 and trunk
> 
> Problem:
> jumpUrl should only allow files matching fileDenyPattern, so e.g. PHP
> files can not be downloaded with jumpUrl any more.
> 
> Solution:
> This patch introduces that check and the accompanying error message.
> 
> cheers
> Ingmar
> 


-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/


More information about the TYPO3-team-core mailing list