[TYPO3-core] RFC #11369: jumpUrl should only allow files matching fileDenyPattern
Michael Stucki
michael at typo3.org
Tue Jun 23 16:12:30 CEST 2009
Thanks for testing!
* Committed to Trunk (rev. 5629)
* Committed to TYPO3_4-2 (rev. 5628)
* Committed to TYPO3_4-1 (rev. 5627)
* Committed to TYPO3_4-0 (rev. 5626)
- michael
Ingmar Schlecht schrieb:
> This is an SVN patch request.
>
> Type: Minor security improvement
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11369
>
> Branches:
> TYPO3_4-0, TYPO3_4-1, TYPO3_4-2 and trunk
>
> Problem:
> jumpUrl should only allow files matching fileDenyPattern, so e.g. PHP
> files can not be downloaded with jumpUrl any more.
>
> Solution:
> This patch introduces that check and the accompanying error message.
>
> cheers
> Ingmar
>
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list