[TYPO3-core] RFC: #16136: Change behaviour of check for allowed file extensions -> make it possible to really restrict to certain file extensions for filemounts

[Andreas Kiessling]

Hi,

i was informed today, that the patch introduced a new error:
It is no longer possible to upload files directly e.g. in content 
element "Image".
This is due to the way t3lib_TCEmain handles the file uploads:
If there is no setting for 'disallowed' for a file field, 
checkValue_group_select_file sets the deny value for the 
t3lib_basicFileFunctions to *.
That way, the previous "is_allowed" function was perfectly capable of 
restricting allowed filetypes. It just needs one more line of configuration:

$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['allow'] = 
'png,gif,jpg,jpeg,pdf';
$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['deny'] = '*';

I'm sorry for not getting this and kindly ask to revert the patch, unit 
test and entry to the pending documentation.

It's imho still not good, that TCEmain/TCA allows to bypass global 
allow/deny settings that way. -> You have to adjust all fields if you 
need to set restrictions for file uploads in Doc-module. But that is 
probably an issue we can postpone for 4.6

Thanks to Lars Peipmann for reporting the issue to me.

Regards and sorry for the inconveniences,
Andreas