[TYPO3-core] RFC: #16136: Change behaviour of check for allowed file extensions -> make it possible to really restrict to certain file extensions for filemounts
Andreas Kiessling
kiessling at pluspol.info
Tue Nov 9 22:03:20 CET 2010
Hi,
i was informed today, that the patch introduced a new error:
It is no longer possible to upload files directly e.g. in content
element "Image".
This is due to the way t3lib_TCEmain handles the file uploads:
If there is no setting for 'disallowed' for a file field,
checkValue_group_select_file sets the deny value for the
t3lib_basicFileFunctions to *.
That way, the previous "is_allowed" function was perfectly capable of
restricting allowed filetypes. It just needs one more line of configuration:
$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['allow'] =
'png,gif,jpg,jpeg,pdf';
$TYPO3_CONF_VARS['BE']['fileExtensions']['webspace']['deny'] = '*';
I'm sorry for not getting this and kindly ask to revert the patch, unit
test and entry to the pending documentation.
It's imho still not good, that TCEmain/TCA allows to bypass global
allow/deny settings that way. -> You have to adjust all fields if you
need to set restrictions for file uploads in Doc-module. But that is
probably an issue we can postpone for 4.6
Thanks to Lars Peipmann for reporting the issue to me.
Regards and sorry for the inconveniences,
Andreas
More information about the TYPO3-team-core
mailing list