Bug #24221 » verifyfilename.patch
| t3lib/class.t3lib_tsparser.php (working copy) | ||
|---|---|---|
|
case 'file':
|
||
|
$filename = t3lib_div::getFileAbsFileName(trim($sourceParts[1]));
|
||
|
if (strcmp($filename,'')) { // Must exist and must not contain '..' and must be relative
|
||
|
if (t3lib_div::verifyFilenameAgainstDenyPattern($filename)) {
|
||
|
if (@is_file($filename) && filesize($filename)<100000) { // Max. 100 KB include files!
|
||
|
// check for includes in included text
|
||
|
$includedFiles[] = $filename;
|
||
| ... | ... | |
|
}
|
||
|
$newString.= $included_text.LF;
|
||
|
}
|
||
|
} else {
|
||
|
t3lib_div::sysLog('File "'.$filename.'" was not included because it does not match the fileDenyPattern', 'Core', 2);
|
||
|
$newString.= '### ERROR: File was not included because it does not match the fileDenyPattern.'.LF;
|
||
|
}
|
||
|
}
|
||
|
break;
|
||
|
}
|
||