Bug #25217 » 17817_v2.patch
t3lib/class.t3lib_befunc.php | ||
---|---|---|
'</a>');
|
||
}
|
||
// Check if fileDenyPattern was changed which is dangerous on Apache
|
||
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT) {
|
||
// Check if parts of fileDenyPattern were removed which is dangerous on Apache
|
||
$defaultParts = t3lib_div::trimExplode('|', FILE_DENY_PATTERN_DEFAULT, TRUE);
|
||
$givenParts = t3lib_div::trimExplode('|', $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'], TRUE);
|
||
$result = array_intersect($defaultParts, $givenParts);
|
||
if ($defaultParts !== $result) {
|
||
$warnings['file_deny_pattern'] = sprintf(
|
||
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern'),
|
||
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern_partsNotPresent'),
|
||
'<br /><pre>' . htmlspecialchars(FILE_DENY_PATTERN_DEFAULT) . '</pre><br />');
|
||
}
|
||
typo3/sysext/lang/locallang_core.xml | ||
---|---|---|
<label index="warning.install_password">The Install Tool is still using the default password "joh316". Update this within the %sAbout section%s of the Install Tool.</label>
|
||
<label index="warning.backend_admin">The default backend user "admin" with password "password" is still present. %sEdit this account%s, either deleting it completely or changing the username and password.</label>
|
||
<label index="warning.file_deny_pattern">The value of fileDenyPattern is not set to its default:%s If TYPO3 is running on Apache, a customized value might enable backend or frontend users to execute malicious php scripts.</label>
|
||
<label index="warning.file_deny_pattern_partsNotPresent">Security Risk! The new value of fileDenyPattern misses parts of its default:%s If TYPO3 is running on Apache, a customized value might enable backend or frontend users to execute malicious php scripts.</label>
|
||
<label index="warning.file_deny_htaccess">The current value of fileDenyPattern allows to upload/create files with the name ".htaccess". If TYPO3 is running on Apache, this enables backend or frontend users to create and execute php scripts. Please reset the value of fileDenyPattern to its default.</label>
|
||
<label index="warning.install_enabled">The Install Tool is permanently enabled. Delete the file "%s" when you have finished setting up TYPO3.</label>
|
||
<label index="warning.install_enabled_cmd">Click to remove the file now!</label>
|
typo3/sysext/reports/reports/status/class.tx_reports_reports_status_securitystatus.php | ||
---|---|---|
$message = '';
|
||
$severity = tx_reports_reports_status_Status::OK;
|
||
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT) {
|
||
$defaultParts = t3lib_div::trimExplode('|', FILE_DENY_PATTERN_DEFAULT, TRUE);
|
||
$givenParts = t3lib_div::trimExplode('|', $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'], TRUE);
|
||
$result = array_intersect($defaultParts, $givenParts);
|
||
if ($defaultParts !== $result) {
|
||
$value = $GLOBALS['LANG']->getLL('status_insecure');
|
||
$severity = tx_reports_reports_status_Status::ERROR;
|
||
... | ... | |
. urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
|
||
$message = sprintf(
|
||
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern'),
|
||
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern_partsNotPresent'),
|
||
'<br /><pre>'
|
||
. htmlspecialchars(FILE_DENY_PATTERN_DEFAULT)
|
||
. '</pre><br />'
|
- « Previous
- 1
- 2
- Next »