Index: t3lib/class.t3lib_tsparser.php
===================================================================
--- t3lib/class.t3lib_tsparser.php	(revision 9332)
+++ t3lib/class.t3lib_tsparser.php	(working copy)
@@ -535,6 +535,7 @@
 								case 'file':
 									$filename = t3lib_div::getFileAbsFileName(trim($sourceParts[1]));
 									if (strcmp($filename,''))	{	// Must exist and must not contain '..' and must be relative
+										if (t3lib_div::verifyFilenameAgainstDenyPattern($filename)) {
 										if (@is_file($filename) && filesize($filename)<100000)	{	// Max. 100 KB include files!
 												// check for includes in included text
 											$includedFiles[] = $filename;
@@ -547,6 +548,10 @@
 											}
 											$newString.= $included_text.LF;
 										}
+										} else {
+											t3lib_div::sysLog('File "'.$filename.'" was not included because it does not match the fileDenyPattern', 'Core', 2);
+											$newString.= '### ERROR: File was not included because it does not match the fileDenyPattern.'.LF;
+										}
 									}
 								break;
 							}