Bug #15052: Files in fileadmin/_temp_/ can be downloaded by anyone - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #15052

closed

Files in fileadmin/_temp_/ can be downloaded by anyone

Added by Michael Stucki about 19 years ago. Updated over 17 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Michael Stucki

Category:

Target version:

Start date:

2005-10-14

Due date:

% Done:

Estimated time:

TYPO3 Version:

3.8.0

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

It may happen that someone creates an export of all fe_users into a t3d file. He takes the file, moves to his next site, and imports it again.

While importing the file using impexp, the file is actually being uploaded to fileadmin/_temp_/ first. When importing the t3d file, impexp will use this copy. After the import, the file is not deleted.

This could apply to many other use cases, it's just an example to explain why fileadmin/_temp_/ should be secured in some way.

The easiest way to solve this is to add a .htaccess in fileadmin/_temp_ and deny access to anybody.

Furthermore, the impexp extension should remove t3d files after they have been successfully imported.
(issue imported from #M1604)

Files

.htaccess (228 Bytes) .htaccess

Administrator Admin, 2005-10-14 18:41

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #15052

Files in fileadmin/_temp_/ can be downloaded by anyone

Updated by Thorsten Kahler about 19 years ago

Updated by Mathias Schreiber about 19 years ago

Updated by Michael Stucki about 18 years ago