Bug #23630
closed
Disallow common PHP file extensions with fileDenyPattern
0%
Description
Common server environments register specific file extensions to PHP which are not covered by the fileDenyPattern.
Currently default:
define('FILE_DENY_PATTERN_DEFAULT', '\.(php[3-6]?|phpsh|phtml)(\..*)?$|^\.htaccess$');
(issue imported from #M15833)
Updated by Sebastian Kreideweiß over 13 years ago
More file extensions, that TYPO3 should deny:
.phtm
.ph3
.ph4
.PHPR PHPRunner PHPRunner Project File (XLineSoft).
.PHPS PHP Source (The PHP Group)
.PHPT PHP: Hypertext Preprocessor Make Test Test Suite (The PHP Group)
Updated by Chris topher over 13 years ago
Hi Sebastian,
thanks for your report!
Please create a patch with your changes. To get your fix included in the upcoming releases, please post a mail with your patch attached to the Core List.
For more information see http://typo3.org/teams/core/core-mailinglist-rules
Updated by Sebastian Kreideweiß over 13 years ago
As this is done for Version TYPO3 4.4.4., this thread can be closed.
For older versions, go to t3lib/config_default.php, Line 20 and 23
//Security related constant: Default value of fileDenyPattern
define('FILE_DENY_PATTERN_DEFAULT', '\.(php[3-6]?|phpsh|phtml)(\..*)?$|^\.htaccess$');
//Security related constant: Comma separated list of file extensions that should be registered as php script file extensions
define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc,phtml');
Updated by Marcus Krause over 13 years ago
reviving this issue as some file extensions are missing
Updated by Alexander Opitz over 10 years ago
- Status changed from Accepted to Needs Feedback
- Assignee deleted (
Marcus Krause) - Target version deleted (
0) - Is Regression set to No
Hi,
as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz about 10 years ago
- Status changed from Needs Feedback to Closed
No feedback within the last 90 days => closing this ticket.
If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.