TYPO3 Core

More file extensions, that TYPO3 should deny:

.phtm
.ph3
.ph4

.PHPR PHPRunner PHPRunner Project File (XLineSoft).
.PHPS PHP Source (The PHP Group)
.PHPT PHP: Hypertext Preprocessor Make Test Test Suite (The PHP Group)

Hi Sebastian,

thanks for your report!
Please create a patch with your changes. To get your fix included in the upcoming releases, please post a mail with your patch attached to the Core List.
For more information see http://typo3.org/teams/core/core-mailinglist-rules

As this is done for Version TYPO3 4.4.4., this thread can be closed.

For older versions, go to t3lib/config_default.php, Line 20 and 23

//Security related constant: Default value of fileDenyPattern
define('FILE_DENY_PATTERN_DEFAULT', '\.(php[3-6]?|phpsh|phtml)(\..*)?$|^\.htaccess$');

//Security related constant: Comma separated list of file extensions that should be registered as php script file extensions
define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc,phtml');

reviving this issue as some file extensions are missing