Project

General

Profile

Actions
Copy link

Bug #24221

closed

t3lib_TSparser::checkIncludeLines() does not check files to be included

Added by Helmut Hummel over 13 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Oliver Hader
Category:
-
Target version:
-
Start date:
2010-11-28
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

It is possible to include arbitrary files (including php files) with the TypoScript include file feature

Reported By: Fabrizio Branca
OTRS: 2010111110000019
(issue imported from #M16590)

Files

Download all files
verifyfilename.patch (1.07 KB) verifyfilename.patch Administrator Admin, 2010-11-28 17:40
16590_42.patch (1.31 KB) 16590_42.patch Administrator Admin, 2010-12-09 22:22
16590_43.patch (2.16 KB) 16590_43.patch Administrator Admin, 2010-12-09 22:22
16590_44.patch (2.15 KB) 16590_44.patch Administrator Admin, 2010-12-09 22:22
16590_45.patch (2.17 KB) 16590_45.patch Administrator Admin, 2010-12-09 22:22

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #87733: unwanted side-effect in fileDenyPattern Closed2019-02-18

Actions
Actions
Copy link
 #1

Updated by Helmut Hummel over 13 years ago

Exploit Code:

page.999 = TEXT
page.999.value (
<INCLUDE_TYPOSCRIPT: source="FILE:typo3conf/localconf.php">
)
page.999.wrap = < pre>|< /pre>
page.999.htmlSpecialChars = 1

Actions
Copy link
 #2

Updated by Helmut Hummel over 13 years ago

open to make it public

Actions
Copy link
 #3

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #4

Updated by Oliver Hader about 5 years ago

  • Related to Bug #87733: unwanted side-effect in fileDenyPattern added
Actions
Copy link
 #5

Updated by Oliver Hader about 5 years ago

  • Description updated (diff)
  • Target version deleted (-1)
Actions
Copy link

Also available in: Atom PDF