Project

General

Profile

Actions
Copy link

Bug #25217

closed

Additions to fileDenyPattern give security warning in BE

Added by Steffen Kamper over 13 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Steffen Kamper
Category:
-
Target version:
-
Start date:
2011-03-01
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The check is wrong. Instead of checking if the entry is equal to default entry, it should check if any parts of the default value are removed.

As it's a security warning, this should be stated in the warning, so change the wording.

(issue imported from #M17817)

Files

Download all files
17817.patch (2.82 KB) 17817.patch Administrator Admin, 2011-03-01 23:12
17817_v2.patch (4.34 KB) 17817_v2.patch Administrator Admin, 2011-03-02 00:00

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #18942: Warning on fileDenyPattern is always shown although it's safeClosedChris topher2008-06-12

Actions
Actions
Copy link
 #1

Updated by Daniel Minder over 13 years ago

Since my original report 8690 is now marked as resolved although this bug is only assigned I have to add it here as well:
The reports sysext also includes the same check in class.tx_reports_reports_status_securitystatus.php. So, it should also be modified there.

Actions
Copy link
 #2

Updated by Steffen Kamper over 13 years ago

thanks for the hint, i will add it there too.

Actions
Copy link
 #3

Updated by Steffen Kamper over 13 years ago

v2 also change reports module.

Actions
Copy link
 #5

Updated by Andreas Wolf over 13 years ago

Merged to master in 68a0fa92d7abc01b92ddd4ee09ae19845e09f7b3.

Actions
Copy link
 #6

Updated by Susanne Moog over 13 years ago

  • Target version deleted (4.5.3)
Actions
Copy link
 #7

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF