Project

General

Profile

Actions
Copy link

Task #43341

closed

Update description for noPHPscriptInclude (Install Tool)

Added by Michael Schams almost 12 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2012-11-27
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.0
PHP Version:
5.3
Tags:
Complexity:
easy
Sprint Focus:

Description

Install Tool: description for noPHPscriptInclude is outdated and should be updated. In TYPO3 versions up to 6.0 RC2, it reads:

(quote) Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in 'media/scripts/'-folder. This is a security option to ensure that users with template-access do not terrorize

Issues with the current text:

  • folder "media/scripts/" has been removed from TYPO3 CMS a few versions ago
  • colloquially wording used ("terrorize")

A better description would be (suggestion):

Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in one of the allowed paths (e.g. in global or local installed extension directories or in the system extension directory). This is an additional security measure if enabled (value: 1)

Note: "allowed paths" can be reviewed in file typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php - see method checkFileInclude()

Files

screenshot0003.png (61.9 KB) screenshot0003.png Michael Schams, 2012-11-27 12:04

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #43730: Update outdated description of ['FE']['noPHPscriptInclude'] in DefaultConfiguration.phpClosed2012-12-07

Actions
Actions
Copy link
 #1

Updated by Wouter Wolters over 11 years ago

  • Status changed from New to Resolved

This is resolved with #43730

Actions
Copy link
 #2

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF