Project

General

Profile

Actions

Task #43341

closed

Update description for noPHPscriptInclude (Install Tool)

Added by Michael Schams almost 12 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2012-11-27
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.0
PHP Version:
5.3
Tags:
Complexity:
easy
Sprint Focus:

Description

Install Tool: description for noPHPscriptInclude is outdated and should be updated. In TYPO3 versions up to 6.0 RC2, it reads:

(quote) Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in 'media/scripts/'-folder. This is a security option to ensure that users with template-access do not terrorize

Issues with the current text:

  • folder "media/scripts/" has been removed from TYPO3 CMS a few versions ago
  • colloquially wording used ("terrorize")

A better description would be (suggestion):

Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in one of the allowed paths (e.g. in global or local installed extension directories or in the system extension directory). This is an additional security measure if enabled (value: 1)

Note: "allowed paths" can be reviewed in file typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php - see method checkFileInclude()


Files

screenshot0003.png (61.9 KB) screenshot0003.png Michael Schams, 2012-11-27 12:04

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #43730: Update outdated description of ['FE']['noPHPscriptInclude'] in DefaultConfiguration.phpClosed2012-12-07

Actions
Actions

Also available in: Atom PDF