Task #43341
closedUpdate description for noPHPscriptInclude (Install Tool)
0%
Description
Install Tool: description for noPHPscriptInclude is outdated and should be updated. In TYPO3 versions up to 6.0 RC2, it reads:
(quote) Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in 'media/scripts/'-folder. This is a security option to ensure that users with template-access do not terrorize
Issues with the current text:
- folder "media/scripts/" has been removed from TYPO3 CMS a few versions ago
- colloquially wording used ("terrorize")
A better description would be (suggestion):
Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in one of the allowed paths (e.g. in global or local installed extension directories or in the system extension directory). This is an additional security measure if enabled (value: 1)
Note: "allowed paths" can be reviewed in file typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
- see method checkFileInclude()
Files