Bug #53195

T3editor: Honour fileDenyPattern on saving included TS

Added by Stefan Neufeind almost 9 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2013-10-29
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Upon loading included TS the fileDenyPattern is taken into account. But upon saving it's possible to overwrite an arbitrary file (including .php etc.) that currently must exist.


Related issues

Related to TYPO3 Core - Bug #54117: Typoscript Editor broken after update to 6.1.6Closed2013-12-01

Actions
Related to TYPO3 Core - Bug #54132: TS Template causes Ajax-Error when saving to external file via TS-EditorClosedElmar Putz2013-12-02

Actions
#1

Updated by Stefan Neufeind almost 9 years ago

Checked this with security-team beforehand. Helmut confirmed they don't see a big security-problem since it at least requires admin-priviledges in BE to exploit, so this can now go through regular code-review.

Should apply down until 4.5 as well afaik.

#2

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/25046

#3

Updated by Stefan Neufeind almost 9 years ago

For the newly added exception to properly show up in the frontend, see #53115.

#4

Updated by Stefan Neufeind almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#5

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_6-1 has been pushed to the review server.
It is available at https://review.typo3.org/25057

#6

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_6-0 has been pushed to the review server.
It is available at https://review.typo3.org/25058

#7

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/25059

#8

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/25060

#9

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/25059

#10

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/25060

#11

Updated by Gerrit Code Review almost 9 years ago

Patch set 3 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/25060

#12

Updated by Stefan Neufeind almost 9 years ago

  • Status changed from Under Review to Resolved
#13

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF