Bug #53195
closedT3editor: Honour fileDenyPattern on saving included TS
100%
Description
Upon loading included TS the fileDenyPattern is taken into account. But upon saving it's possible to overwrite an arbitrary file (including .php etc.) that currently must exist.
Updated by Stefan Neufeind over 11 years ago
Checked this with security-team beforehand. Helmut confirmed they don't see a big security-problem since it at least requires admin-priviledges in BE to exploit, so this can now go through regular code-review.
Should apply down until 4.5 as well afaik.
Updated by Gerrit Code Review over 11 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/25046
Updated by Stefan Neufeind over 11 years ago
For the newly added exception to properly show up in the frontend, see #53115.
Updated by Stefan Neufeind over 11 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 82da3035013aa3fd68472dedca575f59d032a14d.
Updated by Gerrit Code Review over 11 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_6-1 has been pushed to the review server.
It is available at https://review.typo3.org/25057
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_6-0 has been pushed to the review server.
It is available at https://review.typo3.org/25058
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/25059
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/25060
Updated by Gerrit Code Review over 11 years ago
Patch set 2 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/25059
Updated by Gerrit Code Review over 11 years ago
Patch set 2 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/25060
Updated by Gerrit Code Review over 11 years ago
Patch set 3 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/25060
Updated by Stefan Neufeind over 11 years ago
- Status changed from Under Review to Resolved
Applied in changeset cb1417942e78fbf5c3248c83531d0d1126fda5bd.