Bug #75937

Updating global extensions via EM silently leaves potentially risky code on the server.

Added by Clemens Riccabona over 3 years ago. Updated over 2 years ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
Extension Manager
Start date:
2016-04-27
Due date:
% Done:

0%

TYPO3 Version:
7
PHP Version:
7.0
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Since EM in 6.2 does not provide any information about installation place of Extension (typo3/sysext, typo3/ext, typo3conf/ext) you won't notice that there is old code left on the server.
If you update an extension which is globally installed, EM silently installs to local directory, leaving the global directory untouched.

In case of security fixes in such extensions, the security-leak just remains silently on the server, no chance to find that out via TYPO3.

IMHO we should AT LEAST have information about this bad and potentially risky behaviour in the extension manager.

History

#1 Updated by Clemens Riccabona over 2 years ago

Remains the same in TYPO3 v 7.6

#2 Updated by Clemens Riccabona over 2 years ago

  • Target version set to 8 LTS
  • TYPO3 Version changed from 6.2 to 7
  • PHP Version changed from 5.6 to 7.0

#3 Updated by Clemens Riccabona over 2 years ago

  • Subject changed from Updating global Extensions via EM in 6.2 silently leaves code on the server. to Updating global extensions via EM silently leaves potentially risky code on the server.

#4 Updated by Benni Mack over 2 years ago

  • Target version changed from 8 LTS to Candidate for patchlevel

Also available in: Atom PDF