Project

General

Profile

Actions

Bug #87733

closed

unwanted side-effect in fileDenyPattern

Added by Stefan Frank almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2019-02-18
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
medium
Is Regression:
No
Sprint Focus:

Description

The newly introduced fileDenyPattern

\.(php[3-7]?|phpsh|phtml|pht|phar|shtml|cgi|pl)(\..*)?$|^\.htaccess$

matches e.g. setup.pl.typoscript what appears to me as a suitable filename in a TypoScript cascade for a polish website. I have only limited knowledge in regex, but the following expression served its purpose in my tests.

\.(php[3-7]?|phpsh|phtml|pht|phar|shtml|cgi|pl)(\.*)?$|^\.htaccess$

Kind regards
Stefan


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #24221: t3lib_TSparser::checkIncludeLines() does not check files to be includedClosedOliver Hader2010-11-28

Actions
Actions

Also available in: Atom PDF