Project

General

Profile

Actions

Bug #89386

closed

Backend module "FileList" not fully compatible with protected (not public accessible) directories

Added by Jan Kornblum about 5 years ago. Updated almost 5 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2019-10-09
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Using backend module "FileList" it is not possible to view a file when it is located inside a protected (not public accessible, e.g. protected by .htaccess) directory. To reproduce:

  • Place any file (e.g. pdf) inside any folder (e.g. fileadmin/test/).
  • Also, put a .htaccess file inside the same folder containing "Deny from all".
  • Now go to "FileList" and navigate to this folder. Everything works fine until here (rendering previews etc.)...
  • Now click on the pdf icon -> info -> and inside the popup -> click on the button "show". This leads to "403 access denied".

So it would be much better to handle this "show" action by any php method (read the file contents, send headers and echo file content) instead of directly calling the public url of the file.

Actions

Also available in: Atom PDF