TYPO3 Forge

2008-01-18

00:40 TYPO3 Core Bug #18010: Malicious code executable as Non-Admin BE-User

A quick-fix would be modifying your vhost-configuration:
<Location /fileadmin>
<IfModule mod_php4.c>
... Rechenzentrum TU

2008-01-17

23:06 TYPO3 Core Bug #18010: Malicious code executable as Non-Admin BE-User

Even worse:
I correct myself about the requirements (mod filelist enabled, file permissions ...).
The described... Rechenzentrum TU

13:47 TYPO3 Core Bug #18010: Malicious code executable as Non-Admin BE-User

Should have said, that TYPO3_CONF_VARS['BE']['fileExtensions'] was not set in localconf.php! Rechenzentrum TU

13:43 TYPO3 Core Bug #18010 (Closed): Malicious code executable as Non-Admin BE-User

Have fun with TYPO3 - get your malicious code executed as Non-Admin BE-User!
Attack-Vector:
1. Take a Non-Admin-B... Rechenzentrum TU

2007-04-20

13:06 TYPO3 Core Bug #17221: Matching IPv6-addresses is not working correctly

Indeed, nice try; but your for-loop isn't working.
But why not use this instead:
function IPv6Hex2Bin ($hex... Rechenzentrum TU

11:31 TYPO3 Core Bug #17221: Matching IPv6-addresses is not working correctly

Due to the fact that functions cmpIPv6() and IPv6Hex2Bin() are the same in Core 4.0.6 and 4.1.1 the bug can be resolv... Rechenzentrum TU

2007-04-19

13:44 TYPO3 Core Bug #17221 (Closed): Matching IPv6-addresses is not working correctly

Matching IPv6-addresses isn't currently working.
1st:
cmpIPv6($baseIP, $list)
fails for an entry in $list that r... Rechenzentrum TU

2007-01-17

07:51 TYPO3 Core Feature #16860 (Closed): Canceling session timeout message could redirect to login page

Currently:
After session timeout there's a javascript message that asks a user if he wishes to refresh his session.
... Rechenzentrum TU