[SECURITY] Disallow access to fallback storage '0' 22/40822/2
authorNicole Cordes <typo3@cordes.co>
Wed, 17 Jun 2015 11:11:14 +0000 (13:11 +0200)
committerBenjamin Mack <benni@typo3.org>
Wed, 1 Jul 2015 14:23:06 +0000 (16:23 +0200)
commit2973b5746998c22d59e43594670f1e61670924de
tree3240233a0f2cd403191d233d18a389dabcfcaa45
parent8546772548f2ef442548d2ffb4d39445b2c08196
[SECURITY] Disallow access to fallback storage '0'

All users with access to the filelist module are able to display the
content of the document root folder by spoofing the url.

This patch prevents any rendering from that storage and throws an error.

Resolves: #67538
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-005
Change-Id: Ic8f192696264f274e790f46c9cddc4f6ce6d5cd5
Reviewed-on: http://review.typo3.org/40822
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/filelist/Classes/Controller/FileListController.php