[SECURITY] Disallow access to fallback storage '0' 08/40808/2
authorNicole Cordes <typo3@cordes.co>
Wed, 17 Jun 2015 11:11:14 +0000 (13:11 +0200)
committerBenjamin Mack <benni@typo3.org>
Wed, 1 Jul 2015 14:09:53 +0000 (16:09 +0200)
commit58380b4728f3a1a2bfb9c329963ecfe427652aad
treeacbcad90d9e061bde4fcb3b54edfd99b168062ec
parent32d22760cc03ab1241c7ff72882da363a019d23f
[SECURITY] Disallow access to fallback storage '0'

All users with access to the filelist module are able to display the
content of the document root folder by spoofing the url.

This patch prevents any rendering from that storage and throws an error.

Resolves: #67538
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-005
Change-Id: I59cc315e913c02001efdad23e2ded7385502c5f2
Reviewed-on: http://review.typo3.org/40808
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/filelist/Classes/Controller/FileListController.php