[SECURITY] Extend file deny pattern 40/59540/2
authorOliver Hader <oliver@typo3.org>
Tue, 22 Jan 2019 08:43:31 +0000 (09:43 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 22 Jan 2019 08:43:34 +0000 (09:43 +0100)
commita0cb44e635ceba3bfabd51b384536c717b26eaff
treef86439993d4d7d9a0ed7f841a5a37369f689fb01
parent7b413d09143a5a678cb386cc943f862565dd54d8
[SECURITY] Extend file deny pattern

In order to enhance protection against (possible) executable file
extensions phar, shtml, cgi, pl have been added to the according
file deny pattern.

Releases: master, 9.5, 8.7
Resolves: #87368
Security-Commit: c9f0d00b89768b63df9c77884cf9d19d658fc0fc
Security-Bulletin: TYPO3-CORE-SA-2019-008
Change-Id: I92998a2046b6efb7f31961c20f24c81d00957879
Reviewed-on: https://review.typo3.org/59540
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Classes/Core/SystemEnvironmentBuilder.php