[SECURITY] Disallow access to fallback storage '0' 15/40815/2
authorNicole Cordes <typo3@cordes.co>
Wed, 17 Jun 2015 11:11:14 +0000 (13:11 +0200)
committerBenjamin Mack <benni@typo3.org>
Wed, 1 Jul 2015 14:17:46 +0000 (16:17 +0200)
commitd9caccb26c954834e7d43fbbe84a3130cc95524a
tree6bb59a697a07e430f751c487d4304fd358f8c72f
parentd7feb40c8d277c6b6ab3a548313be1e1a2084299
[SECURITY] Disallow access to fallback storage '0'

All users with access to the filelist module are able to display the
content of the document root folder by spoofing the url.

This patch prevents any rendering from that storage and throws an error.

Resolves: #67538
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-005
Change-Id: Ia503c572e550aaa3e74ffbaf3da87796ad04723a
Reviewed-on: http://review.typo3.org/40815
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/filelist/Classes/Controller/FileListController.php