[SECURITY] Disallow access to fallback storage '0' 08/40808/2
authorNicole Cordes <typo3@cordes.co>
Wed, 17 Jun 2015 11:11:14 +0000 (13:11 +0200)
committerBenjamin Mack <benni@typo3.org>
Wed, 1 Jul 2015 14:09:53 +0000 (16:09 +0200)
All users with access to the filelist module are able to display the
content of the document root folder by spoofing the url.

This patch prevents any rendering from that storage and throws an error.

Resolves: #67538
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-005
Change-Id: I59cc315e913c02001efdad23e2ded7385502c5f2
Reviewed-on: http://review.typo3.org/40808
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>

No differences found