1. 16 Aug, 2021 1 commit
  2. 10 Aug, 2021 1 commit
  3. 20 Jul, 2021 1 commit
  4. 16 Jul, 2021 1 commit
  5. 04 May, 2021 1 commit
  6. 23 Feb, 2021 1 commit
  7. 22 Dec, 2020 1 commit
  8. 26 May, 2020 1 commit
  9. 19 May, 2020 1 commit
  10. 12 May, 2020 1 commit
  11. 28 Apr, 2020 1 commit
  12. 21 Apr, 2020 1 commit
  13. 14 Apr, 2020 1 commit
  14. 25 Feb, 2020 1 commit
  15. 16 Jan, 2020 1 commit
  16. 03 Dec, 2019 1 commit
  17. 01 Oct, 2019 1 commit
  18. 23 Jul, 2019 1 commit
  19. 12 Jun, 2019 1 commit
  20. 15 Jan, 2019 1 commit
  21. 14 Dec, 2018 2 commits
  22. 11 Dec, 2018 1 commit
  23. 30 Oct, 2018 1 commit
  24. 02 Oct, 2018 1 commit
  25. 04 Sep, 2018 1 commit
  26. 12 Jul, 2018 1 commit
    • Oliver Hader's avatar
      [SECURITY] Introduce PHP stream wrapper for phar:// protocol · b3b7d453
      Oliver Hader authored and Oliver Hader's avatar Oliver Hader committed
      This custom stream wrapper for the phar:// protocol overrides
      PHP's native handling. In case Phar bundles shall be loaded from
      a valid directory, the custom wrapper falls back to the native PHP
      wrapper in order to invoke Phar-related actions.
      
      In case the location is not trustworthy, an according exception
      is thrown. The custom stream wrapper is registered in the beginning
      of TYPO3's bootstrap class.
      
      Truested locations are those in typo3conf/ext/* - anything else is
      denied and not considered as trustworthy.
      
      Releases: master, 8.7, 7.6
      Resolves: #85385
      Security-Commit: efa085d9a5aebfac6b92309ea53c455b95a81fcc
      Security-Bulletin: TYPO3-CORE-SA-2018-002
      Change-Id: Ifd38eab7a5757e6cfbd6f773a3fed8f3d742e09d
      Reviewed-on: https://review.typo3.org/57558
      
      
      Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
      Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
      b3b7d453