Commit 59b98eb0 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #14389: phtml is also PHP extension and should be denied editing /...

Fixed bug #14389: phtml is also PHP extension and should be denied editing / uploading via fileadmin (thanks to Ernesto Baschny)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8391 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 7c7ab15a
......@@ -14,6 +14,7 @@
* Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
* Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
* Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag is not set (thanks to Helmut Hummel)
* Fixed bug #14389: phtml is also PHP extension and should be denied editing / uploading via fileadmin (thanks to Ernesto Baschny)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -17,10 +17,10 @@
if (!defined ('PATH_typo3conf')) die ('The configuration path was not properly defined!');
//Security related constant: Default value of fileDenyPattern
define('FILE_DENY_PATTERN_DEFAULT', '\.php[3-6]?(\..*)?$|^\.htaccess$');
define('FILE_DENY_PATTERN_DEFAULT', '\.(php[3-6]?|phpsh|phtml)(\..*)?$|^\.htaccess$');
//Security related constant: Comma separated list of file extensions that should be registered as php script file extensions
define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc');
define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc,phtml');
$TYPO3_CONF_VARS = Array(
'GFX' => array( // Configuration of the image processing features in TYPO3. 'IM' and 'GD' are short for ImageMagick and GD library respectively.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment