Task #43138
Task #41289: Release version 1.0.2
Update path for "noPHPscriptInclude" to match TYPO3 6.0 schema
| Status: | Resolved | Start date: | 2012-11-20 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Michael Schams | % Done: | 100% |
|
| Category: | - | |||
| Target version: | 1.0.2 |
Description
Chapter "Guidelines for TYPO3 Integrators -> Global TYPO3 configuration options" contains a section:
TypoScript configurations can be used to include arbitrary files, such as PHP scripts. PHP scripts should be treated with special caution because they could contain malicious code which can be executed by TypoScript as well. The "noPHPscriptInclude" directive addresses this risk and offers the option to prevent the inclusion of PHP scripts, except if they reside in the directory "typo3/sysext/cms/tslib/media/scripts/" (in older TYPO3 CMS versions: "media/scripts/").
The paths need to be checked and possibly updated to reflect the new schema in TYPO3 version 6.0.
Related issues
Associated revisions
[TASK] Update path for "noPHPscriptInclude" to match TYPO3 6.0 schema
Resolves: #43138
Change-Id: I04f7c1fdbe6d7b168b81a1c1bed716af9059c8cc
History
#1 Updated by Michael Schams over 2 years ago
- Subject changed from Update path to to Update path for "noPHPscriptInclude" to match TYPO3 6.0 schema
- Parent task set to #41289
#2 Updated by Michael Schams over 2 years ago
Related to issue #43341. This issue may have an impact on this ticket as well.
#3 Updated by Gerrit Code Review over 2 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16792
#4 Updated by Michael Schams over 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset df6c27181a27fd46aeb23216bfbb2decccece44b.
#5 Updated by Chris topher over 2 years ago
- Assigned To set to Michael Schams
#6 Updated by Chris topher over 2 years ago
When I reviewed this change, I was confused by the Install Tool in TYPO3 6.0, where the description for noPHPscriptInclude still says it would be checked against the 'media/scripts/'-folder. However, this is just incorrect. See #43730.
This change is correct.