Task #43341
Update description for noPHPscriptInclude (Install Tool)
| Status: | Resolved | Start date: | 2012-11-27 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 0% |
|
| Category: | Install Tool | Spent time: | - | |
| Target version: | - | |||
| TYPO3 Version: | 6.0 | Complexity: | easy | |
| PHP Version: | 5.3 | Sprint Focus: |
Description
Install Tool: description for noPHPscriptInclude is outdated and should be updated. In TYPO3 versions up to 6.0 RC2, it reads:
(quote) Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in 'media/scripts/'-folder. This is a security option to ensure that users with template-access do not terrorize
Issues with the current text:
- folder "media/scripts/" has been removed from TYPO3 CMS a few versions ago
- colloquially wording used ("terrorize")
A better description would be (suggestion):
Boolean: If set, PHP-scripts are not included by TypoScript configurations, unless they reside in one of the allowed paths (e.g. in global or local installed extension directories or in the system extension directory). This is an additional security measure if enabled (value: 1)
Note: "allowed paths" can be reviewed in file typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php - see method checkFileInclude()
Related issues
History
#1 Updated by Wouter Wolters about 2 years ago
- Status changed from New to Resolved
This is resolved with #43730