[SECURITY] Disallow pht as file extension
Some web servers allow and accept pht files as PHP files and execute them. Thus, pht should be part of the default file deny pattern and PHP file extensions. Resolves: #82078 Releases: master, 8.7, 7.6 Security-Commit: d7e19499bfa4bd552d4428a2b9a943005c20c61d Security-Bulletin: TYPO3-CORE-SA-2017-007 Change-Id: Ibadcaa8c32b70b9aec569027862918d0360ec075 Reviewed-on: https://review.typo3.org/53904 Reviewed-by:Oliver Hader <oliver.hader@typo3.org> Tested-by:
Showing
- typo3/sysext/core/Classes/Core/SystemEnvironmentBuilder.php 2 additions, 2 deletionstypo3/sysext/core/Classes/Core/SystemEnvironmentBuilder.php
- typo3/sysext/core/Tests/Unit/Core/SystemEnvironmentBuilderTest.php 1 addition, 1 deletion...ext/core/Tests/Unit/Core/SystemEnvironmentBuilderTest.php
- typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php 1 addition, 0 deletionstypo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php
Please register or sign in to comment