[TASK] Move vendor/ directory out of typo3/
The typo3/ directory must currently be exposed in the web root for TYPO3 to work properly. Having the vendor dir with all composer dependencies in typo3/vendor however means, that these will also be exposed. This can be a security risk, which can be avoided by simply moving the vendor directory one level up. By doing so, a web directory which contains only two symlinks (typo3 and index.php) and no sources or link to the sources, will be protected from this risk. Resolves: #68918 Releases: master Change-Id: I5e504520102f94c81897945b41043d930cfc5b5f Reviewed-on: http://review.typo3.org/42495 Reviewed-by:Mathias Brodala <mbrodala@pagemachine.de> Tested-by:
Stefan Neufeind <typo3.neufeind@speedpartner.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Showing
- .gitignore 1 addition, 2 deletions.gitignore
- .travis.yml 1 addition, 1 deletion.travis.yml
- _.htaccess 2 additions, 1 deletion_.htaccess
- composer.json 1 addition, 2 deletionscomposer.json
- composer.lock 1 addition, 1 deletioncomposer.lock
- index.php 1 addition, 1 deletionindex.php
- typo3/ajax.php 1 addition, 1 deletiontypo3/ajax.php
- typo3/alt_clickmenu.php 1 addition, 1 deletiontypo3/alt_clickmenu.php
- typo3/alt_db_navframe.php 1 addition, 1 deletiontypo3/alt_db_navframe.php
- typo3/alt_doc.php 1 addition, 1 deletiontypo3/alt_doc.php
- typo3/alt_file_navframe.php 1 addition, 1 deletiontypo3/alt_file_navframe.php
- typo3/browser.php 1 addition, 1 deletiontypo3/browser.php
- typo3/cli_dispatch.phpsh 1 addition, 1 deletiontypo3/cli_dispatch.phpsh
- typo3/db_new.php 1 addition, 1 deletiontypo3/db_new.php
- typo3/dummy.php 1 addition, 1 deletiontypo3/dummy.php
- typo3/index.php 1 addition, 1 deletiontypo3/index.php
- typo3/init.php 1 addition, 1 deletiontypo3/init.php
- typo3/login_frameset.php 1 addition, 1 deletiontypo3/login_frameset.php
- typo3/logout.php 1 addition, 1 deletiontypo3/logout.php
- typo3/mod.php 1 addition, 1 deletiontypo3/mod.php
Please register or sign in to comment