Skip to content
Commit 58380b47 authored by Nicole Cordes's avatar Nicole Cordes Committed by Benjamin Mack
Browse files

[SECURITY] Disallow access to fallback storage '0' 

All users with access to the filelist module are able to display the
content of the document root folder by spoofing the url.

This patch prevents any rendering from that storage and throws an error.

Resolves: #67538
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-005
Change-Id: I59cc315e913c02001efdad23e2ded7385502c5f2
Reviewed-on: http://review.typo3.org/40808


Reviewed-by: default avatarBenjamin Mack <benni@typo3.org>
Tested-by: default avatarBenjamin Mack <benni@typo3.org>
Reviewed-by: default avatarHelmut Hummel <helmut.hummel@typo3.org>
Tested-by: default avatarHelmut Hummel <helmut.hummel@typo3.org>
parent 32d22760
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment