[BUGFIX] Re-enables fileDenyPattern check for admin users (a3635263) · Commits · TYPO3 / TYPO3.CMS

Commit a3635263 authored 8 years ago by

Torben Hansen Committed by Helmut Hummel 8 years ago

[BUGFIX] Re-enables fileDenyPattern check for admin users

When an admin user tries to upload a file which has a fileextension
that is included in the fileDenyPattern, the upload is denied.

With the security fix in #51326 admin users are now able to change
the extension of a file to any value, since the fileDenyPattern is
not checked for admin users. This leads to the situation, that admin
users can create/rename files in the filelist with a fileextension
of their choice.

To keep the behavior consistent, this patch re-enables the check
of the fileDenyPattern for admin users in the filelist.

Resolves: #60173
Releases: master, 7.6, 6.2
Change-Id: I3b819e70cf2218a4580203ac7b7a6b0c3c5087ab
Reviewed-on: https://review.typo3.org/32610


Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>

parent 7e2ce1d2

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 53 additions and 5 deletions

Please register or to comment