[20190206] - Core - Implement the TYPO3 PHAR stream wrapper

2019-02-12T00:00:00
ID JOOMLA-770
Type joomla
Reporter Open Source Matters, Inc.
Modified 2019-02-12T00:00:00

Description

The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.