您收到的错误消息是安全功能的一部分，该功能已集成到最近的 TYPO3 v9.5.17 和 v10.4.2 版本中，请参阅 https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html

The error messages you are receiving are part of a security feature that has been integrated into recent TYPO3 v9.5.17 and v10.4.2 releases, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html

基本上这意味着您当前的服务器系统

Basically it means that your current server system

• 正在评估诸如 test.php.txt(.php 不在文件名末尾)之类的文件仍然作为 PHP 内容 - 这可能会导致安全漏洞有人设法上传了一个类似的文件(可能被认为是 text/plain 文件，但实际上是可执行的 PHP 代码)
  • 潜在的远程代码执行
  • is evaluating files like test.php.txt (.php not at the end of the filename) still as PHP content - this can cause a security vulnerability in case somebody manages to upload a similar file (which might be considered as text/plain file, but is actually executable PHP code)
    • potentially remote code execution
    • 潜在的跨站点脚本

    号召性用语

    如果这是一个实时和生产中的服务器，您应该调整您的网络服务器配置.

    In case this is a live and in production server, you should adjust your web server configuration.

    修复方法是将那些 Web 服务器 MIME 类型映射限制为仅具有例如.html 在最后，如本示例中所示的 Apache HTTP Web 服务器

    The fix is to limit those web server mime-type mapping only to those files having e.g. .html at the very end, like shown in this example for the Apache HTTP web server

    <FilesMatch ".+\.html?$">
        AddType text/html .html .htm
    </FilesMatch>
    

    在 https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-扩展处理

    https://gist.github.com/ohader/11d737de95895f8ca16495a8450> 包含如何调整示例.htaccess 文件，以防在(共享)托管环境中无法更改设置.

    https://gist.github.com/ohader/11d737de95895f8ca16495a8b7001c45 contains examples how to adjust an .htaccess file in case settings cannot be changed on a (shared) hosting environment.

    <IfModule mod_mime.c>
        RemoveType .html .htm
        <FilesMatch ".+\.html?$">
            AddType text/html .html
            AddType text/html .htm
        </FilesMatch>
    
        RemoveType .svg .svgz
        <FilesMatch ".+\.svgz?$">
            AddType image/svg+xml .svg
            AddType image/svg+xml .svgz
        </FilesMatch>
    
        RemoveHandler .php
        <FilesMatch ".+\.php$">
            # IMPORTANT: `php-fcgid` is using in THIS example
            # Most probably is different for each individual configuration
            SetHandler php-fcgid
            # SetHandler php-script
            # SetHandler application/x-httpd-php
        </FilesMatch>
    </IfModule>
    

    使用 phpinfo(); 并搜索 $_SERVER[REDIRECT_HANDLER] 为上述示例标识了当前处理程序标识符 php-fcgid:

    Current handler identifier php-fcgid was identified for the example above using a phpinfo(); and searching for $_SERVER[REDIRECT_HANDLER]:

    $_SERVER['REDIRECT_HANDLER'] php-fcgid