更新时间:2023-02-22 19:57:43
您收到的错误消息是安全功能的一部分,该功能已集成到最近的 TYPO3 v9.5.17 和 v10.4.2 版本中,请参阅 https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html
The error messages you are receiving are part of a security feature that has been integrated into recent TYPO3 v9.5.17 and v10.4.2 releases, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html
基本上这意味着您当前的服务器系统
Basically it means that your current server system
test.php.txt
(.php
不在文件名末尾)之类的文件仍然作为 PHP 内容 - 这可能会导致安全漏洞有人设法上传了一个类似的文件(可能被认为是 text/plain
文件,但实际上是可执行的 PHP 代码)test.php.txt
(.php
not at the end of the filename) still as PHP content - this can cause a security vulnerability in case somebody manages to upload a similar file (which might be considered as text/plain
file, but is actually executable PHP code)
号召性用语
如果这是一个实时和生产中的服务器,您应该调整您的网络服务器配置.
In case this is a live and in production server, you should adjust your web server configuration.
修复方法是将那些 Web 服务器 MIME 类型映射限制为仅具有例如.html
在最后,如本示例中所示的 Apache HTTP Web 服务器
The fix is to limit those web server mime-type mapping only to those files having e.g. .html
at the very end, like shown in this example for the Apache HTTP web server
<FilesMatch ".+\.html?$">
AddType text/html .html .htm
</FilesMatch>
https://gist.github.com/ohader/11d737de95895f8ca16495a8450> 包含如何调整示例.htaccess
文件,以防在(共享)托管环境中无法更改设置.
https://gist.github.com/ohader/11d737de95895f8ca16495a8b7001c45 contains examples how to adjust an .htaccess
file in case settings cannot be changed on a (shared) hosting environment.
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
<FilesMatch ".+\.php$">
# IMPORTANT: `php-fcgid` is using in THIS example
# Most probably is different for each individual configuration
SetHandler php-fcgid
# SetHandler php-script
# SetHandler application/x-httpd-php
</FilesMatch>
</IfModule>
使用 phpinfo();
并搜索 $_SERVER[REDIRECT_HANDLER]
为上述示例标识了当前处理程序标识符 php-fcgid
:
Current handler identifier php-fcgid
was identified for the example above using a phpinfo();
and searching for $_SERVER[REDIRECT_HANDLER]
:
$_SERVER['REDIRECT_HANDLER'] php-fcgid