[4.0] Added php8 to list of filtered extensions

[SniperSister]

Summary of Changes

Added PHP8 to the hardcoded list of executables

Testing Instructions

Verify by code review

[richard67]

I have tested this item ✅ successfully on 4d73fbc

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[brianteeman]

I have tested this item ✅ successfully on 4d73fbc

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[richard67]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[richard67]

@SniperSister It's not sufficient to set the RTC label on GitHub to get the right status shown in the issue tracker. It needs to use the tracker and change status there. I've done that here now.

[brianteeman]

Why is the list shorter than in #34999

[brianteeman]

I have not tested this item.

reverting my successful test

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[richard67]

Back to pending.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[richard67]

Why is the list shorter than in #34999

These lists serve different purpose. The one in #34999 is for media so it e.g. disallows "js", while here it is for the input filter so we shall not disallow js because we don't know what the field might be used for.

[brianteeman]

#34999 blocks .php
#35001 blocks .php, .php3, .php4, .php5, .php6, .php7, .php8

I don't see the logic behind this difference

[richard67]

#34999 blocks .php
#35001 blocks .php, .php3, .php4, .php5, .php6, .php7, .php8

I don't see the logic behind this difference

@brianteeman Me neither ... but that's the other way round. You had complained the list here in #35001 is shorter than the other one in #34999 .

=> Ping @SniperSister : Should be add .php3, .php4, .php5, .php6, .php7, .php8 and possibly others to #34999 , too?

[brianteeman]

@brianteeman Me neither ... but that's the other way round. You had complained the list here in #35001 is shorter than the other one in #34999 .

Because the entire list is shorter ;)

Just this part is longer

[richard67]

Because the entire list is shorter ;)

@brianteeman About this aspect see my comment above #35001 (comment) .

[brianteeman]

i disagree completely with that comment - its either secure or not. its not dependant on where it is used.

[RickR2H]

I have tested this item ✅ successfully on 4d73fbc

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[richard67]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[brianteeman]

I have tested this item 🔴 unsuccessfully on 4d73fbc

The reasoning behind this list makes it incomplete

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[richard67]

Back to pending.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[RickR2H]

@brianteeman @richard67 This PR is set as Release Blocker... But is this really the case?

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35001.}

[wilsonge]

Merging this one. And #34999 will clean up the discrepancies in the lists