Bug #61295
calculateBasePath of LocalDriver does not properly sanitize value
| Status: | Resolved | Start date: | 2014-09-01 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 100% |
|
| Category: | File Abstraction Layer (FAL) | Spent time: | - | |
| Target version: | next-patchlevel | |||
| TYPO3 Version: | 6.2 | Is Regression: | No | |
| PHP Version: | 5.3 | Sprint Focus: | ||
| Complexity: | no-brainer |
Description
The method "calculateBasePath" of Resource/Driver/LocalDriver.php does not properly sanitize the passed value. It misses to use the return value of "canonicalizeAndCheckFilePath".
This would result in problems when using "/fileadmin/" as "Base path" in a sys_file_storage record being set to "relative".
It would also not remove the "/../" of a sys_file_storage base path like "/var/www/mysite/fileadmin/../../somewhereelse/" when being set to absolute.
Patch with unit tests sent to gerrit.
Related issues
Associated revisions
[BUGFIX] LocalDriver->calculateBasePath doesn't properly sanitize
The method "calculateBasePath" of Resource/Driver/LocalDriver.php
does not properly sanitize the passed value.
It misses to use the return value of "canonicalizeAndCheckFilePath".
Change-Id: I8f2561e4a3b432d869ba7931f3ce5877714699c0
Resolves: #61295
Releases: 6.3, 6.2
Reviewed-on: http://review.typo3.org/32548
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
[BUGFIX] LocalDriver->calculateBasePath doesn't properly sanitize
The method "calculateBasePath" of Resource/Driver/LocalDriver.php
does not properly sanitize the passed value.
It misses to use the return value of "canonicalizeAndCheckFilePath".
Change-Id: I8f2561e4a3b432d869ba7931f3ce5877714699c0
Resolves: #61295
Releases: 6.3, 6.2
Reviewed-on: http://review.typo3.org/32548
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
(cherry picked from commit 0d5a3c0379d5fc6c208cf267b8b23993cd2b6a55)
Reviewed-on: http://review.typo3.org/32889
Reviewed-by: Stefan Froemken <froemken@gmail.com>
Tested-by: Stefan Froemken <froemken@gmail.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
History
#1 Updated by Gerrit Code Review 11 months ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
#2 Updated by Gerrit Code Review 11 months ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
#3 Updated by Gerrit Code Review 11 months ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
#4 Updated by Gerrit Code Review 11 months ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
#5 Updated by Gerrit Code Review 11 months ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
#6 Updated by Gerrit Code Review 11 months ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32889
#7 Updated by Anonymous 11 months ago
- Status changed from Under Review to Resolved
- % Done changed from 80 to 100
Applied in changeset 0d5a3c0379d5fc6c208cf267b8b23993cd2b6a55.