Bug #83029
Updated by Oliver Hader over 6 years ago
GIFBUILDER uses provided file names and text snippets in order to generate the final name for files to be written to. In case text snippets start with a dot, this is also reflected into the file name - preventing some web servers to deliver the file since it's considered to be internal.
Since directory separators are correctly converted there are no security vulnerabilities.
TypoScript:
<pre>
page.20 = IMAGE
page.20.file = GIFBUILDER
page.20.file {
XY = [10.w]+10, [10.h]+10
backColor = #cc0000
10 = TEXT
10.text = .hello
10.fontColor = #000000
10.fontSize = 20
10.offset = 0,20
}
</pre>