Bug #20639 ยป fileDenyPattern_jumpUrl.patch

Administrator Admin, 2009-06-21 19:37

View differences:

sysext/cms/tslib/class.tslib_fe.php (working copy)
2532 2532
				if ($juHash == $calcJuHash)	{
2533 2533
					if ($this->locDataCheck($locationData))	{
2534 2534
						$this->jumpurl = rawurldecode($this->jumpurl);	// 211002 - goes with cObj->filelink() rawurlencode() of filenames so spaces can be allowed.
2535
						if (@is_file($this->jumpurl))	{
2536
							$mimeType = t3lib_div::_GP('mimeType');
2537
							$mimeType = $mimeType ? $mimeType : 'application/octet-stream';
2538
							header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
2539
							header('Content-Type: '.$mimeType);
2540
							header('Content-Disposition: attachment; filename='.basename($this->jumpurl));
2541
							readfile($this->jumpurl);
2542
							exit;
2543
						} else die('jumpurl Secure: "'.$this->jumpurl.'" was not a valid file!');
2535
						if (!preg_match('/'.$this->TYPO3_CONF_VARS['BE']['fileDenyPattern'] . '/i', $this->jumpurl)) {
2536
							if (@is_file($this->jumpurl)) {
2537
								$mimeType = t3lib_div::_GP('mimeType');
2538
								$mimeType = $mimeType ? $mimeType : 'application/octet-stream';
2539
								header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
2540
								header('Content-Type: '.$mimeType);
2541
								header('Content-Disposition: attachment; filename='.basename($this->jumpurl));
2542
								readfile($this->jumpurl);
2543
								exit;
2544
							} else die('jumpurl Secure: "'.$this->jumpurl.'" was not a valid file!');
2545
						} else die('jumpurl Secure: The requested file type was not allowed to be accessed through jumpUrl (fileDenyPattern)!');
2544 2546
					} else die('jumpurl Secure: locationData, '.$locationData.', was not accessible.');
2545 2547
				} else die('jumpurl Secure: Calculated juHash did not match the submitted juHash.');
2546 2548
			} else {
    (1-1/1)