Bug #20639 ยป fileDenyPattern_jumpUrl.patch
sysext/cms/tslib/class.tslib_fe.php (working copy) | ||
---|---|---|
if ($juHash == $calcJuHash) {
|
||
if ($this->locDataCheck($locationData)) {
|
||
$this->jumpurl = rawurldecode($this->jumpurl); // 211002 - goes with cObj->filelink() rawurlencode() of filenames so spaces can be allowed.
|
||
if (@is_file($this->jumpurl)) {
|
||
$mimeType = t3lib_div::_GP('mimeType');
|
||
$mimeType = $mimeType ? $mimeType : 'application/octet-stream';
|
||
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
||
header('Content-Type: '.$mimeType);
|
||
header('Content-Disposition: attachment; filename='.basename($this->jumpurl));
|
||
readfile($this->jumpurl);
|
||
exit;
|
||
} else die('jumpurl Secure: "'.$this->jumpurl.'" was not a valid file!');
|
||
if (!preg_match('/'.$this->TYPO3_CONF_VARS['BE']['fileDenyPattern'] . '/i', $this->jumpurl)) {
|
||
if (@is_file($this->jumpurl)) {
|
||
$mimeType = t3lib_div::_GP('mimeType');
|
||
$mimeType = $mimeType ? $mimeType : 'application/octet-stream';
|
||
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
||
header('Content-Type: '.$mimeType);
|
||
header('Content-Disposition: attachment; filename='.basename($this->jumpurl));
|
||
readfile($this->jumpurl);
|
||
exit;
|
||
} else die('jumpurl Secure: "'.$this->jumpurl.'" was not a valid file!');
|
||
} else die('jumpurl Secure: The requested file type was not allowed to be accessed through jumpUrl (fileDenyPattern)!');
|
||
} else die('jumpurl Secure: locationData, '.$locationData.', was not accessible.');
|
||
} else die('jumpurl Secure: Calculated juHash did not match the submitted juHash.');
|
||
} else {
|