Bug #24453 » 16891_trunk.diff
| typo3/sysext/cms/tslib/showpic.php (working copy) | ||
|---|---|---|
|
$TYPO3_DB = t3lib_div::makeInstance('t3lib_DB');
|
||
|
// *********************
|
||
|
// Error & Exception handling
|
||
|
// *********************
|
||
|
if ($TYPO3_CONF_VARS['SC_OPTIONS']['errors']['exceptionHandler'] !== '') {
|
||
|
if ($TYPO3_CONF_VARS['SYS']['errorHandler'] !== '') {
|
||
|
// register an error handler for the given errorHandlerErrors
|
||
|
$errorHandler = t3lib_div::makeInstance($TYPO3_CONF_VARS['SYS']['errorHandler'], $TYPO3_CONF_VARS['SYS']['errorHandlerErrors']);
|
||
|
// set errors which will be converted in an exception
|
||
|
$errorHandler->setExceptionalErrors($TYPO3_CONF_VARS['SC_OPTIONS']['errors']['exceptionalErrors']);
|
||
|
}
|
||
|
$exceptionHandler = t3lib_div::makeInstance($TYPO3_CONF_VARS['SC_OPTIONS']['errors']['exceptionHandler']);
|
||
|
}
|
||
| ... | ... | |
|
function init() {
|
||
|
// Loading internal vars with the GET/POST parameters from outside:
|
||
|
$this->file = t3lib_div::_GP('file');
|
||
|
$this->parametersEncoded = implode(t3lib_div::_GP('parameters'));
|
||
|
$parametersArray = t3lib_div::_GP('parameters');
|
||
|
$this->frame = t3lib_div::_GP('frame');
|
||
|
$this->md5 = t3lib_div::_GP('md5');
|
||
|
// ***********************
|
||
|
// Check parameters
|
||
|
// ***********************
|
||
|
// If no file-param is given, we must exit
|
||
|
if (!$this->file) {
|
||
|
die('Parameter Error: No file given.');
|
||
|
// If no file-param or parameters are given, we must exit
|
||
|
if (!$this->file || !isset($parametersArray) || !is_array($parametersArray)) {
|
||
|
throw new UnexpectedValueException('Parameter Error: No file or no parameters given.');
|
||
|
}
|
||
|
$this->parametersEncoded = implode($parametersArray);
|
||
|
// Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters
|
||
|
$md5_value = t3lib_div::hmac(
|
||
|
implode(
|
||
| ... | ... | |
|
);
|
||
|
if ($md5_value!=$this->md5) {
|
||
|
die('Parameter Error: Wrong parameters sent.');
|
||
|
throw new UnexpectedValueException('Parameter Error: Wrong parameters sent.');
|
||
|
}
|
||
|
$parameters = unserialize(base64_decode($this->parametersEncoded));
|
||
| ... | ... | |
|
$test_file=PATH_site.$this->file;
|
||
|
if (!t3lib_div::validPathStr($test_file)) {
|
||
|
die('Parameter Error: No valid filepath');
|
||
|
throw new UnexpectedValueException('Parameter Error: No valid filepath');
|
||
|
}
|
||
|
if (!@is_file($test_file)) {
|
||
|
die('The given file was not found');
|
||
|
throw new UnexpectedValueException('The given file was not found');
|
||
|
}
|
||
|
}
|
||
- « Previous
- 1
- 2
- 3
- Next »