TYPO3 Core

During TYPO3 Surfcamp 2024, multiple working groups encountered a serious bug in TYPO3 that leads to data loss in the filesystem. When images are uploaded into fileadmin/ and get rendered in the frontend, said files suddenly appear to get deleted on the filesystem. After some investigation this was identified that it’s somehow related to symlinked fileadmin/ directories.

After a long debugging session we found out that latest refactorings in the image processing (#102679 and arguably #103351) are the culprit of this issue.
The issue is finally caused in \TYPO3\CMS\Core\Resource\Processing\LocalCropScaleMaskHelper when it’s checked whether a separate image was generated:

if ($result !== null) {
    if ($result->getRealPath() !== $originalFileName) {
        $result = [

Since fileadmin/ is a symlink in the given scenario, $originalFileName and $result->getRealPath() differ, albeit they point to the very same file. In this case, $result is not null, and is passed to \TYPO3\CMS\Core\Resource\Processing\LocalImageProcessor which sets wrong information to the processing task, finally leading to a rename of the original file in fileadmin/ in @\TYPO3\CMS\Core\Resource\Driver\LocalDriver->addFile()`.

The following conditions must be fulfilled to trigger the bug:

1. fileadmin/ must be a symlink
2. the image being rendering must not need processing (e.g. by using an image with small dimensions).