Project

General

Profile

Actions

Bug #103648

closed

Potential data loss when fileadmin is symlinked

Added by Andreas Kienast 7 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
Start date:
2024-04-17
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
13
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

During TYPO3 Surfcamp 2024, multiple working groups encountered a serious bug in TYPO3 that leads to data loss in the filesystem. When images are uploaded into fileadmin/ and get rendered in the frontend, said files suddenly appear to get deleted on the filesystem. After some investigation this was identified that it’s somehow related to symlinked fileadmin/ directories.

After a long debugging session we found out that latest refactorings in the image processing (#102679 and arguably #103351) are the culprit of this issue.
The issue is finally caused in \TYPO3\CMS\Core\Resource\Processing\LocalCropScaleMaskHelper when it’s checked whether a separate image was generated:

if ($result !== null) {
    if ($result->getRealPath() !== $originalFileName) {
        $result = [

Since fileadmin/ is a symlink in the given scenario, $originalFileName and $result->getRealPath() differ, albeit they point to the very same file. In this case, $result is not null, and is passed to \TYPO3\CMS\Core\Resource\Processing\LocalImageProcessor which sets wrong information to the processing task, finally leading to a rename of the original file in fileadmin/ in @\TYPO3\CMS\Core\Resource\Driver\LocalDriver->addFile()`.

The following conditions must be fulfilled to trigger the bug:

  1. fileadmin/ must be a symlink
  2. the image being rendering must not need processing (e.g. by using an image with small dimensions).
Actions

Also available in: Atom PDF