Bug #106212
open
Files getting moved outside of a storage
0%
Description
On a webserver using aliased documentRoots and symlinks, uploading a file
can to the filelist can lead to the original file being moved to the processed location
under some circumstances:
1. The uploaded file is smaller than 150px width (150px is used as a preview image for the metadata editing formengine view)
2. The GFX.allowUpscaling setting is set to "false" (not default)
3. The uploaded file's metadata is getting displayed for FormEngine editing
4. Now, due to the smaller width, the original file is regarded the "maximum processed file" and then the original file is tried to be moved to the processing location, thereby removing the file
Due to a bug in securing a case like this for symlinked setups, this move process is carried out and not prevented through a global exception guarding the situation.
Updated by Gerrit Code Review 24 days ago
- Status changed from Accepted to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/88280
Updated by Garvin Hicking 24 days ago
- Related to Bug #106213: When processor_allowUpscaling=false, uploaded small images receive no 150px thumbnail added
Updated by Gerrit Code Review 24 days ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/88280