Bug #14304
closed
Added by old_haunschild about 20 years ago.
Updated over 18 years ago.
Description
File: class.t3lib_userauthgroup.php
Function: addFileMount
My fileadmin dir is located in "/.2/www/fileadmin"
The function addFileMount strips both the / and the dot from the beginning of the filename then adds a slash at the beginning which results into "/2/www/fileadmin"
Result is, that even admin users cannot see the fileadmin whereas mounted directories can be viewed
(issue imported from #M338)
There is the following in that function:
-------------------------
// these lines remove all slashes and dots before and after the path
$path=ereg_replace('^[\/\. ]*','',$path);
$path=trim(ereg_replace('[\/\. ]*$','',$path));
-------------------------
The question is: Why does it remove dots as well?
To prevent things like ../../? That would still be possible by doing something like asdf/../../../something
Maybe Kasper has an answer to that.
edited on: 13.09.04 20:33
Maybe it can be solved by removing only "../" or "./" together.
I'm sure there are ereg experts for that :-)
Kasper's comment:
It seems that you can remove the dot ('.') removal, but keep the removal
of "/". According to the function t3lib_div::validPathStr() is called
which will check for .. and // etc, so the effect of removing / before
and after is only in order to homogenize the string. So it should be
safe in either way.
So can anybody please write a patch according ot what Kasper suggests?
Fixed (4.0.1 and HEAD) by changing code to:
$path=trim($path);
$path=preg_replace('#^\.?/|/\.?$#','',$path);
Trims whitespace and removes leading leading '/' and './', and trailing '/' and '/.'.
Also available in: Atom
PDF