Project

General

Profile

Actions

Bug #19248

closed

function jumpUrl does not write the filesize to the header of the download document

Added by Thomas Oldenburg about 16 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2008-08-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.1
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

function jumpUrl does not write the filesize to the header of the download document. The effect is the browser download-window show up unknow filesize and cannot calculate the download time.
function is in
typo3_src/typo3/sysext/cms/tslib/class.tslib_fe.php

Patch: add the line
header('Content-Length: '.filesize($this->jumpurl));
to the function jumpUrl (see the complete patched function in additional informations)

function jumpUrl()    {
if ($this->jumpurl) {
if (t3lib_div::_GP('juSecure')) {
$hArr = array(
$this->jumpurl,
t3lib_div::_GP('locationData'),
$this->TYPO3_CONF_VARS['SYS']['encryptionKey']
);
$calcJuHash=t3lib_div::shortMD5(serialize($hArr));
$locationData = t3lib_div::_GP('locationData');
$juHash = t3lib_div::_GP('juHash');
if ($juHash == $calcJuHash) {
if ($this->locDataCheck($locationData)) {
$this->jumpurl = rawurldecode($this->jumpurl); // 211002 - goes with cObj->filelink() rawurlencode() of filenames so spaces can be allowed.
if (@is_file($this->jumpurl)) {
$mimeType = t3lib_div::_GP('mimeType');
$mimeType = $mimeType ? $mimeType : 'application/octet-stream';
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Type: '.$mimeType);
header('Content-Disposition: attachment; filename='.basename($this->jumpurl));
header('Content-Length: '.filesize($this->jumpurl));
readfile($this->jumpurl);
exit;
} else die('jumpurl Secure: "'.$this->jumpurl.'" was not a valid file!');
} else die('jumpurl Secure: locationData, '.$locationData.', was not accessible.');
} else die('jumpurl Secure: Calculated juHash, '.$calcJuHash.', did not match the submitted juHash.');
} else {
$TSConf = $this->getPagesTSconfig();
if ($TSConf['TSFE.']['jumpUrl_transferSession']) {
$uParts = parse_url($this->jumpurl);
$params = '&FE_SESSION_KEY='.rawurlencode($this->fe_user->id.'-'.md5($this->fe_user->id.'/'.$this->TYPO3_CONF_VARS['SYS']['encryptionKey']));
$this->jumpurl.= ($uParts['query']?'':'?').$params; // Add the session parameter ...
}
header('Location: '.$this->jumpurl);
exit;
}
}
}

(issue imported from #M9219)

Actions #1

Updated by Dirk Diebel almost 16 years ago

Dont' copy the whole function from above into your typo3 source!

It includes the flaw in the jumpUrl mechanism, which was fixed by Security Bulletin SA-2009-002 ( http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ )

@Thmoas maybe you can change that part above?

Actions #2

Updated by Alexander Opitz over 11 years ago

  • Category deleted (Communication)
  • Status changed from New to Needs Feedback
  • Target version deleted (0)

The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?

Actions #3

Updated by Alexander Opitz about 11 years ago

  • Status changed from Needs Feedback to Closed
  • Is Regression set to No

No feedback for over 90 days.

Actions

Also available in: Atom PDF