Project

General

Profile

Actions

Bug #21360

closed

Image Generation broken with PHP safe_mode = On / Graphicsmagick

Added by Morton Jonuschat about 15 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
Start date:
2009-10-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Due to the security fixes in TYPO3 4.2.10 image handling the rendering of Images and Thumbnails is severly broken.

As far as I can reproduce this is due to the unconditional use of escapeshellcmd() in the wrapFileName() Functions of t3lib_stdgraphic and thumbs.php.

As one can read on http://www.php.net/manual/en/features.safe-mode.functions.php escapeshellcmd() automatically gets called for the PHP exec() / system() / popen() / passthru() etc.

When safe_mode = On this results in escapeshellcmd() being called twice on the arguments. As the shell only unescapes the command once this results in invalid parameters being passed, which causes at least GraphicsMagick to hang infinitly.

(issue imported from #M12341)


Files

0012341.patch (547 Bytes) 0012341.patch Administrator Admin, 2009-10-26 12:40
0012341_v2.patch (1.02 KB) 0012341_v2.patch Administrator Admin, 2009-10-26 12:47
0012341_v3.patch (1.52 KB) 0012341_v3.patch Administrator Admin, 2009-10-26 17:57
0012341_v4_4-2.patch (2.17 KB) 0012341_v4_4-2.patch Administrator Admin, 2009-12-21 20:42
0012341_v4_4-3_trunk.patch (2.17 KB) 0012341_v4_4-3_trunk.patch Administrator Admin, 2009-12-21 20:48

Related issues 5 (0 open5 closed)

Related to TYPO3 Core - Bug #21165: Filenames should be escaped with escapeshellarg before passing them to imagemagickClosedErnesto Baschny2009-09-30

Actions
Related to TYPO3 Core - Bug #21792: Image processing does not work in final 4.3, but in RC1 and RC2ClosedBenni Mack2009-12-03

Actions
Related to TYPO3 Core - Bug #21983: Thumbnail generation broken for PDF filesClosedMichael Stucki2010-01-18

Actions
Is duplicate of TYPO3 Core - Bug #21087: If safe_mode is enabled, thumb generation fails for file with "&" in filenameClosed2009-09-18

Actions
Has duplicate TYPO3 Core - Bug #21897: After upgraded to 4.3.0 no thumbnails in BE filelistClosedBenni Mack2009-12-30

Actions
Actions

Also available in: Atom PDF