Actions
Bug #24224
closedIt is possible to bypass "verifyFilenameAgainstDenyPattern"
Start date:
2010-11-29
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
The method does not normalize the string before checking it with a regular expression. By passing a null byte it is possible to bypass the check (see expoit code).
Reporter: Gregor Kopf, Luca Carettoni
OTRS: 2010100410000034, 2010112810000014
(issue imported from #M16593)
Files
Actions