Project

General

Profile

Actions
Copy link

Bug #24379

closed

t3lib_stdGraphic::wrapFileName performs escapeshellarg even in safe_mode

Added by Jigal van Hemert over 13 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Jigal van Hemert
Category:
-
Target version:
-
Start date:
2010-12-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

When safe_mode is on PHP will perform escapeshellcmd on each command sent to the exec() function. When escapeshellarg() is performed on each argument problem characters are escaped twice.

Solution: only perform escapeshellarg() when safe_mode is off.

This used to be part of #22243, which is now split in three parts.
(issue imported from #M16797)

Files

16797.patch (1.49 KB) 16797.patch Administrator Admin, 2010-12-21 15:11

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #22243: Several GIFBUILDER features broken for IM6 and GMClosedJigal van Hemert2010-03-05

Actions
Actions
Copy link
 #1

Updated by Alexander Opitz over 10 years ago

  • Status changed from Accepted to Needs Feedback
  • Target version deleted (0)
  • Is Regression set to No

Hi,

as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (4.5 or 6.1)?

Actions
Copy link
 #2

Updated by Jigal van Hemert about 10 years ago

  • Status changed from Needs Feedback to Closed

4.5 is in high priority and security fix mode and that was the last version to have some kind of support for safe_mode. Closed.

Actions
Copy link

Also available in: Atom PDF