Bug #47981
closed
opendir result not checked before calling readdir in class.t3lib_div.php
100%
Description
In function fixPermissions, there is a call to opendir() in order to retrieve a handle passed to readdir(), but this handle is not checked and assumed to be an actual file handler.
This triggers an endless loop in apache error log :
PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /data/www/omegawatches.com/watches/t3lib/class.t3lib_div.php on line 2823, referer: http://www.omegawatches.com/typo3/alt_doc.php?returnUrl=%2Ftypo3%2Fsysext%2Fcms%2Flayout%2Fdb_layout.php%3Fid%3D543&edit[pages_language_overlay][3310]=edit&overrideVals[pages_language_overlay][sys_language_uid]=8
Someone filed a bug for PHP here : https://bugs.php.net/bug.php?id=63205
But it was answered that the caller must check the validity of the parameters passed to PHP functions (i.e. readdir())
Updated by Thorsten Kahler almost 11 years ago
- Category set to Miscellaneous
- Status changed from New to Accepted
- Target version set to 6.2.0
- Complexity set to easy
The bug still exists in current master (6.2-dev).
Updated by Thorsten Kahler almost 11 years ago
- Subject changed from opendir result not checked before calling readding in class.t3lib_div.php to opendir result not checked before calling readdir in class.t3lib_div.php
Updated by Ernesto Baschny almost 11 years ago
- Target version deleted (
6.2.0) - TYPO3 Version changed from 4.7 to 4.5
This can probably only happen if the actual directory being recursed into is not readable.
The code is unchanged since 4.5, so this does not need to target 6.2 in particular but all maintained stable releases.
The fix should include unit tests, because this method is already extensively covered by unit tests (see typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php in post-6.0 releases and tests/t3lib/t3lib_divTest.php in older releases).
Updated by Mathias Schreiber over 9 years ago
- Target version set to 7.1 (Cleanup)
- Is Regression set to No
Updated by Benni Mack almost 9 years ago
- Target version changed from 7.1 (Cleanup) to 7.4 (Backend)
Updated by Susanne Moog over 8 years ago
- Target version changed from 7.4 (Backend) to 7.5
Updated by Gerrit Code Review almost 8 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/48072
Updated by Gerrit Code Review almost 8 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/48072
Updated by Gerrit Code Review almost 8 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/48072
Updated by Gerrit Code Review almost 8 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/48072
Updated by Gerrit Code Review over 7 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49407
Updated by Tomita Militaru over 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset f21c77b61ae0351d4e4aff32cc78692b07e1c813.