Project

General

Profile

Actions
Copy link

Bug #52309

closed

Folders created from BE with wrong permissions

Added by Viktor Livakivskyi about 11 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2013-09-26
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.0
PHP Version:
5.4
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hi, all.

I have found following issue in FAL Filelist module: creation of files is done with correct permissions, but when it comes to folders creation TYPO3\CMS\Core\Utility\GeneralUtility::fixPermissions() fails because following condition fails: if (self::isAllowedAbsPath($path)), which is the result of a wrong parameter, passed as $path.

It passes: /absPath/parentFolder//newFolder

And, since double slashes are not allowed in self::validPathStr($path), fixPermissions() makes no effect.

Actions
Copy link
 #1

Updated by Steffen Ritter almost 11 years ago

  • Status changed from New to Needs Feedback

this probably won't be fixed in 6.0 and 6.1 anymore;
but please check if this is still the case - the canonicalization of identifiers should have fixed that.

Actions
Copy link
 #2

Updated by Viktor Livakivskyi almost 11 years ago

Yes, it is still the case in 6.0.11.
Double slash is still passed to TYPO3\CMS\Core\Utility\GeneralUtility::fixPermissions()

Actions
Copy link
 #3

Updated by Tilo Baller almost 11 years ago

Problem still exists in 6.1.7. Couldn't test in 6.2.x yet.

How to test:
  • set $GLOBALS['TYPO3_CONF_VARS']['BE']['folderCreateMask'] = '2775' in LocalConfiguration.php/AdditionalConfiguration.php
  • create a folder with Filelist module in Backend
  • created folder should have permissions according to folderCreateMask
Problem in detail:
  • typo3/sysext/core/Classes/Resource/Driver/Localdriver.php->createFolder()
  • \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir($this->getAbsoluteBasePath() . $newFolderPath);
  • $this->getAbsoluteBasePath() has a trailing slash
  • $newFolderPath has a leading slash
  • this causes resulting paths with double slash, e.g. "[...]/fileadmin//test_create_folder/"
further information:
  • the LocalDriver->createFolder() function calls GeneralUtility::mkdir()
  • GeneralUtility::mkdir() calls self::fixPermissions()
  • self::fixPermissions() calls self::isAllowedAbsPath($path)
  • self::isAllowedAbsPath($path) fails because the $path contains '//' and returns false
  • fixPermissions() function aborts and does not apply the folderCreateMask setting to the newly created folder
Solution:
  • typo3/sysext/core/Classes/Resource/Driver/Localdriver.php->createFolder() line 212 (@6.1.7)
  • use LocalDriver->getAbsolutePath() which takes care of correct concatenation
  • before: \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir($this->getAbsoluteBasePath() . $newFolderPath);
  • after: \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir($this->getAbsolutePath($newFolderPath));
Actions
Copy link
 #4

Updated by Gerrit Code Review almost 11 years ago

  • Status changed from Needs Feedback to Under Review

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27042

Actions
Copy link
 #5

Updated by Gerrit Code Review about 10 years ago

Patch set 2 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/27042

Actions
Copy link
 #6

Updated by Gerrit Code Review about 10 years ago

Patch set 3 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/27042

Actions
Copy link
 #7

Updated by Gerrit Code Review about 10 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32917

Actions
Copy link
 #8

Updated by Gerrit Code Review about 10 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32918

Actions
Copy link
 #9

Updated by Gerrit Code Review about 10 years ago

Patch set 4 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/27042

Actions
Copy link
 #10

Updated by Gerrit Code Review about 10 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32917

Actions
Copy link
 #11

Updated by Gerrit Code Review almost 10 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32917

Actions
Copy link
 #12

Updated by Gerrit Code Review almost 10 years ago

Patch set 6 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32918

Actions
Copy link
 #13

Updated by Benni Mack almost 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #14

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF