Bug #56999
closed
broken handling of rawurlencoded filepaths in FAL's resource-factory
0%
Description
The FAL-Implementaion contains the following check in TYPO3\CMS\Core\Resource\ResourceFactory->retrieveFileOrFolderObject, to determine the existence of the given $input as file:
…
} elseif (@is_file(PATH_site . $input)) {
// only the local file
return $this->getFileObjectFromCombinedIdentifier($input);
} else {
…
As the Resource-FilePath-Sanatizer applies rawurlencode to all filepaths, the is_file function-call always fails for file-paths which contain whitespaces (or other characters which change during url-encoding). Hence if the given input is something like '/fileadmin/path%20to%20file.extension' (notice the two spaces => %20) it will silently fail and throw a misleading folder-not-found exception instead.
To solve this bug we could rawurldecode the given $input - but this makes only sense if we always deal with local files only:
diff --git a/typo3/sysext/core/Classes/Resource/ResourceFactory.php b/typo3/sysext/core/Classes/Resource/ResourceFactory.php
index 9a10e8b..98deedb 100644
--- a/typo3/sysext/core/Classes/Resource/ResourceFactory.php
+++ b/typo3/sysext/core/Classes/Resource/ResourceFactory.php
@@ -438,7 +438,7 @@ class ResourceFactory implements \TYPO3\CMS\Core\SingletonInterface {
public function retrieveFileOrFolderObject($input) {
// Remove PATH_site because absolute paths under Windows systems contain ':'
// This is done in all considered sub functions anyway
- $input = str_replace(PATH_site, '', $input);
+ $input = str_replace(PATH_site, '', rawurldecode($input));
if (GeneralUtility::isFirstPartOfStr($input, 'file:')) {
$input = substr($input, 5);
(This patch is also attached to this bug-report).
I appreciate any feedback,
Cheerio,
Stephan Jorek
Files
Updated by 
Updated by 
Updated by 
Updated by