Bug #61295
closed
calculateBasePath of LocalDriver does not properly sanitize value
Added by Bernhard Kraft almost 10 years ago.
Updated almost 6 years ago.
Category:
File Abstraction Layer (FAL)
Description
The method "calculateBasePath" of Resource/Driver/LocalDriver.php does not properly sanitize the passed value. It misses to use the return value of "canonicalizeAndCheckFilePath".
This would result in problems when using "/fileadmin/" as "Base path" in a sys_file_storage record being set to "relative".
It would also not remove the "/../" of a sys_file_storage base path like "/var/www/mysite/fileadmin/../../somewhereelse/" when being set to absolute.
Patch with unit tests sent to gerrit.
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32548
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32889
- Status changed from Under Review to Resolved
- % Done changed from 80 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF