Project

General

Profile

Actions
Copy link

Bug #61295

closed

calculateBasePath of LocalDriver does not properly sanitize value

Added by Bernhard Kraft about 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
next-patchlevel
Start date:
2014-09-01
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.3
Tags:
Complexity:
no-brainer
Is Regression:
No
Sprint Focus:

Description

The method "calculateBasePath" of Resource/Driver/LocalDriver.php does not properly sanitize the passed value. It misses to use the return value of "canonicalizeAndCheckFilePath".

This would result in problems when using "/fileadmin/" as "Base path" in a sys_file_storage record being set to "relative".
It would also not remove the "/../" of a sys_file_storage base path like "/var/www/mysite/fileadmin/../../somewhereelse/" when being set to absolute.

Patch with unit tests sent to gerrit.

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #36420: Filemount in local file system (not on webserver) leads to errorsClosedSteffen Ritter2012-04-22

Actions
Actions
Copy link

Also available in: Atom PDF