Project

General

Profile

Actions

Bug #66033

closed

open_basedir restriction fails File->getContents() due to ResourceStorage->checkFileExtensionPermission() and GeneralUtility::split_fileref()

Added by Stephan Großberndt almost 9 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2015-03-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.4
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

I have open_basedir restrictions on our servers.

I want to fetch the file content from a FileReference of a local file.

File->getContents()
calls
ResourceStorage->getFileContents()
which checks
ResourceStorage->assureFileReadPermission()
first.

ResourceStorage->checkFileActionPermission()
calls
if (!$this->checkFileExtensionPermission($file->getName())) {
supplying ONLY the fileName and not the file object or the full path to the file!

In checkFileExtensionPermission() since only the fileName has been supplied extracting the extension is done like this:

$fileInfo = GeneralUtility::split_fileref($fileName);
...
$fileExtension = strtolower($fileInfo['fileext']);

GeneralUtility::split_fileref in turn expects to be fed with full pathes to existing files only and happily calls !is_dir($fileref) :

static public function split_fileref($fileref) {
    if (!is_dir($fileref) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {

This results in a check for is_dir() supplying only a file name.

With a open_basedir restriction in effect this results in

PHP Warning: is_dir(): open_basedir restriction in effect. File(XYZ.svg) is not within the allowed path(s): ([...]) in typo3_src-6.2.11/typo3/sysext/core/Classes/Utility/GeneralUtility.php line 886" 

since the file XYZ.svg is not directly in one of the configured pathes but a subdirectory "fileadmin/user_upload".

Either the check to fetch the file extension in checkFileExtensionPermission() has to be adapted to fetch differently or GeneralUtility::split_fileref needs to be changed not to use is_dir.

Actions #1

Updated by Frans Saris almost 9 years ago

  • Status changed from New to Accepted

pathinfo() [1] could be used instead of $fileInfo = GeneralUtility::split_fileref() as it doesn't care if the path exists.

gr. Frans

[1] http://php.net/manual/en/function.pathinfo.php

Actions #2

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38221

Actions #3

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38221

Actions #4

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38273

Actions #5

Updated by Frans Saris almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #6

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF