Bug #70106
closed
Temporary files are not deleted even though GeneralUtility::unlink_tempfile is called
100%
Description
If you have the following file structure (e.g. Mittwald has this) with PATH_site being /home/www/p123456/html/typo3/ ...
DIR /html/typo3/
DIR /html/typo3/typo3temp/
SYMLINK /home/www/p123456/ -> ../.. ("../.." refers to the server root /)
LINKED /home/www/p123456/html/ -> /html/
LINKED /home/www/p123456/html/typo3/ -> /html/typo3/ (this is what PATH_site contains)
LINKED /home/www/p123456/html/typo3/typo3temp/ -> /html/typo3/typo3temp/
... then the following code will create a temporary file but will not delete it again!
$tmpFile = GeneralUtility::tempnam('test', '.txt'); //$tmpFile == '/html/typo3/typo3temp/testABCDE.txt'
GeneralUtility::unlink_tempfile($tmpFile);
This is because GeneralUtility::tempnam uses PHP's tempnam and PHP's tempnam seems to use something like realpath internally which resolves symlinks. So you end up with a $tmpFile-path that contains no unresolved symlinks. But GeneralUtility::unlink_tempfile expects the first parameter to start with exactly PATH_site (containing unresolved symlinks).
In the end either GeneralUtility::tempnam or GeneralUtility::unlink_tempfile needs to be adjusted. I personally think it would be much better to fix GeneralUtility::tempnam, because it should not return anything that does not begin with PATH_site in my opinion. Maybe something like this inside GeneralUtility::tempnam would fix it:
if(!self::isFirstPartOfStr($uploadedTempFileName, PATH_site . 'typo3temp/')) {
$tempFileName = PATH_site . 'typo3temp' . substr(realpath($tempFileName), strlen(realpath(PATH_site . 'typo3temp')));
}
Updated by Matteo Bonaker about 9 years ago
Simpler suggestion for the change inside GeneralUtility::tempnam:
$tempFileName = PATH_site . 'typo3temp/' . basename($tempFileName);
But keep in mind, that PHP's tempnam might fall back on the system default if it has no access rights to the temp-directory which would be a problem anyway.
Updated by Gerrit Code Review almost 8 years ago
- Status changed from New to Under Review
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50490
Updated by Gerrit Code Review almost 8 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50490
Updated by Stefan Froemken almost 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset fe23a0b0029f6fe0d95f8a04e80f98df2f3ee65c.
Updated by Gerrit Code Review almost 8 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51083
Updated by Stefan Froemken almost 8 years ago
- Status changed from Under Review to Resolved
Applied in changeset b35192a0dc8ee82ecdffca27a7185277ca12746e.
Updated by Gerrit Code Review almost 8 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51086
Updated by Stefan Froemken almost 8 years ago
- Status changed from Under Review to Resolved
Applied in changeset 7a993251036f3f7f14b2377b9d68105efe0b15cf.
Updated by