Actions
Bug #71760
closedPossible insecure unserialize exploitation in UploadExtensionFileController
Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2015-11-21
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
The class
TYPO3\CMS\Extensionmanager\Controller\UploadExtensionFileController
has the __destruct() (calling removeBackupFolder()) method which will be called after unserialize().
Another example:
TYPO3\CMS\Core\Service\AbstractService
If this class does not need to support for serialization, we should consider implementing the method __wakeup() and throwing an exception.
If the class really need to be serialized, than there should be additional checks done before removing a directory (like checking if the deletion takes place in typo3temp, etc.)
Actions