Bug #80397

fileadmin: bug with filenames with escape sequences

Added by Stefa No almost 5 years ago. Updated almost 5 years ago.

Must have
Backend User Interface
Target version:
Start date:
Due date:
% Done:


Estimated time:
TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


I've just successfully migrated one of many Typo3 4.5.40 installations to 6.2.30.

But then I've noticed this sad problem:

  • premise: already on the original typo3 4.5.x installation,
    some users loaded hundred of IMPORTANT files (on a total of thousand files)
    under fileadmin/, which contains this TWO special chars sequence in the filename: \',
    for example: fileadmin/user_upload/that\'s\ strange.txt
    (i don't know if the upload happened from backend or via ftp,
    but "unfortunately" it happened. i know/tested that 6.2.30 BACKEND
    doesn't permit fileadmin UPLOADs with special chars in filename: ok).
  • 1st bug: on the 6.2.30 version, when browsing fileadmin/user_upload directory
    from the backend through Fileadmin, we receive an empty page with a generic "Ooops" red error,
    while in 4.5.40 we can still browse the fileadmin/user_upload directory.
  • 2nd bug: in 4.5.40, for the "strange" file, fileadmin CAN browse the directory
    but it's then IMPOSSIBILE to see file info (we receive a blank page) or do other operations,
    and the name is visualized as splitted before and after the apex.
    it sounds like typo3 6.2.x handles the directory visualization differently,
    so something in escaping/unescaping fails earlier and we can't browse the WHOLE directory.
  • HOWEVER the links to these files, where they are used, are working correctly,
    so the problem is for the people working with files through the backend Fileadmin function.

A workaround for the unlucky users could be to rename the hundred files in fileadmin/
and every referral page on the thousands of the website,
but would be preferrable also to handle this bad eventuality core-side,
or to keep at least the directory browsable as it was working with typo3 4.5.x...

Thank you!


Updated by Wouter Wolters almost 5 years ago

  • Status changed from New to Rejected

Hi, this is unfortunately not something we as TYPO3 can fix for you anymore.
Due to the fact that this has been introduced in a secutiry release of TYPO3 we can't revert the change nor allow access again.

The files were uploaded by FTP probably. So the only thing you can do is to rename the files.
I know there are people that wrote a script or a hook for this. A look in the forums or the TYPO3-cms slack channel might help your further.

Also available in: Atom PDF