fileadmin: bug with filenames with escape sequences
I've just successfully migrated one of many Typo3 4.5.40 installations to 6.2.30.
But then I've noticed this sad problem:
- premise: already on the original typo3 4.5.x installation,
some users loaded hundred of IMPORTANT files (on a total of thousand files)
under fileadmin/, which contains this TWO special chars sequence in the filename: \',
for example: fileadmin/user_upload/that\'s\ strange.txt
(i don't know if the upload happened from backend or via ftp,
but "unfortunately" it happened. i know/tested that 6.2.30 BACKEND
doesn't permit fileadmin UPLOADs with special chars in filename: ok).
- 1st bug: on the 6.2.30 version, when browsing fileadmin/user_upload directory
from the backend through Fileadmin, we receive an empty page with a generic "Ooops" red error,
while in 4.5.40 we can still browse the fileadmin/user_upload directory.
- 2nd bug: in 4.5.40, for the "strange" file, fileadmin CAN browse the directory
but it's then IMPOSSIBILE to see file info (we receive a blank page) or do other operations,
and the name is visualized as splitted before and after the apex.
it sounds like typo3 6.2.x handles the directory visualization differently,
so something in escaping/unescaping fails earlier and we can't browse the WHOLE directory.
- HOWEVER the links to these files, where they are used, are working correctly,
so the problem is for the people working with files through the backend Fileadmin function.
A workaround for the unlucky users could be to rename the hundred files in fileadmin/
and every referral page on the thousands of the website,
but would be preferrable also to handle this bad eventuality core-side,
or to keep at least the directory browsable as it was working with typo3 4.5.x...
Updated by Wouter Wolters almost 5 years ago
- Status changed from New to Rejected
Hi, this is unfortunately not something we as TYPO3 can fix for you anymore.
Due to the fact that this has been introduced in a secutiry release of TYPO3 we can't revert the change nor allow access again.
The files were uploaded by FTP probably. So the only thing you can do is to rename the files.
I know there are people that wrote a script or a hook for this. A look in the forums or the TYPO3-cms slack channel might help your further.