Bug #83762
closed
File storage with invalid (upwards folder "../") path can be saved as 'absolute path', but then not edited anymore due to error message. Unsolvable situation.
100%
Description
Using TYPO3 8.7 LTS.
- I edited a file storage with absolute path.
- changed path to relative.
- entered "../somefolder" for a folder outside the web root.
- saved the file storage
- an error occurs: "File ../somefolder is not valid (".." and "//" is not allowed in path). "
- went back to the list module
- clicked to edit the file storage
- same error appears again -> there is no way to get to see the editing form for this record again!
-> file storage was saved with invalid path ==> fatally missing validation before saving!
-> now I cannot fix the invalid path, because the error is shown instead of the record editing form for the file storage.
-> hopeless situation, only direct DB access can come to the rescue.
Updated by Leonie Philine almost 7 years ago
- Subject changed from File storage with invalid (upwards folder "../") path can be saved, but then not edited anymore due to error message. Unsolvable situation. to File storage with invalid (upwards folder "../") path can be saved as 'absolute path', but then not edited anymore due to error message. Unsolvable situation.
PS: When I checked the database record, the path type was saved as 'absolute'. I had initially thought I changed it to relative. (Maybe TYPO3 did not save the change from absolute to relative, but I cannot reproduce that, so I can only assume right now that I missed changing it to 'relative'.)
So, if you configure a record to have an ABSOLUTE path and enter a path containing "../", then the record will no longer be editable.
Updated by Gerrit Code Review almost 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55551
Updated by Gerrit Code Review almost 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55551
Updated by Gerrit Code Review almost 7 years ago
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55552
Updated by Anonymous almost 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 0814406dddcdca07377f62775fbbbdb46e9b6b65.
Updated by Gerrit Code Review almost 7 years ago
- Status changed from Resolved to Under Review
Patch set 2 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55552
Updated by Anonymous almost 7 years ago
- Status changed from Under Review to Resolved
Applied in changeset aba02120ed09ce76031ccbf3a9f8ea579802f77b.
Updated by