Bug #84624

Importing Youtube Videos with control characters in the title might break frontend output

Added by Hannes Bochmann 12 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2018-04-05
Due date:
% Done:

0%

TYPO3 Version:
8
PHP Version:
7.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When a Youtube Video is imported by URL for example with the text/media element the video might throw an exception when displayed in the frontend. The error message can be like this:

You are not allowed to access that file: "Einfach_Energie_sparen_–_Tipp_1_–_Richtig_Heizen_und_Lüften.youtube"

This maybe caused by inproper sanitizing of the filename during the import. When the video is imported the title of the video might be retrieved (@see AbstractOEmbedHelper::transformMediaIdToFile()) and used as part of the filename. The title can contain characters like "–". When creating the file LocalDriver:.addFile() is used where the sanitization of the later filename takes place. Inside of LocalDriver::sanitizeFileName() it's checked if $GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem'] is true. If not than control characters like "–" are replaced otherwise they are left untouched as they should not cause problems. When the file get's retrieved in the frontend the permissions to read that file get checked. During this check in ResourceStorage::checkFileActionPermission() the file extension is checked with GeneralUtility::verifyFilenameAgainstDenyPattern(). At this point control characters like "–" are not allowed which leads to the exception.

A workaround could be to set GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem'] to false as the filename won't contain control characters in that case. I think a better solution would be to replace control characters during the import or change the behaiviour of GeneralUtility::verifyFilenameAgainstDenyPattern

Example video with control characters in the filename: https://www.youtube.com/watch?v=SlXSjcWp8hE

History

#1 Updated by Guido Schmechel 11 months ago

Hi Hannes,

can you please recheck this video with 8.7.13 or 9.3-dev and give some feedback? I can't reproduce your issue with these versions and video.

#2 Updated by Riccardo De Contardi 10 months ago

  • Status changed from New to Needs Feedback

#3 Updated by Wouter Wolters 5 months ago

  • Status changed from Needs Feedback to Closed

No feedback for a couple of months, closing this issue for now. If this is still a problem please contact me and I will re-open it.

Also available in: Atom PDF