Bug #87527

Exception on creating file with disallowed extension

Added by Andreas Kiessling 7 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2019-01-23
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

How to reproduce:
Create a text file in the file module with a disallowed extension, e.g. .shtml
The creation is denied, but the getFileEditRedirect throws an exception, because the param is not a file but already null

Argument 1 passed to TYPO3\CMS\Backend\Controller\File\FileController::getFileEditRedirect() must be an instance of TYPO3\CMS\Core\Resource\File, null given, called in /var/www/dist/typo3_src/typo3/sysext/backend/Classes/Controller/File/FileController.php on line 172 

TypeError thrown in file
/var/www/dist/typo3_src/typo3/sysext/backend/Classes/Controller/File/FileController.php in line 190.

Happened on TYPO3 version 8.7.24

Associated revisions

Revision a0bff080 (diff)
Added by Susanne Moog 6 months ago

[BUGFIX] Prevent exception in file list

When creating a file with a disallowed file
extension an exception was thrown as on creation
the redirect to edit interface on a non-existing
file was called.

Though the better fix might be to prevent the
request for an invalid file to be sent at all
this fix ensures a working file list module in
a more "surgical" way to allow secure backporting.

Resolves: #87527
Releases: master, 9.5, 8.7
Change-Id: I35a054c05b37c09acab83a7aa9eca89cf9ebf6b9
Reviewed-on: https://review.typo3.org/c/59879
Tested-by: TYPO3com <>
Tested-by: Anja Leichsenring <>
Tested-by: Guido Schmechel <>
Tested-by: Benni Mack <>
Reviewed-by: Anja Leichsenring <>
Reviewed-by: Guido Schmechel <>
Reviewed-by: Benni Mack <>

Revision 78ae96eb (diff)
Added by Susanne Moog 6 months ago

[BUGFIX] Prevent exception in file list

When creating a file with a disallowed file
extension an exception was thrown as on creation
the redirect to edit interface on a non-existing
file was called.

Though the better fix might be to prevent the
request for an invalid file to be sent at all
this fix ensures a working file list module in
a more "surgical" way to allow secure backporting.

Resolves: #87527
Releases: master, 9.5, 8.7
Change-Id: I35a054c05b37c09acab83a7aa9eca89cf9ebf6b9
Reviewed-on: https://review.typo3.org/c/59924
Tested-by: TYPO3com <>
Tested-by: Benni Mack <>
Reviewed-by: Benni Mack <>

Revision dd9a88ed (diff)
Added by Susanne Moog 6 months ago

[BUGFIX] Prevent exception in file list

When creating a file with a disallowed file
extension an exception was thrown as on creation
the redirect to edit interface on a non-existing
file was called.

Though the better fix might be to prevent the
request for an invalid file to be sent at all
this fix ensures a working file list module in
a more "surgical" way to allow secure backporting.

Resolves: #87527
Releases: master, 9.5, 8.7
Change-Id: I35a054c05b37c09acab83a7aa9eca89cf9ebf6b9
Reviewed-on: https://review.typo3.org/c/59926
Tested-by: TYPO3com <>
Tested-by: Benni Mack <>
Reviewed-by: Benni Mack <>

History

#1 Updated by Gerrit Code Review 6 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59879

#2 Updated by Gerrit Code Review 6 months ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59924

#3 Updated by Anonymous 6 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#4 Updated by Gerrit Code Review 6 months ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59926

#5 Updated by Anonymous 6 months ago

  • Status changed from Under Review to Resolved

#6 Updated by Benni Mack 4 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF