Project

General

Profile

Actions

Bug #95581

open

FileNameValidator wrongly allows empty strings

Added by S P about 3 years ago. Updated about 3 years ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2021-10-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

\TYPO3\CMS\Core\Resource\Security\FileNameValidator->isValid() returns true for an empty string. This is wrong. Filenames may not be empty.

(Category Security because the class is in the Security namespace, re-categorize if this is wrong)

The according Test should also check for empty strings.

Actions #1

Updated by Oliver Hader about 3 years ago

  • Assignee deleted (Oliver Hader)
Actions #2

Updated by Oliver Hader about 3 years ago

  • Status changed from New to Needs Feedback

Can you please describe your use-case? What is the origin of an empty filename? Thx in advance!

Actions #3

Updated by S P about 3 years ago

User input, of course. I expect a FileNameValdiator to correctly validate file names. If everyone has to provide additional checks on the file name string anyways, then I wonder why to privide a Validator class at all?

Actions

Also available in: Atom PDF