[TYPO3-core] EM2 problems.
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Wed May 31 17:36:58 CEST 2006
Martin Kutschker schrieb:
> Martin Kutschker schrieb:
>
>> Bernhard Kraft schrieb:
>>
>>>
>>> I attach two different patches which solve the problem by two
>>> different approaches.
>>>
>>> * Version 1:
>>> Don't unlink the file directly after upload but post the name of the
>>> intermediate file in typo3temp
>>> again in the form. When called again use this file to get $fetchData
>>> again.
>>
>>
>>
>> Looks fine (not tested).
>>
>> But don't use side effects AND logical operators in one statement.
>>
>> NO:
>> if (($uploadedTempFile = $this->CMD['alreadyUploaded']) ||
>> $_FILES['upload_ext_file']['tmp_name']) {
>>
>> YES:
>> $uploadedTempFile = $this->CMD['alreadyUploaded']);
>> if ($uploadedTempFile || $_FILES['upload_ext_file']['tmp_name']) {
>>
>> Perhaps you could do a check like Dmitry suggested:
>>
>> if (!is_uploaded_file($_FILES['upload_ext_file']['tmp_name']) {
>> t3lib_div::sysLog('Possible file upload attack:
>> '.$_FILES['upload_ext_file']['tmp_name'], 'Extension Manager', 3);
>>
>> return false;
>> }
>
>
> The patch worked for me so +1.
As Rupert gave a +1 I took the liberty to commit the patch.
I added two checks:
a) Dmitries security check
if (!is_uploaded_file($_FILES['upload_ext_file']['tmp_name'])) {
t3lib_div::sysLog(
'Possible file upload attack: '.$_FILES['upload_ext_file']['tmp_name'],
'Extension Manager', 3);
return 'File was not uploaded?!?';
}
b) a sanity check of mine
$fileContent = t3lib_div::getUrl($uploadedTempFile);
if (!$fileContent) return 'File is empty!';
Masi
More information about the TYPO3-team-core
mailing list