[TYPO3-core] RFC: fix bug #3834 protect t3lib_formmail against abuse

Wed May 2 19:14:20 CEST 2007

Hi Masi,

Martin Kutschker wrote on 02.05.2007 17:18:
> 
> I though so, but why does TCEmain the accept also not uploaded files!?!:
> 
> if (@is_dir($dest) &&
>    (@is_file($theFile) || @is_uploaded_file($theFile)))	{
> 
>   // Finding size. For safe_mode we have to rely on the size
>   // in the upload array if the file is uploaded.
>    if (is_uploaded_file($theFile) &&
>       $theFile==$uploadedFileArray['tmp_name'])	{
> 	$fileSize = $uploadedFileArray['size'];
>    } else {
> 	$fileSize = filesize($theFile);
>    }
>    ... // copy, ect
> }
> 
> This code is in checkValue_group_select_file() and handles the uploads.
> 
> Masi

t3lib_TCEmain::checkValue_group_select_file() is used for TCA type "group"
which allows selection of existing files. So this is a different case.

Regards
Thorsten