[TYPO3-core] RFC: fix bug #3834 protect t3lib_formmail against abuse
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Thu May 3 10:39:31 CEST 2007
Thorsten Kahler schrieb:
> Hi Masi,
>
> Martin Kutschker wrote on 02.05.2007 17:18:
>> I though so, but why does TCEmain the accept also not uploaded files!?!:
>>
>> if (@is_dir($dest) &&
>> (@is_file($theFile) || @is_uploaded_file($theFile))) {
>>
>> // Finding size. For safe_mode we have to rely on the size
>> // in the upload array if the file is uploaded.
>> if (is_uploaded_file($theFile) &&
>> $theFile==$uploadedFileArray['tmp_name']) {
>> $fileSize = $uploadedFileArray['size'];
>> } else {
>> $fileSize = filesize($theFile);
>> }
>> ... // copy, ect
>> }
>>
>> This code is in checkValue_group_select_file() and handles the uploads.
>>
>> Masi
>
>
> t3lib_TCEmain::checkValue_group_select_file() is used for TCA type "group"
> which allows selection of existing files. So this is a different case.
I thought so too, but an existing file shouldn't be copied, right? And yet
this code snippet is about copying.
Masi
More information about the TYPO3-team-core
mailing list