[TYPO3-core] RFC #12341: Bug: Image Generation broken with PHP safe_mode = On / Graphicsmagick
helmut at typo3.org
Mon Dec 28 21:35:55 CET 2009
Am 28.12.09 11:14, schrieb Benjamin Mack:
> one question: If we add this "frame" option again, wasn't stuff like
> this exactly the reason why we wanted to have the filename wrapped in
> the first place? With that "frame" parameter we open up the door again,
Well imageMagickExec() is not called in many places throughout the core
and only one time with the last frame parameter. This parameter is
sanitized by intval before:
$frame = $this->noFramePrepended ? '' : '['.intval($frame).']';
Therefore no vulnerability would be introduced by this patch.
But I agree with you that it would be cleaner, if the frame parameter is
sanitized directly before it is used.
Find attached a patch which takes this into account.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the TYPO3-team-core