[TYPO3-core] RFC #12341: Bug: Image Generation broken with PHP safe_mode = On / Graphicsmagick

Helmut Hummel helmut at typo3.org
Mon Dec 28 21:35:55 CET 2009


Hi Benni,

Am 28.12.09 11:14, schrieb Benjamin Mack:
> 
> one question: If we add this "frame" option again, wasn't stuff like
> this exactly the reason why we wanted to have the filename wrapped in
> the first place? With that "frame" parameter we open up the door again,
> right?

Well imageMagickExec() is not called in many places throughout the core
and only one time with the last frame parameter. This parameter is
sanitized by intval before:

$frame = $this->noFramePrepended ? '' : '['.intval($frame).']';

Therefore no vulnerability would be introduced by this patch.

But I agree with you that it would be cleaner, if the frame parameter is
sanitized directly before it is used.

Find attached a patch which takes this into account.

Greets Helmut
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 12341_v5-4_3-trunk.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091228/0ab828a0/attachment.txt>


More information about the TYPO3-team-core mailing list