[TYPO3-core] RFC #12341: Bug: Image Generation broken with PHP safe_mode = On / Graphicsmagick

Bernhard Kraft kraftb at kraftb.at
Tue Dec 29 13:52:11 CET 2009

Helmut Hummel schrieb:

> Well imageMagickExec() is not called in many places throughout the core
> and only one time with the last frame parameter. This parameter is
> sanitized by intval before:
> $frame = $this->noFramePrepended ? '' : '['.intval($frame).']';
> Therefore no vulnerability would be introduced by this patch.

Hello !

I slightly modified your patch. I added the missing '[' when using an
alternative output name (altough this isn't very important - it gets MD5ed

Additionally I changed the initializing parameter for the new $frame
variable from empty string '' to 0.

As the parameter is an int anyways I guess it looks cleaner initializing it
with an integer value ;)

+1 for either your version or mine. Both of my changes are not that
important this fix shouldnt make it into core - they are rather just cosmetics.

PS: A customer of mine already bothered me because of this bug!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 12341-trunk.diff
Type: text/x-patch
Size: 3290 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091229/9be02626/attachment.bin>

More information about the TYPO3-team-core mailing list