[TYPO3-core] RFC #12341: Bug: Image Generation broken with PHP safe_mode = On / Graphicsmagick
Bernhard Kraft
kraftb at kraftb.at
Tue Dec 29 13:52:11 CET 2009
Helmut Hummel schrieb:
> Well imageMagickExec() is not called in many places throughout the core
> and only one time with the last frame parameter. This parameter is
> sanitized by intval before:
>
> $frame = $this->noFramePrepended ? '' : '['.intval($frame).']';
>
> Therefore no vulnerability would be introduced by this patch.
Hello !
I slightly modified your patch. I added the missing '[' when using an
alternative output name (altough this isn't very important - it gets MD5ed
anyways).
Additionally I changed the initializing parameter for the new $frame
variable from empty string '' to 0.
As the parameter is an int anyways I guess it looks cleaner initializing it
with an integer value ;)
+1 for either your version or mine. Both of my changes are not that
important this fix shouldnt make it into core - they are rather just cosmetics.
PS: A customer of mine already bothered me because of this bug!
greets,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 12341-trunk.diff
Type: text/x-patch
Size: 3290 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091229/9be02626/attachment.bin>
More information about the TYPO3-team-core
mailing list