[TYPO3-core] RFC #16796: Frame added to IM/GM commands should be inside quotes
Jigal van Hemert
jigal at xs4all.nl
Tue Dec 28 16:10:20 CET 2010
Hi,
On 28-12-2010 15:37, Helmut Hummel wrote:
> Am 21.12.2010 15:04, schrieb Jigal van Hemert:
>>
>> Problem:
>> Currently the frame ( [0] ) added to a filename in an IM/GM command is
>> placed outside the quotes. According to the IM manual [1] it must be
>> placed inside the quotes.
>
> Does the current behaviour cause a wrong result?
Yes. The combination of incorrect unQuoteFileName() (#16795) and
incorrect position of frames resulted in problems on Windows.
At first we tried to solve all problems in #13750, but due to testing
problems (we would actually need reviews on all combinations) in a
discussion with the 4.5 RM it was decided to split that issue in three
parts.
#16795 is already committed, so with the correct behaviour of
unQuoteFileName and the wrong position of the frame it will probably
mess up some installations.
>> [1]
>> http://www.imagemagick.org/script/command-line-processing.php?ImageMagick=em65ptsj9e2k39pvnqr51d7j90
>>
> Then we have a problem here. The frame parameter has been moved out of
> the wrapping because of problems with ... guess what ... safe mode enabled.
>
> See: #12341 for the changes and the discussion.
Well, moving the frame parameter out of the wrapping was a wrong
solution in the first place.
And guess what, #16797 implements the suggestion of Marcus Krause in the
discussion of #12341 to drop escapeshellarg() when safe_mode is on,
because safe_mode already executes escapeshellcmd() to prevent injections.
With all three patches in, the situation on *nix, Windows and problems
with safe_mode should all be fixed.
--
Kind regards / met vriendelijke groet,
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list