[TYPO3-core] RFC #12341: Bug: Image Generation broken with PHP safe_mode = On / Graphicsmagick
Bernhard Kraft
kraftb at kraftb.at
Mon Jan 4 18:20:28 CET 2010
Til Obes schrieb:
> This is a Denial-of-Service Bug, so please hurry up.
>
You have a +1 from me (which is Core +1).
Benni objected because he tought the "[0]" would be part of the input
string. Modifying the "wrapFileName" method is not a good solution in my
eyes. As it wraps a filename - whil'st the "[0]" is not part of the
filename. I am completly fine with your solution. It does not open any
security holes.
So if we get a +1 from anyone else I could commit the patch.
PS: This really is a blocking bug! Way to reproduce this:
*1* Set safe-mode to "On" in your php.ini
*2* Remove all "tmb_*" files from your "typo3temp/" director
*3* Try to view some images in the fileadmin
Result: You'll get a "No thumbnail generated" image because also thumbs.php
is affected
greets,
Bernhard
More information about the TYPO3-team-core
mailing list