[TYPO3-core] RFC #13750: Bug: Several GIFBUILDER features broken for IM4, IM6 and GM

Joerg Wagner [DigiLog] lists.typo3.org at digilog.de
Thu Mar 11 13:46:16 CET 2010 

New patch attached as discussed.
The flaw is also present in 4.2, so I add a patch for that branch too.

Cheers, Jörg.


schrieb Joerg Wagner [DigiLog] am 11.03.2010 12:22:
> Hi Susanne,
>
> thanks for taking the time to look into this and sorry for my late
> response - I was out of the office for some days.
>
> I did some further investigation on this to respond your questions.
>
> As Jacob Rasmussen pointed out already, the faulty behavior shows up on
> Windows systems. But the reason lies deeper and can affect Linux systems
> too.
>
> Here are all details:
>
> The path+file parts in the parameters argument of
> t3lib_div::unQuoteFilenames($parameters) are treated with a function
> wrapFileName() before they are concatenated into the parameters argument
> (see class.t3lib_stdgraphic.php, function combineExec).
> wrapFileName() in turn uses the PHP function excapeshellarg to add
> surrounding quotes and to escape inner quotes in these strings.
> Now, excapeshellarg works differently on Windows and on Linux: On Linux
> it puts single quotes around its argument, on Windows it uses double
> quotes (see http://www.php.net/manual/en/function.escapeshellarg.php,
> user comment by Egorinsk).
>
> So we end up with something like this:
> LINUX
> +profile '*' -compose over +matte
> 'typo3temp/temp/969233c0cf24db7f144048d059b1032a_menuNT.gif' ...
> WINDOWS
> +profile '*' -compose over +matte
> "typo3temp/temp/969233c0cf24db7f144048d059b1032a_menuNT.gif" ...
>
> Now, our beloved function unQuoteFilenames() only checks for double
> quotes when trying to do its explode-like job. So on Linux the whole
> algorithm never really activates - and the bug in it never shows up.
>
> You can easily test this by doing static calls to unQuoteFilenames() in
> your IDE:
>
> t3lib_div::unQuoteFilenames('aaa bbb "ccc ddd"')
> : array =
> 0: string = "aaa"
> 1: string = "bbb"
> 2: string = "\"ccc ddd\""
> (CORRECT!)
>
> t3lib_div::unQuoteFilenames("aaa bbb 'ccc ddd'")
> : array =
> 0: string = "aaa"
> 1: string = "bbb"
> 2: string = "'ccc"
> 3: string = "ddd'"
> (WRONG BECAUSE OF SINGLE QUOTES - argument 3 is split up!!!)
>
> t3lib_div::unQuoteFilenames('aaa bbb "ccc" "ddd" "eee"')
> : array =
> 0: string = "aaa"
> 1: string = "bbb"
> 2: string = "\"ccc\" \"ddd\""
> 3: string = "\"eee\""
> (WRONG BECAUSE OF THE BUG - arguments 3 and 4 are joint!!!)
>
> t3lib_div::unQuoteFilenames("aaa bbb 'ccc' 'ddd' 'eee'")
> : array =
> 0: string = "aaa"
> 1: string = "bbb"
> 2: string = "'ccc'"
> 3: string = "'ddd'"
> 4: string = "'eee'"
> (CORRECT, but only because with single quotes the function's algorithm
> is dead.)
>
>
> SOLUTION:
> I propose to use my patch, but add more to it so that the function
> becomes single quote aware and thus also works correctly with Linux-like
> quoting.
> I will add a new patch that does this to the bug report within the next
> hours.
>
> Cheers,
> Jörg.
>
> schrieb Susanne Moog am 06.03.2010 16:07:
>> Hi Jörg,
>>
>> Joerg Wagner [DigiLog] wrote:
>>> This is an SVN patch request.
>>>
>>> Type: Bugfix
>>>
>>> Bugtracker references:
>>> http://bugs.typo3.org/view.php?id=13750
>>>
>>> Branches:
>>> TYPO3_4-3& trunk
>>> TYPO3_4-2& trunk
>>>
>>> Problem:
>>> When IM4, IM6 or GM are used, several GIFBUILDER features that
>>> internally use mask images (e.g. SHADOW and NICETEXT) are broken.
>>> The reason is a flawed processing of quoted subparts in IM commands.
>>> This flaw probably has many more side effects!
>>>
>>> Solution:
>>> When testing substrings for leading quotes, function
>>> t3lib_div::unQuoteFilenames() may only go into "start quote found" mode
>>> if the substring does not also contain a trailing quote. This is done by
>>> a simple change of the regular expression used to detect leading quotes.
>>
>> Any hints how to reproduce this behavior? I used the following TS on
>> Ubuntu / GraphicsMagick and the quoting results were the same before and
>> after the patch (both correct).
>>
>> page.130 = IMAGE
>> page.130 {
>> file = GIFBUILDER
>> file {
>> XY = 200,50
>> format = jpg
>> quality = 88
>> backColor = #FFFFFF
>> 10 = TEXT
>> 10 {
>> text = Hallo Weltas!
>> fontColor = #000000
>> fontSize = 38
>> fontFile = fileadmin/Acapulco.ttf
>> offset = 0,40
>> }
>> 20 = SHADOW
>> 20 {
>> blur = 30
>> color = #FF00FF
>> textObjNum = 10
>> }
>> }
>> }
>>
>>
>> Result:
>> Array
>> (
>> [0] => +profile
>> [1] => '*'
>> [2] => -compose
>> [3] => over
>> [4] => +matte
>> [5] => 'typo3temp/temp/a885e075fed9608a611a2ea024b2a869_menu.gif'
>> [6] => 'typo3temp/temp/a885e075fed9608a611a2ea024b2a869_color.gif'
>> [7] => 'typo3temp/temp/f9702ffd24d69faf71be62210fd6d47f.gif'
>> [8] => 'typo3temp/temp/a885e075fed9608a611a2ea024b2a869_menu.gif'
>> )
>>
>> Best regards,
>>
>> Susanne
>>
>>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch 4.3.2 20100311.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100311/23dffc47/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch 4.2.12 20100311.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100311/23dffc47/attachment.asc>

More information about the TYPO3-team-core mailing list