[TYPO3-core] FYI72 #15936: Bug: [Caching framework] Entry identifier needs to be sanitized in FileBackend

Christian Kuhn lolli at schwarzbu.ch
Fri Oct 8 15:38:47 CEST 2010


The following patch will be committed in 72 hours if nobody objects.

Type: Bugfix, FLOW3 backport

BT: http://bugs.typo3.org/view.php?id=15936

Branches: trunk, 4.4

Problem:
Currently the entry identifier is not checked at all in FileBackend.

Solution:
Throw exceptions if identifier contains path segments.

Notes:
- This is the v4 backport of [1], which was committed to FLOW3 in svn 
rev. 4998 / git 12e086800f37429cf85fdc694e07b49054c16cbc
- Not a problem in 4.3, all identifiers are sha1()'d there
- Not a problem with current core usage as all identifiers are hashes 
anyway.

[1] http://forge.typo3.org/issues/9357

Regards
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15936_01.diff
Type: text/x-patch
Size: 6682 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101008/01f4c49a/attachment.bin>


More information about the TYPO3-team-core mailing list