[TYPO3-core] FYI72 #15936: Bug: [Caching framework] Entry identifier needs to be sanitized in FileBackend
Christian Kuhn
lolli at schwarzbu.ch
Fri Oct 8 15:38:47 CEST 2010
The following patch will be committed in 72 hours if nobody objects.
Type: Bugfix, FLOW3 backport
BT: http://bugs.typo3.org/view.php?id=15936
Branches: trunk, 4.4
Problem:
Currently the entry identifier is not checked at all in FileBackend.
Solution:
Throw exceptions if identifier contains path segments.
Notes:
- This is the v4 backport of [1], which was committed to FLOW3 in svn
rev. 4998 / git 12e086800f37429cf85fdc694e07b49054c16cbc
- Not a problem in 4.3, all identifiers are sha1()'d there
- Not a problem with current core usage as all identifiers are hashes
anyway.
[1] http://forge.typo3.org/issues/9357
Regards
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15936_01.diff
Type: text/x-patch
Size: 6682 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101008/01f4c49a/attachment.bin>
More information about the TYPO3-team-core
mailing list