[TYPO3-core] RFC #16785: No image generation with PHP-SAFE_MODE (GM/IM)
Helmut Hummel
helmut.hummel at typo3.org
Mon Feb 21 22:12:37 CET 2011
Hi Jigal,
On 11.02.11 22:12, Jigal van Hemert wrote:
> Solution:
> Only use escapeshellarg if it is useful (i.e. if there are whitespace
> characters or if characters were escaped).
Sounds like a good idea.
+1 by reading and testing.
Attached a patch which uses strict (string) comparison, although I do
not insist on it, I think we should use strict coparison wherever
possible (also thought about preg_match() === 0 instead of !preg_match()
but found the latter more readable).
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 16785_v3.diff
Type: text/x-patch
Size: 3471 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110221/5e9d0c40/attachment.bin>
More information about the TYPO3-team-core
mailing list