[TYPO3-core] RFC #17419: Bug: Image generation broken with safe_mode on

[Jigal van Hemert]

Hi,

Thanks for your patch!

On 31-1-2011 13:51, Jan Radecker wrote:
> Problem:
> Since TYPO3 4.5 - if safe_mode is on - the thumbnail generation is broken once
> again.

In 4.5 the policy is that if safe_mode causes problems which cannot be 
solved this will not prevent us from fixing the situation for other 
configurations.

> In File t3lib/utility/class.t3lib_utility_command.php the function
> imageMagickCommand() uses escapeshellarg() which leads to broken command if
> safe_mode is turned on.

This is needed for installation which have white space in the command 
(very common on Windows installations).

> With safe_mode on, exec() implicitly uses escapeshellcmd(). If wrong or no
> locale is set, umlauts in command get lost leading to invalid command.
> Since TYPO3 4.5 a wrapper function for exec() was introduced in file
> t3lib/utility/class.t3lib_utility_command.php which does not set the locale at
> all.

This is the good part of this patch.

> Since escapeshellarg() was intended to be used on arguments it is simply the
> wrong function here.
> Using escapeshellcmd() instead of escapeshellarg() solves the problem with
> broken command.

It is the only command which will add quotes in the desired way.

If you can come up with a solution which also works for commands with 
whitespace characters in the path or file name, I'm all for it.

-1 for now, for breaking installations with whitespace in the path.

-- 
Kind regards / met vriendelijke groet,

Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh