Fixed bug #16362: Directory traversal attack in em_unzip
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:41:10 +0000 (13:41 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:41:10 +0000 (13:41 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@9791 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/em/classes/tools/class.tx_em_tools_unzip.php

index 91f6a07..c4bc312 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@
        * Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
        * Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert)
        * Fixed bug #15735: FORM content object is susceptible to XSS (thanks to Benjamin Mack)
+       * Fixed bug #16362: Directory traversal attack in em_unzip
 
 2010-12-06  Steffen Kamper  <steffen@typo3.org>
 
index f581202..a8f207f 100644 (file)
@@ -542,6 +542,11 @@ class tx_em_Tools_Unzip {
                        }
                }
 
+                       // added by TYPO3 secteam to check for invalid paths
+               if (!t3lib_div::validPathStr($p_entry['filename'])) {
+                               return $v_result;
+               }
+
                // Add the path
                if ($p_path != '') {
                        $p_entry['filename'] = $p_path . "/" . $p_entry['filename'];