[BUGFIX] New filename does not get sanitized 06/27806/5
authorFrans Saris <franssaris@gmail.com>
Mon, 24 Feb 2014 07:27:23 +0000 (08:27 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Tue, 4 Mar 2014 17:20:14 +0000 (18:20 +0100)
When adding a new file through the ResourceStorage there
is a check to see if the file already exists. But this check
does not sanitize the target filename, so it could happen that
you get a false positive because when the file really is added
to the file system the target filename is sanitized.

This patch sanitizes the file name before the fileExists check.

Releases: 6.2, 6.1
Resolves: #55299
Change-Id: I519220040448b08883146caf463ed58544a18453
Reviewed-on: https://review.typo3.org/27806
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Xavier Perseguers
Reviewed-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/core/Classes/Resource/ResourceStorage.php

index 207220c..18d36fb 100644 (file)
@@ -1105,7 +1105,7 @@ class ResourceStorage {
                }
                $this->assureFileAddPermissions($localFilePath, $targetFolder, $targetFileName);
                $targetFolder = $targetFolder ?: $this->getDefaultFolder();
-               $targetFileName = $targetFileName ?: PathUtility::basename($localFilePath);
+               $targetFileName = $this->driver->sanitizeFileName($targetFileName ?: PathUtility::basename($localFilePath));
                if ($conflictMode === 'cancel' && $this->driver->fileExistsInFolder($targetFileName, $targetFolder->getIdentifier())) {
                        throw new Exception\ExistingTargetFileNameException('File "' . $targetFileName . '" already exists in folder ' . $targetFolder->getIdentifier(), 1322121068);
                } elseif ($conflictMode === 'changeName') {