[BUGFIX] Replace split_fileref() by pathinfo() in ResourceStorage 21/38221/3
authorFrans Saris <franssaris@gmail.com>
Wed, 25 Mar 2015 19:43:05 +0000 (20:43 +0100)
committerFrans Saris <franssaris@gmail.com>
Thu, 26 Mar 2015 20:54:52 +0000 (21:54 +0100)
GeneralUtility::split_fileref($fileName) expects the given $fileName to
be an existing file as it checks if the given file is a directory or
not using is_dir(). The ResourceStorage only provides the name of the
file without path when calling it.

Checking is_dir() on a file without correct path on systems with
open_basedir restrictions triggers the PHP Warning: 'is_dir():
open_basedir restriction in effect'.

Replace the calls to split_fileref() with PathUtility::pathinfo() as
this function doesn't check/care whether the path is real.

Document the behavior of split_fileref().

Resolves: #66033
Releases: master, 6.2
Change-Id: I5b4c953461ed3e9e374614a5ca6037842cc18546
Reviewed-on: http://review.typo3.org/38221
Reviewed-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: Stephan Großberndt <stephan@grossberndt.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php

index b09cb90..66bf676 100644 (file)
@@ -652,12 +652,11 @@ class ResourceStorage implements ResourceStorageInterface {
                $fileName = $this->driver->sanitizeFileName($fileName);
                $isAllowed = GeneralUtility::verifyFilenameAgainstDenyPattern($fileName);
                if ($isAllowed) {
-                       $fileInfo = GeneralUtility::split_fileref($fileName);
+                       $fileExtension = strtolower(PathUtility::pathinfo($fileName, PATHINFO_EXTENSION));
                        // Set up the permissions for the file extension
                        $fileExtensionPermissions = $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']['webspace'];
                        $fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($fileExtensionPermissions['allow']));
                        $fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($fileExtensionPermissions['deny']));
-                       $fileExtension = strtolower($fileInfo['fileext']);
                        if ($fileExtension !== '') {
                                // If the extension is found amongst the allowed types, we return TRUE immediately
                                if ($fileExtensionPermissions['allow'] === '*' || GeneralUtility::inList($fileExtensionPermissions['allow'], $fileExtension)) {
@@ -2408,16 +2407,15 @@ class ResourceStorage implements ResourceStorageInterface {
        protected function getUniqueName(Folder $folder, $theFile, $dontCheckForUnique = FALSE) {
                static $maxNumber = 99, $uniqueNamePrefix = '';
                // Fetches info about path, name, extension of $theFile
-               $origFileInfo = GeneralUtility::split_fileref($theFile);
+               $origFileInfo = PathUtility::pathinfo($theFile);
                // Adds prefix
                if ($uniqueNamePrefix) {
-                       $origFileInfo['file'] = $uniqueNamePrefix . $origFileInfo['file'];
-                       $origFileInfo['filebody'] = $uniqueNamePrefix . $origFileInfo['filebody'];
+                       $origFileInfo['basename'] = $uniqueNamePrefix . $origFileInfo['basename'];
+                       $origFileInfo['filename'] = $uniqueNamePrefix . $origFileInfo['filename'];
                }
                // Check if the file exists and if not - return the fileName...
-               $fileInfo = $origFileInfo;
                // The destinations file
-               $theDestFile = $fileInfo['file'];
+               $theDestFile = $origFileInfo['basename'];
                // If the file does NOT exist we return this fileName
                if (!$this->driver->fileExistsInFolder($theDestFile, $folder->getIdentifier()) || $dontCheckForUnique) {
                        return $theDestFile;
@@ -2425,8 +2423,8 @@ class ResourceStorage implements ResourceStorageInterface {
                // Well the fileName in its pure form existed. Now we try to append
                // numbers / unique-strings and see if we can find an available fileName
                // This removes _xx if appended to the file
-               $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filebody']);
-               $theOrigExt = $origFileInfo['realFileext'] ? '.' . $origFileInfo['realFileext'] : '';
+               $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filename']);
+               $theOrigExt = $origFileInfo['extension'] ? '.' . $origFileInfo['extension'] : '';
                for ($a = 1; $a <= $maxNumber + 1; $a++) {
                        // First we try to append numbers
                        if ($a <= $maxNumber) {
index a328bbd..24e60b0 100755 (executable)
@@ -814,20 +814,21 @@ class GeneralUtility {
        /**
         * Splits a reference to a file in 5 parts
         *
-        * @param string $fileref Filename/filepath to be analysed
+        * @param string $fileNameWithPath File name with path to be analysed (must exist if open_basedir is set)
         * @return array Contains keys [path], [file], [filebody], [fileext], [realFileext]
         */
-       static public function split_fileref($fileref) {
+       static public function split_fileref($fileNameWithPath) {
                $reg = array();
-               if (preg_match('/(.*\\/)(.*)$/', $fileref, $reg)) {
+               if (preg_match('/(.*\\/)(.*)$/', $fileNameWithPath, $reg)) {
                        $info['path'] = $reg[1];
                        $info['file'] = $reg[2];
                } else {
                        $info['path'] = '';
-                       $info['file'] = $fileref;
+                       $info['file'] = $fileNameWithPath;
                }
                $reg = '';
-               if (!is_dir($fileref) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {
+               // If open_basedir is set and the fileName was supplied without a path the is_dir check fails
+               if (!is_dir($fileNameWithPath) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {
                        $info['filebody'] = $reg[1];
                        $info['fileext'] = strtolower($reg[2]);
                        $info['realFileext'] = $reg[2];