[BUGFIX] Denied file extensions still shown in upload forms 72/46072/6
authorMarco Huber <mail@marco-huber.de>
Tue, 19 Jan 2016 09:54:54 +0000 (10:54 +0100)
committerAndreas Wolf <andreas.wolf@typo3.org>
Sat, 5 Mar 2016 14:51:28 +0000 (15:51 +0100)
The list of denied file extensions does not contain a dot, but our
fileDenyPattern by default starts with a dot. Therefore, although a
check is performed, the file extensions will still be displayed even
though uploading files with the extension is forbidden by
fileDenyPattern.

This commit adds the dot before the extension when performing the
check, effectively hiding forbidden extensions.

Resolves: #72803
Releases: master, 7.6
Change-Id: I2ec3d02e096b46309932604a53ea4c416ba9812a
Reviewed-on: https://review.typo3.org/46072
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Tested-by: Andreas Wolf <andreas.wolf@typo3.org>
typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php

index 3f0000d..87ef805 100644 (file)
@@ -223,7 +223,7 @@ class CreateFolderController extends AbstractModule
             $fileExtList = array();
             $onlineMediaFileExt = OnlineMediaHelperRegistry::getInstance()->getSupportedFileExtensions();
             foreach ($onlineMediaFileExt as $fileExt) {
-                if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
+                if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)) {
                     $fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
                 }
             }
@@ -262,7 +262,7 @@ class CreateFolderController extends AbstractModule
             $fileExtList = array();
             $textFileExt = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'], true);
             foreach ($textFileExt as $fileExt) {
-                if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
+                if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)) {
                     $fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
                 }
             }
index f578ad8..9ca30f2 100644 (file)
@@ -122,7 +122,7 @@ class FolderUtilityRenderer
         // Create a list of allowed file extensions with the readable format "youtube, vimeo" etc.
         $fileExtList = array();
         foreach ($allowedExtensions as $fileExt) {
-            if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
+            if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)) {
                 $fileExtList[] = '<span class="label label-success">'
                     . strtoupper(htmlspecialchars($fileExt)) . '</span>';
             }
@@ -182,7 +182,7 @@ class FolderUtilityRenderer
         $fileExtList = array();
         $onlineMediaFileExt = OnlineMediaHelperRegistry::getInstance()->getSupportedFileExtensions();
         foreach ($onlineMediaFileExt as $fileExt) {
-            if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)
+            if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)
                 && (empty($allowedExtensions) || in_array($fileExt, $allowedExtensions, true))
             ) {
                 $fileExtList[] = '<span class="label label-success">'