[BUGFIX] TypoScriptParser does not validate absPath 07/29607/2
authorMarkus Klein <klein.t3@mfc-linz.at>
Tue, 22 Apr 2014 15:20:29 +0000 (17:20 +0200)
committerMarkus Klein <klein.t3@mfc-linz.at>
Tue, 22 Apr 2014 19:43:41 +0000 (21:43 +0200)
GeneralUtility::getFileAbsFileName() returns a blank string for
invalid paths.
TypoScriptParser::includeDirectory() does not check the return value,
but passes it on to TypoScriptParser::getAllFilesAndFoldersInPath().
This causes the method to enumerate all entries of /.

Fix this by properly checking the return value of getFileAbsFileName().

Resolves: #58102
Releases: 6.2
Change-Id: I778ad6bfc9d4a6a08f36fdd6ae00ccb9a8d2c03e
Reviewed-on: https://review.typo3.org/29607
Reviewed-by: Johannes Kasberger
Tested-by: Johannes Kasberger
Reviewed-by: Stefan Neufeind
Tested-by: Wouter Wolters
Reviewed-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein
typo3/sysext/core/Classes/TypoScript/Parser/TypoScriptParser.php

index 0c5be09..960c54c 100644 (file)
@@ -928,22 +928,26 @@ class TypoScriptParser {
 
                // Resolve a possible relative paths if a parent file is given
                if ($parentFilenameOrPath !== '' && $dirPath[0] === '.') {
-                       $absDirPath = PathUtility::getAbsolutePathOfRelativeReferencedFileOrPath($parentFilenameOrPath, $dirPath);
+                       $resolvedDirPath = PathUtility::getAbsolutePathOfRelativeReferencedFileOrPath($parentFilenameOrPath, $dirPath);
                } else {
-                       $absDirPath = $dirPath;
+                       $resolvedDirPath = $dirPath;
                }
-               $absDirPath = rtrim(GeneralUtility::getFileAbsFileName($absDirPath), '/') . '/';
-
-               $newString .= LF . '### <INCLUDE_TYPOSCRIPT: source="DIR:' . $dirPath . '"' . $optionalProperties . '> BEGIN:' . LF;
-               // Get alphabetically sorted file index in array
-               $fileIndex = GeneralUtility::getAllFilesAndFoldersInPath(array(), $absDirPath, $includedFileExtensions);
-               // Prepend file contents to $newString
-               $prefixLength = strlen(PATH_site);
-               foreach ($fileIndex as $absFileRef) {
-                       $relFileRef = substr($absFileRef, $prefixLength);
-                       self::includeFile($relFileRef, $cycle_counter, $returnFiles, $newString, $includedFiles, '', $absDirPath);
+               $absDirPath = GeneralUtility::getFileAbsFileName($resolvedDirPath);
+               if ($absDirPath) {
+                       $absDirPath = rtrim($absDirPath, '/') . '/';
+                       $newString .= LF . '### <INCLUDE_TYPOSCRIPT: source="DIR:' . $dirPath . '"' . $optionalProperties . '> BEGIN:' . LF;
+                       // Get alphabetically sorted file index in array
+                       $fileIndex = GeneralUtility::getAllFilesAndFoldersInPath(array(), $absDirPath, $includedFileExtensions);
+                       // Prepend file contents to $newString
+                       $prefixLength = strlen(PATH_site);
+                       foreach ($fileIndex as $absFileRef) {
+                               $relFileRef = substr($absFileRef, $prefixLength);
+                               self::includeFile($relFileRef, $cycle_counter, $returnFiles, $newString, $includedFiles, '', $absDirPath);
+                       }
+                       $newString .= '### <INCLUDE_TYPOSCRIPT: source="DIR:' . $dirPath . '"' . $optionalProperties . '> END:' . LF . LF;
+               } else {
+                       $newString .= self::typoscriptIncludeError('The path "' . $resolvedDirPath . '" is invalid.');
                }
-               $newString .= '### <INCLUDE_TYPOSCRIPT: source="DIR:' . $dirPath . '"' . $optionalProperties . '> END:' . LF . LF;
        }
 
        /**