[BUGFIX] LocalDriver->calculateBasePath doesn't properly sanitize 48/32548/6
authorBernhard Kraft <kraft@webconsulting.at>
Mon, 1 Sep 2014 13:36:01 +0000 (15:36 +0200)
committerFrans Saris <franssaris@gmail.com>
Fri, 19 Sep 2014 14:26:24 +0000 (16:26 +0200)
The method "calculateBasePath" of Resource/Driver/LocalDriver.php
does not properly sanitize the passed value.

It misses to use the return value of "canonicalizeAndCheckFilePath".

Change-Id: I8f2561e4a3b432d869ba7931f3ce5877714699c0
Resolves: #61295
Releases: 6.3, 6.2
Reviewed-on: http://review.typo3.org/32548
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
typo3/sysext/core/Classes/Resource/Driver/LocalDriver.php
typo3/sysext/core/Tests/Unit/Resource/Driver/LocalDriverTest.php

index 9caf7e2..a6b5715 100644 (file)
@@ -158,7 +158,7 @@ class LocalDriver extends AbstractHierarchicalFilesystemDriver {
                } else {
                        $absoluteBasePath = $configuration['basePath'];
                }
-               $this->canonicalizeAndCheckFilePath($absoluteBasePath);
+               $absoluteBasePath = $this->canonicalizeAndCheckFilePath($absoluteBasePath);
                $absoluteBasePath = rtrim($absoluteBasePath, '/') . '/';
                if (!is_dir($absoluteBasePath)) {
                        throw new \TYPO3\CMS\Core\Resource\Exception\InvalidConfigurationException(
index 99a3c1d..316bfef 100644 (file)
@@ -128,6 +128,37 @@ class LocalDriverTest extends \TYPO3\CMS\Core\Tests\Unit\Resource\BaseTestCase {
        /**
         * @test
         */
+       public function calculatedBasePathRelativeIsSane() {
+               $fixture = $this->createDriverFixture();
+
+               // This would cause problems if you fill "/fileadmin/" into the base path field of a sys_file_storage record and select "relative" as path type
+               $relativeDriverConfiguration = array(
+                       'pathType' => 'relative',
+                       'basePath' => '/typo3temp/',
+               );
+               $basePath = $fixture->_call('calculateBasePath', $relativeDriverConfiguration);
+
+               $this->assertNotContains('//', $basePath);
+       }
+
+       /**
+        * @test
+        */
+       public function calculatedBasePathAbsoluteIsSane() {
+               $fixture = $this->createDriverFixture();
+
+               // This test checks if "/../" are properly filtered out (i.e. from "Base path" field of sys_file_storage)
+               $relativeDriverConfiguration = array(
+                       'basePath' => PATH_site . 'typo3temp/../typo3temp/',
+               );
+               $basePath = $fixture->_call('calculateBasePath', $relativeDriverConfiguration);
+
+               $this->assertNotContains('/../', $basePath);
+       }
+
+       /**
+        * @test
+        */
        public function createFolderRecursiveSanitizesFilename() {
                /** @var \TYPO3\CMS\Core\Resource\Driver\LocalDriver|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface $driver */
                $driver = $this->createDriverFixture(array(), array('sanitizeFilename'));