Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag...
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:07:19 +0000 (09:07 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:07:19 +0000 (09:07 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8387 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/tools/em/class.em_index.php

index e378428..5454a04 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@
        * Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
        * Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
        * Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
+       * Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag is not set (thanks to Helmut Hummel)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index f0f617d..045c67b 100644 (file)
@@ -2077,7 +2077,7 @@ EXTENSION KEYS:
 
                                // Editing extension file:
                                $editFile = $this->CMD['editFile'];
-                               if (t3lib_div::isFirstPartOfStr($editFile,PATH_site) && t3lib_div::isFirstPartOfStr($editFile,$absPath))        {       // Paranoia...
+                               if (t3lib_div::isAllowedAbsPath($editFile) && t3lib_div::isFirstPartOfStr($editFile, $absPath)) {
 
                                        $fI = t3lib_div::split_fileref($editFile);
                                        if (@is_file($editFile) && t3lib_div::inList($this->editTextExtensions,($fI['fileext']?$fI['fileext']:$fI['filebody'])))        {
@@ -2133,7 +2133,7 @@ EXTENSION KEYS:
                                                        $theOutput.=$this->doc->section('Filesize exceeded '.$this->kbMax.' Kbytes','Files larger than '.$this->kbMax.' KBytes are not allowed to be edited.');
                                                }
                                        }
-                               } else die('Fatal Edit error: File "'.$editFile.'" was not inside the correct path of the TYPO3 Extension!');
+                               } else die('Fatal Edit error: File "' . htmlspecialchars($editFile) . '" was not inside the correct path of the TYPO3 Extension!');
                        } else {
 
                                // MAIN: