In t3lib_div::validPathStr() a boolean (TRUE) is returned,
if this is a valid path string. If it is NOT a valid path string,
then nothing will be returned. In the doc comment,
there is a return type "boolean" mentioned.
Just return a boolean, if it is not a valid path string.
Change-Id: Ie1de33df3520cb0560d9f2c1a4bdd629bc897c6c
Fixes: #38604
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12549
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
* So it's compatible with the UNIX style path strings valid for TYPO3 internally.
*
* @param string $theFile File path to evaluate
- * @return boolean TRUE, $theFile is allowed path string
+ * @return boolean TRUE, $theFile is allowed path string, FALSE otherwise
* @see http://php.net/manual/en/security.filesystem.nullbytes.php
* @todo Possible improvement: Should it rawurldecode the string first to check if any of these characters is encoded?
*/
if (strpos($theFile, '//') === FALSE && strpos($theFile, '\\') === FALSE && !preg_match('#(?:^\.\.|/\.\./|[[:cntrl:]])#u', $theFile)) {
return TRUE;
}
+
+ return FALSE;
}
/**