[BUGFIX] Denied file extensions still shown in upload forms 04/47104/2
authorMarco Huber <mail@marco-huber.de>
Tue, 19 Jan 2016 09:54:54 +0000 (10:54 +0100)
committerAndreas Wolf <andreas.wolf@typo3.org>
Sat, 5 Mar 2016 14:55:03 +0000 (15:55 +0100)
The list of denied file extensions does not contain a dot, but our
fileDenyPattern by default starts with a dot. Therefore, although a
check is performed, the file extensions will still be displayed even
though uploading files with the extension is forbidden by
fileDenyPattern.

This commit adds the dot before the extension when performing the
check, effectively hiding forbidden extensions.

Resolves: #72803
Releases: master, 7.6
Change-Id: I2ec3d02e096b46309932604a53ea4c416ba9812a
Reviewed-on: https://review.typo3.org/46072
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Tested-by: Andreas Wolf <andreas.wolf@typo3.org>
(cherry picked from commit 08011314eb18c111804d1d7fd74a47174ecc7a9d)
Reviewed-on: https://review.typo3.org/47104

typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php

index bb16c05..bc3c767 100644 (file)
@@ -208,7 +208,7 @@ class CreateFolderController extends AbstractModule
             $fileExtList = array();
             $onlineMediaFileExt = OnlineMediaHelperRegistry::getInstance()->getSupportedFileExtensions();
             foreach ($onlineMediaFileExt as $fileExt) {
-                if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
+                if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)) {
                     $fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
                 }
             }
@@ -247,7 +247,7 @@ class CreateFolderController extends AbstractModule
             $fileExtList = array();
             $textFileExt = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'], true);
             foreach ($textFileExt as $fileExt) {
-                if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
+                if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)) {
                     $fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
                 }
             }
index f578ad8..9ca30f2 100644 (file)
@@ -122,7 +122,7 @@ class FolderUtilityRenderer
         // Create a list of allowed file extensions with the readable format "youtube, vimeo" etc.
         $fileExtList = array();
         foreach ($allowedExtensions as $fileExt) {
-            if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
+            if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)) {
                 $fileExtList[] = '<span class="label label-success">'
                     . strtoupper(htmlspecialchars($fileExt)) . '</span>';
             }
@@ -182,7 +182,7 @@ class FolderUtilityRenderer
         $fileExtList = array();
         $onlineMediaFileExt = OnlineMediaHelperRegistry::getInstance()->getSupportedFileExtensions();
         foreach ($onlineMediaFileExt as $fileExt) {
-            if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)
+            if (GeneralUtility::verifyFilenameAgainstDenyPattern('.' . $fileExt)
                 && (empty($allowedExtensions) || in_array($fileExt, $allowedExtensions, true))
             ) {
                 $fileExtList[] = '<span class="label label-success">'