Fixed bug #10133: Command execution in sysext indexed_search (thanks to the TYPO3...
authorIngo Renner <ingo.renner@typo3.org>
Tue, 20 Jan 2009 10:44:30 +0000 (10:44 +0000)
committerIngo Renner <ingo.renner@typo3.org>
Tue, 20 Jan 2009 10:44:30 +0000 (10:44 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@4776 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/indexed_search/ChangeLog
typo3/sysext/indexed_search/class.external_parser.php

index 5483771..536138c 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 
        * Added missing license statement for using the "Silk" icon set of Mark James according to Creative Commons Attribution 2.5
        * Fixed bug #10134: XSS vulnerability in sysext indexed_search (thanks to the TYPO3 Security Team and especially Marcus Krause)
+       * Fixed bug #10133: Command execution in sysext indexed_search (thanks to the TYPO3 Security Team and especially Marcus Krause)
 
 2009-01-19  Steffen Kamper  <info@sk-typo3.de>
 
index bbef903..82bc0de 100755 (executable)
@@ -1,6 +1,7 @@
 2009-01-20  Ingo Renner  <ingo@typo3.org>
 
        * Fixed bug #10134: XSS vulnerability in sysext indexed_search (thanks to the TYPO3 Security Team and especially Marcus Krause)
+       * Fixed bug #10133: Command execution in sysext indexed_search (thanks to the TYPO3 Security Team and especially Marcus Krause)
 
 2008-04-01  Michael Stucki  <michael@typo3.org>
 
index 72ab2aa..14a1e85 100755 (executable)
@@ -409,7 +409,7 @@ class tx_indexed_search_extparse {
                        case 'pdf':
                                if ($this->app['pdfinfo'])      {
                                                // Getting pdf-info:
-                                       $cmd = $this->app['pdfinfo'].' "'.$absFile.'"';
+                                       $cmd = $this->app['pdfinfo'] . ' ' . escapeshellarg($absFile);
                                        exec($cmd,$res);
                                        $pdfInfo = $this->splitPdfInfo($res);
                                        unset($res);
@@ -419,7 +419,7 @@ class tx_indexed_search_extparse {
                                                        // Get pdf content:
                                                $tempFileName = t3lib_div::tempnam('Typo3_indexer');            // Create temporary name
                                                @unlink ($tempFileName);        // Delete if exists, just to be safe.
-                                               $cmd = $this->app['pdftotext'].' -f '.$low.' -l '.$high.' -enc UTF-8 -q "'.$absFile.'" '.$tempFileName;
+                                               $cmd = $this->app['pdftotext'] . ' -f ' . $low . ' -l ' . $high . ' -enc UTF-8 -q ' . escapeshellarg($absFile) . ' ' . $tempFileName;
                                                exec($cmd);
                                                if (@is_file($tempFileName))    {
                                                        $content = t3lib_div::getUrl($tempFileName);
@@ -435,7 +435,7 @@ class tx_indexed_search_extparse {
                        break;
                        case 'doc':
                                if ($this->app['catdoc'])       {
-                                       $cmd = $this->app['catdoc'].' -d utf-8 "'.$absFile.'"';
+                                       $cmd = $this->app['catdoc'] . ' -d utf-8 ' . escapeshellarg($absFile);
                                        exec($cmd,$res);
                                        $content = implode(chr(10),$res);
                                        unset($res);
@@ -445,7 +445,7 @@ class tx_indexed_search_extparse {
                        case 'pps':
                        case 'ppt':
                                if ($this->app['ppthtml'])      {
-                                       $cmd = $this->app['ppthtml'].' "'.$absFile.'"';
+                                       $cmd = $this->app['ppthtml'] . ' ' . escapeshellarg($absFile);
                                        exec($cmd,$res);
                                        $content = implode(chr(10),$res);
                                        unset($res);
@@ -456,7 +456,7 @@ class tx_indexed_search_extparse {
                        break;
                        case 'xls':
                                if ($this->app['xlhtml'])       {
-                                       $cmd = $this->app['xlhtml'].' -nc -te "'.$absFile.'"';
+                                       $cmd = $this->app['xlhtml'] . ' -nc -te ' . escapeshellarg($absFile);
                                        exec($cmd,$res);
                                        $content = implode(chr(10),$res);
                                        unset($res);
@@ -473,13 +473,13 @@ class tx_indexed_search_extparse {
                        case 'odt':
                                if ($this->app['unzip'])        {
                                                // Read content.xml:
-                                       $cmd = $this->app['unzip'].' -p "'.$absFile.'" content.xml';
+                                       $cmd = $this->app['unzip'] . ' -p ' . escapeshellarg($absFile) . ' content.xml';
                                        exec($cmd,$res);
                                        $content_xml = implode(chr(10),$res);
                                        unset($res);
 
                                                // Read meta.xml:
-                                       $cmd = $this->app['unzip'].' -p "'.$absFile.'" meta.xml';
+                                       $cmd = $this->app['unzip'] . ' -p ' . escapeshellarg($absFile) . ' meta.xml';
                                        exec($cmd, $res);
                                        $meta_xml = implode(chr(10),$res);
                                        unset($res);
@@ -506,7 +506,7 @@ class tx_indexed_search_extparse {
                        break;
                        case 'rtf':
                                if ($this->app['unrtf'])        {
-                                       $cmd = $this->app['unrtf'].' "'.$absFile.'"';
+                                       $cmd = $this->app['unrtf'] . ' ' . escapeshellarg($absFile);
                                        exec($cmd,$res);
                                        $fileContent = implode(chr(10),$res);
                                        unset($res);
@@ -582,7 +582,7 @@ class tx_indexed_search_extparse {
                switch ($ext)   {
                        case 'pdf':
                                        // Getting pdf-info:
-                               $cmd = $this->app['pdfinfo'].' "'.$absFile.'"';
+                               $cmd = $this->app['pdfinfo'] . ' ' . escapeshellarg($absFile);
                                exec($cmd,$res);
                                $pdfInfo = $this->splitPdfInfo($res);
                                unset($res);