Fixed bug #16362: Directory traversal attack in em_unzip
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:40:46 +0000 (13:40 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:40:46 +0000 (13:40 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@9788 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/tools/em/class.em_unzip.php

index c46e0a3..be78cec 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@
        * Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
        * Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert)
        * Fixed bug #15735: FORM content object is susceptible to XSS (thanks to Benjamin Mack)
+       * Fixed bug #16362: Directory traversal attack in em_unzip
 
 2010-11-12  Ernesto Baschny  <ernst@cron-it.de>
 
index c4de9d4..fa70af2 100644 (file)
@@ -547,6 +547,11 @@ class em_unzip {
 
                        }
                }
+               
+                       // added by TYPO3 secteam to check for invalid paths
+               if (!t3lib_div::validPathStr($p_entry['filename'])) {
+                               return $v_result;
+               }
 
                // Add the path
                if ($p_path != '')