Fixed bug #13959: Core autoloader should accept class names only (could lead to remot...
authorMichael Stucki <michael.stucki@typo3.org>
Fri, 9 Apr 2010 09:37:00 +0000 (09:37 +0000)
committerMichael Stucki <michael.stucki@typo3.org>
Fri, 9 Apr 2010 09:37:00 +0000 (09:37 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@7267 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_autoloader.php
t3lib/config_default.php
typo3/init.php
typo3/sysext/cms/tslib/index_ts.php

index 5926762..d9c3fdf 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-04-09  Michael Stucki  <michael@typo3.org>
+
+       * Fixed bug #13959: Core autoloader should accept class names only (could lead to remote command execution). Thanks to Helmut Hummel and Marcus Krause for providing a fix.
+
 2010-04-08  Stanislas Rolland  <typo3@sjbr.ca>
 
        * Added feature #14035: htmlArea RTE: Use sprite for toolbar icons
 2010-04-08  Stanislas Rolland  <typo3@sjbr.ca>
 
        * Added feature #14035: htmlArea RTE: Use sprite for toolbar icons
index e20f431..280af5a 100644 (file)
@@ -107,7 +107,11 @@ class t3lib_autoloader {
                        t3lib_div::requireFile($classPath);
                } else {
                        try {
                        t3lib_div::requireFile($classPath);
                } else {
                        try {
-                               spl_autoload($className);
+                               // Regular expression for a valid classname taken from
+                               // http://www.php.net/manual/en/language.oop5.basic.php
+                               if (preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $className)) {
+                                       spl_autoload($className);
+                               }
                        } catch (LogicException $exception) {
                        }
                }
                        } catch (LogicException $exception) {
                        }
                }
index 5881d1e..ef4cebd 100644 (file)
@@ -473,7 +473,7 @@ function debug($variable='', $name='*variable*', $line='*line*', $file='*file*',
                // If you wish to use the debug()-function, and it does not output something, please edit the IP mask in TYPO3_CONF_VARS
        if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']))   return;
 
                // If you wish to use the debug()-function, and it does not output something, please edit the IP mask in TYPO3_CONF_VARS
        if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']))   return;
 
-       if(@is_callable(array($GLOBALS['error'],'debug'))) {
+       if(is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'],'debug'))) {
                $GLOBALS['error']->debug($variable, $name, $line, $file, $recursiveDepth, $debugLevel);
        } else {
                $br = ($name == '*variable*') ? 0 : $name;
                $GLOBALS['error']->debug($variable, $name, $line, $file, $recursiveDepth, $debugLevel);
        } else {
                $br = ($name == '*variable*') ? 0 : $name;
@@ -481,12 +481,12 @@ function debug($variable='', $name='*variable*', $line='*line*', $file='*file*',
        }
 }
 function debugBegin() {
        }
 }
 function debugBegin() {
-       if(@is_callable(array($GLOBALS['error'],'debugBegin'))) {
+       if(is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'],'debugBegin'))) {
                $GLOBALS['error']->debugBegin();
        }
 }
 function debugEnd() {
                $GLOBALS['error']->debugBegin();
        }
 }
 function debugEnd() {
-       if(@is_callable(array($GLOBALS['error'],'debugEnd'))) {
+       if(is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'],'debugEnd'))) {
                $GLOBALS['error']->debugEnd();
        }
 }
                $GLOBALS['error']->debugEnd();
        }
 }
index 3c11206..edd2113 100644 (file)
@@ -177,6 +177,10 @@ die();
        }
 }
 
        }
 }
 
+// *********************
+// Unset variable(s) in global scope (fixes #13959)
+// *********************
+unset($error);
 
 // *************************************************
 // t3lib_div + extention management class included
 
 // *************************************************
 // t3lib_div + extention management class included
index 5c92135..0770b00 100644 (file)
@@ -79,6 +79,11 @@ if (!defined('PATH_tslib')) {
 if (!@is_dir(PATH_typo3conf))  die('Cannot find configuration. This file is probably executed from the wrong location.');
 
 // *********************
 if (!@is_dir(PATH_typo3conf))  die('Cannot find configuration. This file is probably executed from the wrong location.');
 
 // *********************
+// Unset variable(s) in global scope (fixes #13959)
+// *********************
+unset($error);
+
+// *********************
 // Prevent any output until AJAX/compression is initialized to stop
 // AJAX/compression data corruption
 // *********************
 // Prevent any output until AJAX/compression is initialized to stop
 // AJAX/compression data corruption
 // *********************
@@ -567,7 +572,7 @@ if (is_object($BE_USER) && $BE_USER->isAdminPanelVisible() && $TSFE->beUserLogin
 // *************
 // Debugging Output
 // *************
 // *************
 // Debugging Output
 // *************
-if(@is_callable(array($error,'debugOutput'))) {
+if(is_object($error) && @is_callable(array($error,'debugOutput'))) {
        $error->debugOutput();
 }
 if (TYPO3_DLOG) {
        $error->debugOutput();
 }
 if (TYPO3_DLOG) {