[!!!][TASK] Remove leftover unzipping core functionality 94/45694/6
authorBenni Mack <benni@typo3.org>
Fri, 8 Jan 2016 11:41:06 +0000 (12:41 +0100)
committerMorton Jonuschat <m.jonuschat@mojocode.de>
Fri, 8 Jan 2016 19:36:26 +0000 (20:36 +0100)
Before FAL was introduced the core could unzip
files into directories outside of the webroot.

However, this functionality is broken beyond real repair
and should be (if ever needed) be implemented properly
into FAL, not via the legacy ftpspace and webspace options.

Resolves: #72602
Releases: master
Change-Id: I3670a463bdba235253127a8a4e077c7278da99d6
Reviewed-on: https://review.typo3.org/45694
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
typo3/sysext/backend/Tests/Unit/Controller/File/FileControllerTest.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Classes/Utility/File/ExtendedFileUtility.php
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/core/Configuration/TCA/be_groups.php
typo3/sysext/core/Configuration/TCA/be_users.php
typo3/sysext/core/Documentation/Changelog/master/Breaking-72602-RemovedUnzipFunctionality.rst [new file with mode: 0644]
typo3/sysext/extbase/Classes/Domain/Model/BackendUserGroup.php
typo3/sysext/extbase/Tests/Unit/Domain/Model/BackendUserGroupTest.php
typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php

index 001b116..695edc0 100644 (file)
@@ -133,21 +133,4 @@ class FileControllerTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
 
         $this->fileController->processAjaxRequest($this->request, $this->response);
     }
-
-    /**
-     * @test
-     */
-    public function processAjaxRequestUnzipProcessActuallyDoesNotChangeFileData()
-    {
-        $this->fileController = $this->getAccessibleMock(\TYPO3\CMS\Backend\Controller\File\FileController::class, array('init', 'main'));
-
-        $fileData = array('unzip' => array(true));
-        $this->fileController->_set('fileProcessor', $this->mockFileProcessor);
-        $this->fileController->_set('fileData', $fileData);
-        $this->fileController->_set('redirect', false);
-
-        $this->fileController->expects($this->once())->method('main');
-
-        $this->fileController->processAjaxRequest($this->request, $this->response);
-    }
 }
index 69fc052..75ac354 100644 (file)
@@ -1692,7 +1692,6 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
      * copyFile = 1
      * moveFile = 1
      * renameFile = 1
-     * unzipFile = 1
      * deleteFile = 1
      *
      * addFolder = 1
@@ -1728,7 +1727,6 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                 'copyFile' => false,
                 'moveFile' => false,
                 'renameFile' => false,
-                'unzipFile' => false,
                 'deleteFile' => false,
                 // Folder permissions
                 'addFolder' => false,
index dd93e69..2527c93 100644 (file)
@@ -602,7 +602,7 @@ class ResourceStorage implements ResourceStorageInterface
             $isReadCheck = true;
         }
         $isWriteCheck = false;
-        if (in_array($action, array('add', 'write', 'move', 'rename', 'replace', 'unzip', 'delete'), true)) {
+        if (in_array($action, array('add', 'write', 'move', 'rename', 'replace', 'delete'), true)) {
             $isWriteCheck = true;
         }
         // Check 3: Does the user have the right to perform the action?
index 73ea420..f43e167 100644 (file)
@@ -100,7 +100,6 @@ class ExtendedFileUtility extends BasicFileUtility
         'copyFile' => false,
         'moveFile' => false,
         'renameFile' => false,
-        'unzipFile' => false,
         'deleteFile' => false,
         // Folder permissions
         'addFolder' => false,
@@ -198,12 +197,6 @@ class ExtendedFileUtility extends BasicFileUtility
      */
     public function start($fileCmds)
     {
-        $unzipPath = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['unzip_path']);
-        if (substr($unzipPath, -1) !== '/' && is_dir($unzipPath)) {
-            // Make sure the path ends with a slash
-            $unzipPath .= '/';
-        }
-        $this->unzipPath = $unzipPath;
         // Initialize Object Factory
         $this->fileFactory = ResourceFactory::getInstance();
         // Initializing file processing commands:
@@ -306,9 +299,6 @@ class ExtendedFileUtility extends BasicFileUtility
                             case 'replace':
                                 $result[$action][] = $this->replaceFile($cmdArr);
                                 break;
-                            case 'unzip':
-                                $result[$action][] = $this->func_unzip($cmdArr);
-                                break;
                         }
                         // Hook for post-processing the action
                         if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_extfilefunc.php']['processData'])) {
@@ -1146,66 +1136,6 @@ class ExtendedFileUtility extends BasicFileUtility
     }
 
     /**
-     * Unzipping file (action=7)
-     * This is permitted only if the user has fullAccess or if the file resides
-     *
-     * @param array $cmds $cmds['data'] is the zip-file. $cmds['target'] is the target directory. If not set we'll default to the same directory as the file is in.
-     * @return bool Returns TRUE on success
-     */
-    public function func_unzip($cmds)
-    {
-        if (!$this->isInit || $this->dont_use_exec_commands) {
-            return false;
-        }
-        $theFile = $cmds['data'];
-        if (!@is_file($theFile)) {
-            $this->writeLog(7, 2, 105, 'The file "%s" did not exist!', array($theFile));
-            $this->addMessageToFlashMessageQueue('FileUtility.TheFileDidNotExist', array($theFile));
-            return false;
-        }
-        $fI = GeneralUtility::split_fileref($theFile);
-        if (!isset($cmds['target'])) {
-            $cmds['target'] = $fI['path'];
-        }
-        // Clean up destination directory
-        // !!! Method has been put in the local driver, can be saftely removed
-        $theDest = $this->is_directory($cmds['target']);
-        if (!$theDest) {
-            $this->writeLog(7, 2, 104, 'Destination "%s" was not a directory', array($cmds['target']));
-            $this->addMessageToFlashMessageQueue('FileUtility.DestinationWasNotADirectory', array($cmds['target']));
-            return false;
-        }
-        if (!$this->actionPerms['unzipFile']) {
-            $this->writeLog(7, 1, 103, 'You are not allowed to unzip files', '');
-            $this->addMessageToFlashMessageQueue('FileUtility.YouAreNotAllowedToUnzipFiles');
-            return false;
-        }
-        if ($fI['fileext'] != 'zip') {
-            $this->writeLog(7, 1, 102, 'File extension is not "zip"', '');
-            $this->addMessageToFlashMessageQueue('FileUtility.FileExtensionIsNotzip');
-            return false;
-        }
-        if (!$this->checkIfFullAccess($theDest)) {
-            $this->writeLog(7, 1, 101, 'You don\'t have full access to the destination directory "%s"!', array($theDest));
-            $this->addMessageToFlashMessageQueue('FileUtility.YouDontHaveFullAccessToTheDestinationDirectory', array($theDest));
-            return false;
-        }
-        // !!! Method has been put in the storage driver, can be safely removed
-        if ($this->checkPathAgainstMounts($theFile) && $this->checkPathAgainstMounts($theDest . '/')) {
-            // No way to do this under windows.
-            $cmd = $this->unzipPath . 'unzip -qq ' . escapeshellarg($theFile) . ' -d ' . escapeshellarg($theDest);
-            CommandUtility::exec($cmd);
-            $this->writeLog(7, 0, 1, 'Unzipping file "%s" in "%s"', array($theFile, $theDest));
-            $this->addMessageToFlashMessageQueue('FileUtility.UnzippingFileIn', array($theFile, $theDest), FlashMessage::OK);
-            return true;
-        } else {
-            $this->writeLog(7, 1, 100, 'File "%s" or destination "%s" was not within your mountpoints!', array($theFile, $theDest));
-            $this->addMessageToFlashMessageQueue('FileUtility.FileOrDestinationWasNotWithinYourMountpoints', array($theFile, $theDest));
-            return false;
-        }
-    }
-
-    /**
      * Replaces a file on the filesystem and changes the identifier of the persisted file object in sys_file if
      * keepFilename is not checked. If keepFilename is checked, only the file content will be replaced.
      *
index d92121f..45574a5 100644 (file)
@@ -714,7 +714,6 @@ return array(
         'lang' => array(
             'debug' => false
         ),
-        'unzip_path' => '',                                // Path to "unzip". Only specify the path here, do not include the program name, it is expected to be called "unzip".
         'fileadminDir' => 'fileadmin/',                    // Path to the fileadmin dir. This is relative to PATH_site, DefaultStorage will be created with that configuration, do not access manually but ResourceFactory::getDefaultStorage()
         'RTE_imageStorageDir' => 'uploads/',            // Default storage directory for Rich Text Editor files
         'lockRootPath' => '',                            // This path is used to evaluate if paths outside of PATH_site should be allowed. Ending slash required!
index 18094fb..b3f4490 100644 (file)
@@ -125,7 +125,6 @@ return array(
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_replace', 'replaceFile', 'mimetypes-other-other'),
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_move', 'moveFile', 'mimetypes-other-other'),
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_copy', 'copyFile', 'mimetypes-other-other'),
-                    array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_unzip', 'unzipFile', 'mimetypes-other-other'),
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_delete', 'deleteFile', 'mimetypes-other-other')
                 ),
                 'size' => 17,
index d1bef30..cfd6903 100644 (file)
@@ -267,7 +267,6 @@ return array(
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_replace', 'replaceFile', 'mimetypes-other-other'),
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_move', 'moveFile', 'mimetypes-other-other'),
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_copy', 'copyFile', 'mimetypes-other-other'),
-                    array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_unzip', 'unzipFile', 'mimetypes-other-other'),
                     array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_delete', 'deleteFile', 'mimetypes-other-other')
                 ),
                 'size' => 17,
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-72602-RemovedUnzipFunctionality.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-72602-RemovedUnzipFunctionality.rst
new file mode 100644 (file)
index 0000000..f641e12
--- /dev/null
@@ -0,0 +1,27 @@
+==============================================
+Breaking: #72602 - Removed unzip functionality
+==============================================
+
+Description
+===========
+
+The legacy functionality to unzip files from outside the document root was removed.
+
+Additionally, the corresponding option ``$TYPO3_CONF_VARS[BE][unzip_path]`` was removed as well.
+
+Legacy methods from the Extbase domain model BackendUser named ``isFileUnzipAllowed``
+and ``setFileUnzipAllowed`` were removed.
+
+
+Impact
+======
+
+Calling the entry point ``FileController`` using unzip action will have no effect anymore.
+
+Using the Extbase domain model methods will result in a fatal PHP error.
+
+
+Migration
+=========
+
+Use a third-party extension to integrate unzip functionality into TYPO3.
\ No newline at end of file
index 7c9e209..ec2dcd6 100644 (file)
@@ -22,7 +22,6 @@ namespace TYPO3\CMS\Extbase\Domain\Model;
 class BackendUserGroup extends \TYPO3\CMS\Extbase\DomainObject\AbstractEntity
 {
     const FILE_OPPERATIONS = 1;
-    const FILE_UNZIP = 2;
     const DIRECTORY_OPPERATIONS = 4;
     const DIRECTORY_COPY = 8;
     const DIRECTORY_REMOVE_RECURSIVELY = 16;
@@ -445,27 +444,6 @@ class BackendUserGroup extends \TYPO3\CMS\Extbase\DomainObject\AbstractEntity
     }
 
     /**
-     * Check if it is allowed to unzip files.
-     *
-     * @return bool
-     */
-    public function isFileUnzipAllowed()
-    {
-        return $this->isPermissionSet(self::FILE_UNZIP);
-    }
-
-    /**
-     * Set the the bit for unzip files are allowed.
-     *
-     * @param bool $value
-     * @return void
-     */
-    public function setFileUnzipAllowed($value)
-    {
-        $this->setPermission(self::FILE_UNZIP, $value);
-    }
-
-    /**
      * Check if folder operations like move, delete, rename, and new are allowed.
      *
      * @return bool
index a7fd0d6..cceb4da 100644 (file)
@@ -324,40 +324,6 @@ class BackendUserGroupTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
     /**
      * @test
      */
-    public function getIsFileUnzipAllowedReturnsFalse()
-    {
-        $this->subject->setFileOperationPermissions(0);
-        $this->assertFalse($this->subject->isFileUnzipAllowed());
-        $this->subject->setFileOperationPermissions(1);
-        $this->assertFalse($this->subject->isFileUnzipAllowed());
-        $this->subject->setFileOperationPermissions(5);
-        $this->assertFalse($this->subject->isFileUnzipAllowed());
-    }
-
-    /**
-     * @test
-     */
-    public function getIsFileUnzipAllowedReturnsTrue()
-    {
-        $this->subject->setFileOperationPermissions(2);
-        $this->assertTrue($this->subject->isFileUnzipAllowed());
-        $this->subject->setFileOperationPermissions(3);
-        $this->assertTrue($this->subject->isFileUnzipAllowed());
-    }
-
-    /**
-     * @test
-     */
-    public function setFileUnzipAllowedSetsFileUnzipAllowed()
-    {
-        $this->subject->setFileOperationPermissions(0);
-        $this->subject->setFileUnzipAllowed(true);
-        $this->assertTrue($this->subject->isFileUnzipAllowed());
-    }
-
-    /**
-     * @test
-     */
     public function getIsDirectoryRemoveRecursivelyAllowedReturnsFalse()
     {
         $this->subject->setFileOperationPermissions(1);
index 78eb595..9c582a8 100755 (executable)
@@ -81,6 +81,8 @@ class SilentConfigurationUpgradeService
         'SYS/t3lib_cs_convMethod',
         // #72604
         'SYS/maxFileNameLength',
+        // #72602
+        'BE/unzip_path',
     );
 
     /**