Fixed bug #3834: possible abuse of t3lib_formmail
authorMartin Kutschker <martin.t.kutschker@blackbox.net>
Mon, 16 Jul 2007 12:05:30 +0000 (12:05 +0000)
committerMartin Kutschker <martin.t.kutschker@blackbox.net>
Mon, 16 Jul 2007 12:05:30 +0000 (12:05 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-0@2418 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_formmail.php

index cc162b3..0e67d4f 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+
+2007-07-16  Martin Kutschker  <martin.t.kutschker@blackbox.net>
+
+       * Fixed bug #3834: possible abuse of t3lib_formmail
+
 2007-07-06  Michael Stucki  <michael@typo3.org>
 
        * Fixed bug #3544: RTE-config in PageTS-config not loaded when in draft-workspace
index a960945..69aed3e 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2007 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -76,13 +76,13 @@ class t3lib_formmail extends t3lib_htmlmail {
         * This class is able to generate a mail in formmail-style from the data in $V
         * Fields:
         *
-        * [recipient]:         email-adress of the one to receive the mail. If array, then all values are expected to be recipients
+        * [recipient]:                 email-adress of the one to receive the mail. If array, then all values are expected to be recipients
         * [attachment]:                ....
         *
         * [subject]:                   The subject of the mail
         * [from_email]:                Sender email. If not set, [email] is used
-        * [from_name]:         Sender name. If not set, [name] is used
-        * [replyto_email]:     Reply-to email. If not set [from_email] is used
+        * [from_name]:                 Sender name. If not set, [name] is used
+        * [replyto_email]:             Reply-to email. If not set [from_email] is used
         * [replyto_name]:              Reply-to name. If not set [from_name] is used
         * [organisation]:              Organisation (header)
         * [priority]:                  Priority, 1-5, default 3
@@ -166,6 +166,10 @@ class t3lib_formmail extends t3lib_htmlmail {
 
                        for ($a=0;$a<10;$a++)   {
                                $varname = 'attachment'.(($a)?$a:'');
+                               if (!is_uploaded_file($_FILES[$varname]['tmp_name']))   {
+                                       t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "'.$_FILES[$varname]['tmp_name'].'" ("'.$_FILES[$varname]['name'].'") was not an uploaded file.', 'Core', 3);
+                                       continue;
+                               }
                                $theFile = t3lib_div::upload_to_tempfile($_FILES[$varname]['tmp_name']);
                                $theName = $_FILES[$varname]['name'];