[TASK] Always return a boolean in t3lib_div::validPathStr
authorAndy Grunwald <andygrunwald@gmail.com>
Fri, 6 Jul 2012 10:56:46 +0000 (12:56 +0200)
committerGeorg Ringer <mail@ringerge.org>
Wed, 25 Jul 2012 10:37:42 +0000 (12:37 +0200)
In t3lib_div::validPathStr() a boolean (TRUE) is returned,
if this is a valid path string. If it is NOT a valid path string,
then nothing will be returned. In the doc comment,
there is a return type "boolean" mentioned.

Just return a boolean, if it is not a valid path string.

Change-Id: Ie153a6df39f639895264dafbbd1adc76d96ae124
Fixes: #38604
Releases: 6.0, 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/12667
Reviewed-by: Andy Grunwald
Reviewed-by: Oliver Klee
Reviewed-by: Marcus Schwemer
Tested-by: Marcus Schwemer
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
t3lib/class.t3lib_div.php
tests/t3lib/t3lib_divTest.php

index ddd25f7..c3db094 100644 (file)
@@ -4361,7 +4361,7 @@ final class t3lib_div {
         * Usage: 14
         *
         * @param       string          Filepath to evaluate
-        * @return      boolean         TRUE, $theFile is allowed path string
+        * @return      boolean         TRUE, $theFile is allowed path string, FALSE otherwise
         * @see         http://php.net/manual/en/security.filesystem.nullbytes.php
         * @todo        Possible improvement: Should it rawurldecode the string first to check if any of these characters is encoded ?
         */
@@ -4369,6 +4369,8 @@ final class t3lib_div {
                if (strpos($theFile, '//') === FALSE && strpos($theFile, '\\') === FALSE && !preg_match('#(?:^\.\.|/\.\./|[[:cntrl:]])#u', $theFile)) {
                        return TRUE;
                }
+
+               return FALSE;
        }
 
        /**
index c585a15..d8eb687 100644 (file)
@@ -3116,7 +3116,7 @@ class t3lib_divTest extends tx_phpunit_testcase {
         * @test
         */
        public function validPathStrDetectsInvalidCharacters($path) {
-               $this->assertNull(t3lib_div::validPathStr($path));
+               $this->assertFalse(t3lib_div::validPathStr($path));
        }
 
        /**
@@ -3127,7 +3127,7 @@ class t3lib_divTest extends tx_phpunit_testcase {
        public function validPathStrWorksWithUnicodeFileNames() {
                $this->assertTrue(t3lib_div::validPathStr('fileadmin/templates/Ссылка (fce).xml'));
        }
+
        /**
         * Tests whether verifyFilenameAgainstDenyPattern detects the null character.
         *