[BUGFIX] Use absolute URL for avatars 69/52669/2
authorBenni Mack <benni@typo3.org>
Thu, 20 Apr 2017 22:43:41 +0000 (00:43 +0200)
committerBenni Mack <benni@typo3.org>
Tue, 2 May 2017 05:15:11 +0000 (07:15 +0200)
Rendering avatar URLs which are not on a remote (gravatar etc)
is the only part which deals with references as in ".." preventing
the TYPO3 Backend entryscript to be placed somewhere else as in typo3/.

Resolves: #81025
Releases: master, 8.7
Change-Id: I9abc51532149fe90ba027608cfb6bad6ea66115d
Reviewed-on: https://review.typo3.org/52669
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Backend/Avatar/Image.php

index db16af7..48cb595 100644 (file)
@@ -61,12 +61,8 @@ class Image
     public function getUrl($relativeToCurrentScript = false)
     {
         $url = $this->url;
-
         if ($relativeToCurrentScript && !GeneralUtility::isValidUrl($url)) {
-            $absolutePathToContainingFolder = PathUtility::dirname(PATH_site . $url);
-            $pathPart = PathUtility::getRelativePathTo($absolutePathToContainingFolder);
-            $filePart = substr(PATH_site . $url, strlen($absolutePathToContainingFolder) + 1);
-            $url = $pathPart . $filePart;
+            $url = PathUtility::getAbsoluteWebPath(PATH_site . $url);
         }
         return $url;
     }