[BUGFIX] No image generation with PHP-SAFE_MODE (GM/IM)
authorJigal van Hemert <jigal@xs4all.nl>
Sat, 10 Mar 2012 18:07:10 +0000 (19:07 +0100)
committerSusanne Moog <typo3@susannemoog.de>
Sat, 10 Mar 2012 18:34:08 +0000 (19:34 +0100)
With safe_mode enabled all imagemagick/graphicsmagick calls will fail.
Solution is to only apply escapeshellarg if it is useful.

Change-Id: Iefeb7c0974440e93710d23a289fe1082a5128b72
Resolves: #24369
Releases: 4.4, 4.5
Reviewed-on: http://review.typo3.org/1448
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
t3lib/class.t3lib_stdgraphic.php
t3lib/thumbs.php
t3lib/utility/class.t3lib_utility_command.php

index ff3ed7d..c468e6e 100644 (file)
@@ -2729,6 +2729,11 @@ class t3lib_stdGraphic {
                if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
                        setlocale(LC_CTYPE, $currentLocale);
                }
+                       // if escapeshellarg didn't change anything and if there is no whitespace in the original string
+                       // keep the original for (partial) safe_mode compatibility
+               if (trim($escapedInputName, '"\'') === $inputName && !preg_match('/[[:space:]]/', $inputName)) {
+                       $escapedInputName = $inputName;
+               }
                return $escapedInputName;
        }
 
index 23c53ab..5e6e8bc 100644 (file)
@@ -410,6 +410,11 @@ class SC_t3lib_thumbs {
                if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
                        setlocale(LC_CTYPE, $currentLocale);
                }
+                       // if escapeshellarg didn't change anything and if there is no whitespace in the original string
+                       // keep the original for (partial) safe_mode compatibility
+               if (trim($escapedInputName, '"\'') === $inputName && !preg_match('/[[:space:]]/', $inputName)) {
+                       $escapedInputName = $inputName;
+               }
                return $escapedInputName;
        }
 }
index 87b6b79..a154c97 100644 (file)
@@ -81,12 +81,39 @@ final class t3lib_utility_Command {
                        // Compile the path & command
                if ($im_version === 'gm') {
                        $switchCompositeParameters = TRUE;
-                       $path = escapeshellarg($path . 'gm' . $isExt) . ' ' . $command;
+                       if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
+                               $currentLocale = setlocale(LC_CTYPE, 0);
+                               setlocale(LC_CTYPE, $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLocale']);
+                       }
+                       $originalPath = $path . 'gm' . $isExt;
+                       $path = escapeshellarg($originalPath);
+                       if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
+                               setlocale(LC_CTYPE, $currentLocale);
+                       }
+                               // if escapeshellarg didn't change anything and if there is no whitespace in the original string
+                               // keep the original for (partial) safe_mode compatibility
+                       if (trim($path, '"\'') === $originalPath && !preg_match('/[[:space:]]/', $originalPath)) {
+                               $path = $originalPath;
+                       }
+                       $path .= ' ' . $command;
                } else {
                        if ($im_version === 'im6') {
                                $switchCompositeParameters = TRUE;
                        }
-                       $path = escapeshellarg($path . (($command == 'composite') ? $combineScript : $command) . $isExt);
+                       if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
+                               $currentLocale = setlocale(LC_CTYPE, 0);
+                               setlocale(LC_CTYPE, $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLocale']);
+                       }
+                       $originalPath = $path . (($command == 'composite') ? $combineScript : $command) . $isExt;
+                       $path = escapeshellarg($originalPath);
+                       if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
+                               setlocale(LC_CTYPE, $currentLocale);
+                       }
+                               // if escapeshellarg didn't change anything and if there is no whitespace in the original string
+                               // keep the original for (partial) safe_mode compatibility
+                       if (trim($path, '"\'') === $originalPath && !preg_match('/[[:space:]]/', $originalPath)) {
+                               $path = $originalPath;
+                       }
                }
 
                        // strip profile information for thumbnails and reduce their size