[BUGFIX] Do not use realpath for temporary file names 90/50490/6
authorStefan Froemken <froemken@gmail.com>
Thu, 3 Nov 2016 10:44:51 +0000 (11:44 +0100)
committerHelmut Hummel <typo3@helhum.io>
Sat, 31 Dec 2016 09:15:55 +0000 (10:15 +0100)
Generating a temporary file with the PHP function tempnam,
returns the realpath of the file. There are however
situations where PATH_site has some symlinks or mounts, thus
comparing those paths will fail.

Instead of just using the path the function returns, we only
use the filename and prefix that with PATH_site, so that
the check if the temporary path is within PATH_site will succeed.

Resolves: #70106
Releases: master, 7.6, 6.2
Change-Id: I39a1830ff1a5791aa3fdc91056e3870fbb6dde1f
Reviewed-on: https://review.typo3.org/50490
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Alexander Krist <mail@alex-krist.de>
Tested-by: Alexander Krist <mail@alex-krist.de>
Reviewed-by: Daniela Grammlich <grammlich@punkt.de>
Tested-by: Daniela Grammlich <grammlich@punkt.de>
Reviewed-by: Joerg Boesche <typo3@joergboesche.de>
Reviewed-by: Alexander Stehlik <alexander.stehlik@gmail.com>
Tested-by: Alexander Stehlik <alexander.stehlik@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
typo3/sysext/core/Classes/Utility/GeneralUtility.php

index caab50e..1ff33de 100644 (file)
@@ -3517,7 +3517,7 @@ class GeneralUtility
             self::mkdir_deep($temporaryPath);
         }
         if ($fileSuffix === '') {
-            $tempFileName = static::fixWindowsFilePath(tempnam($temporaryPath, $filePrefix));
+            $tempFileName = $temporaryPath . basename(tempnam($temporaryPath, $filePrefix));
         } else {
             do {
                 $tempFileName = $temporaryPath . $filePrefix . mt_rand(1, PHP_INT_MAX) . $fileSuffix;