Skip to content
Blame History Permalink
  • Benni Mack's avatar
    [SECURITY] Disallow invalid encoding in GeneralUtility::validPathStr · e8d9c8d1
    Benni Mack authored 
    Directory names, which have an invalid UTF encoding,
cause the preg_match() to return false.
To avoid that the complete statement in GeneralUtility::validPathStr()
returns true in this case, a strict comparison against 0 is added,
so that we ensure that strings with invalid encodings are rejected
by this API method.

As a consequence UTF-16 encoded path names are rejected as well, if the
system / file system does not support them.

Resolves: #73453
Releases: master, 8.4, 7.6, 6.2
Security-Commit: c54aa56d18815aa1867ec54358ad419ea03ec205
Security-Bulletins: TYPO3-CORE-SA-2016-023, 024
Change-Id: Iedd6628050d8cdf2efe429bcd7b577f5a6d11805
Reviewed-on: https://review.typo3.org/50744


Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
    e8d9c8d1