From 27a224bb22c96f59cf3fc72d1d13e4584729dd11 Mon Sep 17 00:00:00 2001
From: Tomita Militaru <militarutomita@gmail.com>
Date: Mon, 11 Nov 2013 22:25:29 +0200
Subject: [PATCH] [BUGFIX] IMAGE content object accepts directories

Adds checks for file existence to avoid returning directory
paths instead of path to file.

Resolves: #51781
Releases: master, 6.2
Change-Id: I8f879f38b95e6d9562a8883d35664550d8fa8774
Reviewed-on: http://review.typo3.org/25286
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
---
 .../Classes/TypoScript/TemplateService.php    |  2 +-
 .../Unit/TypoScript/TemplateServiceTest.php   | 32 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/typo3/sysext/core/Classes/TypoScript/TemplateService.php b/typo3/sysext/core/Classes/TypoScript/TemplateService.php
index dfebd16bde2e..e1443aa2ba2a 100644
--- a/typo3/sysext/core/Classes/TypoScript/TemplateService.php
+++ b/typo3/sysext/core/Classes/TypoScript/TemplateService.php
@@ -1127,7 +1127,7 @@ class TemplateService {
 
 		// if this is an URL, it can be returned directly
 		$urlScheme = parse_url($file, PHP_URL_SCHEME);
-		if ($urlScheme === 'https' || $urlScheme === 'http') {
+		if ($urlScheme === 'https' || $urlScheme === 'http' || is_file(PATH_site . $file)) {
 			return $file;
 		}
 
diff --git a/typo3/sysext/core/Tests/Unit/TypoScript/TemplateServiceTest.php b/typo3/sysext/core/Tests/Unit/TypoScript/TemplateServiceTest.php
index 226d0905e655..b6e87de91a92 100644
--- a/typo3/sysext/core/Tests/Unit/TypoScript/TemplateServiceTest.php
+++ b/typo3/sysext/core/Tests/Unit/TypoScript/TemplateServiceTest.php
@@ -41,7 +41,9 @@ class TemplateServiceTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
 	protected function setUp() {
 		$GLOBALS['TYPO3_LOADED_EXT'] = array();
 		$this->templateService = new \TYPO3\CMS\Core\TypoScript\TemplateService();
+		$this->templateService->tt_track = FALSE;
 		$this->templateServiceMock = $this->getAccessibleMock('\\TYPO3\\CMS\\Core\\TypoScript\\TemplateService', array('dummy'));
+		$this->templateServiceMock->tt_track = FALSE;
 	}
 
 	/**
@@ -151,4 +153,34 @@ class TemplateServiceTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
 		$this->templateServiceMock->updateRootlineData($newInvalidRootline);
 	}
 
+	/**
+	 * @test
+	 */
+	public function getFileNameReturnsUrlCorrectly() {
+		$this->assertSame('http://example.com', $this->templateService->getFileName('http://example.com'));
+		$this->assertSame('https://example.com', $this->templateService->getFileName('https://example.com'));
+	}
+
+	/**
+	 * @test
+	 */
+	public function getFileNameReturnsFileCorrectly() {
+		$this->assertSame('typo3/index.php', $this->templateService->getFileName('typo3/index.php'));
+	}
+
+	/**
+	 * @test
+	 */
+	public function getFileNameReturnsNullIfDirectory() {
+		$this->assertNull($this->templateService->getFileName(__DIR__));
+	}
+
+	/**
+	 * @test
+	 */
+	public function getFileNameReturnsNullWithInvalidFileName() {
+		$this->assertNull($this->templateService->getFileName('  '));
+		$this->assertNull($this->templateService->getFileName('something/../else'));
+	}
+
 }
-- 
GitLab