From 32e7a14b463b60348d5000f15f53a3cc8d750db3 Mon Sep 17 00:00:00 2001
From: Anja Leichsenring <aleichsenring@ab-softlab.de>
Date: Thu, 17 Nov 2016 17:29:43 +0100
Subject: [PATCH] [BUGFIX] Add check for valid directory name for TCA select
fileFolder
If an invalid extension name is passed to a 'EXT:...' path, the
GeneralUtility::getFileAbsFileName function returns an empty string.
This results in a scan of '\' in the first place, and the resulting
error is not helpful for finding the source of the missing icons
in the TCA select box.
A check for a valid directory name and an exception in case of
failure will help the situation.
Resolves: #78737
Releases: master, 7.6
Change-Id: I9d5159eac9b511e879144789eecb40eafcc0288c
Reviewed-on: https://review.typo3.org/50699
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
---
.../FormDataProvider/AbstractItemProvider.php | 11 ++++++--
.../FormDataProvider/TcaSelectItemsTest.php | 26 +++++++++++++++++++
2 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php b/typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php
index f9862e447df1..03b19006ef12 100644
--- a/typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php
+++ b/typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php
@@ -390,6 +390,7 @@ abstract class AbstractItemProvider
* @param string $fieldName Current handle field name
* @param array $items Incoming items
* @return array Modified item array
+ * @throws \RuntimeException
*/
protected function addItemsFromFolder(array $result, $fieldName, array $items)
{
@@ -399,8 +400,14 @@ abstract class AbstractItemProvider
return $items;
}
- $fileFolder = $result['processedTca']['columns'][$fieldName]['config']['fileFolder'];
- $fileFolder = GeneralUtility::getFileAbsFileName($fileFolder);
+ $fileFolderRaw = $result['processedTca']['columns'][$fieldName]['config']['fileFolder'];
+ $fileFolder = GeneralUtility::getFileAbsFileName($fileFolderRaw);
+ if ($fileFolder === '') {
+ throw new \RuntimeException(
+ 'Invalid folder given for item processing: ' . $fileFolderRaw . ' for table ' . $result['tableName'] . ', field ' . $fieldName,
+ 1479399227
+ );
+ }
$fileFolder = rtrim($fileFolder, '/') . '/';
if (@is_dir($fileFolder)) {
diff --git a/typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/TcaSelectItemsTest.php b/typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/TcaSelectItemsTest.php
index 668b37a10a08..a26b9f0d13fa 100644
--- a/typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/TcaSelectItemsTest.php
+++ b/typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/TcaSelectItemsTest.php
@@ -1248,6 +1248,32 @@ class TcaSelectItemsTest extends UnitTestCase
$this->assertSame($expectedItems, $result['processedTca']['columns']['aField']['config']['items']);
}
+ /**
+ * @test
+ */
+ public function addDataThrowsExceptionForInvalidFileFolder()
+ {
+ $input = [
+ 'tableName' => 'aTable',
+ 'databaseRow' => [],
+ 'processedTca' => [
+ 'columns' => [
+ 'aField' => [
+ 'config' => [
+ 'type' => 'select',
+ 'renderType' => 'selectSingle',
+ 'fileFolder' => 'EXT:non_existing/Resources/Public/',
+ ],
+ ],
+ ],
+ ],
+ ];
+
+ $this->expectException(\RuntimeException::class);
+ $this->expectExceptionCode(1479399227);
+ $this->subject->addData($input);
+ }
+
/**
* @test
*/
--
GitLab