From 8275f3af5fae2642da39dbc23ecedbeb3eb98470 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20Spiekerk=C3=B6tter?= <tim.spiekerkoetter@hdnet.de>
Date: Fri, 17 Feb 2017 11:05:13 +0100
Subject: [PATCH] [BUGFIX] Check simplexml return type in ImageInfo
According to the php documentation[1] simplexml_load_file may return
false on failure. We need to check for this before we call the
attributes method on the expected SimpleXMLElement.
[1] http://php.net/manual/en/function.simplexml-load-file.php
Resolves: #79881
Releases: master, 8.7
Change-Id: Ic84710ab56796e9aafc5a85c8e41d7b08a676e0c
Reviewed-on: https://review.typo3.org/51735
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
---
.../core/Classes/Type/File/ImageInfo.php | 8 +++-
.../Tests/Unit/Type/File/ImageInfoTest.php | 39 ++++++++++++++++++-
2 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/typo3/sysext/core/Classes/Type/File/ImageInfo.php b/typo3/sysext/core/Classes/Type/File/ImageInfo.php
index 191d2db0eec5..356fabf3edb5 100644
--- a/typo3/sysext/core/Classes/Type/File/ImageInfo.php
+++ b/typo3/sysext/core/Classes/Type/File/ImageInfo.php
@@ -92,7 +92,13 @@ class ImageInfo extends FileInfo implements LoggerAwareInterface
$fileContent = file_get_contents($this->getPathname());
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
$previousValueOfEntityLoader = libxml_disable_entity_loader(true);
- $xml = simplexml_load_string($fileContent);
+ $xml = simplexml_load_string($fileContent, 'SimpleXMLElement', LIBXML_NOERROR);
+
+ // If something went wrong with simpleXml don't try to read information
+ if ($xml === false) {
+ return false;
+ }
+
libxml_disable_entity_loader($previousValueOfEntityLoader);
$xmlAttributes = $xml->attributes();
diff --git a/typo3/sysext/core/Tests/Unit/Type/File/ImageInfoTest.php b/typo3/sysext/core/Tests/Unit/Type/File/ImageInfoTest.php
index b053f7d5dd6a..0a1af8afb6e4 100644
--- a/typo3/sysext/core/Tests/Unit/Type/File/ImageInfoTest.php
+++ b/typo3/sysext/core/Tests/Unit/Type/File/ImageInfoTest.php
@@ -1,4 +1,5 @@
<?php
+
namespace TYPO3\CMS\Core\Tests\Unit\Type\File;
/*
@@ -14,18 +15,54 @@ namespace TYPO3\CMS\Core\Tests\Unit\Type\File;
* The TYPO3 project - inspiring people to share!
*/
+use org\bovigo\vfs\vfsStream;
+use TYPO3\CMS\Core\Imaging\GraphicalFunctions;
+use TYPO3\CMS\Core\Type\File\ImageInfo;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
/**
* Test case
*/
class ImageInfoTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
{
+
/**
* @test
*/
public function classImageInfoCanBeInstantiated()
{
- $className = 'TYPO3\CMS\Core\Type\File\ImageInfo';
+ $className = \TYPO3\CMS\Core\Type\File\ImageInfo::class;
$classInstance = new \TYPO3\CMS\Core\Type\File\ImageInfo('FooFileName');
$this->assertInstanceOf($className, $classInstance);
}
+
+ /**
+ * @test
+ */
+ public function doesNotBreakOnImageInfoWithInvalidSvg()
+ {
+ $root = vfsStream::setup('root');
+ $testFile = 'test.svg';
+ vfsStream::newFile($testFile)->at($root)->setContent('Invalid XML.');
+
+ $GLOBALS['TYPO3_CONF_VARS']['SYS']['FileInfo']['fileExtensionToMimeType'] = [
+ 'svg' => 'image/svg+xml',
+ 'youtube' => 'video/youtube',
+ 'vimeo' => 'video/vimeo',
+ ];
+
+ $graphicalFunctionsProphecy = $this->prophesize(GraphicalFunctions::class);
+ $graphicalFunctionsProphecy->imageMagickIdentify($root->url() . '/' . $testFile)->willReturn(null);
+
+ $imageInfoProphecy = $this->prophesize(ImageInfo::class)
+ ->willBeConstructedWith([$root->url() . '/' . $testFile]);
+ $imageInfoProphecy->getGraphicalFunctions()->willReturn($graphicalFunctionsProphecy->reveal());
+
+ GeneralUtility::addInstance(GraphicalFunctions::class, $graphicalFunctionsProphecy->reveal());
+
+ $imageInfo = new ImageInfo($root->url() . '/' . $testFile);
+
+ $this->assertEquals(0, $imageInfo->getWidth());
+ $this->assertEquals(0, $imageInfo->getHeight());
+ }
}
--
GitLab