[BUGFIX] Add guard clause to preFileAdd form hook (f9f6694a) · Commits · TYPO3 / TYPO3.CMS

Commit f9f6694a authored 6 years ago by

Susanne Moog Committed by Ralf Zimmermann 6 years ago

[BUGFIX] Add guard clause to preFileAdd form hook

With the security fix in #f3445f96 checks on EXT:form file handling
were added to ensure secure form definition files. These checks are
based on FAL hooks. One of these - preFileAdd - contains checks based
on the content of the file to add, to do that, the file content is
fetched via file_get_contents. Due to a missing guard this was executed
for all file add operations instead of only for form definitions
resulting in performance loss and high memory usage. The check has
now been implemented.

Resolves: #88235
Releases: master, 9.5
Change-Id: Ie685df3d67d6ee58b1cd08f18acab1208a487ce7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60596


Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Dominik Merkel <merkel.dominik@googlemail.com>
Tested-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Dominik Merkel <merkel.dominik@googlemail.com>
Reviewed-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>

parent 2081a5d6

Hide whitespace changes

Inline Side-by-side

Showing with 6 additions and 0 deletions

Please register or to comment