‪TYPO3CMS  10.4
Public Member Functions | Public Attributes | Protected Attributes | List of all members
TYPO3\CMS\Core\Resource\Security\FileNameValidator Class Reference

Public Member Functions

 __construct (string $fileDenyPattern=null)
 
bool isValid (string $fileName)
 
bool customFileDenyPatternConfigured ()
 
bool missingImportantPatterns ()
 

Public Attributes

const DEFAULT_FILE_DENY_PATTERN = '\\.(php[3-8]?|phpsh|phtml|pht|phar|shtml|cgi)(\\..*)?$|\\.pl$|^\\.htaccess$'
 

Protected Attributes

string $fileDenyPattern
 

Detailed Description

Ensures that any filename that an editor chooses for naming (or uses for uploading a file) is valid, meaning that no invalid characters (null-bytes) are added, or that the file does not contain an invalid file extension.

Definition at line 24 of file FileNameValidator.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Resource\Security\FileNameValidator::__construct ( string  $fileDenyPattern = null)

Definition at line 35 of file FileNameValidator.php.

References TYPO3\CMS\Core\Resource\Security\FileNameValidator\$fileDenyPattern, and $GLOBALS.

Member Function Documentation

◆ customFileDenyPatternConfigured()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::customFileDenyPatternConfigured ( )

Find out if there is a custom file deny pattern configured.

Returns
‪bool

Definition at line 69 of file FileNameValidator.php.

References TYPO3\CMS\Core\Resource\Security\FileNameValidator\DEFAULT_FILE_DENY_PATTERN.

◆ isValid()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::isValid ( string  $fileName)

Verifies the input filename against the 'fileDenyPattern'

Filenames are not allowed to contain control characters. Therefore we always filter on [[:cntrl:]].

Parameters
string$fileNameFile path to evaluate
Returns
‪bool Returns TRUE if the file name is OK.

Definition at line 55 of file FileNameValidator.php.

◆ missingImportantPatterns()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::missingImportantPatterns ( )

Checks if the given file deny pattern does not have parts that the default pattern should recommend. Used in status overview.

Returns
‪bool

Definition at line 80 of file FileNameValidator.php.

Member Data Documentation

◆ $fileDenyPattern

string TYPO3\CMS\Core\Resource\Security\FileNameValidator::$fileDenyPattern
protected

Definition at line 33 of file FileNameValidator.php.

Referenced by TYPO3\CMS\Core\Resource\Security\FileNameValidator\__construct().

◆ DEFAULT_FILE_DENY_PATTERN

const TYPO3\CMS\Core\Resource\Security\FileNameValidator::DEFAULT_FILE_DENY_PATTERN = '\\.(php[3-8]?|phpsh|phtml|pht|phar|shtml|cgi)(\\..*)?$|\\.pl$|^\\.htaccess$'

Previously this was used within SystemEnvironmentBuilder

Definition at line 29 of file FileNameValidator.php.

Referenced by TYPO3\CMS\Core\Resource\Security\FileNameValidator\customFileDenyPatternConfigured(), TYPO3\CMS\Core\Tests\Unit\Resource\Security\FileNameValidatorTest\customFileDenyPatternFindsMissingImportantParts(), TYPO3\CMS\Core\Tests\Unit\Resource\Security\FileNameValidatorTest\defaultFileDenyPatternMatchesPhpExtension(), TYPO3\CMS\Core\Core\SystemEnvironmentBuilder\defineBaseConstants(), and TYPO3\CMS\Core\Tests\Unit\Resource\Security\FileNameValidatorTest\isCustomDenyPatternConfigured().