‪TYPO3CMS  10.4
Public Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Frontend\Resource\FilePathSanitizer Class Reference

Public Member Functions

 __construct ()
 
string sanitize (string $originalFileName)
 

Protected Attributes

array $allowedPaths = array( )
 

Detailed Description

Checks if a given file path is allowed to be used in TYPO3 Frontend.

Currently allowed is:

  • ‪a file (which must exist) from any of the allowedPaths option, without any ".." inside the path name
  • ‪an external URL

The sanitize method either returns a full URL (in case it's a valid http/https resource) or a path relative to the public folder of the TYPO3 Frontend.

Definition at line 38 of file FilePathSanitizer.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Frontend\Resource\FilePathSanitizer::__construct ( )

Sets the paths from where TypoScript resources are allowed to be used:

Definition at line 51 of file FilePathSanitizer.php.

References $GLOBALS, TYPO3\CMS\Core\Core\Environment\getBackendPath(), TYPO3\CMS\Core\Core\Environment\getExtensionsPath(), TYPO3\CMS\Core\Core\Environment\getFrameworkBasePath(), TYPO3\CMS\Core\Utility\PathUtility\stripPathSitePrefix(), and TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

Member Function Documentation

◆ sanitize()

string TYPO3\CMS\Frontend\Resource\FilePathSanitizer::sanitize ( string  $originalFileName)

Returns the reference used for the frontend inclusion, checks against allowed paths for inclusion.

Parameters
string$originalFileName
Returns
‪string Resulting filename, is either a full absolute URL or a relative path.

Definition at line 77 of file FilePathSanitizer.php.

References TYPO3\CMS\Core\Core\Environment\getPublicPath(), and TYPO3\CMS\Core\Utility\PathUtility\stripPathSitePrefix().

Member Data Documentation

◆ $allowedPaths

array TYPO3\CMS\Frontend\Resource\FilePathSanitizer::$allowedPaths = array( )
protected

These are the only paths that are allowed for resources in TYPO3 Frontend. Additional paths can be added via $GLOBALS['TYPO3_CONF_VARS']['FE']['addAllowedPaths'], where all paths should be suffixed with a slash "/".

Definition at line 46 of file FilePathSanitizer.php.