FileExtensionFilter.php

Go to the documentation of this file.

<?php
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Core\Resource\Filter;
 
use ‪TYPO3\CMS\Core\DataHandling\DataHandler;
use ‪TYPO3\CMS\Core\Resource\Driver\DriverInterface;
use ‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
use ‪TYPO3\CMS\Core\Resource\ResourceFactory;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪FileExtensionFilter
{
    protected ‪$allowedFileExtensions;
 
    protected ‪$disallowedFileExtensions;
 
    public function ‪filterInlineChildren(array $parameters, ‪DataHandler $dataHandler)
    {
        $values = $parameters['values'];
        if ($parameters['allowedFileExtensions'] ?? false) {
            $this->‪setAllowedFileExtensions($parameters['allowedFileExtensions']);
        }
        if ($parameters['disallowedFileExtensions'] ?? false) {
            $this->‪setDisallowedFileExtensions($parameters['disallowedFileExtensions']);
        }
        $cleanValues = [];
        if (is_array($values)) {
            foreach ($values as $value) {
                if (empty($value)) {
                    continue;
                }
                $parts = ‪GeneralUtility::revExplode('_', $value, 2);
                $fileReferenceUid = $parts[count($parts) - 1];
                try {
                    $fileReference = GeneralUtility::makeInstance(ResourceFactory::class)->getFileReferenceObject($fileReferenceUid);
                    $file = $fileReference->getOriginalFile();
                    if ($this->‪isAllowed($file->getExtension())) {
                        $cleanValues[] = $value;
                    } else {
                        // Remove the erroneously created reference record again
                        $dataHandler->‪deleteAction('sys_file_reference', $fileReferenceUid);
                    }
                } catch (‪FileDoesNotExistException $e) {
                    // do nothing
                }
            }
        }
        return $cleanValues;
    }
 
    public function ‪filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, ‪DriverInterface $driver)
    {
        $returnCode = true;
        // Early return in case no file filters are set at all
        if ($this->allowedFileExtensions === null && $this->disallowedFileExtensions === null) {
            return $returnCode;
        }
        // Check that this is a file and not a folder
        if ($driver->‪fileExists($itemIdentifier)) {
            try {
                $fileInfo = $driver->‪getFileInfoByIdentifier($itemIdentifier, ['extension']);
            } catch (\InvalidArgumentException $e) {
                $fileInfo = [];
            }
            if (!$this->‪isAllowed($fileInfo['extension'] ?? '')) {
                $returnCode = -1;
            }
        }
        return $returnCode;
    }
 
    public function ‪isAllowed($fileExt)
    {
        $fileExt = strtolower($fileExt);
        $result = true;
        // Check allowed file extensions
        if ($this->allowedFileExtensions !== null && !empty($this->allowedFileExtensions) && !in_array($fileExt, $this->allowedFileExtensions)) {
            $result = false;
        }
        // Check disallowed file extensions
        if ($this->disallowedFileExtensions !== null && !empty($this->disallowedFileExtensions) && in_array($fileExt, $this->disallowedFileExtensions)) {
            $result = false;
        }
        return $result;
    }
 
    public function ‪setAllowedFileExtensions(‪$allowedFileExtensions)
    {
        $this->allowedFileExtensions = $this->‪convertToLowercaseArray(‪$allowedFileExtensions);
    }
 
    public function ‪setDisallowedFileExtensions(‪$disallowedFileExtensions)
    {
        $this->disallowedFileExtensions = $this->‪convertToLowercaseArray(‪$disallowedFileExtensions);
    }
 
    protected function ‪convertToLowercaseArray($inputArgument)
    {
        $returnValue = null;
        if (is_array($inputArgument)) {
            $returnValue = $inputArgument;
        } elseif ((string)$inputArgument !== '') {
            $returnValue = ‪GeneralUtility::trimExplode(',', $inputArgument);
        }
 
        if (is_array($returnValue)) {
            $returnValue = array_map('strtolower', $returnValue);
        }
 
        return $returnValue;
    }
}