‪TYPO3CMS  11.5
TYPO3\CMS\Core\Resource\Security\FileNameValidator Class Reference

Public Member Functions

 __construct (?string $fileDenyPattern=null)
 
bool isValid (string $fileName)
 
bool customFileDenyPatternConfigured ()
 
bool missingImportantPatterns ()
 

Public Attributes

const DEFAULT_FILE_DENY_PATTERN = '\\.(php[3-8]?|phpsh|phtml|pht|phar|shtml|cgi)(\\..*)?$|\\.pl$|^\\.htaccess$'
 

Protected Attributes

string $fileDenyPattern
 

Detailed Description

Ensures that any filename that an editor chooses for naming (or uses for uploading a file) is valid, meaning that no invalid characters (null-bytes) are added, or that the file does not contain an invalid file extension.

Definition at line 24 of file FileNameValidator.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Resource\Security\FileNameValidator::__construct ( ?string  $fileDenyPattern = null)

Member Function Documentation

◆ customFileDenyPatternConfigured()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::customFileDenyPatternConfigured ( )

Find out if there is a custom file deny pattern configured.

Returns
‪bool

Definition at line 69 of file FileNameValidator.php.

References TYPO3\CMS\Core\Resource\Security\FileNameValidator\DEFAULT_FILE_DENY_PATTERN.

◆ isValid()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::isValid ( string  $fileName)

Verifies the input filename against the 'fileDenyPattern'

Filenames are not allowed to contain control characters. Therefore we always filter on [[:cntrl:]].

Parameters
string$fileNameFile path to evaluate
Returns
‪bool Returns TRUE if the file name is OK.

Definition at line 55 of file FileNameValidator.php.

◆ missingImportantPatterns()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::missingImportantPatterns ( )

Checks if the given file deny pattern does not have parts that the default pattern should recommend. Used in status overview.

Returns
‪bool

Definition at line 80 of file FileNameValidator.php.

Member Data Documentation

◆ $fileDenyPattern

string TYPO3\CMS\Core\Resource\Security\FileNameValidator::$fileDenyPattern
protected

◆ DEFAULT_FILE_DENY_PATTERN