‪TYPO3CMS  11.5
TYPO3\CMS\Core\Resource\Security\FileNameValidator Class Reference

Public Member Functions

 __construct (?string $fileDenyPattern=null)
bool isValid (string $fileName)
bool customFileDenyPatternConfigured ()
bool missingImportantPatterns ()

Public Attributes

const DEFAULT_FILE_DENY_PATTERN = '\\.(php[3-8]?|phpsh|phtml|pht|phar|shtml|cgi)(\\..*)?$|\\.pl$|^\\.htaccess$'

Protected Attributes

string $fileDenyPattern

Detailed Description

Ensures that any filename that an editor chooses for naming (or uses for uploading a file) is valid, meaning that no invalid characters (null-bytes) are added, or that the file does not contain an invalid file extension.

Definition at line 24 of file FileNameValidator.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Resource\Security\FileNameValidator::__construct ( ?string  $fileDenyPattern = null)

Member Function Documentation

◆ customFileDenyPatternConfigured()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::customFileDenyPatternConfigured ( )

Find out if there is a custom file deny pattern configured.


Definition at line 69 of file FileNameValidator.php.

References TYPO3\CMS\Core\Resource\Security\FileNameValidator\DEFAULT_FILE_DENY_PATTERN.

◆ isValid()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::isValid ( string  $fileName)

Verifies the input filename against the 'fileDenyPattern'

Filenames are not allowed to contain control characters. Therefore we always filter on [[:cntrl:]].

string$fileNameFile path to evaluate
‪bool Returns TRUE if the file name is OK.

Definition at line 55 of file FileNameValidator.php.

◆ missingImportantPatterns()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::missingImportantPatterns ( )

Checks if the given file deny pattern does not have parts that the default pattern should recommend. Used in status overview.


Definition at line 80 of file FileNameValidator.php.

Member Data Documentation

◆ $fileDenyPattern

string TYPO3\CMS\Core\Resource\Security\FileNameValidator::$fileDenyPattern