BasicFileUtility.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Core\Utility\File;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Charset\CharsetConverter;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
use ‪TYPO3\CMS\Core\Utility\PathUtility;
 
class ‪BasicFileUtility
{
    const ‪UNSAFE_FILENAME_CHARACTER_EXPRESSION = '\\x00-\\x2C\\/\\x3A-\\x3F\\x5B-\\x60\\x7B-\\xBF';
 
    public ‪$maxNumber = 99;
 
    public ‪$uniquePrecision = 6;
 
    protected ‪$fileExtensionPermissions = [
        'allow' => '*',
        'deny' => PHP_EXTENSIONS_DEFAULT
 
    ];
 
    /**********************************
     *
     * Checking functions
     *
     **********************************/
 
    public function ‪setFileExtensionPermissions($allowedFilePermissions, $deniedFilePermissions)
    {
        $this->fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($allowedFilePermissions));
        $this->fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($deniedFilePermissions));
    }
 
    protected function ‪is_allowed($fileExtension)
    {
        $fileExtension = strtolower($fileExtension);
        if ($fileExtension) {
            // If the extension is found amongst the allowed types, we return TRUE immediately
            if ($this->fileExtensionPermissions['allow'] === '*' || GeneralUtility::inList($this->fileExtensionPermissions['allow'], $fileExtension)) {
                return true;
            }
            // If the extension is found amongst the denied types, we return FALSE immediately
            if ($this->fileExtensionPermissions['deny'] === '*' || GeneralUtility::inList($this->fileExtensionPermissions['deny'], $fileExtension)) {
                return false;
            }
        } else {
            // If no extension
            if ($this->fileExtensionPermissions['allow'] === '*') {
                return true;
            }
            if ($this->fileExtensionPermissions['deny'] === '*') {
                return false;
            }
        }
        // If no match we return TRUE
        return true;
    }
 
    public function ‪checkIfAllowed($ext, $_, $filename = '')
    {
        return GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && $this->‪is_allowed($ext);
    }
 
    protected function ‪is_directory($theDir)
    {
        // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
        if (GeneralUtility::validPathStr($theDir)) {
            $theDir = ‪PathUtility::getCanonicalPath($theDir);
            if (@is_dir($theDir)) {
                return $theDir;
            }
        }
        return false;
    }
 
    public function ‪getUniqueName($theFile, $theDest, $dontCheckForUnique = false)
    {
        // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
        $theDest = $this->‪is_directory($theDest);
        // $theDest is cleaned up
        $origFileInfo = GeneralUtility::split_fileref($theFile);
        // Fetches info about path, name, extension of $theFile
        if ($theDest) {
            // Check if the file exists and if not - return the filename...
            $fileInfo = $origFileInfo;
            $theDestFile = $theDest . '/' . $fileInfo['file'];
            // The destinations file
            if (!file_exists($theDestFile) || $dontCheckForUnique) {
                // If the file does NOT exist we return this filename
                return $theDestFile;
            }
            // Well the filename in its pure form existed. Now we try to append numbers / unique-strings and see if we can find an available filename...
            $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filebody']);
            // This removes _xx if appended to the file
            $theOrigExt = $origFileInfo['realFileext'] ? '.' . $origFileInfo['realFileext'] : '';
            for ($a = 1; $a <= $this->maxNumber + 1; $a++) {
                if ($a <= $this->maxNumber) {
                    // First we try to append numbers
                    $insert = '_' . sprintf('%02d', $a);
                } else {
                    // .. then we try unique-strings...
                    $insert = '_' . substr(md5(uniqid('', true)), 0, $this->uniquePrecision);
                }
                $theTestFile = $theTempFileBody . $insert . $theOrigExt;
                $theDestFile = $theDest . '/' . $theTestFile;
                // The destinations file
                if (!file_exists($theDestFile)) {
                    // If the file does NOT exist we return this filename
                    return $theDestFile;
                }
            }
        }
    }
 
    /*********************
     *
     * Cleaning functions
     *
     *********************/
 
    public function ‪cleanFileName($fileName)
    {
        // Handle UTF-8 characters
        if (‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
            // allow ".", "-", 0-9, a-z, A-Z and everything beyond U+C0 (latin capital letter a with grave)
            $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . ']/u', '_', trim($fileName));
        } else {
            $fileName = GeneralUtility::makeInstance(CharsetConverter::class)->utf8_char_mapping($fileName);
            // Replace unwanted characters by underscores
            $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . '\\xC0-\\xFF]/', '_', trim($fileName));
        }
        // Strip trailing dots and return
        return rtrim($cleanFileName, '.');
    }
}