‪TYPO3CMS  9.5
All Classes Namespaces Files Functions Variables Pages
FileExtensionFilter.php
Go to the documentation of this file.
1 <?php
2 namespace ‪TYPO3\CMS\Core\Resource\Filter;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use ‪TYPO3\CMS\Core\DataHandling\DataHandler;
18 use ‪TYPO3\CMS\Core\Resource\Driver\DriverInterface;
19 use ‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
20 use ‪TYPO3\CMS\Core\Resource\ResourceFactory;
21 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
22 use ‪TYPO3\CMS\Core\Utility\PathUtility;
23 
27 class ‪FileExtensionFilter
28 {
34  protected ‪$allowedFileExtensions;
35 
41  protected ‪$disallowedFileExtensions;
42 
50  public function ‪filterInlineChildren(array $parameters, ‪DataHandler $dataHandler)
51  {
52  $values = $parameters['values'];
53  if ($parameters['allowedFileExtensions']) {
54  $this->‪setAllowedFileExtensions($parameters['allowedFileExtensions']);
55  }
56  if ($parameters['disallowedFileExtensions']) {
57  $this->‪setDisallowedFileExtensions($parameters['disallowedFileExtensions']);
58  }
59  $cleanValues = [];
60  if (is_array($values)) {
61  foreach ($values as $value) {
62  if (empty($value)) {
63  continue;
64  }
65  $parts = GeneralUtility::revExplode('_', $value, 2);
66  $fileReferenceUid = $parts[count($parts) - 1];
67  try {
68  $fileReference = ‪ResourceFactory::getInstance()->‪getFileReferenceObject($fileReferenceUid);
69  $file = $fileReference->‪getOriginalFile();
70  if ($this->‪isAllowed($file->getExtension())) {
71  $cleanValues[] = $value;
72  } else {
73  // Remove the erroneously created reference record again
74  $dataHandler->‪deleteAction('sys_file_reference', $fileReferenceUid);
75  }
76  } catch (‪FileDoesNotExistException $e) {
77  // do nothing
78  }
79  }
80  }
81  return $cleanValues;
82  }
83 
97  public function ‪filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, ‪DriverInterface $driver)
98  {
99  $returnCode = true;
100  // Early return in case no file filters are set at all
101  if ($this->allowedFileExtensions === null && $this->disallowedFileExtensions === null) {
102  return $returnCode;
103  }
104  // Check that this is a file and not a folder
105  if ($driver->‪fileExists($itemIdentifier)) {
106  try {
107  $fileInfo = $driver->‪getFileInfoByIdentifier($itemIdentifier, ['extension']);
108  } catch (\InvalidArgumentException $e) {
109  $fileInfo = [];
110  }
111  if (!isset($fileInfo['extension'])) {
112  trigger_error('Guessing FAL file extensions will be removed in TYPO3 v10.0. The FAL (' . get_class($driver) . ') driver method getFileInfoByIdentifier() should return the file extension.', E_USER_DEPRECATED);
113  $fileInfo['extension'] = ‪PathUtility::pathinfo($itemIdentifier, PATHINFO_EXTENSION);
114  }
115  if (!$this->‪isAllowed($fileInfo['extension'])) {
116  $returnCode = -1;
117  }
118  }
119  return $returnCode;
120  }
121 
128  protected function ‪isAllowed($fileExt)
129  {
130  $fileExt = strtolower($fileExt);
131  $result = true;
132  // Check allowed file extensions
133  if ($this->allowedFileExtensions !== null && !empty($this->allowedFileExtensions) && !in_array($fileExt, $this->allowedFileExtensions)) {
134  $result = false;
135  }
136  // Check disallowed file extensions
137  if ($this->disallowedFileExtensions !== null && !empty($this->disallowedFileExtensions) && in_array($fileExt, $this->disallowedFileExtensions)) {
138  $result = false;
139  }
140  return $result;
141  }
142 
148  public function ‪setAllowedFileExtensions(‪$allowedFileExtensions)
149  {
150  $this->allowedFileExtensions = $this->‪convertToLowercaseArray(‪$allowedFileExtensions);
151  }
152 
158  public function ‪setDisallowedFileExtensions(‪$disallowedFileExtensions)
159  {
160  $this->disallowedFileExtensions = $this->‪convertToLowercaseArray(‪$disallowedFileExtensions);
161  }
162 
171  protected function ‪convertToLowercaseArray($inputArgument)
172  {
173  $returnValue = null;
174  if (is_array($inputArgument)) {
175  $returnValue = $inputArgument;
176  } elseif ((string)$inputArgument !== '') {
177  $returnValue = GeneralUtility::trimExplode(',', $inputArgument);
178  }
179 
180  if (is_array($returnValue)) {
181  $returnValue = array_map('strtolower', $returnValue);
182  }
183 
184  return $returnValue;
185  }
186 }
‪TYPO3\CMS\Core\DataHandling\DataHandler
Definition: DataHandler.php:81
‪TYPO3\CMS\Core\Utility\PathUtility
Definition: PathUtility.php:23
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\isAllowed
‪bool isAllowed($fileExt)
Definition: FileExtensionFilter.php:126
‪TYPO3\CMS\Core\Resource\Driver\DriverInterface
Definition: DriverInterface.php:22
‪TYPO3\CMS\Core\Resource\ResourceFactory\getInstance
‪static ResourceFactory getInstance()
Definition: ResourceFactory.php:39
‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException
Definition: FileDoesNotExistException.php:21
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\$allowedFileExtensions
‪array $allowedFileExtensions
Definition: FileExtensionFilter.php:33
‪TYPO3\CMS\Core\DataHandling\DataHandler\deleteAction
‪deleteAction($table, $id)
Definition: DataHandler.php:5174
‪TYPO3\CMS\Core\Utility\PathUtility\pathinfo
‪static string array pathinfo($path, $options=null)
Definition: PathUtility.php:207
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\$disallowedFileExtensions
‪array $disallowedFileExtensions
Definition: FileExtensionFilter.php:39
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\convertToLowercaseArray
‪array convertToLowercaseArray($inputArgument)
Definition: FileExtensionFilter.php:169
‪TYPO3\CMS\Core\Resource\FileReference\getOriginalFile
‪File getOriginalFile()
Definition: FileReference.php:489
‪TYPO3\CMS\Core\Resource\ResourceFactory
Definition: ResourceFactory.php:33
‪TYPO3\CMS\Core\Resource\Driver\DriverInterface\getFileInfoByIdentifier
‪array getFileInfoByIdentifier($fileIdentifier, array $propertiesToExtract=[])
‪TYPO3\CMS\Core\Resource\ResourceFactory\getFileReferenceObject
‪FileReference getFileReferenceObject($uid, array $fileReferenceData=[], $raw=false)
Definition: ResourceFactory.php:629
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter
Definition: FileExtensionFilter.php:28
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\setAllowedFileExtensions
‪setAllowedFileExtensions($allowedFileExtensions)
Definition: FileExtensionFilter.php:146
‪TYPO3\CMS\Core\Resource\Filter
Definition: FileExtensionFilter.php:2
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\filterInlineChildren
‪array filterInlineChildren(array $parameters, DataHandler $dataHandler)
Definition: FileExtensionFilter.php:48
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:45
‪TYPO3\CMS\Core\Resource\Driver\DriverInterface\fileExists
‪bool fileExists($fileIdentifier)
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\filterFileList
‪bool int filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, DriverInterface $driver)
Definition: FileExtensionFilter.php:95
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\setDisallowedFileExtensions
‪setDisallowedFileExtensions($disallowedFileExtensions)
Definition: FileExtensionFilter.php:156