TYPO3 CMS  TYPO3_6-2
All Classes Namespaces Files Functions Variables Pages
ShowImageController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Frontend\Controller;
3 
17 use \TYPO3\CMS\Core\Utility\HttpUtility;
18 use \TYPO3\CMS\Core\Utility\GeneralUtility;
19 use \TYPO3\CMS\Core\Utility\MathUtility;
20 
27 class ShowImageController {
28 
29  // Parameters loaded into these internal variables:
33  protected $file;
34 
38  protected $width;
39 
43  protected $height;
44 
48  protected $sample;
49 
53  protected $effects;
54 
58  protected $frame;
59 
63  protected $hmac;
64 
68  protected $bodyTag = '<body>';
69 
73  protected $wrap = '|';
74 
78  protected $title = 'Image';
79 
83  protected $content = <<<EOF
84 <!DOCTYPE html>
85 <html>
86 <head>
87  <title>###TITLE###</title>
88  <meta name="robots" content="noindex,follow" />
89 </head>
90 ###BODY###
91  ###IMAGE###
92 </body>
93 </html>
94 EOF;
95 
96  protected $imageTag = '<img src="###publicUrl###" alt="###alt###" title="###title###" />';
97 
103  public function init() {
104  // Loading internal vars with the GET/POST parameters from outside:
105  $fileUid = GeneralUtility::_GP('file');
106  $this->frame = GeneralUtility::_GP('frame');
107  /* For backwards compatibility the HMAC is transported within the md5 param */
108  $this->hmac = GeneralUtility::_GP('md5');
109 
110  $parametersArray = GeneralUtility::_GP('parameters');
111 
112  // If no file-param or parameters are given, we must exit
113  if (!$fileUid || !isset($parametersArray) || !is_array($parametersArray)) {
114  HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_410);
115  }
116 
117  // rebuild the parameter array and check if the HMAC is correct
118  $parametersEncoded = implode('', $parametersArray);
119  $hmac = GeneralUtility::hmac(implode('|', array($fileUid, $parametersEncoded)));
120  if ($hmac !== $this->hmac) {
121  HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_410);
122 
123  }
124 
125  // decode the parameters Array
126  $parameters = unserialize(base64_decode($parametersEncoded));
127  foreach ($parameters as $parameterName => $parameterValue) {
128  $this->{$parameterName} = $parameterValue;
129  }
130 
131  try {
132  if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($fileUid)) {
133  $this->file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileObject((int)$fileUid);
134  } else {
135  $this->file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->retrieveFileOrFolderObject($fileUid);
136  }
137  } catch (\TYPO3\CMS\Core\Exception $e) {
138  HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
139  }
140  }
141 
148  public function main() {
149  $processedImage = $this->processImage();
150  $imageTagMarkers = array(
151  '###publicUrl###' => htmlspecialchars($processedImage->getPublicUrl()),
152  '###alt###' => htmlspecialchars($this->file->getProperty('alternative') ?: $this->title),
153  '###title###' => htmlspecialchars($this->file->getProperty('title') ?: $this->title)
154  );
155  $this->imageTag = str_replace(array_keys($imageTagMarkers), array_values($imageTagMarkers), $this->imageTag);
156  if ($this->wrap !== '|') {
157  $wrapParts = explode('|', $this->wrap, 2);
158  $this->imageTag = $wrapParts[0] . $this->imageTag . $wrapParts[1];
159  }
160  $markerArray = array(
161  '###TITLE###' => ($this->file->getProperty('title') ?: $this->title),
162  '###IMAGE###' => $this->imageTag,
163  '###BODY###' => $this->bodyTag
164  );
165 
166  $this->content = str_replace(array_keys($markerArray), array_values($markerArray), $this->content);
167 
168  }
169 
174  protected function processImage() {
175  if (strstr($this->width . $this->height, 'm')) {
176  $max = 'm';
177  } else {
178  $max = '';
179  }
180  $this->height = MathUtility::forceIntegerInRange($this->height, 0);
181  $this->width = MathUtility::forceIntegerInRange($this->width, 0) . $max;
182 
183  $processingConfiguration = array(
184  'width' => $this->width,
185  'height' => $this->height,
186  'frame' => $this->frame,
187 
188  );
189  return $this->file->process('Image.CropScaleMask', $processingConfiguration);
190  }
196  public function printContent() {
197  echo $this->content;
198  HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_200);
199  }
200 
205  public function execute() {
206  $this->init();
207  $this->main();
208  $this->printContent();
209  }
210 }
$parameters
$parameters
Definition: FileDumpEID.php:15
TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange
static forceIntegerInRange($theInt, $min, $max=2000000000, $defaultValue=0)
Definition: MathUtility.php:32
TYPO3\CMS\Core\Utility\GeneralUtility\hmac
static hmac($input, $additionalSecret='')
Definition: GeneralUtility.php:828
TYPO3\CMS\Core\Utility\HttpUtility\setResponseCodeAndExit
static setResponseCodeAndExit($httpStatus=self::HTTP_STATUS_303)
Definition: HttpUtility.php:98