TYPO3 CMS  TYPO3_8-7
PharStreamWrapperInterceptor.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Core\IO;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
23 
24 class PharStreamWrapperInterceptor implements Assertable
25 {
35  public function assert(string $path, string $command): bool
36  {
37  if ($this->isAllowed($path) === true) {
38  return true;
39  }
40  throw new Exception(
41  sprintf('Executing %s is denied', $path),
42  1530103998
43  );
44  }
45 
50  protected function isAllowed(string $path): bool
51  {
52  $invocation = Manager::instance()->resolve($path, PharInvocationResolver::RESOLVE_ALIAS);
53  if ($invocation === null) {
54  return false;
55  }
56  $baseName = $invocation->getBaseName();
57  return GeneralUtility::validPathStr($baseName)
58  && GeneralUtility::isFirstPartOfStr($baseName, PATH_site . 'typo3conf/ext/');
59  }
60 }
static isFirstPartOfStr($str, $partStr)