TYPO3 CMS  TYPO3_8-7
ShowImageController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Frontend\Controller;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Core\Exception;
20 use TYPO3\CMS\Core\Resource\ResourceFactory;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Core\Utility\MathUtility;
23 
37 class ShowImageController
38 {
42  protected $request;
43 
47  protected $file;
48 
52  protected $width;
53 
57  protected $height;
58 
62  protected $crop;
63 
67  protected $frame;
68 
72  protected $bodyTag = '<body>';
73 
77  protected $title = 'Image';
78 
82  protected $content = <<<EOF
83 <!DOCTYPE html>
84 <html>
85 <head>
86  <title>###TITLE###</title>
87  <meta name="robots" content="noindex,follow" />
88 </head>
89 ###BODY###
90  ###IMAGE###
91 </body>
92 </html>
93 EOF;
94 
98  protected $imageTag = '<img src="###publicUrl###" alt="###alt###" title="###title###" width="###width###" height="###height###" />';
99 
106  public function initialize()
107  {
108  $fileUid = isset($this->request->getQueryParams()['file']) ? $this->request->getQueryParams()['file'] : null;
109  $parametersArray = isset($this->request->getQueryParams()['parameters']) ? $this->request->getQueryParams()['parameters'] : null;
110 
111  // If no file-param or parameters are given, we must exit
112  if (!$fileUid || !isset($parametersArray) || !is_array($parametersArray)) {
113  throw new \InvalidArgumentException('No valid fileUid given', 1476048455);
114  }
115 
116  // rebuild the parameter array and check if the HMAC is correct
117  $parametersEncoded = implode('', $parametersArray);
118 
119  /* For backwards compatibility the HMAC is transported within the md5 param */
120  $hmacParameter = isset($this->request->getQueryParams()['md5']) ? $this->request->getQueryParams()['md5'] : null;
121  $hmac = GeneralUtility::hmac(implode('|', [$fileUid, $parametersEncoded]));
122  if (!is_string($hmacParameter) || !hash_equals($hmac, $hmacParameter)) {
123  throw new \InvalidArgumentException('hash does not match', 1476048456);
124  }
125 
126  // decode the parameters Array
127  $parameters = unserialize(base64_decode($parametersEncoded));
128  foreach ($parameters as $parameterName => $parameterValue) {
129  $this->{$parameterName} = $parameterValue;
130  }
131 
132  if (MathUtility::canBeInterpretedAsInteger($fileUid)) {
133  $this->file = ResourceFactory::getInstance()->getFileObject((int)$fileUid);
134  } else {
135  $this->file = ResourceFactory::getInstance()->retrieveFileOrFolderObject($fileUid);
136  }
137  $this->frame = isset($this->request->getQueryParams()['frame']) ? $this->request->getQueryParams()['frame'] : null;
138  }
139 
144  public function main()
145  {
146  $processedImage = $this->processImage();
147  $imageTagMarkers = [
148  '###publicUrl###' => htmlspecialchars($processedImage->getPublicUrl()),
149  '###alt###' => htmlspecialchars($this->file->getProperty('alternative') ?: $this->title),
150  '###title###' => htmlspecialchars($this->file->getProperty('title') ?: $this->title),
151  '###width###' => $processedImage->getProperty('width'),
152  '###height###' => $processedImage->getProperty('height')
153  ];
154  $this->imageTag = str_replace(array_keys($imageTagMarkers), array_values($imageTagMarkers), $this->imageTag);
155  $markerArray = [
156  '###TITLE###' => ($this->file->getProperty('title') ?: $this->title),
157  '###IMAGE###' => $this->imageTag,
158  '###BODY###' => $this->bodyTag
159  ];
160 
161  $this->content = str_replace(array_keys($markerArray), array_values($markerArray), $this->content);
162  }
163 
169  protected function processImage()
170  {
171  if (strstr($this->width . $this->height, 'm')) {
172  $max = 'm';
173  } else {
174  $max = '';
175  }
176  $this->height = MathUtility::forceIntegerInRange($this->height, 0);
177  $this->width = MathUtility::forceIntegerInRange($this->width, 0) . $max;
178 
179  $processingConfiguration = [
180  'width' => $this->width,
181  'height' => $this->height,
182  'frame' => $this->frame,
183  'crop' => $this->crop,
184  ];
185  return $this->file->process('Image.CropScaleMask', $processingConfiguration);
186  }
187 
195  public function processRequest(ServerRequestInterface $request, ResponseInterface $response)
196  {
197  $this->request = $request;
198 
199  try {
200  $this->initialize();
201  $this->main();
202  $response->getBody()->write($this->content);
203  return $response;
204  } catch (\InvalidArgumentException $e) {
205  // add a 410 "gone" if invalid parameters given
206  return $response->withStatus(410);
207  } catch (Exception $e) {
208  return $response->withStatus(404);
209  }
210  }
211 }
TYPO3\CMS\Frontend\Controller\ShowImageController\processRequest
processRequest(ServerRequestInterface $request, ResponseInterface $response)
Definition: ShowImageController.php:195
TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange
static forceIntegerInRange($theInt, $min, $max=2000000000, $defaultValue=0)
Definition: MathUtility.php:31
TYPO3\CMS\Core\Utility\GeneralUtility\hmac
static hmac($input, $additionalSecret='')
Definition: GeneralUtility.php:743