‪TYPO3CMS  ‪main
FileExtensionFilter.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Resource\Filter;
19 
20 use ‪TYPO3\CMS\Backend\RecordList\DatabaseRecordList;
21 use ‪TYPO3\CMS\Core\DataHandling\DataHandler;
22 use TYPO3\CMS\Core\Resource\Driver\DriverInterface;
23 use ‪TYPO3\CMS\Core\Resource\Exception\ResourceDoesNotExistException;
24 use ‪TYPO3\CMS\Core\Resource\ResourceFactory;
25 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
26 
30 class ‪FileExtensionFilter
31 {
37  protected ?array ‪$allowedFileExtensions = null;
38 
44  protected ?array ‪$disallowedFileExtensions = null;
45 
46  public function ‪filter(
47  array $references,
48  string ‪$allowedFileExtensions,
49  string ‪$disallowedFileExtensions,
50  ‪DataHandler|‪DatabaseRecordList $dataHandler
51  ): array {
52  if (‪$allowedFileExtensions !== '') {
53  $this->‪setAllowedFileExtensions($allowedFileExtensions);
54  }
55  if (‪$disallowedFileExtensions !== '') {
56  $this->‪setDisallowedFileExtensions($disallowedFileExtensions);
57  }
58 
59  $cleanReferences = [];
60  foreach ($references as $reference) {
61  if (empty($reference)) {
62  continue;
63  }
64  $parts = GeneralUtility::revExplode('_', (string)$reference, 2);
65  $fileReferenceUid = $parts[count($parts) - 1];
66  try {
67  $fileReference = GeneralUtility::makeInstance(ResourceFactory::class)->getFileReferenceObject($fileReferenceUid);
68  $file = $fileReference->getOriginalFile();
69  if ($this->‪isAllowed($file->getExtension())) {
70  $cleanReferences[] = $reference;
71  } else {
72  // Remove the erroneously created reference record again
73  $dataHandler->deleteAction('sys_file_reference', $fileReferenceUid);
74  }
75  } catch (‪ResourceDoesNotExistException $e) {
76  // do nothing
77  }
78  }
79  return $cleanReferences;
80  }
81 
95  public function ‪filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, DriverInterface $driver)
96  {
97  $returnCode = true;
98  // Early return in case no file filters are set at all
99  if ($this->allowedFileExtensions === null && $this->disallowedFileExtensions === null) {
100  return $returnCode;
101  }
102  // Check that this is a file and not a folder
103  if ($driver->fileExists($itemIdentifier)) {
104  try {
105  $fileInfo = $driver->getFileInfoByIdentifier($itemIdentifier, ['extension']);
106  } catch (\InvalidArgumentException $e) {
107  $fileInfo = [];
108  }
109  if (!$this->‪isAllowed((string)($fileInfo['extension'] ?? ''))) {
110  $returnCode = -1;
111  }
112  }
113  return $returnCode;
114  }
115 
121  public function ‪isAllowed(string $fileExtension): bool
122  {
123  $fileExtension = strtolower($fileExtension);
124  $result = true;
125  // Check allowed file extensions
126  if (!empty($this->allowedFileExtensions) && !in_array($fileExtension, $this->allowedFileExtensions, true)) {
127  $result = false;
128  }
129  // Check disallowed file extensions
130  if (!empty($this->disallowedFileExtensions) && in_array($fileExtension, $this->disallowedFileExtensions, true)) {
131  $result = false;
132  }
133  return $result;
134  }
135 
141  public function ‪setAllowedFileExtensions(mixed ‪$allowedFileExtensions): void
142  {
143  $this->allowedFileExtensions = $this->‪convertToLowercaseArray($allowedFileExtensions);
144  }
145 
146  public function ‪getAllowedFileExtensions(): ?array
147  {
148  return ‪$this->allowedFileExtensions;
149  }
150 
156  public function ‪setDisallowedFileExtensions(mixed ‪$disallowedFileExtensions): void
157  {
158  $this->disallowedFileExtensions = $this->‪convertToLowercaseArray($disallowedFileExtensions);
159  }
160 
161  public function ‪getDisallowedFileExtensions(): ?array
162  {
163  return ‪$this->disallowedFileExtensions;
164  }
165 
172  public function ‪getFilteredFileExtensions(): array
173  {
174  if ($this->disallowedFileExtensions === null) {
175  return ['allowedFileExtensions' => $this->allowedFileExtensions ?? ['*']];
176  }
177 
178  if ($this->allowedFileExtensions === null) {
179  return ['disallowedFileExtensions' => ‪$this->disallowedFileExtensions];
180  }
181 
182  return ['allowedFileExtensions' => array_filter($this->allowedFileExtensions, function ($fileExtension) {
183  return !in_array($fileExtension, $this->disallowedFileExtensions, true);
184  })];
185  }
186 
192  protected function ‪convertToLowercaseArray(mixed $inputArgument): ?array
193  {
194  $returnValue = null;
195  if (is_array($inputArgument)) {
196  $returnValue = $inputArgument;
197  } elseif ((string)$inputArgument !== '') {
198  $returnValue = GeneralUtility::trimExplode(',', $inputArgument);
199  }
200 
201  if (is_array($returnValue)) {
202  $returnValue = array_map('strtolower', $returnValue);
203  }
204 
205  return $returnValue;
206  }
207 }
‪TYPO3\CMS\Core\DataHandling\DataHandler
Definition: DataHandler.php:95
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\filter
‪filter(array $references, string $allowedFileExtensions, string $disallowedFileExtensions, DataHandler|DatabaseRecordList $dataHandler)
Definition: FileExtensionFilter.php:46
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\setAllowedFileExtensions
‪setAllowedFileExtensions(mixed $allowedFileExtensions)
Definition: FileExtensionFilter.php:141
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\$allowedFileExtensions
‪array $allowedFileExtensions
Definition: FileExtensionFilter.php:37
‪TYPO3\CMS\Backend\RecordList\DatabaseRecordList
Definition: DatabaseRecordList.php:68
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\getFilteredFileExtensions
‪getFilteredFileExtensions()
Definition: FileExtensionFilter.php:172
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\setDisallowedFileExtensions
‪setDisallowedFileExtensions(mixed $disallowedFileExtensions)
Definition: FileExtensionFilter.php:156
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\$disallowedFileExtensions
‪array $disallowedFileExtensions
Definition: FileExtensionFilter.php:44
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\getDisallowedFileExtensions
‪getDisallowedFileExtensions()
Definition: FileExtensionFilter.php:161
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\convertToLowercaseArray
‪convertToLowercaseArray(mixed $inputArgument)
Definition: FileExtensionFilter.php:192
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\getAllowedFileExtensions
‪getAllowedFileExtensions()
Definition: FileExtensionFilter.php:146
‪TYPO3\CMS\Core\Resource\ResourceFactory
Definition: ResourceFactory.php:41
‪TYPO3\CMS\Core\Resource\Exception\ResourceDoesNotExistException
Definition: ResourceDoesNotExistException.php:23
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter
Definition: FileExtensionFilter.php:31
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\isAllowed
‪isAllowed(string $fileExtension)
Definition: FileExtensionFilter.php:121
‪TYPO3\CMS\Core\Resource\Filter
Definition: FileExtensionFilter.php:18
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter\filterFileList
‪bool int filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, DriverInterface $driver)
Definition: FileExtensionFilter.php:95