FileNameValidator.php

Go to the documentation of this file.

<?php
 
declare(strict_types=1);
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Core\Resource\Security;
 
class ‪FileNameValidator
{
    public const ‪DEFAULT_FILE_DENY_PATTERN = '\\.(php[3-8]?|phpsh|phtml|pht|phar|shtml|cgi)(\\..*)?$|\\.pl$|^\\.htaccess$';
 
    protected ‪$fileDenyPattern;
 
    public function ‪__construct(string ‪$fileDenyPattern = null)
    {
        if (‪$fileDenyPattern !== null) {
            $this->fileDenyPattern = ‪$fileDenyPattern;
        } elseif (isset(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'])) {
            $this->fileDenyPattern = (string)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'];
        } else {
            $this->fileDenyPattern = static::DEFAULT_FILE_DENY_PATTERN;
        }
    }
 
    public function ‪isValid(string $fileName): bool
    {
        $pattern = '/[[:cntrl:]]/';
        if ($fileName !== '' && $this->fileDenyPattern !== '') {
            $pattern = '/(?:[[:cntrl:]]|' . $this->fileDenyPattern . ')/iu';
        }
        return preg_match($pattern, $fileName) === 0;
    }
 
    public function ‪customFileDenyPatternConfigured(): bool
    {
        return $this->fileDenyPattern !== ‪self::DEFAULT_FILE_DENY_PATTERN;
    }
 
    public function ‪missingImportantPatterns(): bool
    {
        $defaultParts = explode('|', self::DEFAULT_FILE_DENY_PATTERN);
        $givenParts = explode('|', $this->fileDenyPattern);
        $missingParts = array_diff($defaultParts, $givenParts);
        return !empty($missingParts);
    }
}