‪TYPO3CMS  ‪main
ImageManipulationController.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Backend\Controller\Wizard;
19 
20 use Psr\Http\Message\ResponseInterface;
21 use Psr\Http\Message\ServerRequestInterface;
22 use ‪TYPO3\CMS\Backend\Attribute\AsController;
23 use ‪TYPO3\CMS\Backend\View\BackendViewFactory;
24 use ‪TYPO3\CMS\Core\Crypto\HashService;
25 use ‪TYPO3\CMS\Core\Http\HtmlResponse;
26 use ‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
27 use ‪TYPO3\CMS\Core\Resource\ResourceFactory;
28 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
29 use ‪TYPO3\CMS\Core\Utility\MathUtility;
30 
35 #[AsController]
36 class ‪ImageManipulationController
37 {
38  public function ‪__construct(
39  protected readonly ‪BackendViewFactory $backendViewFactory,
40  protected readonly ‪HashService $hashService,
41  ) {}
42 
46  public function ‪getWizardContent(ServerRequestInterface $request): ResponseInterface
47  {
48  if ($this->‪isSignatureValid($request)) {
49  $parsedBody = json_decode($request->getParsedBody()['arguments'], true);
50  $fileUid = $parsedBody['image'];
51  $image = null;
52  if (‪MathUtility::canBeInterpretedAsInteger($fileUid)) {
53  try {
54  $image = GeneralUtility::makeInstance(ResourceFactory::class)->getFileObject($fileUid);
55  } catch (‪FileDoesNotExistException $e) {
56  }
57  }
58  $view = $this->backendViewFactory->create($request);
59  $view->assignMultiple([
60  'image' => $image,
61  'cropVariants' => $parsedBody['cropVariants'],
62  ]);
63  return new ‪HtmlResponse($view->render('Form/ImageManipulationWizard'));
64  }
65  return new ‪HtmlResponse('', 403);
66  }
67 
73  protected function ‪isSignatureValid(ServerRequestInterface $request): bool
74  {
75  $token = $this->hashService->hmac($request->getParsedBody()['arguments'], 'ajax_wizard_image_manipulation');
76  return hash_equals($token, $request->getParsedBody()['signature']);
77  }
78 }
‪TYPO3\CMS\Backend\View\BackendViewFactory
Definition: BackendViewFactory.php:35
‪TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException
Definition: FileDoesNotExistException.php:21
‪TYPO3\CMS\Backend\Controller\Wizard\ImageManipulationController\__construct
‪__construct(protected readonly BackendViewFactory $backendViewFactory, protected readonly HashService $hashService,)
Definition: ImageManipulationController.php:38
‪TYPO3\CMS\Core\Utility\MathUtility\canBeInterpretedAsInteger
‪static bool canBeInterpretedAsInteger(mixed $var)
Definition: MathUtility.php:69
‪TYPO3\CMS\Backend\Controller\Wizard
Definition: AddController.php:18
‪TYPO3\CMS\Core\Resource\ResourceFactory
Definition: ResourceFactory.php:42
‪TYPO3\CMS\Backend\Controller\Wizard\ImageManipulationController\getWizardContent
‪getWizardContent(ServerRequestInterface $request)
Definition: ImageManipulationController.php:46
‪TYPO3\CMS\Backend\Controller\Wizard\ImageManipulationController\isSignatureValid
‪isSignatureValid(ServerRequestInterface $request)
Definition: ImageManipulationController.php:73
‪TYPO3\CMS\Backend\Controller\Wizard\ImageManipulationController
Definition: ImageManipulationController.php:37
‪TYPO3\CMS\Core\Utility\MathUtility
Definition: MathUtility.php:24
‪TYPO3\CMS\Backend\Attribute\AsController
Definition: AsController.php:25
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Core\Crypto\HashService
Definition: HashService.php:27
‪TYPO3\CMS\Core\Http\HtmlResponse
Definition: HtmlResponse.php:28