‪TYPO3CMS  ‪main
SvgEventListener.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Resource\Security;
19 
20 use ‪TYPO3\CMS\Core\Attribute\AsEventListener;
21 use ‪TYPO3\CMS\Core\Resource\Event\AfterFileContentsSetEvent;
22 use ‪TYPO3\CMS\Core\Resource\Event\BeforeFileAddedEvent;
23 use ‪TYPO3\CMS\Core\Resource\Event\BeforeFileReplacedEvent;
24 
25 class ‪SvgEventListener
26 {
30  protected ‪$sanitizer;
31 
35  protected ‪$typeCheck;
36 
37  public function ‪__construct(‪SvgSanitizer ‪$sanitizer, ‪SvgTypeCheck ‪$typeCheck)
38  {
39  $this->sanitizer = ‪$sanitizer;
40  $this->typeCheck = ‪$typeCheck;
41  }
42 
43  #[AsEventListener('svg-resource-storage-listener-before-file-added')]
44  public function ‪beforeFileAdded(‪BeforeFileAddedEvent $event): void
45  {
46  $filePath = $event->‪getSourceFilePath();
47  if ($this->typeCheck->forFilePath($filePath)) {
48  $this->sanitizer->sanitizeFile($filePath);
49  }
50  }
51 
52  #[AsEventListener('svg-resource-storage-listener-before-file-replaced')]
53  public function ‪beforeFileReplaced(‪BeforeFileReplacedEvent $event): void
54  {
55  $filePath = $event->‪getLocalFilePath();
56  if ($this->typeCheck->forFilePath($filePath)) {
57  $this->sanitizer->sanitizeFile($filePath);
58  }
59  }
60 
61  #[AsEventListener('svg-resource-storage-listener-after-file-content-set')]
62  public function ‪afterFileContentsSet(‪AfterFileContentsSetEvent $event): void
63  {
64  $file = $event->‪getFile();
65  if (!$this->typeCheck->forResource($file)) {
66  return;
67  }
68  $content = $event->‪getContent();
69  $sanitizedContent = $this->sanitizer->sanitizeContent($content);
70  // cave: setting content will trigger calling this handler again
71  // (having custom-flags on `FileInterface` would allow to mark it as "processed")
72  if ($sanitizedContent !== $content) {
73  $file->setContents($sanitizedContent);
74  }
75  }
76 }
‪TYPO3\CMS\Core\Resource\Event\BeforeFileReplacedEvent\getLocalFilePath
‪getLocalFilePath()
Definition: BeforeFileReplacedEvent.php:35
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener\beforeFileReplaced
‪beforeFileReplaced(BeforeFileReplacedEvent $event)
Definition: SvgEventListener.php:51
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener\__construct
‪__construct(SvgSanitizer $sanitizer, SvgTypeCheck $typeCheck)
Definition: SvgEventListener.php:35
‪TYPO3\CMS\Core\Resource\Event\BeforeFileReplacedEvent
Definition: BeforeFileReplacedEvent.php:27
‪TYPO3\CMS\Core\Attribute\AsEventListener
Definition: AsEventListener.php:25
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener\afterFileContentsSet
‪afterFileContentsSet(AfterFileContentsSetEvent $event)
Definition: SvgEventListener.php:60
‪TYPO3\CMS\Core\Resource\Security
Definition: FileMetadataPermissionsAspect.php:16
‪TYPO3\CMS\Core\Resource\Security\SvgSanitizer
Definition: SvgSanitizer.php:23
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener\beforeFileAdded
‪beforeFileAdded(BeforeFileAddedEvent $event)
Definition: SvgEventListener.php:42
‪TYPO3\CMS\Core\Resource\Event\AfterFileContentsSetEvent\getContent
‪getContent()
Definition: AfterFileContentsSetEvent.php:36
‪TYPO3\CMS\Core\Resource\Event\BeforeFileAddedEvent\getSourceFilePath
‪getSourceFilePath()
Definition: BeforeFileAddedEvent.php:49
‪TYPO3\CMS\Core\Resource\Event\AfterFileContentsSetEvent
Definition: AfterFileContentsSetEvent.php:28
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener
Definition: SvgEventListener.php:26
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener\$sanitizer
‪SvgSanitizer $sanitizer
Definition: SvgEventListener.php:29
‪TYPO3\CMS\Core\Resource\Event\BeforeFileAddedEvent
Definition: BeforeFileAddedEvent.php:30
‪TYPO3\CMS\Core\Resource\Security\SvgTypeCheck
Definition: SvgTypeCheck.php:26
‪TYPO3\CMS\Core\Resource\Event\AfterFileContentsSetEvent\getFile
‪getFile()
Definition: AfterFileContentsSetEvent.php:31
‪TYPO3\CMS\Core\Resource\Security\SvgEventListener\$typeCheck
‪SvgTypeCheck $typeCheck
Definition: SvgEventListener.php:33