‪TYPO3CMS  ‪main
TYPO3\CMS\Core\Resource\Security\FileNameValidator Class Reference

Public Member Functions

 __construct (?string $fileDenyPattern=null)
 
bool isValid (string $fileName)
 
 customFileDenyPatternConfigured ()
 
 missingImportantPatterns ()
 

Public Attributes

const DEFAULT_FILE_DENY_PATTERN = '\\.(php[3-8]?|phpsh|phtml|pht|phar|shtml|cgi)(\\..*)?$|\\.pl$|^\\.htaccess$'
 

Protected Attributes

string $fileDenyPattern
 

Detailed Description

Ensures that any filename that an editor chooses for naming (or uses for uploading a file) is valid, meaning that no invalid characters (null-bytes) are added, or that the file does not contain an invalid file extension.

Definition at line 24 of file FileNameValidator.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Resource\Security\FileNameValidator::__construct ( ?string  $fileDenyPattern = null)

Member Function Documentation

◆ customFileDenyPatternConfigured()

TYPO3\CMS\Core\Resource\Security\FileNameValidator::customFileDenyPatternConfigured ( )

Find out if there is a custom file deny pattern configured.

Definition at line 67 of file FileNameValidator.php.

References TYPO3\CMS\Core\Resource\Security\FileNameValidator\DEFAULT_FILE_DENY_PATTERN.

◆ isValid()

bool TYPO3\CMS\Core\Resource\Security\FileNameValidator::isValid ( string  $fileName)

Verifies the input filename against the 'fileDenyPattern'

Filenames are not allowed to contain control characters. Therefore we always filter on [[:cntrl:]].

Parameters
string$fileNameFile path to evaluate
Returns
‪bool Returns TRUE if the file name is OK.

Definition at line 55 of file FileNameValidator.php.

◆ missingImportantPatterns()

TYPO3\CMS\Core\Resource\Security\FileNameValidator::missingImportantPatterns ( )

Checks if the given file deny pattern does not have parts that the default pattern should recommend. Used in status overview.

Definition at line 76 of file FileNameValidator.php.

Member Data Documentation

◆ $fileDenyPattern

string TYPO3\CMS\Core\Resource\Security\FileNameValidator::$fileDenyPattern
protected

◆ DEFAULT_FILE_DENY_PATTERN