‪TYPO3CMS  ‪main
TYPO3\CMS\Frontend\Resource\FilePathSanitizer Class Reference

Public Member Functions

 __construct ()
string sanitize (string $originalFileName, ?bool $allowExtensionPath=null)

Protected Attributes

array $allowedPaths = array( )

Private Member Functions

 makeRelative (string $absoluteFilePath, string $originalFilePath, bool $isExtensionPath)

Detailed Description

Checks if a given file path is allowed to be used in TYPO3 Frontend.

Currently allowed is:

  • ‪a file (which must exist) from any of the allowedPaths option, without any ".." inside the path name
  • ‪an external URL

The sanitize method either returns a full URL (in case it's a valid http/https resource) or a path relative to the public folder of the TYPO3 Frontend.

Definition at line 38 of file FilePathSanitizer.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Frontend\Resource\FilePathSanitizer::__construct ( )

Member Function Documentation

◆ makeRelative()

TYPO3\CMS\Frontend\Resource\FilePathSanitizer::makeRelative ( string  $absoluteFilePath,
string  $originalFilePath,
bool  $isExtensionPath 

◆ sanitize()

string TYPO3\CMS\Frontend\Resource\FilePathSanitizer::sanitize ( string  $originalFileName,
?bool  $allowExtensionPath = null 

Returns the reference used for the frontend inclusion, checks against allowed paths for inclusion.

‪string Resulting filename, is either a full absolute URL or a relative path.

Definition at line 76 of file FilePathSanitizer.php.

References TYPO3\CMS\Core\Core\Environment\getPublicPath(), TYPO3\CMS\Core\Utility\PathUtility\isExtensionPath(), and TYPO3\CMS\Frontend\Resource\FilePathSanitizer\makeRelative().

Member Data Documentation

◆ $allowedPaths

array TYPO3\CMS\Frontend\Resource\FilePathSanitizer::$allowedPaths = array( )

These are the only paths that are allowed for resources in TYPO3 Frontend. Additional paths can be added via $GLOBALS['TYPO3_CONF_VARS']['FE']['addAllowedPaths'], where all paths should be suffixed with a slash "/".

Definition at line 46 of file FilePathSanitizer.php.