FilePathSanitizer

Checks if a given file path is allowed to be used in TYPO3 Frontend.

Currently allowed is:

  • a file (which must exist) from any of the allowedPaths option, without any ".." inside the path name
  • an external URL

The sanitize method either returns a full URL (in case it's a valid http/https resource) or a path relative to the public folder of the TYPO3 Frontend.

Table of Contents

Properties

$allowedPaths  : array<string|int, mixed>
These are the only paths that are allowed for resources in TYPO3 Frontend.

Methods

__construct()  : mixed
Sets the paths from where TypoScript resources are allowed to be used:
sanitize()  : string
Returns the reference used for the frontend inclusion, checks against allowed paths for inclusion.

Properties

$allowedPaths

These are the only paths that are allowed for resources in TYPO3 Frontend.

protected array<string|int, mixed> $allowedPaths = []

Additional paths can be added via $GLOBALS['TYPO3_CONF_VARS']['FE']['addAllowedPaths'], where all paths should be suffixed with a slash "/".

Methods

__construct()

Sets the paths from where TypoScript resources are allowed to be used:

public __construct() : mixed

sanitize()

Returns the reference used for the frontend inclusion, checks against allowed paths for inclusion.

public sanitize(string $originalFileName[, bool|null $allowExtensionPath = null ]) : string
Parameters
$originalFileName : string
$allowExtensionPath : bool|null = null
Return values
string

Resulting filename, is either a full absolute URL or a relative path.


        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results