TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
ShowImageController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Frontend\Controller;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
23 
38 {
42  protected $request;
43 
47  protected $file;
48 
52  protected $width;
53 
57  protected $height;
58 
62  protected $crop;
63 
67  protected $frame;
68 
72  protected $bodyTag = '<body>';
73 
77  protected $title = 'Image';
78 
82  protected $content = <<<EOF
83 <!DOCTYPE html>
84 <html>
85 <head>
86  <title>###TITLE###</title>
87  <meta name="robots" content="noindex,follow" />
88 </head>
89 ###BODY###
90  ###IMAGE###
91 </body>
92 </html>
93 EOF;
94 
98  protected $imageTag = '<img src="###publicUrl###" alt="###alt###" title="###title###" width="###width###" height="###height###" />';
99 
107  public function initialize()
108  {
109  $fileUid = isset($this->request->getQueryParams()['file']) ? $this->request->getQueryParams()['file'] : null;
110  $parametersArray = isset($this->request->getQueryParams()['parameters']) ? $this->request->getQueryParams()['parameters'] : null;
111 
112  // If no file-param or parameters are given, we must exit
113  if (!$fileUid || !isset($parametersArray) || !is_array($parametersArray)) {
114  throw new \InvalidArgumentException('No valid fileUid given', 1476048455);
115  }
116 
117  // rebuild the parameter array and check if the HMAC is correct
118  $parametersEncoded = implode('', $parametersArray);
119 
120  /* For backwards compatibility the HMAC is transported within the md5 param */
121  $hmacParameter = isset($this->request->getQueryParams()['md5']) ? $this->request->getQueryParams()['md5'] : null;
122  $hmac = GeneralUtility::hmac(implode('|', [$fileUid, $parametersEncoded]));
123  if ($hmac !== $hmacParameter) {
124  throw new \InvalidArgumentException('hash does not match', 1476048456);
125  }
126 
127  // decode the parameters Array
128  $parameters = unserialize(base64_decode($parametersEncoded));
129  foreach ($parameters as $parameterName => $parameterValue) {
130  $this->{$parameterName} = $parameterValue;
131  }
132 
134  $this->file = ResourceFactory::getInstance()->getFileObject((int)$fileUid);
135  } else {
136  $this->file = ResourceFactory::getInstance()->retrieveFileOrFolderObject($fileUid);
137  }
138  $this->frame = isset($this->request->getQueryParams()['frame']) ? $this->request->getQueryParams()['frame'] : null;
139  }
140 
147  public function main()
148  {
149  $processedImage = $this->processImage();
150  $imageTagMarkers = [
151  '###publicUrl###' => htmlspecialchars($processedImage->getPublicUrl()),
152  '###alt###' => htmlspecialchars($this->file->getProperty('alternative') ?: $this->title),
153  '###title###' => htmlspecialchars($this->file->getProperty('title') ?: $this->title),
154  '###width###' => $processedImage->getProperty('width'),
155  '###height###' => $processedImage->getProperty('height')
156  ];
157  $this->imageTag = str_replace(array_keys($imageTagMarkers), array_values($imageTagMarkers), $this->imageTag);
158  $markerArray = [
159  '###TITLE###' => ($this->file->getProperty('title') ?: $this->title),
160  '###IMAGE###' => $this->imageTag,
161  '###BODY###' => $this->bodyTag
162  ];
163 
164  $this->content = str_replace(array_keys($markerArray), array_values($markerArray), $this->content);
165  }
166 
172  protected function processImage()
173  {
174  if (strstr($this->width . $this->height, 'm')) {
175  $max = 'm';
176  } else {
177  $max = '';
178  }
179  $this->height = MathUtility::forceIntegerInRange($this->height, 0);
180  $this->width = MathUtility::forceIntegerInRange($this->width, 0) . $max;
181 
182  $processingConfiguration = [
183  'width' => $this->width,
184  'height' => $this->height,
185  'frame' => $this->frame,
186  'crop' => $this->crop,
187  ];
188  return $this->file->process('Image.CropScaleMask', $processingConfiguration);
189  }
190 
198  public function processRequest(ServerRequestInterface $request, ResponseInterface $response)
199  {
200  $this->request = $request;
201 
202  try {
203  $this->initialize();
204  $this->main();
205  $response->getBody()->write($this->content);
206  return $response;
207  } catch (\InvalidArgumentException $e) {
208  // add a 410 "gone" if invalid parameters given
209  return $response->withStatus(410);
210  } catch (Exception $e) {
211  return $response->withStatus(404);
212  }
213  }
214 }
static forceIntegerInRange($theInt, $min, $max=2000000000, $defaultValue=0)
Definition: MathUtility.php:31
processRequest(ServerRequestInterface $request, ResponseInterface $response)
static hmac($input, $additionalSecret= '')