0b3eec0d55526c70c4ae227668f30d4a594db880
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Controller / ShowImageController.php
1 <?php
2 namespace TYPO3\CMS\Frontend\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use \TYPO3\CMS\Core\Utility\HttpUtility;
18 use \TYPO3\CMS\Core\Utility\GeneralUtility;
19 use \TYPO3\CMS\Core\Utility\MathUtility;
20
21 /**
22 * Script Class, generating the page output.
23 * Instantiated in the bottom of this script.
24 *
25 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
26 */
27 class ShowImageController {
28
29 /**
30 * Parameters loaded into these internal variables:
31 *
32 * @var \TYPO3\CMS\Core\Resource\File
33 */
34 protected $file;
35
36 /**
37 * @var int
38 */
39 protected $width;
40
41 /**
42 * @var int
43 */
44 protected $height;
45
46 /**
47 * @var string
48 */
49 protected $sample;
50
51 /**
52 * @var string
53 */
54 protected $effects;
55
56 /**
57 * @var int
58 */
59 protected $frame;
60
61 /**
62 * @var string
63 */
64 protected $hmac;
65
66 /**
67 * @var string
68 */
69 protected $bodyTag = '<body>';
70
71 /**
72 * @var string
73 */
74 protected $wrap = '|';
75
76 /**
77 * @var string
78 */
79 protected $title = 'Image';
80
81 /**
82 * @var string
83 */
84 protected $content = <<<EOF
85 <!DOCTYPE html>
86 <html>
87 <head>
88 <title>###TITLE###</title>
89 <meta name="robots" content="noindex,follow" />
90 </head>
91 ###BODY###
92 ###IMAGE###
93 </body>
94 </html>
95 EOF;
96
97 /**
98 * @var string
99 */
100 protected $imageTag = '<img src="###publicUrl###" alt="###alt###" title="###title###" />';
101
102 /**
103 * Init function, setting the input vars in the global space.
104 *
105 * @return void
106 */
107 public function init() {
108 // Loading internal vars with the GET/POST parameters from outside:
109 $fileUid = GeneralUtility::_GP('file');
110 $this->frame = GeneralUtility::_GP('frame');
111 /* For backwards compatibility the HMAC is transported within the md5 param */
112 $this->hmac = GeneralUtility::_GP('md5');
113
114 $parametersArray = GeneralUtility::_GP('parameters');
115
116 // If no file-param or parameters are given, we must exit
117 if (!$fileUid || !isset($parametersArray) || !is_array($parametersArray)) {
118 HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_410);
119 }
120
121 // rebuild the parameter array and check if the HMAC is correct
122 $parametersEncoded = implode('', $parametersArray);
123 $hmac = GeneralUtility::hmac(implode('|', array($fileUid, $parametersEncoded)));
124 if ($hmac !== $this->hmac) {
125 HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_410);
126
127 }
128
129 // decode the parameters Array
130 $parameters = unserialize(base64_decode($parametersEncoded));
131 foreach ($parameters as $parameterName => $parameterValue) {
132 $this->{$parameterName} = $parameterValue;
133 }
134
135 try {
136 if (MathUtility::canBeInterpretedAsInteger($fileUid)) {
137 $this->file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileObject((int)$fileUid);
138 } else {
139 $this->file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->retrieveFileOrFolderObject($fileUid);
140 }
141 } catch (\TYPO3\CMS\Core\Exception $e) {
142 HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
143 }
144 }
145
146 /**
147 * Main function which creates the image if needed and outputs the HTML code for the page displaying the image.
148 * Accumulates the content in $this->content
149 *
150 * @return void
151 */
152 public function main() {
153 $processedImage = $this->processImage();
154 $imageTagMarkers = array(
155 '###publicUrl###' => htmlspecialchars($processedImage->getPublicUrl()),
156 '###alt###' => htmlspecialchars($this->file->getProperty('alternative') ?: $this->title),
157 '###title###' => htmlspecialchars($this->file->getProperty('title') ?: $this->title)
158 );
159 $this->imageTag = str_replace(array_keys($imageTagMarkers), array_values($imageTagMarkers), $this->imageTag);
160 if ($this->wrap !== '|') {
161 $wrapParts = explode('|', $this->wrap, 2);
162 $this->imageTag = $wrapParts[0] . $this->imageTag . $wrapParts[1];
163 }
164 $markerArray = array(
165 '###TITLE###' => ($this->file->getProperty('title') ?: $this->title),
166 '###IMAGE###' => $this->imageTag,
167 '###BODY###' => $this->bodyTag
168 );
169
170 $this->content = str_replace(array_keys($markerArray), array_values($markerArray), $this->content);
171
172 }
173
174 /**
175 * Does the actual image processing
176 *
177 * @return \TYPO3\CMS\Core\Resource\ProcessedFile
178 */
179 protected function processImage() {
180 if (strstr($this->width . $this->height, 'm')) {
181 $max = 'm';
182 } else {
183 $max = '';
184 }
185 $this->height = MathUtility::forceIntegerInRange($this->height, 0);
186 $this->width = MathUtility::forceIntegerInRange($this->width, 0) . $max;
187
188 $processingConfiguration = array(
189 'width' => $this->width,
190 'height' => $this->height,
191 'frame' => $this->frame,
192
193 );
194 return $this->file->process('Image.CropScaleMask', $processingConfiguration);
195 }
196 /**
197 * Outputs the content from $this->content
198 *
199 * @return void
200 */
201 public function printContent() {
202 echo $this->content;
203 HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_200);
204 }
205
206 /**
207 * Execute
208 *
209 * @return void
210 */
211 public function execute() {
212 $this->init();
213 $this->main();
214 $this->printContent();
215 }
216
217 }