[!!!][TASK] Remove BE/fileExtensions/webspace
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Utility / File / BasicFileUtility.php
1 <?php
2 namespace TYPO3\CMS\Core\Utility\File;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Charset\CharsetConverter;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Core\Utility\PathUtility;
20
21 /**
22 * Contains class with basic file management functions
23 *
24 * Contains functions for management, validation etc of files in TYPO3.
25 *
26 * Note: All methods in this class should not be used anymore since TYPO3 6.0.
27 * Please use corresponding \TYPO3\CMS\Core\Resource\ResourceStorage
28 * (fetched via BE_USERS->getFileStorages()), as all functions should be
29 * found there (in a cleaner manner).
30 */
31 class BasicFileUtility
32 {
33 /**
34 * @var string
35 */
36 const UNSAFE_FILENAME_CHARACTER_EXPRESSION = '\\x00-\\x2C\\/\\x3A-\\x3F\\x5B-\\x60\\x7B-\\xBF';
37
38 /**
39 * This number decides the highest allowed appended number used on a filename before we use naming with unique strings
40 *
41 * @var int
42 */
43 public $maxNumber = 99;
44
45 /**
46 * This number decides how many characters out of a unique MD5-hash that is appended to a filename if getUniqueName is asked to find an available filename.
47 *
48 * @var int
49 */
50 public $uniquePrecision = 6;
51
52 /**
53 * Allowed and denied file extensions
54 * @var array
55 */
56 protected $fileExtensionPermissions = [
57 'allow' => '*',
58 'deny' => PHP_EXTENSIONS_DEFAULT
59
60 ];
61
62 /**********************************
63 *
64 * Checking functions
65 *
66 **********************************/
67
68 /**
69 * Sets the file permissions, used in DataHandler e.g.
70 *
71 * @param string $allowedFilePermissions
72 * @param string $deniedFilePermissions
73 */
74 public function setFileExtensionPermissions($allowedFilePermissions, $deniedFilePermissions)
75 {
76 $this->fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($allowedFilePermissions));
77 $this->fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($deniedFilePermissions));
78 }
79
80 /**
81 * Checks if a $fileExtension is allowed according to $this->fileExtensionPermissions.
82 *
83 * @param string $fileExtension The extension to check, eg. "php" or "html" etc.
84 * @return bool TRUE if file extension is allowed.
85 */
86 protected function is_allowed($fileExtension)
87 {
88 $fileExtension = strtolower($fileExtension);
89 if ($fileExtension) {
90 // If the extension is found amongst the allowed types, we return TRUE immediately
91 if ($this->fileExtensionPermissions['allow'] === '*' || GeneralUtility::inList($this->fileExtensionPermissions['allow'], $fileExtension)) {
92 return true;
93 }
94 // If the extension is found amongst the denied types, we return FALSE immediately
95 if ($this->fileExtensionPermissions['deny'] === '*' || GeneralUtility::inList($this->fileExtensionPermissions['deny'], $fileExtension)) {
96 return false;
97 }
98 } else {
99 // If no extension
100 if ($this->fileExtensionPermissions['allow'] === '*') {
101 return true;
102 }
103 if ($this->fileExtensionPermissions['deny'] === '*') {
104 return false;
105 }
106 }
107 // If no match we return TRUE
108 return true;
109 }
110
111 /**
112 * If the filename is given, check it against the TYPO3_CONF_VARS[BE][fileDenyPattern] +
113 * Checks if the $ext fileextension is allowed
114 *
115 * @param string $ext File extension, eg. "php" or "html
116 * @param string $_ not in use anymore
117 * @param string $filename Filename to check against TYPO3_CONF_VARS[BE][fileDenyPattern]
118 * @return bool TRUE if extension/filename is allowed
119 * @todo Deprecate, but still in use by DataHandler
120 * @deprecated but still in use in the Core. Don't use in your extensions!
121 */
122 public function checkIfAllowed($ext, $_, $filename = '')
123 {
124 return GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && $this->is_allowed($ext);
125 }
126
127 /**
128 * Cleans $theDir for slashes in the end of the string and returns the new path, if it exists on the server.
129 *
130 * @param string $theDir Directory path to check
131 * @return bool|string Returns the cleaned up directory name if OK, otherwise FALSE.
132 */
133 protected function is_directory($theDir)
134 {
135 // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
136 if (GeneralUtility::validPathStr($theDir)) {
137 $theDir = PathUtility::getCanonicalPath($theDir);
138 if (@is_dir($theDir)) {
139 return $theDir;
140 }
141 }
142 return false;
143 }
144
145 /**
146 * Returns the destination path/filename of a unique filename/foldername in that path.
147 * If $theFile exists in $theDest (directory) the file have numbers appended up to $this->maxNumber. Hereafter a unique string will be appended.
148 * This function is used by fx. DataHandler when files are attached to records and needs to be uniquely named in the uploads/* folders
149 *
150 * @param string $theFile The input filename to check
151 * @param string $theDest The directory for which to return a unique filename for $theFile. $theDest MUST be a valid directory. Should be absolute.
152 * @param bool $dontCheckForUnique If set the filename is returned with the path prepended without checking whether it already existed!
153 * @return string The destination absolute filepath (not just the name!) of a unique filename/foldername in that path.
154 * @see \TYPO3\CMS\Core\DataHandling\DataHandler::checkValue()
155 * @todo Deprecate, but still in use by the Core (DataHandler...)
156 * @deprecated but still in use in the Core. Don't use in your extensions!
157 */
158 public function getUniqueName($theFile, $theDest, $dontCheckForUnique = false)
159 {
160 // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
161 $theDest = $this->is_directory($theDest);
162 // $theDest is cleaned up
163 $origFileInfo = GeneralUtility::split_fileref($theFile);
164 // Fetches info about path, name, extension of $theFile
165 if ($theDest) {
166 // Check if the file exists and if not - return the filename...
167 $fileInfo = $origFileInfo;
168 $theDestFile = $theDest . '/' . $fileInfo['file'];
169 // The destinations file
170 if (!file_exists($theDestFile) || $dontCheckForUnique) {
171 // If the file does NOT exist we return this filename
172 return $theDestFile;
173 }
174 // Well the filename in its pure form existed. Now we try to append numbers / unique-strings and see if we can find an available filename...
175 $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filebody']);
176 // This removes _xx if appended to the file
177 $theOrigExt = $origFileInfo['realFileext'] ? '.' . $origFileInfo['realFileext'] : '';
178 for ($a = 1; $a < $this->maxNumber; $a++) {
179 if ($a <= $this->maxNumber) {
180 // First we try to append numbers
181 $insert = '_' . sprintf('%02d', $a);
182 } else {
183 // .. then we try unique-strings...
184 $insert = '_' . substr(md5(uniqid('', true)), 0, $this->uniquePrecision);
185 }
186 $theTestFile = $theTempFileBody . $insert . $theOrigExt;
187 $theDestFile = $theDest . '/' . $theTestFile;
188 // The destinations file
189 if (!file_exists($theDestFile)) {
190 // If the file does NOT exist we return this filename
191 return $theDestFile;
192 }
193 }
194 }
195 }
196
197 /*********************
198 *
199 * Cleaning functions
200 *
201 *********************/
202
203 /**
204 * Returns a string where any character not matching [.a-zA-Z0-9_-] is substituted by '_'
205 * Trailing dots are removed
206 *
207 * @param string $fileName Input string, typically the body of a filename
208 * @return string Output string with any characters not matching [.a-zA-Z0-9_-] is substituted by '_' and trailing dots removed
209 * @todo Deprecate, but still in use by the core
210 * @deprecated but still in use in the Core. Don't use in your extensions!
211 */
212 public function cleanFileName($fileName)
213 {
214 // Handle UTF-8 characters
215 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
216 // allow ".", "-", 0-9, a-z, A-Z and everything beyond U+C0 (latin capital letter a with grave)
217 $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . ']/u', '_', trim($fileName));
218 } else {
219 $fileName = GeneralUtility::makeInstance(CharsetConverter::class)->utf8_char_mapping($fileName);
220 // Replace unwanted characters by underscores
221 $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . '\\xC0-\\xFF]/', '_', trim($fileName));
222 }
223 // Strip trailing dots and return
224 return rtrim($cleanFileName, '.');
225 }
226 }