2 namespace TYPO3\CMS\Core\Utility\File
;
5 * This file is part of the TYPO3 CMS project.
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
14 * The TYPO3 project - inspiring people to share!
17 use TYPO3\CMS\Core\Charset\CharsetConverter
;
18 use TYPO3\CMS\Core\Utility\GeneralUtility
;
19 use TYPO3\CMS\Core\Utility\PathUtility
;
22 * Contains class with basic file management functions
24 * Contains functions for management, validation etc of files in TYPO3.
26 * Note: All methods in this class should not be used anymore since TYPO3 6.0.
27 * Please use corresponding \TYPO3\CMS\Core\Resource\ResourceStorage
28 * (fetched via BE_USERS->getFileStorages()), as all functions should be
29 * found there (in a cleaner manner).
31 class BasicFileUtility
36 const UNSAFE_FILENAME_CHARACTER_EXPRESSION
= '\\x00-\\x2C\\/\\x3A-\\x3F\\x5B-\\x60\\x7B-\\xBF';
39 * This number decides the highest allowed appended number used on a filename before we use naming with unique strings
43 public $maxNumber = 99;
46 * This number decides how many characters out of a unique MD5-hash that is appended to a filename if getUniqueName is asked to find an available filename.
50 public $uniquePrecision = 6;
53 * Allowed and denied file extensions
56 protected $fileExtensionPermissions = [
58 'deny' => PHP_EXTENSIONS_DEFAULT
62 /**********************************
66 **********************************/
69 * Sets the file permissions, used in DataHandler e.g.
71 * @param string $allowedFilePermissions
72 * @param string $deniedFilePermissions
74 public function setFileExtensionPermissions($allowedFilePermissions, $deniedFilePermissions)
76 $this->fileExtensionPermissions
['allow'] = GeneralUtility
::uniqueList(strtolower($allowedFilePermissions));
77 $this->fileExtensionPermissions
['deny'] = GeneralUtility
::uniqueList(strtolower($deniedFilePermissions));
81 * Checks if a $fileExtension is allowed according to $this->fileExtensionPermissions.
83 * @param string $fileExtension The extension to check, eg. "php" or "html" etc.
84 * @return bool TRUE if file extension is allowed.
86 protected function is_allowed($fileExtension)
88 $fileExtension = strtolower($fileExtension);
90 // If the extension is found amongst the allowed types, we return TRUE immediately
91 if ($this->fileExtensionPermissions
['allow'] === '*' || GeneralUtility
::inList($this->fileExtensionPermissions
['allow'], $fileExtension)) {
94 // If the extension is found amongst the denied types, we return FALSE immediately
95 if ($this->fileExtensionPermissions
['deny'] === '*' || GeneralUtility
::inList($this->fileExtensionPermissions
['deny'], $fileExtension)) {
100 if ($this->fileExtensionPermissions
['allow'] === '*') {
103 if ($this->fileExtensionPermissions
['deny'] === '*') {
107 // If no match we return TRUE
112 * If the filename is given, check it against the TYPO3_CONF_VARS[BE][fileDenyPattern] +
113 * Checks if the $ext fileextension is allowed
115 * @param string $ext File extension, eg. "php" or "html
116 * @param string $_ not in use anymore
117 * @param string $filename Filename to check against TYPO3_CONF_VARS[BE][fileDenyPattern]
118 * @return bool TRUE if extension/filename is allowed
119 * @todo Deprecate, but still in use by DataHandler
120 * @deprecated but still in use in the Core. Don't use in your extensions!
122 public function checkIfAllowed($ext, $_, $filename = '')
124 return GeneralUtility
::verifyFilenameAgainstDenyPattern($filename) && $this->is_allowed($ext);
128 * Cleans $theDir for slashes in the end of the string and returns the new path, if it exists on the server.
130 * @param string $theDir Directory path to check
131 * @return bool|string Returns the cleaned up directory name if OK, otherwise FALSE.
133 protected function is_directory($theDir)
135 // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
136 if (GeneralUtility
::validPathStr($theDir)) {
137 $theDir = PathUtility
::getCanonicalPath($theDir);
138 if (@is_dir
($theDir)) {
146 * Returns the destination path/filename of a unique filename/foldername in that path.
147 * If $theFile exists in $theDest (directory) the file have numbers appended up to $this->maxNumber. Hereafter a unique string will be appended.
148 * This function is used by fx. DataHandler when files are attached to records and needs to be uniquely named in the uploads/* folders
150 * @param string $theFile The input filename to check
151 * @param string $theDest The directory for which to return a unique filename for $theFile. $theDest MUST be a valid directory. Should be absolute.
152 * @param bool $dontCheckForUnique If set the filename is returned with the path prepended without checking whether it already existed!
153 * @return string The destination absolute filepath (not just the name!) of a unique filename/foldername in that path.
154 * @see \TYPO3\CMS\Core\DataHandling\DataHandler::checkValue()
155 * @todo Deprecate, but still in use by the Core (DataHandler...)
156 * @deprecated but still in use in the Core. Don't use in your extensions!
158 public function getUniqueName($theFile, $theDest, $dontCheckForUnique = false)
160 // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
161 $theDest = $this->is_directory($theDest);
162 // $theDest is cleaned up
163 $origFileInfo = GeneralUtility
::split_fileref($theFile);
164 // Fetches info about path, name, extension of $theFile
166 // Check if the file exists and if not - return the filename...
167 $fileInfo = $origFileInfo;
168 $theDestFile = $theDest . '/' . $fileInfo['file'];
169 // The destinations file
170 if (!file_exists($theDestFile) ||
$dontCheckForUnique) {
171 // If the file does NOT exist we return this filename
174 // Well the filename in its pure form existed. Now we try to append numbers / unique-strings and see if we can find an available filename...
175 $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filebody']);
176 // This removes _xx if appended to the file
177 $theOrigExt = $origFileInfo['realFileext'] ?
'.' . $origFileInfo['realFileext'] : '';
178 for ($a = 1; $a < $this->maxNumber
; $a++
) {
179 if ($a <= $this->maxNumber
) {
180 // First we try to append numbers
181 $insert = '_' . sprintf('%02d', $a);
183 // .. then we try unique-strings...
184 $insert = '_' . substr(md5(uniqid('', true)), 0, $this->uniquePrecision
);
186 $theTestFile = $theTempFileBody . $insert . $theOrigExt;
187 $theDestFile = $theDest . '/' . $theTestFile;
188 // The destinations file
189 if (!file_exists($theDestFile)) {
190 // If the file does NOT exist we return this filename
197 /*********************
201 *********************/
204 * Returns a string where any character not matching [.a-zA-Z0-9_-] is substituted by '_'
205 * Trailing dots are removed
207 * @param string $fileName Input string, typically the body of a filename
208 * @return string Output string with any characters not matching [.a-zA-Z0-9_-] is substituted by '_' and trailing dots removed
209 * @todo Deprecate, but still in use by the core
210 * @deprecated but still in use in the Core. Don't use in your extensions!
212 public function cleanFileName($fileName)
214 // Handle UTF-8 characters
215 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
216 // allow ".", "-", 0-9, a-z, A-Z and everything beyond U+C0 (latin capital letter a with grave)
217 $cleanFileName = preg_replace('/[' . self
::UNSAFE_FILENAME_CHARACTER_EXPRESSION
. ']/u', '_', trim($fileName));
219 $fileName = GeneralUtility
::makeInstance(CharsetConverter
::class)->utf8_char_mapping($fileName);
220 // Replace unwanted characters by underscores
221 $cleanFileName = preg_replace('/[' . self
::UNSAFE_FILENAME_CHARACTER_EXPRESSION
. '\\xC0-\\xFF]/', '_', trim($fileName));
223 // Strip trailing dots and return
224 return rtrim($cleanFileName, '.');