[SECURITY] Mitigate phar stream wrapper
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / LinkHandling / LegacyLinkNotationConverter.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Core\LinkHandling;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use TYPO3\CMS\Core\Core\Environment;
19 use TYPO3\CMS\Core\Resource\Exception\ResourceDoesNotExistException;
20 use TYPO3\CMS\Core\Resource\File;
21 use TYPO3\CMS\Core\Resource\Folder;
22 use TYPO3\CMS\Core\Resource\ResourceFactory;
23 use TYPO3\CMS\Core\Utility\GeneralUtility;
24 use TYPO3\CMS\Core\Utility\MathUtility;
25
26 /**
27 * Class to resolve and convert the "old" link information (email, external url, file, page etc)
28 * to a URL or new format for migration
29 *
30 * @internal
31 */
32 class LegacyLinkNotationConverter
33 {
34
35 /**
36 * @var ResourceFactory
37 */
38 protected $resourceFactory;
39
40 /**
41 * Part of the typolink construction functionality, called by typoLink()
42 * Used to resolve "legacy"-based typolinks.
43 *
44 * Tries to get the type of the link from the link parameter
45 * could be
46 * - "mailto" an email address
47 * - "url" external URL
48 * - "file" a local file (checked AFTER getPublicUrl() is called)
49 * - "page" a page (integer or alias)
50 *
51 * Does NOT check if the page exists or the file exists.
52 *
53 * @param string $linkParameter could be "fileadmin/myfile.jpg", "info@typo3.org", "13" or "http://www.typo3.org"
54 *
55 * @return array
56 */
57 public function resolve(string $linkParameter): array
58 {
59 if (stripos(rawurldecode(trim($linkParameter)), 'phar://') === 0) {
60 throw new \RuntimeException(
61 'phar scheme not allowed as soft reference target',
62 1530030673
63 );
64 }
65
66 $result = [];
67 // Parse URL scheme
68 $scheme = parse_url($linkParameter, PHP_URL_SCHEME);
69
70 // Resolve FAL-api "file:UID-of-sys_file-record" and "file:combined-identifier"
71 if (stripos($linkParameter, 'file:') === 0) {
72 $result = $this->getFileOrFolderObjectFromMixedIdentifier(substr($linkParameter, 5));
73 } elseif (GeneralUtility::validEmail(parse_url($linkParameter, PHP_URL_PATH))) {
74 $result['type'] = LinkService::TYPE_EMAIL;
75 $result['email'] = $linkParameter;
76 } elseif (strpos($linkParameter, ':') !== false) {
77 // Check for link-handler keyword
78 list($linkHandlerKeyword, $linkHandlerValue) = explode(':', $linkParameter, 2);
79 $result['type'] = strtolower(trim($linkHandlerKeyword));
80 $result['url'] = $linkParameter;
81 $result['value'] = $linkHandlerValue;
82 if ($result['type'] === LinkService::TYPE_RECORD) {
83 list($a['identifier'], $a['table'], $a['uid']) = explode(':', $linkHandlerValue);
84 $result['url'] = $a;
85 }
86 } else {
87 // special handling without a scheme
88 $isLocalFile = 0;
89 $fileChar = (int)strpos($linkParameter, '/');
90 $urlChar = (int)strpos($linkParameter, '.');
91
92 $isIdOrAlias = MathUtility::canBeInterpretedAsInteger($linkParameter);
93 $matches = [];
94 // capture old RTE links relative to TYPO3_mainDir
95 if (preg_match('#../(?:index\\.php)?\\?id=([^&]+)#', $linkParameter, $matches)) {
96 $linkParameter = $matches[1];
97 $isIdOrAlias = true;
98 }
99 $containsSlash = false;
100 if (!$isIdOrAlias) {
101 // Detects if a file is found in site-root and if so it will be treated like a normal file.
102 list($rootFileDat) = explode('?', rawurldecode($linkParameter));
103 $containsSlash = strpos($rootFileDat, '/') !== false;
104 $pathInfo = pathinfo($rootFileDat);
105 $fileExtension = strtolower($pathInfo['extension'] ?? '');
106 if (!$containsSlash
107 && trim($rootFileDat)
108 && (
109 @is_file(Environment::getPublicPath() . '/' . $rootFileDat)
110 || $fileExtension === 'php'
111 || $fileExtension === 'html'
112 || $fileExtension === 'htm'
113 )
114 ) {
115 $isLocalFile = 1;
116 } elseif ($containsSlash) {
117 // Adding this so realurl directories are linked right (non-existing).
118 $isLocalFile = 2;
119 }
120 }
121
122 // url (external): If doubleSlash or if a '.' comes before a '/'.
123 if (!$isIdOrAlias && $isLocalFile !== 1 && $urlChar && (!$containsSlash || $urlChar < $fileChar)) {
124 $result['type'] = LinkService::TYPE_URL;
125 if (!$scheme) {
126 $result['url'] = 'http://' . $linkParameter;
127 } else {
128 $result['url'] = $linkParameter;
129 }
130 // file (internal) or folder
131 } elseif ($containsSlash || $isLocalFile) {
132 $result = $this->getFileOrFolderObjectFromMixedIdentifier($linkParameter);
133 } else {
134 // Integer or alias (alias is without slashes or periods or commas, that is
135 // 'nospace,alphanum_x,lower,unique' according to definition in $GLOBALS['TCA']!)
136 $result = $this->resolvePageRelatedParameters($linkParameter);
137 }
138 }
139
140 return $result;
141 }
142
143 /**
144 * Internal method to do some magic to get a page parts, additional params, fragment / section hash
145 *
146 * @param string $data the input variable, can be "mypage,23" with fragments, keys
147 *
148 * @return array the result array with the page type set
149 */
150 protected function resolvePageRelatedParameters(string $data): array
151 {
152 $result = ['type' => LinkService::TYPE_PAGE];
153 if (strpos($data, '#') !== false) {
154 list($data, $result['fragment']) = explode('#', $data, 2);
155 }
156 // check for additional parameters
157 if (strpos($data, '?') !== false) {
158 list($data, $result['parameters']) = explode('?', $data, 2);
159 } elseif (strpos($data, '&') !== false) {
160 list($data, $result['parameters']) = explode('&', $data, 2);
161 }
162 if (empty($data)) {
163 $result['pageuid'] = 'current';
164 } elseif ($data{0} === '#') {
165 $result['pageuid'] = 'current';
166 $result['fragment'] = substr($data, 1);
167 } elseif (strpos($data, ',') !== false) {
168 list($result['pageuid'], $result['pagetype']) = explode(',', $data, 2);
169 } elseif (strpos($data, '/') !== false) {
170 $data = explode('/', trim($data, '/'));
171 $result['pageuid'] = array_shift($data);
172 foreach ($data as $k => $item) {
173 if ($data[$k] % 2 === 0 && !empty($data[$k + 1])) {
174 $result['page' . $data[$k]] = $data[$k + 1];
175 }
176 }
177 } else {
178 $result['pageuid'] = $data;
179 }
180
181 // expect an alias
182 if (!MathUtility::canBeInterpretedAsInteger($result['pageuid']) && $result['pageuid'] !== 'current') {
183 $result['pagealias'] = $result['pageuid'];
184 unset($result['pageuid']);
185 }
186
187 return $result;
188 }
189
190 /**
191 * Internal method that fetches a file or folder object based on the file or folder combined identifier
192 *
193 * @param string $mixedIdentifier can be something like "2" (file uid), "fileadmin/i/like.png" or "2:/myidentifier/"
194 *
195 * @return array the result with the type (file or folder) set
196 */
197 protected function getFileOrFolderObjectFromMixedIdentifier(string $mixedIdentifier): array
198 {
199 $result = [];
200 try {
201 $fileOrFolderObject = $this->getResourceFactory()->retrieveFileOrFolderObject($mixedIdentifier);
202 // Link to a folder or file
203 if ($fileOrFolderObject instanceof File) {
204 $result['type'] = LinkService::TYPE_FILE;
205 $result['file'] = $fileOrFolderObject;
206 } elseif ($fileOrFolderObject instanceof Folder) {
207 $result['type'] = LinkService::TYPE_FOLDER;
208 $result['folder'] = $fileOrFolderObject;
209 } else {
210 $result['type'] = LinkService::TYPE_UNKNOWN;
211 $result['file'] = $mixedIdentifier;
212 }
213 } catch (\RuntimeException $e) {
214 // Element wasn't found
215 $result['type'] = LinkService::TYPE_UNKNOWN;
216 $result['file'] = $mixedIdentifier;
217 } catch (ResourceDoesNotExistException $e) {
218 // Resource was not found
219 $result['type'] = LinkService::TYPE_UNKNOWN;
220 $result['file'] = $mixedIdentifier;
221 }
222
223 return $result;
224 }
225
226 /**
227 * Initializes the resource factory (only once)
228 *
229 * @return ResourceFactory
230 */
231 protected function getResourceFactory(): ResourceFactory
232 {
233 if (!$this->resourceFactory) {
234 $this->resourceFactory = GeneralUtility::makeInstance(ResourceFactory::class);
235 }
236 return $this->resourceFactory;
237 }
238 }