[BUGFIX] Remove superfluous call of ExtendedFileUtility::init()
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Utility / File / BasicFileUtility.php
1 <?php
2 namespace TYPO3\CMS\Core\Utility\File;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Charset\CharsetConverter;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Core\Utility\PathUtility;
20
21 /**
22 * Contains class with basic file management functions
23 *
24 * Contains functions for management, validation etc of files in TYPO3.
25 *
26 * Note: All methods in this class should not be used anymore since TYPO3 6.0.
27 * Please use corresponding \TYPO3\CMS\Core\Resource\ResourceStorage
28 * (fetched via BE_USERS->getFileStorages()), as all functions should be
29 * found there (in a cleaner manner).
30 */
31 class BasicFileUtility
32 {
33 /**
34 * @var string
35 */
36 const UNSAFE_FILENAME_CHARACTER_EXPRESSION = '\\x00-\\x2C\\/\\x3A-\\x3F\\x5B-\\x60\\x7B-\\xBF';
37
38 /**
39 * This number decides the highest allowed appended number used on a filename before we use naming with unique strings
40 *
41 * @var int
42 */
43 public $maxNumber = 99;
44
45 /**
46 * This number decides how many characters out of a unique MD5-hash that is appended to a filename if getUniqueName is asked to find an available filename.
47 *
48 * @var int
49 */
50 public $uniquePrecision = 6;
51
52 /**
53 * Allowed and denied file extensions
54 * @var array
55 */
56 protected $fileExtensionPermissions = [];
57
58 /**********************************
59 *
60 * Checking functions
61 *
62 **********************************/
63
64 /**
65 * Constructor,
66 * Initializes the internal array $this->fileExtensionPermissions based on TYPO3_CONF_VARS
67 */
68 public function __construct()
69 {
70 $this->fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']['webspace']['allow']));
71 $this->fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']['webspace']['deny']));
72 }
73
74 /**
75 * Sets the file permissions, used in DataHandler e.g.
76 *
77 * @param string $allowedFilePermissions
78 * @param string $deniedFilePermissions
79 */
80 public function setFileExtensionPermissions($allowedFilePermissions, $deniedFilePermissions)
81 {
82 $this->fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($allowedFilePermissions));
83 $this->fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($deniedFilePermissions));
84 }
85
86 /**
87 * Checks if a $fileExtension is allowed according to $this->fileExtensionPermissions.
88 *
89 * @param string $fileExtension The extension to check, eg. "php" or "html" etc.
90 * @return bool TRUE if file extension is allowed.
91 */
92 protected function is_allowed($fileExtension)
93 {
94 $fileExtension = strtolower($fileExtension);
95 if ($fileExtension) {
96 // If the extension is found amongst the allowed types, we return TRUE immediately
97 if ($this->fileExtensionPermissions['allow'] === '*' || GeneralUtility::inList($this->fileExtensionPermissions['allow'], $fileExtension)) {
98 return true;
99 }
100 // If the extension is found amongst the denied types, we return FALSE immediately
101 if ($this->fileExtensionPermissions['deny'] === '*' || GeneralUtility::inList($this->fileExtensionPermissions['deny'], $fileExtension)) {
102 return false;
103 }
104 } else {
105 // If no extension
106 if ($this->fileExtensionPermissions['allow'] === '*') {
107 return true;
108 }
109 if ($this->fileExtensionPermissions['deny'] === '*') {
110 return false;
111 }
112 }
113 // If no match we return TRUE
114 return true;
115 }
116
117 /**
118 * If the filename is given, check it against the TYPO3_CONF_VARS[BE][fileDenyPattern] +
119 * Checks if the $ext fileextension is allowed
120 *
121 * @param string $ext File extension, eg. "php" or "html
122 * @param string $_ not in use anymore
123 * @param string $filename Filename to check against TYPO3_CONF_VARS[BE][fileDenyPattern]
124 * @return bool TRUE if extension/filename is allowed
125 * @todo Deprecate, but still in use by DataHandler
126 * @deprecated but still in use in the Core. Don't use in your extensions!
127 */
128 public function checkIfAllowed($ext, $_, $filename = '')
129 {
130 return GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && $this->is_allowed($ext);
131 }
132
133 /**
134 * Cleans $theDir for slashes in the end of the string and returns the new path, if it exists on the server.
135 *
136 * @param string $theDir Directory path to check
137 * @return bool|string Returns the cleaned up directory name if OK, otherwise FALSE.
138 */
139 protected function is_directory($theDir)
140 {
141 // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
142 if (GeneralUtility::validPathStr($theDir)) {
143 $theDir = PathUtility::getCanonicalPath($theDir);
144 if (@is_dir($theDir)) {
145 return $theDir;
146 }
147 }
148 return false;
149 }
150
151 /**
152 * Returns the destination path/filename of a unique filename/foldername in that path.
153 * If $theFile exists in $theDest (directory) the file have numbers appended up to $this->maxNumber. Hereafter a unique string will be appended.
154 * This function is used by fx. TCEmain when files are attached to records and needs to be uniquely named in the uploads/* folders
155 *
156 * @param string $theFile The input filename to check
157 * @param string $theDest The directory for which to return a unique filename for $theFile. $theDest MUST be a valid directory. Should be absolute.
158 * @param bool $dontCheckForUnique If set the filename is returned with the path prepended without checking whether it already existed!
159 * @return string The destination absolute filepath (not just the name!) of a unique filename/foldername in that path.
160 * @see \TYPO3\CMS\Core\DataHandling\DataHandler::checkValue()
161 * @todo Deprecate, but still in use by the Core (DataHandler...)
162 * @deprecated but still in use in the Core. Don't use in your extensions!
163 */
164 public function getUniqueName($theFile, $theDest, $dontCheckForUnique = false)
165 {
166 // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
167 $theDest = $this->is_directory($theDest);
168 // $theDest is cleaned up
169 $origFileInfo = GeneralUtility::split_fileref($theFile);
170 // Fetches info about path, name, extension of $theFile
171 if ($theDest) {
172 // Check if the file exists and if not - return the filename...
173 $fileInfo = $origFileInfo;
174 $theDestFile = $theDest . '/' . $fileInfo['file'];
175 // The destinations file
176 if (!file_exists($theDestFile) || $dontCheckForUnique) {
177 // If the file does NOT exist we return this filename
178 return $theDestFile;
179 }
180 // Well the filename in its pure form existed. Now we try to append numbers / unique-strings and see if we can find an available filename...
181 $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filebody']);
182 // This removes _xx if appended to the file
183 $theOrigExt = $origFileInfo['realFileext'] ? '.' . $origFileInfo['realFileext'] : '';
184 for ($a = 1; $a < $this->maxNumber; $a++) {
185 if ($a <= $this->maxNumber) {
186 // First we try to append numbers
187 $insert = '_' . sprintf('%02d', $a);
188 } else {
189 // .. then we try unique-strings...
190 $insert = '_' . substr(md5(uniqid('', true)), 0, $this->uniquePrecision);
191 }
192 $theTestFile = $theTempFileBody . $insert . $theOrigExt;
193 $theDestFile = $theDest . '/' . $theTestFile;
194 // The destinations file
195 if (!file_exists($theDestFile)) {
196 // If the file does NOT exist we return this filename
197 return $theDestFile;
198 }
199 }
200 }
201 }
202
203 /*********************
204 *
205 * Cleaning functions
206 *
207 *********************/
208
209 /**
210 * Returns a string where any character not matching [.a-zA-Z0-9_-] is substituted by '_'
211 * Trailing dots are removed
212 *
213 * @param string $fileName Input string, typically the body of a filename
214 * @return string Output string with any characters not matching [.a-zA-Z0-9_-] is substituted by '_' and trailing dots removed
215 * @todo Deprecate, but still in use by the core
216 * @deprecated but still in use in the Core. Don't use in your extensions!
217 */
218 public function cleanFileName($fileName)
219 {
220 // Handle UTF-8 characters
221 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
222 // allow ".", "-", 0-9, a-z, A-Z and everything beyond U+C0 (latin capital letter a with grave)
223 $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . ']/u', '_', trim($fileName));
224 } else {
225 $fileName = GeneralUtility::makeInstance(CharsetConverter::class)->specCharsToASCII('utf-8', $fileName);
226 // Replace unwanted characters by underscores
227 $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . '\\xC0-\\xFF]/', '_', trim($fileName));
228 }
229 // Strip trailing dots and return
230 return rtrim($cleanFileName, '.');
231 }
232 }