e5fc5bb03bdf5b2931e828e6bb057cc8b5d534e6
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Controller / FileDumpController.php
1 <?php
2 namespace TYPO3\CMS\Core\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ServerRequestInterface;
18 use TYPO3\CMS\Core\Http\ControllerInterface;
19 use TYPO3\CMS\Core\Http\Response;
20 use TYPO3\CMS\Core\Resource\Hook\FileDumpEIDHookInterface;
21 use TYPO3\CMS\Core\Resource\ProcessedFileRepository;
22 use TYPO3\CMS\Core\Resource\ResourceFactory;
23 use TYPO3\CMS\Core\Utility\GeneralUtility;
24 use TYPO3\CMS\Core\Utility\HttpUtility;
25
26 /**
27 * Class FileDumpController
28 */
29 class FileDumpController implements ControllerInterface {
30
31 /**
32 * @param ServerRequestInterface $request
33 * @return NULL|Response
34 *
35 * @throws \InvalidArgumentException
36 * @throws \RuntimeException
37 * @throws \TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException
38 * @throws \UnexpectedValueException
39 */
40 public function processRequest(ServerRequestInterface $request) {
41 $parameters = array('eID' => 'dumpFile');
42 $t = $this->getGetOrPost($request, 't');
43 if ($t) {
44 $parameters['t'] = $t;
45 }
46 $f = $this->getGetOrPost($request, 'f');
47 if ($f) {
48 $parameters['f'] = $f;
49 }
50 $p = $this->getGetOrPost($request, 'p');
51 if ($p) {
52 $parameters['p'] = $p;
53 }
54
55 if (GeneralUtility::hmac(implode('|', $parameters), 'resourceStorageDumpFile') === $this->getGetOrPost($request, 'token')) {
56 if (isset($parameters['f'])) {
57 $file = ResourceFactory::getInstance()->getFileObject($parameters['f']);
58 if ($file->isDeleted() || $file->isMissing()) {
59 $file = NULL;
60 }
61 } else {
62 $file = GeneralUtility::makeInstance(ProcessedFileRepository::class)->findByUid($parameters['p']);
63 if ($file->isDeleted()) {
64 $file = NULL;
65 }
66 }
67
68 if ($file === NULL) {
69 HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
70 }
71
72 // Hook: allow some other process to do some security/access checks. Hook should issue 403 if access is rejected
73 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'])) {
74 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'] as $classRef) {
75 $hookObject = GeneralUtility::getUserObj($classRef);
76 if (!$hookObject instanceof FileDumpEIDHookInterface) {
77 throw new \UnexpectedValueException('FileDump hook object must implement interface ' . FileDumpEIDHookInterface::class, 1394442417);
78 }
79 $hookObject->checkFileAccess($file);
80 }
81 }
82 $file->getStorage()->dumpFileContents($file);
83 // @todo Refactor FAL to not echo directly, but to implement a stream for output here and use response
84 return NULL;
85 } else {
86 $response = GeneralUtility::makeInstance(Response::class);
87 return $response->withStatus(403);
88 }
89 }
90
91 /**
92 * @param ServerRequestInterface $request
93 * @param string $parameter
94 * @return NULL|mixed
95 */
96 protected function getGetOrPost(ServerRequestInterface $request, $parameter) {
97 return isset($request->getParsedBody()[$parameter])
98 ? $request->getParsedBody()[$parameter]
99 : (isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : NULL);
100 }
101
102 }