typo3/sysext/backend/Classes/Form/Wizard/ImageManipulationWizard.php

   1 <?php
   2 declare(strict_types=1);
   3 namespace TYPO3\CMS\Backend\Form\Wizard;
   4
   5 /*
   6  * This file is part of the TYPO3 CMS project.
   7  *
   8  * It is free software; you can redistribute it and/or modify it under
   9  * the terms of the GNU General Public License, either version 2
  10  * of the License, or any later version.
  11  *
  12  * For the full copyright and license information, please read the
  13  * LICENSE.txt file that was distributed with this source code.
  14  *
  15  * The TYPO3 project - inspiring people to share!
  16  */
  17
  18 use Psr\Http\Message\ResponseInterface;
  19 use Psr\Http\Message\ServerRequestInterface;
  20 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
  21 use TYPO3\CMS\Core\Resource\ResourceFactory;
  22 use TYPO3\CMS\Core\Utility\GeneralUtility;
  23 use TYPO3\CMS\Core\Utility\MathUtility;
  24 use TYPO3\CMS\Fluid\View\StandaloneView;
  25
  26 /**
  27  * Wizard for rendering image manipulation view
  28  */
  29 class ImageManipulationWizard
  30 {
  31     /**
  32      * @var StandaloneView
  33      */
  34     private $templateView;
  35
  36     /**
  37      * @param StandaloneView $templateView
  38      */
  39     public function __construct(StandaloneView $templateView = null)
  40     {
  41         if (!$templateView) {
  42             $templateView = GeneralUtility::makeInstance(StandaloneView::class);
  43             $templateView->setLayoutRootPaths([GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Layouts/')]);
  44             $templateView->setPartialRootPaths([GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Partials/ImageManipulation/')]);
  45             $templateView->setTemplatePathAndFilename(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/ImageManipulation/ImageManipulationWizard.html'));
  46         }
  47         $this->templateView = $templateView;
  48     }
  49
  50     /**
  51      * Returns the HTML for the wizard inside the modal
  52      *
  53      * @param ServerRequestInterface $request
  54      * @param ResponseInterface $response
  55      * @return ResponseInterface $response
  56      */
  57     public function getWizardAction(ServerRequestInterface $request, ResponseInterface $response)
  58     {
  59         if ($this->isSignatureValid($request)) {
  60             $queryParams = json_decode($request->getQueryParams()['arguments'], true);
  61             $fileUid = $queryParams['image'];
  62             $image = null;
  63             if (MathUtility::canBeInterpretedAsInteger($fileUid)) {
  64                 try {
  65                     $image = ResourceFactory::getInstance()->getFileObject($fileUid);
  66                 } catch (FileDoesNotExistException $e) {
  67                 }
  68             }
  69             $viewData = [
  70                 'image' => $image,
  71                 'cropVariants' => $queryParams['cropVariants']
  72             ];
  73             $content = $this->templateView->renderSection('Main', $viewData);
  74             $response->getBody()->write($content);
  75
  76             return $response;
  77         } else {
  78             return $response->withStatus(403);
  79         }
  80     }
  81
  82     /**
  83      * Check if hmac signature is correct
  84      *
  85      * @param ServerRequestInterface $request the request with the GET parameters
  86      * @return bool
  87      */
  88     protected function isSignatureValid(ServerRequestInterface $request)
  89     {
  90         $token = GeneralUtility::hmac($request->getQueryParams()['arguments'], 'ajax_wizard_image_manipulation');
  91         return $token === $request->getQueryParams()['signature'];
  92     }
  93 }