X-Git-Url: https://git.typo3.org/Packages/TYPO3.CMS.git/blobdiff_plain/f83eddd5027b74d7f4d28a845521bff3b2dd603d..refs/changes/35/59335/3:/typo3/sysext/core/Classes/Resource/Filter/FileExtensionFilter.php diff --git a/typo3/sysext/core/Classes/Resource/Filter/FileExtensionFilter.php b/typo3/sysext/core/Classes/Resource/Filter/FileExtensionFilter.php index 8a5ba35..f12119a 100644 --- a/typo3/sysext/core/Classes/Resource/Filter/FileExtensionFilter.php +++ b/typo3/sysext/core/Classes/Resource/Filter/FileExtensionFilter.php @@ -1,175 +1,181 @@ - * All rights reserved + * It is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License, either version 2 + * of the License, or any later version. * - * This script is part of the TYPO3 project. The TYPO3 project is - * free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * For the full copyright and license information, please read the + * LICENSE.txt file that was distributed with this source code. * - * The GNU General Public License can be found at - * http://www.gnu.org/copyleft/gpl.html. - * A copy is found in the text file GPL.txt and important notices to the license - * from the author is found in LICENSE.txt distributed with these scripts. - * - * - * This script is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * This copyright notice MUST APPEAR in all copies of the script! - ***************************************************************/ -/** - * Utility methods for filtering filenames - * - * @author Ingmar Schlecht + * The TYPO3 project - inspiring people to share! */ -class FileExtensionFilter { - /** - * Allowed file extensions. If NULL, all extensions are allowed. - * - * @var array - */ - protected $allowedFileExtensions = NULL; +use TYPO3\CMS\Core\DataHandling\DataHandler; +use TYPO3\CMS\Core\Resource\Driver\DriverInterface; +use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException; +use TYPO3\CMS\Core\Resource\ResourceFactory; +use TYPO3\CMS\Core\Utility\GeneralUtility; - /** - * Disallowed file extensions. If NULL, no extension is disallowed (i.e. all are allowed). - * - * @var array - */ - protected $disallowedFileExtensions = NULL; +/** + * Utility methods for filtering filenames + */ +class FileExtensionFilter +{ + /** + * Allowed file extensions. If NULL, all extensions are allowed. + * + * @var array + */ + protected $allowedFileExtensions; - /** - * Entry method for use as TCEMain "inline" field filter - * - * @param array $parameters - * @param \TYPO3\CMS\Core\DataHandling\DataHandler $tceMain - * @return array - */ - public function filterInlineChildren(array $parameters, \TYPO3\CMS\Core\DataHandling\DataHandler $tceMain) { - $values = $parameters['values']; - if ($parameters['allowedFileExtensions']) { - $this->setAllowedFileExtensions($parameters['allowedFileExtensions']); - } - if ($parameters['disallowedFileExtensions']) { - $this->setDisallowedFileExtensions($parameters['disallowedFileExtensions']); - } - $cleanValues = array(); - if (is_array($values)) { - foreach ($values as $value) { - if (empty($value)) { - continue; - } - $parts = \TYPO3\CMS\Core\Utility\GeneralUtility::revExplode('_', $value, 2); - $fileReferenceUid = $parts[count($parts) - 1]; - $fileReference = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileReferenceObject($fileReferenceUid); - $file = $fileReference->getOriginalFile(); - if ($this->isAllowed($file->getIdentifier())) { - $cleanValues[] = $value; - } else { - // Remove the erroneously created reference record again - $tceMain->deleteAction('sys_file_reference', $fileReferenceUid); - } - } - } - return $cleanValues; - } + /** + * Disallowed file extensions. If NULL, no extension is disallowed (i.e. all are allowed). + * + * @var array + */ + protected $disallowedFileExtensions; - /** - * Entry method for use as file list filter. - * - * We have to use -1 as the „don't include“ return value, as call_user_func() will return FALSE - * if calling the method failed and thus we can't use that as a return value. - * - * @param string $itemName - * @param string $itemIdentifier - * @param string $parentIdentifier - * @param array $additionalInformation Additional information about the inspected item - * @param \TYPO3\CMS\Core\Resource\Driver\DriverInterface $driver - * @return boolean|integer -1 if the file should not be included in a listing - */ - public function filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, \TYPO3\CMS\Core\Resource\Driver\DriverInterface $driver) { - $returnCode = TRUE; - // Early return in case no file filters are set at all - if ($this->allowedFileExtensions === NULL && $this->disallowedFileExtensions === NULL) { - return $returnCode; - } - // Check that this is a file and not a folder - if ($driver->fileExists($itemIdentifier)) { - if (!$this->isAllowed($itemName)) { - $returnCode = -1; - } - } - return $returnCode; - } + /** + * Entry method for use as DataHandler "inline" field filter + * + * @param array $parameters + * @param DataHandler $dataHandler + * @return array + */ + public function filterInlineChildren(array $parameters, DataHandler $dataHandler) + { + $values = $parameters['values']; + if ($parameters['allowedFileExtensions']) { + $this->setAllowedFileExtensions($parameters['allowedFileExtensions']); + } + if ($parameters['disallowedFileExtensions']) { + $this->setDisallowedFileExtensions($parameters['disallowedFileExtensions']); + } + $cleanValues = []; + if (is_array($values)) { + foreach ($values as $value) { + if (empty($value)) { + continue; + } + $parts = GeneralUtility::revExplode('_', $value, 2); + $fileReferenceUid = $parts[count($parts) - 1]; + try { + $fileReference = ResourceFactory::getInstance()->getFileReferenceObject($fileReferenceUid); + $file = $fileReference->getOriginalFile(); + if ($this->isAllowed($file->getExtension())) { + $cleanValues[] = $value; + } else { + // Remove the erroneously created reference record again + $dataHandler->deleteAction('sys_file_reference', $fileReferenceUid); + } + } catch (FileDoesNotExistException $e) { + // do nothing + } + } + } + return $cleanValues; + } - /** - * Checks whether a file is allowed according to the criteria defined in the class variables ($this->allowedFileExtensions etc.) - * - * @param \TYPO3\CMS\Core\Resource\FileInterface $file - * @return boolean - */ - protected function isAllowed($fileName) { - $result = TRUE; - $fileExt = pathinfo($fileName, PATHINFO_EXTENSION); - // Check allowed file extensions - if ($this->allowedFileExtensions !== NULL && count($this->allowedFileExtensions) > 0 && !in_array($fileExt, $this->allowedFileExtensions)) { - $result = FALSE; - } - // Check disallowed file extensions - if ($this->disallowedFileExtensions !== NULL && count($this->disallowedFileExtensions) > 0 && in_array($fileExt, $this->disallowedFileExtensions)) { - $result = FALSE; - } - return $result; - } + /** + * Entry method for use as filelist filter. + * + * We have to use -1 as the „don't include“ return value, as call_user_func() will return FALSE + * if calling the method failed and thus we can't use that as a return value. + * + * @param string $itemName + * @param string $itemIdentifier + * @param string $parentIdentifier + * @param array $additionalInformation Additional information about the inspected item + * @param DriverInterface $driver + * @return bool|int -1 if the file should not be included in a listing + */ + public function filterFileList($itemName, $itemIdentifier, $parentIdentifier, array $additionalInformation, DriverInterface $driver) + { + $returnCode = true; + // Early return in case no file filters are set at all + if ($this->allowedFileExtensions === null && $this->disallowedFileExtensions === null) { + return $returnCode; + } + // Check that this is a file and not a folder + if ($driver->fileExists($itemIdentifier)) { + try { + $fileInfo = $driver->getFileInfoByIdentifier($itemIdentifier, ['extension']); + } catch (\InvalidArgumentException $e) { + $fileInfo = []; + } + if (!$this->isAllowed($fileInfo['extension'] ?? '')) { + $returnCode = -1; + } + } + return $returnCode; + } - /** - * Set allowed file extensions - * - * @param mixed $allowedFileExtensions Comma-separated list or array, of allowed file extensions - */ - public function setAllowedFileExtensions($allowedFileExtensions) { - $this->allowedFileExtensions = $this->convertToLowercaseArray($allowedFileExtensions); - } + /** + * Checks whether a file is allowed according to the criteria defined in the class variables ($this->allowedFileExtensions etc.) + * + * @param string $fileExt + * @return bool + */ + protected function isAllowed($fileExt) + { + $fileExt = strtolower($fileExt); + $result = true; + // Check allowed file extensions + if ($this->allowedFileExtensions !== null && !empty($this->allowedFileExtensions) && !in_array($fileExt, $this->allowedFileExtensions)) { + $result = false; + } + // Check disallowed file extensions + if ($this->disallowedFileExtensions !== null && !empty($this->disallowedFileExtensions) && in_array($fileExt, $this->disallowedFileExtensions)) { + $result = false; + } + return $result; + } - /** - * Set disallowed file extensions - * - * @param mixed $disallowedFileExtensions Comma-separated list or array, of allowed file extensions - */ - public function setDisallowedFileExtensions($disallowedFileExtensions) { - $this->disallowedFileExtensions = $this->convertToLowercaseArray($disallowedFileExtensions); - } + /** + * Set allowed file extensions + * + * @param mixed $allowedFileExtensions Comma-separated list or array, of allowed file extensions + */ + public function setAllowedFileExtensions($allowedFileExtensions) + { + $this->allowedFileExtensions = $this->convertToLowercaseArray($allowedFileExtensions); + } - /** - * Converts mixed (string or array) input arguments into an array, NULL if empty. - * - * All array values will be converted to lower case. - * - * @param mixed $inputArgument Comma-separated list or array. - * @return array - */ - protected function convertToLowercaseArray($inputArgument) { - $returnValue = NULL; - if (is_array($inputArgument)) { - $returnValue = $inputArgument; - } elseif (strlen($inputArgument) > 0) { - $returnValue = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $inputArgument); - } + /** + * Set disallowed file extensions + * + * @param mixed $disallowedFileExtensions Comma-separated list or array, of allowed file extensions + */ + public function setDisallowedFileExtensions($disallowedFileExtensions) + { + $this->disallowedFileExtensions = $this->convertToLowercaseArray($disallowedFileExtensions); + } - if (is_array($returnValue)) { - $returnValue = array_map('strtolower', $returnValue); - } + /** + * Converts mixed (string or array) input arguments into an array, NULL if empty. + * + * All array values will be converted to lower case. + * + * @param mixed $inputArgument Comma-separated list or array. + * @return array + */ + protected function convertToLowercaseArray($inputArgument) + { + $returnValue = null; + if (is_array($inputArgument)) { + $returnValue = $inputArgument; + } elseif ((string)$inputArgument !== '') { + $returnValue = GeneralUtility::trimExplode(',', $inputArgument); + } - return $returnValue; - } + if (is_array($returnValue)) { + $returnValue = array_map('strtolower', $returnValue); + } + return $returnValue; + } }