[BUGFIX] Move file extension detection to FAL driver 96/56696/2
authorFrans Saris <franssaris@gmail.com>
Tue, 20 Feb 2018 13:36:16 +0000 (14:36 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Mon, 16 Apr 2018 21:09:53 +0000 (23:09 +0200)
The only object that is allowed to handle the physical file in the FAL
is the driver. As that's the only instance that knows how to access the
file.

This patch makes sure the Indexer and FileExtensionFilter asks the
driver of the file extension instead of using the PathUtility itself.

Releases: master, 8.7
Resolves: #83976
Change-Id: I80bec3c3f86d1137747e37dd99973ada8909ad36
Reviewed-on: https://review.typo3.org/56696
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/core/Classes/Resource/Driver/LocalDriver.php
typo3/sysext/core/Classes/Resource/Filter/FileExtensionFilter.php
typo3/sysext/core/Classes/Resource/Index/Indexer.php
typo3/sysext/core/Tests/Unit/Resource/Utility/FileExtensionFilterTest.php

index 7bdcee8..3363ca2 100644 (file)
@@ -638,7 +638,7 @@ class LocalDriver extends AbstractHierarchicalFilesystemDriver
     {
         if (empty($propertiesToExtract)) {
             $propertiesToExtract = [
-                'size', 'atime', 'mtime', 'ctime', 'mimetype', 'name',
+                'size', 'atime', 'mtime', 'ctime', 'mimetype', 'name', 'extension',
                 'identifier', 'identifier_hash', 'storage', 'folder_hash'
             ];
         }
@@ -676,6 +676,8 @@ class LocalDriver extends AbstractHierarchicalFilesystemDriver
                 return $fileInfo->getCTime();
             case 'name':
                 return PathUtility::basename($fileIdentifier);
+            case 'extension':
+                return PathUtility::pathinfo($fileIdentifier, PATHINFO_EXTENSION);
             case 'mimetype':
                 return (string)$fileInfo->getMimeType();
             case 'identifier':
index 8a589d1..d73f03f 100644 (file)
@@ -18,6 +18,7 @@ use TYPO3\CMS\Core\DataHandling\DataHandler;
 use TYPO3\CMS\Core\Resource\Driver\DriverInterface;
 use TYPO3\CMS\Core\Resource\ResourceFactory;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\PathUtility;
 
 /**
  * Utility methods for filtering filenames
@@ -64,7 +65,7 @@ class FileExtensionFilter
                 $fileReferenceUid = $parts[count($parts) - 1];
                 $fileReference = ResourceFactory::getInstance()->getFileReferenceObject($fileReferenceUid);
                 $file = $fileReference->getOriginalFile();
-                if ($this->isAllowed($file->getName())) {
+                if ($this->isAllowed($file->getExtension())) {
                     $cleanValues[] = $value;
                 } else {
                     // Remove the erroneously created reference record again
@@ -97,7 +98,15 @@ class FileExtensionFilter
         }
         // Check that this is a file and not a folder
         if ($driver->fileExists($itemIdentifier)) {
-            if (!$this->isAllowed($itemName)) {
+            try {
+                $fileInfo = $driver->getFileInfoByIdentifier($itemIdentifier, ['extension']);
+            } catch (\InvalidArgumentException $e) {
+                $fileInfo = [];
+            }
+            if (!isset($fileInfo['extension'])) {
+                $fileInfo['extension'] = PathUtility::pathinfo($itemIdentifier, PATHINFO_EXTENSION);
+            }
+            if (!$this->isAllowed($fileInfo['extension'])) {
                 $returnCode = -1;
             }
         }
@@ -107,13 +116,13 @@ class FileExtensionFilter
     /**
      * Checks whether a file is allowed according to the criteria defined in the class variables ($this->allowedFileExtensions etc.)
      *
-     * @param string $fileName
+     * @param string $fileExt
      * @return bool
      */
-    protected function isAllowed($fileName)
+    protected function isAllowed($fileExt)
     {
+        $fileExt = strtolower($fileExt);
         $result = true;
-        $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
         // Check allowed file extensions
         if ($this->allowedFileExtensions !== null && !empty($this->allowedFileExtensions) && !in_array($fileExt, $this->allowedFileExtensions)) {
             $result = false;
index 25d69d4..56d505a 100644 (file)
@@ -311,7 +311,9 @@ class Indexer
         $fileInfo = $this->transformFromDriverFileInfoArrayToFileObjectFormat($fileInfo);
         $fileInfo['type'] = $this->getFileType($fileInfo['mime_type']);
         $fileInfo['sha1'] = $this->storage->hashFileByIdentifier($identifier, 'sha1');
-        $fileInfo['extension'] = PathUtility::pathinfo($fileInfo['name'], PATHINFO_EXTENSION);
+        if (!isset($fileInfo['extension'])) {
+            $fileInfo['extension'] = PathUtility::pathinfo($fileInfo['name'], PATHINFO_EXTENSION);
+        }
         $fileInfo['missing'] = 0;
 
         return $fileInfo;
index 9b6177f..af26dc0 100644 (file)
@@ -138,7 +138,7 @@ class FileExtensionFilterTest extends \TYPO3\TestingFramework\Core\Unit\UnitTest
         $filter = $this->getAccessibleMock(\TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter::class, ['dummy']);
         $filter->setAllowedFileExtensions($allowedExtensions);
         $filter->setDisallowedFileExtensions($disallowedExtensions);
-        $result = $filter->_call('isAllowed', 'file.' . $fileExtension);
+        $result = $filter->_call('isAllowed', $fileExtension);
         $this->assertEquals($isAllowed, $result);
     }
 }