Fixed bug #16136: make it possible to really restrict to certain file extensions...
authorSteffen Gebert <steffen.gebert@typo3.org>
Fri, 5 Nov 2010 21:36:30 +0000 (21:36 +0000)
committerSteffen Gebert <steffen.gebert@typo3.org>
Fri, 5 Nov 2010 21:36:30 +0000 (21:36 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@9288 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_basicfilefunc.php

index 6c3a621..125e21c 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
 
        * Added feature #16258: Add Khmer language to TYPO3 core (Thanks to Keo Visay)
        * Fixed bug #16130: buggy initialization of flash uploader when only certain file extensions are allowed (Thanks to Andreas Kiessling)
+       * Fixed bug #16136: make it possible to really restrict to certain file extensions for filemounts (Thanks to Andreas Kiessling)
 
 2010-11-04  Stanislas Rolland  <typo3@sjbr.ca>
 
index 229ebcc..3524c18 100644 (file)
@@ -177,29 +177,40 @@ class t3lib_basicFileFunctions    {
        }
 
        /**
-        * Checks if a $iconkey (fileextension) is allowed according to $this->f_ext.
+        * Checks if a file extension is allowed according to $this->f_ext.
         *
-        * @param       string          The extension to check, eg. "php" or "html" etc.
-        * @param       string          Either "webspage" or "ftpspace" - points to a key in $this->f_ext
-        * @return      boolean         True if file extension is allowed.
+        * @param string $fileExtension The extension to check, eg. "php" or "html" etc.
+        * @param string $type          Either "webspage" or "ftpspace" - points to a key in $this->f_ext
+        * @return boolean TRUE if file extension is allowed.
         */
-       function is_allowed($iconkey,$type)     {
-               if (isset($this->f_ext[$type])) {
-                       $ik = strtolower($iconkey);
-                       if ($ik)        {
-                                       // If the extension is found amongst the allowed types, we return true immediately
-                               if ($this->f_ext[$type]['allow']=='*' || t3lib_div::inList($this->f_ext[$type]['allow'],$ik))   return true;
-                                       // If the extension is found amongst the denied types, we return false immediately
-                               if ($this->f_ext[$type]['deny']=='*' || t3lib_div::inList($this->f_ext[$type]['deny'],$ik))     return false;
-                                       // If no match we return true
-                               return true;
-                       } else {        // If no extension:
-                               if ($this->f_ext[$type]['allow']=='*')  return true;
-                               if ($this->f_ext[$type]['deny']=='*')   return false;
-                               return true;
-                       }
+       function is_allowed($fileExtension, $type) {
+               $fileExtension = strtolower($fileExtension);
+
+               if (!isset($this->f_ext[$type])) {
+                       return FALSE;
                }
-               return false;
+
+               if (t3lib_div::inList($this->f_ext[$type]['deny'], '*')) {
+                       return FALSE;
+               }
+
+                       // file name without extension
+               if (!$fileExtension && !t3lib_div::inList($this->f_ext[$type]['allow'], '*')) {
+                       return FALSE;
+               }
+
+                       // extension is found amongst the denied types
+               if (t3lib_div::inList($this->f_ext[$type]['deny'], $fileExtension)) {
+                       return FALSE;
+               }
+
+                       // if allowed types are set, check against them
+               if ($this->f_ext[$type]['allow'] !== '' && !t3lib_div::inList($this->f_ext[$type]['allow'], '*') &&
+                       !t3lib_div::inList($this->f_ext[$type]['allow'], $fileExtension)) {
+                       return FALSE;
+               }
+
+               return TRUE;
        }
 
        /**