当前位置: 首页>>代码示例>>PHP>>正文


PHP GeneralUtility::verifyFilenameAgainstDenyPattern方法代码示例

本文整理汇总了PHP中TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern方法的典型用法代码示例。如果您正苦于以下问题:PHP GeneralUtility::verifyFilenameAgainstDenyPattern方法的具体用法?PHP GeneralUtility::verifyFilenameAgainstDenyPattern怎么用?PHP GeneralUtility::verifyFilenameAgainstDenyPattern使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在TYPO3\CMS\Core\Utility\GeneralUtility的用法示例。


在下文中一共展示了GeneralUtility::verifyFilenameAgainstDenyPattern方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: checkExtension

 /**
  * Check extension of given filename
  *
  * @param string $filename Filename like (upload.png)
  * @return bool If Extension is allowed
  */
 public static function checkExtension($filename)
 {
     $extensionList = 'jpg,jpeg,png,gif,bmp';
     $settings = self::getTypoScriptFrontendController()->tmpl->setup['plugin.']['tx_femanager.']['settings.'];
     if (!empty($settings['misc.']['uploadFileExtension'])) {
         $extensionList = $settings['misc.']['uploadFileExtension'];
         $extensionList = str_replace(' ', '', $extensionList);
     }
     $fileInfo = pathinfo($filename);
     return !empty($fileInfo['extension']) && GeneralUtility::inList($extensionList, strtolower($fileInfo['extension'])) && GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && GeneralUtility::validPathStr($filename);
 }
开发者ID:olek07,项目名称:GiGaBonus,代码行数:17,代码来源:FileUtility.php

示例2: isUploadedFileGood

 /**
  * @param array $information
  * @param string $expectedFileType
  * @return bool
  * @throws \Exception
  */
 public static function isUploadedFileGood(array $information, $expectedFileType = 'text/csv')
 {
     if (isset($information['error'])) {
         if ($information['error'] === UPLOAD_ERR_OK) {
             if (!GeneralUtility::verifyFilenameAgainstDenyPattern($information['name'])) {
                 throw new \Exception('Uploading files with PHP file extensions is not allowed!', 1399312430);
             }
             return $information['type'] === $expectedFileType;
         }
     }
     return false;
 }
开发者ID:vertexvaar,项目名称:election,代码行数:18,代码来源:FileUtility.php

示例3: verifyFilenameAgainstDenyPatternDetectsNotAllowedFiles

 /**
  * Tests whether verifyFilenameAgainstDenyPattern detects denied files.
  *
  * @param string $deniedFile
  * @test
  * @dataProvider deniedFilesDataProvider
  */
 public function verifyFilenameAgainstDenyPatternDetectsNotAllowedFiles($deniedFile)
 {
     $this->assertFalse(GeneralUtility::verifyFilenameAgainstDenyPattern($deniedFile));
 }
开发者ID:hlop,项目名称:TYPO3.CMS,代码行数:11,代码来源:GeneralUtilityTest.php

示例4: importUploadedResource

 /**
  * Import a resource and respect configuration given for properties
  *
  * @param array $uploadInfo
  * @param PropertyMappingConfigurationInterface $configuration
  * @return \TYPO3\CMS\Extbase\Domain\Model\FileReference
  * @throws TypeConverterException
  * @throws ExistingTargetFileNameException
  */
 protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration)
 {
     if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) {
         throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1399312430);
     }
     $allowedFileExtensions = $configuration->getConfigurationValue('Bureauoberhoff\\H5upldr\\Property\\TypeConverter\\UploadedFileReferenceConverter', self::CONFIGURATION_ALLOWED_FILE_EXTENSIONS);
     if ($allowedFileExtensions !== NULL) {
         $filePathInfo = PathUtility::pathinfo($uploadInfo['name']);
         if (!GeneralUtility::inList($allowedFileExtensions, strtolower($filePathInfo['extension']))) {
             throw new TypeConverterException('File extension is not allowed!', 1399312430);
         }
     }
     $uploadFolderId = $configuration->getConfigurationValue('Bureauoberhoff\\H5upldr\\Property\\TypeConverter\\UploadedFileReferenceConverter', self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder;
     $conflictMode = $configuration->getConfigurationValue('Bureauoberhoff\\H5upldr\\Property\\TypeConverter\\UploadedFileReferenceConverter', self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode;
     $uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId);
     $uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode);
     $resourcePointer = isset($uploadInfo['submittedFile']['resourcePointer']) && strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === FALSE ? $this->hashService->validateAndStripHmac($uploadInfo['submittedFile']['resourcePointer']) : NULL;
     $fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer);
     return $fileReferenceModel;
 }
开发者ID:philippjbauer,项目名称:h5upldr,代码行数:29,代码来源:UploadedFileReferenceConverter.php

示例5: displayWarningMessages

 /**
  * Display some warning messages if this installation is obviously insecure!!
  * These warnings are only displayed to admin users
  *
  * @return void
  */
 public static function displayWarningMessages()
 {
     if ($GLOBALS['BE_USER']->isAdmin()) {
         // Array containing warnings that must be displayed
         $warnings = array();
         // If this file exists and it isn't older than one hour, the Install Tool is enabled
         $enableInstallToolFile = PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL';
         // Cleanup command, if set
         $cmd = \TYPO3\CMS\Core\Utility\GeneralUtility::_GET('adminWarning_cmd');
         switch ($cmd) {
             case 'remove_ENABLE_INSTALL_TOOL':
                 if (unlink($enableInstallToolFile)) {
                     unset($enableInstallToolFile);
                 }
                 break;
         }
         // Check if the Install Tool Password is still default: joh316
         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] == md5('joh316')) {
             $url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=about');
             $warnings['install_password'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_password'), '<a href="' . $url . '">', '</a>');
         }
         // Check if there is still a default user 'admin' with password 'password' (MD5sum = 5f4dcc3b5aa765d61d8327deb882cf99)
         $where_clause = 'username=' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users') . ' AND password=' . $GLOBALS['TYPO3_DB']->fullQuoteStr('5f4dcc3b5aa765d61d8327deb882cf99', 'be_users') . self::deleteClause('be_users');
         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid, username, password', 'be_users', $where_clause);
         if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
             $url = 'alt_doc.php?returnUrl=alt_intro.php&edit[be_users][' . $row['uid'] . ']=edit';
             $warnings['backend_admin'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_admin'), '<a href="' . htmlspecialchars($url) . '">', '</a>');
         }
         $GLOBALS['TYPO3_DB']->sql_free_result($res);
         // Check whether the file ENABLE_INSTALL_TOOL contains the string "KEEP_FILE" which permanently unlocks the install tool
         if (is_file($enableInstallToolFile) && trim(file_get_contents($enableInstallToolFile)) === 'KEEP_FILE') {
             $url = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_REQUEST_SCRIPT') . '?adminWarning_cmd=remove_ENABLE_INSTALL_TOOL';
             $warnings['install_enabled'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled'), '<span style="white-space:nowrap;">' . $enableInstallToolFile . '</span>');
             $warnings['install_enabled'] .= ' <a href="' . $url . '">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd') . '</a>';
         }
         // Check if the encryption key is empty
         if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] == '') {
             $url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
             $warnings['install_encryption'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_encryption'), '<a href="' . $url . '">', '</a>');
         }
         // Check if parts of fileDenyPattern were removed which is dangerous on Apache
         $defaultParts = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode('|', FILE_DENY_PATTERN_DEFAULT, TRUE);
         $givenParts = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode('|', $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'], TRUE);
         $result = array_intersect($defaultParts, $givenParts);
         if ($defaultParts !== $result) {
             $warnings['file_deny_pattern'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern_partsNotPresent'), '<br /><pre>' . htmlspecialchars(FILE_DENY_PATTERN_DEFAULT) . '</pre><br />');
         }
         // Check if fileDenyPattern allows to upload .htaccess files which is dangerous on Apache
         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && \TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern('.htaccess')) {
             $warnings['file_deny_htaccess'] = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_htaccess');
         }
         // Check if there are still updates to perform
         if (!\TYPO3\CMS\Core\Utility\GeneralUtility::compat_version(TYPO3_branch)) {
             $url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=update');
             $warnings['install_update'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_update'), '<a href="' . $url . '">', '</a>');
         }
         // Check if sys_refindex is empty
         $count = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'sys_refindex');
         $registry = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Registry');
         $lastRefIndexUpdate = $registry->get('core', 'sys_refindex_lastUpdate');
         if (!$count && $lastRefIndexUpdate) {
             $url = 'sysext/lowlevel/dbint/index.php?&id=0&SET[function]=refindex';
             $warnings['backend_reference'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_reference_index'), '<a href="' . $url . '">', '</a>', self::dateTime($lastRefIndexUpdate));
         }
         // Check for memcached if configured
         $memCacheUse = FALSE;
         if (is_array($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'])) {
             foreach ($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'] as $table => $conf) {
                 if (is_array($conf)) {
                     foreach ($conf as $key => $value) {
                         if (!is_array($value) && $value === 'TYPO3\\CMS\\Core\\Cache\\Backend\\MemcachedBackend') {
                             $servers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'][$table]['options']['servers'];
                             $memCacheUse = TRUE;
                             break;
                         }
                     }
                 }
             }
             if ($memCacheUse) {
                 $failed = array();
                 $defaultPort = ini_get('memcache.default_port');
                 if (function_exists('memcache_connect')) {
                     if (is_array($servers)) {
                         foreach ($servers as $testServer) {
                             $configuredServer = $testServer;
                             if (substr($testServer, 0, 7) == 'unix://') {
                                 $host = $testServer;
                                 $port = 0;
                             } else {
                                 if (substr($testServer, 0, 6) === 'tcp://') {
                                     $testServer = substr($testServer, 6);
                                 }
                                 if (strstr($testServer, ':') !== FALSE) {
                                     list($host, $port) = explode(':', $testServer, 2);
//.........这里部分代码省略.........
开发者ID:nicksergio,项目名称:TYPO3v4-Core,代码行数:101,代码来源:BackendUtility.php

示例6: verifyFilenameAgainstDenyPatternDetectsNullCharacter

 /**
  * Tests whether verifyFilenameAgainstDenyPattern detects the NULL character.
  *
  * @test
  */
 public function verifyFilenameAgainstDenyPatternDetectsNullCharacter()
 {
     $this->assertFalse(Utility\GeneralUtility::verifyFilenameAgainstDenyPattern('image.gif'));
 }
开发者ID:nicksergio,项目名称:TYPO3v4-Core,代码行数:9,代码来源:GeneralUtilityTest.php

示例7: getHtaccessUploadStatus

 /**
  * Checks if fileDenyPattern allows to upload .htaccess files which is
  * dangerous on Apache.
  *
  * @return \TYPO3\CMS\Reports\Status An object representing whether it's possible to upload .htaccess files
  */
 protected function getHtaccessUploadStatus()
 {
     $value = $GLOBALS['LANG']->getLL('status_ok');
     $message = '';
     $severity = \TYPO3\CMS\Reports\Status::OK;
     if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && GeneralUtility::verifyFilenameAgainstDenyPattern('.htaccess')) {
         $value = $GLOBALS['LANG']->getLL('status_insecure');
         $severity = \TYPO3\CMS\Reports\Status::ERROR;
         $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.file_deny_htaccess');
     }
     return GeneralUtility::makeInstance('TYPO3\\CMS\\Reports\\Status', $GLOBALS['LANG']->getLL('status_htaccessUploadProtection'), $value, $message, $severity);
 }
开发者ID:khanhdeux,项目名称:typo3test,代码行数:18,代码来源:SecurityStatus.php

示例8: checkFileExtensionPermission

 /**
  * If the fileName is given, checks it against the
  * TYPO3_CONF_VARS[BE][fileDenyPattern] + and if the file extension is allowed.
  *
  * @param string $fileName full filename
  * @return bool TRUE if extension/filename is allowed
  */
 protected function checkFileExtensionPermission($fileName)
 {
     if (!$this->evaluatePermissions) {
         return true;
     }
     $fileName = $this->driver->sanitizeFileName($fileName);
     $isAllowed = GeneralUtility::verifyFilenameAgainstDenyPattern($fileName);
     if ($isAllowed) {
         $fileExtension = strtolower(PathUtility::pathinfo($fileName, PATHINFO_EXTENSION));
         // Set up the permissions for the file extension
         $fileExtensionPermissions = $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']['webspace'];
         $fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($fileExtensionPermissions['allow']));
         $fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($fileExtensionPermissions['deny']));
         if ($fileExtension !== '') {
             // If the extension is found amongst the allowed types, we return TRUE immediately
             if ($fileExtensionPermissions['allow'] === '*' || GeneralUtility::inList($fileExtensionPermissions['allow'], $fileExtension)) {
                 return true;
             }
             // If the extension is found amongst the denied types, we return FALSE immediately
             if ($fileExtensionPermissions['deny'] === '*' || GeneralUtility::inList($fileExtensionPermissions['deny'], $fileExtension)) {
                 return false;
             }
             // If no match we return TRUE
             return true;
         } else {
             if ($fileExtensionPermissions['allow'] === '*') {
                 return true;
             }
             if ($fileExtensionPermissions['deny'] === '*') {
                 return false;
             }
             return true;
         }
     }
     return false;
 }
开发者ID:TYPO3Incubator,项目名称:TYPO3.CMS,代码行数:43,代码来源:ResourceStorage.php

示例9: checkExtension

 /**
  * Check extension of given filename
  *
  * @param string $filename Filename like (upload.png)
  * @return bool If Extension is allowed
  */
 public static function checkExtension($filename)
 {
     $extensionList = 'jpg,jpeg,png,gif,bmp';
     if (!empty($GLOBALS['TSFE']->tmpl->setup['plugin.']['tx_femanager.']['settings.']['misc.']['uploadFileExtension'])) {
         $extensionList = $GLOBALS['TSFE']->tmpl->setup['plugin.']['tx_femanager.']['settings.']['misc.']['uploadFileExtension'];
         $extensionList = str_replace(' ', '', $extensionList);
     }
     $fileInfo = pathinfo($filename);
     if (!empty($fileInfo['extension']) && GeneralUtility::inList($extensionList, strtolower($fileInfo['extension'])) && GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && GeneralUtility::validPathStr($filename)) {
         return TRUE;
     }
     return FALSE;
 }
开发者ID:khanhdeux,项目名称:typo3test,代码行数:19,代码来源:Div.php

示例10: uploadAvatar

 /**
  * Uploads a new avatar to the server.
  * @author  Martin Helmich <m.helmich@mittwald.de>
  * @author  Georg Ringer <typo3@ringerge.org>
  * @version 2007-10-03
  * @param   string $content The plugin content
  * @return  string          The content
  */
 function uploadAvatar($content)
 {
     $avatarFile = $_FILES[$this->prefixId];
     if (isset($this->piVars['del_avatar'])) {
         $this->user->removeAvatar($this->conf['path_avatar']);
         $this->user->updateDatabase();
         return $content;
     }
     $fI = GeneralUtility::split_fileref($avatarFile['name']['file']);
     $fileExt = $fI['fileext'];
     if (!GeneralUtility::verifyFilenameAgainstDenyPattern($avatarFile['name']['file']) || !GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $fileExt)) {
         return '';
     }
     if (isset($this->piVars['upload'])) {
         $uploaddir = $this->conf['path_avatar'];
         /*
          * Load the allowed file size for avatar image from the TCA and
          * check against the size of the uploaded image.
          */
         if (filesize($avatarFile['tmp_name']['file']) > $GLOBALS['TCA']['fe_users']['columns']['tx_mmforum_avatar']['config']['max_size'] * 1024) {
             return '';
         }
         $file = $this->user->getUid() . '_' . $GLOBALS['EXEC_TIME'] . '.' . $fileExt;
         $uploadfile = $uploaddir . $file;
         if (GeneralUtility::upload_copy_move($avatarFile['tmp_name']['file'], $uploadfile)) {
             $this->user->setAvatar($file);
             $this->user->updateDatabase();
         }
     }
     return $content;
 }
开发者ID:rabe69,项目名称:mm_forum,代码行数:39,代码来源:class.tx_mmforum_pi5.php

示例11: uploadForm

    /**
     * Makes an upload form for uploading files to the filemount the user is browsing.
     * The files are uploaded to the tce_file.php script in the core which will handle the upload.
     *
     * @param Folder $folderObject
     * @return string HTML for an upload form.
     */
    public function uploadForm(Folder $folderObject)
    {
        if (!$folderObject->checkActionPermission('write')) {
            return '';
        }
        // Read configuration of upload field count
        $userSetting = $this->getBackendUser()->getTSConfigVal('options.folderTree.uploadFieldsInLinkBrowser');
        $count = isset($userSetting) ? (int) $userSetting : 1;
        if ($count === 0) {
            return '';
        }
        $pArr = explode('|', $this->bparams);
        $allowedExtensions = isset($pArr[3]) ? GeneralUtility::trimExplode(',', $pArr[3], true) : [];
        $count = (int) $count === 0 ? 1 : (int) $count;
        // Create header, showing upload path:
        $header = $folderObject->getIdentifier();
        $lang = $this->getLanguageService();
        // Create a list of allowed file extensions with the readable format "youtube, vimeo" etc.
        $fileExtList = array();
        foreach ($allowedExtensions as $fileExt) {
            if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
                $fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
            }
        }
        $code = '
			<br />
			<!--
				Form, for uploading files:
			-->
			<form action="' . htmlspecialchars(BackendUtility::getModuleUrl('tce_file')) . '" method="post" name="editform"' . ' id="typo3-uplFilesForm" enctype="multipart/form-data">
				<table border="0" cellpadding="0" cellspacing="0" id="typo3-uplFiles">
					<tr>
						<td>' . $this->barheader($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.pagetitle', true) . ':') . '</td>
					</tr>
					<tr>
						<td class="c-wCell c-hCell"><strong>' . $lang->getLL('path', true) . ':</strong> ' . htmlspecialchars($header) . '</td>
					</tr>
					<tr>
						<td class="c-wCell c-hCell">';
        // Traverse the number of upload fields:
        $combinedIdentifier = $folderObject->getCombinedIdentifier();
        for ($a = 1; $a <= $count; $a++) {
            $code .= '<input type="file" multiple="multiple" name="upload_' . $a . '[]"' . $this->doc->formWidth(35) . ' size="50" />
				<input type="hidden" name="file[upload][' . $a . '][target]" value="' . htmlspecialchars($combinedIdentifier) . '" />
				<input type="hidden" name="file[upload][' . $a . '][data]" value="' . $a . '" /><br />';
        }
        // Make footer of upload form, including the submit button:
        $redirectValue = $this->getThisScript() . 'act=' . $this->act . '&mode=' . $this->mode . '&expandFolder=' . rawurlencode($combinedIdentifier) . '&bparams=' . rawurlencode($this->bparams) . (is_array($this->P) ? GeneralUtility::implodeArrayForUrl('P', $this->P) : '');
        $code .= '<input type="hidden" name="redirect" value="' . htmlspecialchars($redirectValue) . '" />';
        if (!empty($fileExtList)) {
            $code .= '
				<div class="help-block">
					' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions', true) . '<br>
					' . implode(' ', $fileExtList) . '
				</div>
			';
        }
        $code .= '
			<div id="c-override">
				<label>
					<input type="checkbox" name="overwriteExistingFiles" id="overwriteExistingFiles" value="1" /> ' . $lang->sL('LLL:EXT:lang/locallang_misc.xlf:overwriteExistingFiles', true) . '
				</label>
			</div>
			<input class="btn btn-default" type="submit" name="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit', true) . '" />
		';
        $code .= '</td>
					</tr>
				</table>
			</form>';
        // Add online media
        // Create a list of allowed file extensions in a readable format "youtube, vimeo" etc.
        $fileExtList = array();
        $onlineMediaFileExt = OnlineMediaHelperRegistry::getInstance()->getSupportedFileExtensions();
        foreach ($onlineMediaFileExt as $fileExt) {
            if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt) && (empty($allowedExtensions) || in_array($fileExt, $allowedExtensions, true))) {
                $fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
            }
        }
        if (!empty($fileExtList)) {
            $code .= '
				<!--
			Form, adding online media urls:
				-->
				<form action="' . htmlspecialchars(BackendUtility::getModuleUrl('online_media')) . '" method="post" name="editform1"' . ' id="typo3-addMediaForm">
					<table border="0" cellpadding="0" cellspacing="0" id="typo3-uplFiles">
						<tr>
							<td>' . $this->barheader($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media', true) . ':') . '</td>
						</tr>
						<tr>
							<td class="c-wCell c-hCell"><strong>' . $lang->getLL('path', true) . ':</strong> ' . htmlspecialchars($header) . '</td>
						</tr>
						<tr>
							<td class="c-wCell c-hCell">
//.........这里部分代码省略.........
开发者ID:hlop,项目名称:TYPO3.CMS,代码行数:101,代码来源:ElementBrowser.php

示例12: jumpUrl

 /**
  * Sends a header "Location" to jumpUrl, if jumpurl is set.
  * Will exit if a location header is sent (for instance if jumpUrl was triggered)
  *
  * "jumpUrl" is a concept where external links are redirected from the index_ts.php script, which first logs the URL.
  *
  * @return void
  * @todo Define visibility
  */
 public function jumpUrl()
 {
     if ($this->jumpurl) {
         if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('juSecure')) {
             $locationData = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('locationData');
             // Need a type cast here because mimeType is optional!
             $mimeType = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('mimeType');
             $hArr = array($this->jumpurl, $locationData, $mimeType);
             $calcJuHash = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(serialize($hArr));
             $juHash = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('juHash');
             if ($juHash === $calcJuHash) {
                 if ($this->locDataCheck($locationData)) {
                     // 211002 - goes with cObj->filelink() rawurlencode() of filenames so spaces can be allowed.
                     $this->jumpurl = rawurldecode($this->jumpurl);
                     // Deny access to files that match TYPO3_CONF_VARS[SYS][fileDenyPattern] and whose parent directory is typo3conf/ (there could be a backup file in typo3conf/ which does not match against the fileDenyPattern)
                     $absoluteFileName = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName(\TYPO3\CMS\Core\Utility\GeneralUtility::resolveBackPath($this->jumpurl), FALSE);
                     if (\TYPO3\CMS\Core\Utility\GeneralUtility::isAllowedAbsPath($absoluteFileName) && \TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern($absoluteFileName) && !\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($absoluteFileName, PATH_site . 'typo3conf')) {
                         if (@is_file($absoluteFileName)) {
                             $mimeType = $mimeType ? $mimeType : 'application/octet-stream';
                             header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
                             header('Content-Type: ' . $mimeType);
                             header('Content-Disposition: attachment; filename="' . basename($absoluteFileName) . '"');
                             readfile($absoluteFileName);
                             die;
                         } else {
                             throw new \Exception('jumpurl Secure: "' . $this->jumpurl . '" was not a valid file!', 1294585193);
                         }
                     } else {
                         throw new \Exception('jumpurl Secure: The requested file was not allowed to be accessed through jumpUrl (path or file not allowed)!', 1294585194);
                     }
                 } else {
                     throw new \Exception('jumpurl Secure: locationData, ' . $locationData . ', was not accessible.', 1294585195);
                 }
             } else {
                 throw new \Exception('jumpurl Secure: Calculated juHash did not match the submitted juHash.', 1294585196);
             }
         } else {
             $TSConf = $this->getPagesTSconfig();
             if ($TSConf['TSFE.']['jumpUrl_transferSession']) {
                 $uParts = parse_url($this->jumpurl);
                 $params = '&FE_SESSION_KEY=' . rawurlencode($this->fe_user->id . '-' . md5($this->fe_user->id . '/' . $this->TYPO3_CONF_VARS['SYS']['encryptionKey']));
                 // Add the session parameter ...
                 $this->jumpurl .= ($uParts['query'] ? '' : '?') . $params;
             }
             if ($TSConf['TSFE.']['jumpURL_HTTPStatusCode']) {
                 switch (intval($TSConf['TSFE.']['jumpURL_HTTPStatusCode'])) {
                     case 301:
                         $statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_301;
                         break;
                     case 302:
                         $statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_302;
                         break;
                     case 307:
                         $statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_307;
                         break;
                     case 303:
                     default:
                         $statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_303;
                         break;
                 }
             }
             \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->jumpurl, $statusCode);
         }
     }
 }
开发者ID:nicksergio,项目名称:TYPO3v4-Core,代码行数:74,代码来源:TypoScriptFrontendController.php

示例13: checkIncludeLines

    /**
     * Checks the input string (un-parsed TypoScript) for include-commands ("<INCLUDE_TYPOSCRIPT: ....")
     * Use: t3lib_TSparser::checkIncludeLines()
     *
     * @param string $string Unparsed TypoScript
     * @param integer $cycle_counter Counter for detecting endless loops
     * @param boolean $returnFiles When set an array containing the resulting typoscript and all included files will get returned
     * @return string Complete TypoScript with includes added.
     * @static
     */
    public static function checkIncludeLines($string, $cycle_counter = 1, $returnFiles = FALSE)
    {
        $includedFiles = array();
        if ($cycle_counter > 100) {
            \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog('It appears like TypoScript code is looping over itself. Check your templates for "&lt;INCLUDE_TYPOSCRIPT: ..." tags', 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
            if ($returnFiles) {
                return array('typoscript' => '', 'files' => $includedFiles);
            }
            return '
###
### ERROR: Recursion!
###
';
        }
        $splitStr = '<INCLUDE_TYPOSCRIPT:';
        if (strstr($string, $splitStr)) {
            $newString = '';
            // Adds line break char before/after
            $allParts = explode($splitStr, LF . $string . LF);
            foreach ($allParts as $c => $v) {
                // First goes through
                if (!$c) {
                    $newString .= $v;
                } elseif (preg_match('/\\r?\\n\\s*$/', $allParts[$c - 1])) {
                    $subparts = explode('>', $v, 2);
                    // There must be a line-break char after
                    if (preg_match('/^\\s*\\r?\\n/', $subparts[1])) {
                        // SO, the include was positively recognized:
                        $newString .= '### ' . $splitStr . $subparts[0] . '> BEGIN:' . LF;
                        $params = \TYPO3\CMS\Core\Utility\GeneralUtility::get_tag_attributes($subparts[0]);
                        if ($params['source']) {
                            $sourceParts = explode(':', $params['source'], 2);
                            switch (strtolower(trim($sourceParts[0]))) {
                                case 'file':
                                    $filename = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName(trim($sourceParts[1]));
                                    // Must exist and must not contain '..' and must be relative
                                    if (strcmp($filename, '')) {
                                        // Check for allowed files
                                        if (\TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern($filename)) {
                                            if (@is_file($filename)) {
                                                // Check for includes in included text
                                                $includedFiles[] = $filename;
                                                $included_text = self::checkIncludeLines(\TYPO3\CMS\Core\Utility\GeneralUtility::getUrl($filename), $cycle_counter + 1, $returnFiles);
                                                // If the method also has to return all included files, merge currently included
                                                // files with files included by recursively calling itself
                                                if ($returnFiles && is_array($included_text)) {
                                                    $includedFiles = array_merge($includedFiles, $included_text['files']);
                                                    $included_text = $included_text['typoscript'];
                                                }
                                                $newString .= $included_text . LF;
                                            } else {
                                                $newString .= '
###
### ERROR: File "' . $filename . '" was not was not found.
###

';
                                                \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog('File "' . $filename . '" was not found.', 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
                                            }
                                        } else {
                                            $newString .= '
###
### ERROR: File "' . $filename . '" was not included since it is not allowed due to fileDenyPattern
###

';
                                            \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog('File "' . $filename . '" was not included since it is not allowed due to fileDenyPattern', 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
                                        }
                                    }
                                    break;
                            }
                        }
                        $newString .= '### ' . $splitStr . $subparts[0] . '> END:' . LF;
                        $newString .= $subparts[1];
                    } else {
                        $newString .= $splitStr . $v;
                    }
                } else {
                    $newString .= $splitStr . $v;
                }
            }
            // Not the first/last linebreak char.
            $string = substr($newString, 1, -1);
        }
        // When all included files should get returned, simply return an compound array containing
        // the TypoScript with all "includes" processed and the files which got included
        if ($returnFiles) {
            return array('typoscript' => $string, 'files' => $includedFiles);
        }
        return $string;
//.........这里部分代码省略.........
开发者ID:nicksergio,项目名称:TYPO3v4-Core,代码行数:101,代码来源:TypoScriptParser.php

示例14: extractIncludes

    /**
     * Search for commented INCLUDE_TYPOSCRIPT statements
     * and save the content between the BEGIN and the END line to the specified file
     *
     * @param string  $string Template content
     * @param int $cycle_counter Counter for detecting endless loops
     * @param array   $extractedFileNames
     * @param string  $parentFilenameOrPath
     *
     * @throws \RuntimeException
     * @throws \UnexpectedValueException
     * @return string Template content with uncommented include statements
     */
    public static function extractIncludes($string, $cycle_counter = 1, array $extractedFileNames = array(), $parentFilenameOrPath = '')
    {
        if ($cycle_counter > 10) {
            GeneralUtility::sysLog('It appears like TypoScript code is looping over itself. Check your templates for "&lt;INCLUDE_TYPOSCRIPT: ..." tags', 'Core', GeneralUtility::SYSLOG_SEVERITY_WARNING);
            return '
###
### ERROR: Recursion!
###
';
        }
        $expectedEndTag = '';
        $fileContent = array();
        $restContent = array();
        $fileName = NULL;
        $inIncludePart = FALSE;
        $lines = preg_split("/\r\n|\n|\r/", $string);
        $skipNextLineIfEmpty = FALSE;
        $openingCommentedIncludeStatement = NULL;
        $optionalProperties = '';
        foreach ($lines as $line) {
            // \TYPO3\CMS\Core\TypoScript\Parser\TypoScriptParser::checkIncludeLines inserts
            // an additional empty line, remove this again
            if ($skipNextLineIfEmpty) {
                if (trim($line) === '') {
                    continue;
                }
                $skipNextLineIfEmpty = FALSE;
            }
            // Outside commented include statements
            if (!$inIncludePart) {
                // Search for beginning commented include statements
                if (preg_match('/###\\s*<INCLUDE_TYPOSCRIPT:\\s*source\\s*=\\s*"\\s*((?i)file|dir)\\s*:\\s*([^"]*)"(.*)>\\s*BEGIN/i', $line, $matches)) {
                    // Found a commented include statement
                    // Save this line in case there is no ending tag
                    $openingCommentedIncludeStatement = trim($line);
                    $openingCommentedIncludeStatement = preg_replace('/\\s*### Warning: .*###\\s*/', '', $openingCommentedIncludeStatement);
                    // type of match: FILE or DIR
                    $inIncludePart = strtoupper($matches[1]);
                    $fileName = $matches[2];
                    $optionalProperties = $matches[3];
                    $expectedEndTag = '### <INCLUDE_TYPOSCRIPT: source="' . $inIncludePart . ':' . $fileName . '"' . $optionalProperties . '> END';
                    // Strip all whitespace characters to make comparison safer
                    $expectedEndTag = strtolower(preg_replace('/\\s/', '', $expectedEndTag));
                } else {
                    // If this is not a beginning commented include statement this line goes into the rest content
                    $restContent[] = $line;
                }
                //if (is_array($matches)) GeneralUtility::devLog('matches', 'TypoScriptParser', 0, $matches);
            } else {
                // Inside commented include statements
                // Search for the matching ending commented include statement
                $strippedLine = preg_replace('/\\s/', '', $line);
                if (stripos($strippedLine, $expectedEndTag) !== FALSE) {
                    // Found the matching ending include statement
                    $fileContentString = implode(PHP_EOL, $fileContent);
                    // Write the content to the file
                    // Resolve a possible relative paths if a parent file is given
                    if ($parentFilenameOrPath !== '' && $fileName[0] === '.') {
                        $realFileName = PathUtility::getAbsolutePathOfRelativeReferencedFileOrPath($parentFilenameOrPath, $fileName);
                    } else {
                        $realFileName = $fileName;
                    }
                    $realFileName = GeneralUtility::getFileAbsFileName($realFileName);
                    if ($inIncludePart === 'FILE') {
                        // Some file checks
                        if (!GeneralUtility::verifyFilenameAgainstDenyPattern($realFileName)) {
                            throw new \UnexpectedValueException(sprintf('File "%s" was not included since it is not allowed due to fileDenyPattern.', $fileName), 1382651858);
                        }
                        if (empty($realFileName)) {
                            throw new \UnexpectedValueException(sprintf('"%s" is not a valid file location.', $fileName), 1294586441);
                        }
                        if (!is_writable($realFileName)) {
                            throw new \RuntimeException(sprintf('"%s" is not writable.', $fileName), 1294586442);
                        }
                        if (in_array($realFileName, $extractedFileNames)) {
                            throw new \RuntimeException(sprintf('Recursive/multiple inclusion of file "%s"', $realFileName), 1294586443);
                        }
                        $extractedFileNames[] = $realFileName;
                        // Recursive call to detected nested commented include statements
                        $fileContentString = self::extractIncludes($fileContentString, $cycle_counter + 1, $extractedFileNames, $realFileName);
                        // Write the content to the file
                        if (!GeneralUtility::writeFile($realFileName, $fileContentString)) {
                            throw new \RuntimeException(sprintf('Could not write file "%s"', $realFileName), 1294586444);
                        }
                        // Insert reference to the file in the rest content
                        $restContent[] = '<INCLUDE_TYPOSCRIPT: source="FILE:' . $fileName . '"' . $optionalProperties . '>';
                    } else {
//.........这里部分代码省略.........
开发者ID:plan2net,项目名称:TYPO3.CMS,代码行数:101,代码来源:TypoScriptParser.php

示例15: checkExtension

 /**
  * Is file-extension allowed for uploading?
  *
  * @param string $filename Filename like (upload_03.txt)
  * @param string $fileExtensions allowed file extensions
  * @return bool
  */
 public static function checkExtension($filename, $fileExtensions = '')
 {
     $fileInfo = pathinfo($filename);
     if (!empty($fileInfo['extension']) && !empty($fileExtensions) && GeneralUtility::inList($fileExtensions, $fileInfo['extension']) && GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && GeneralUtility::validPathStr($filename)) {
         return true;
     }
     return false;
 }
开发者ID:VladStawizki,项目名称:ipl-logistik.de,代码行数:15,代码来源:BasicFileUtility.php


注:本文中的TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。