本文整理匯總了PHP中TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern方法的典型用法代碼示例。如果您正苦於以下問題:PHP GeneralUtility::verifyFilenameAgainstDenyPattern方法的具體用法?PHP GeneralUtility::verifyFilenameAgainstDenyPattern怎麽用?PHP GeneralUtility::verifyFilenameAgainstDenyPattern使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類TYPO3\CMS\Core\Utility\GeneralUtility
的用法示例。
在下文中一共展示了GeneralUtility::verifyFilenameAgainstDenyPattern方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: checkExtension
/**
* Check extension of given filename
*
* @param string $filename Filename like (upload.png)
* @return bool If Extension is allowed
*/
public static function checkExtension($filename)
{
$extensionList = 'jpg,jpeg,png,gif,bmp';
$settings = self::getTypoScriptFrontendController()->tmpl->setup['plugin.']['tx_femanager.']['settings.'];
if (!empty($settings['misc.']['uploadFileExtension'])) {
$extensionList = $settings['misc.']['uploadFileExtension'];
$extensionList = str_replace(' ', '', $extensionList);
}
$fileInfo = pathinfo($filename);
return !empty($fileInfo['extension']) && GeneralUtility::inList($extensionList, strtolower($fileInfo['extension'])) && GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && GeneralUtility::validPathStr($filename);
}
示例2: isUploadedFileGood
/**
* @param array $information
* @param string $expectedFileType
* @return bool
* @throws \Exception
*/
public static function isUploadedFileGood(array $information, $expectedFileType = 'text/csv')
{
if (isset($information['error'])) {
if ($information['error'] === UPLOAD_ERR_OK) {
if (!GeneralUtility::verifyFilenameAgainstDenyPattern($information['name'])) {
throw new \Exception('Uploading files with PHP file extensions is not allowed!', 1399312430);
}
return $information['type'] === $expectedFileType;
}
}
return false;
}
示例3: verifyFilenameAgainstDenyPatternDetectsNotAllowedFiles
/**
* Tests whether verifyFilenameAgainstDenyPattern detects denied files.
*
* @param string $deniedFile
* @test
* @dataProvider deniedFilesDataProvider
*/
public function verifyFilenameAgainstDenyPatternDetectsNotAllowedFiles($deniedFile)
{
$this->assertFalse(GeneralUtility::verifyFilenameAgainstDenyPattern($deniedFile));
}
示例4: importUploadedResource
/**
* Import a resource and respect configuration given for properties
*
* @param array $uploadInfo
* @param PropertyMappingConfigurationInterface $configuration
* @return \TYPO3\CMS\Extbase\Domain\Model\FileReference
* @throws TypeConverterException
* @throws ExistingTargetFileNameException
*/
protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration)
{
if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) {
throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1399312430);
}
$allowedFileExtensions = $configuration->getConfigurationValue('Bureauoberhoff\\H5upldr\\Property\\TypeConverter\\UploadedFileReferenceConverter', self::CONFIGURATION_ALLOWED_FILE_EXTENSIONS);
if ($allowedFileExtensions !== NULL) {
$filePathInfo = PathUtility::pathinfo($uploadInfo['name']);
if (!GeneralUtility::inList($allowedFileExtensions, strtolower($filePathInfo['extension']))) {
throw new TypeConverterException('File extension is not allowed!', 1399312430);
}
}
$uploadFolderId = $configuration->getConfigurationValue('Bureauoberhoff\\H5upldr\\Property\\TypeConverter\\UploadedFileReferenceConverter', self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder;
$conflictMode = $configuration->getConfigurationValue('Bureauoberhoff\\H5upldr\\Property\\TypeConverter\\UploadedFileReferenceConverter', self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode;
$uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId);
$uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode);
$resourcePointer = isset($uploadInfo['submittedFile']['resourcePointer']) && strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === FALSE ? $this->hashService->validateAndStripHmac($uploadInfo['submittedFile']['resourcePointer']) : NULL;
$fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer);
return $fileReferenceModel;
}
示例5: displayWarningMessages
/**
* Display some warning messages if this installation is obviously insecure!!
* These warnings are only displayed to admin users
*
* @return void
*/
public static function displayWarningMessages()
{
if ($GLOBALS['BE_USER']->isAdmin()) {
// Array containing warnings that must be displayed
$warnings = array();
// If this file exists and it isn't older than one hour, the Install Tool is enabled
$enableInstallToolFile = PATH_site . 'typo3conf/ENABLE_INSTALL_TOOL';
// Cleanup command, if set
$cmd = \TYPO3\CMS\Core\Utility\GeneralUtility::_GET('adminWarning_cmd');
switch ($cmd) {
case 'remove_ENABLE_INSTALL_TOOL':
if (unlink($enableInstallToolFile)) {
unset($enableInstallToolFile);
}
break;
}
// Check if the Install Tool Password is still default: joh316
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] == md5('joh316')) {
$url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=about');
$warnings['install_password'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_password'), '<a href="' . $url . '">', '</a>');
}
// Check if there is still a default user 'admin' with password 'password' (MD5sum = 5f4dcc3b5aa765d61d8327deb882cf99)
$where_clause = 'username=' . $GLOBALS['TYPO3_DB']->fullQuoteStr('admin', 'be_users') . ' AND password=' . $GLOBALS['TYPO3_DB']->fullQuoteStr('5f4dcc3b5aa765d61d8327deb882cf99', 'be_users') . self::deleteClause('be_users');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid, username, password', 'be_users', $where_clause);
if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$url = 'alt_doc.php?returnUrl=alt_intro.php&edit[be_users][' . $row['uid'] . ']=edit';
$warnings['backend_admin'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_admin'), '<a href="' . htmlspecialchars($url) . '">', '</a>');
}
$GLOBALS['TYPO3_DB']->sql_free_result($res);
// Check whether the file ENABLE_INSTALL_TOOL contains the string "KEEP_FILE" which permanently unlocks the install tool
if (is_file($enableInstallToolFile) && trim(file_get_contents($enableInstallToolFile)) === 'KEEP_FILE') {
$url = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_REQUEST_SCRIPT') . '?adminWarning_cmd=remove_ENABLE_INSTALL_TOOL';
$warnings['install_enabled'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled'), '<span style="white-space:nowrap;">' . $enableInstallToolFile . '</span>');
$warnings['install_enabled'] .= ' <a href="' . $url . '">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_enabled_cmd') . '</a>';
}
// Check if the encryption key is empty
if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] == '') {
$url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=config#set_encryptionKey');
$warnings['install_encryption'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_encryption'), '<a href="' . $url . '">', '</a>');
}
// Check if parts of fileDenyPattern were removed which is dangerous on Apache
$defaultParts = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode('|', FILE_DENY_PATTERN_DEFAULT, TRUE);
$givenParts = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode('|', $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'], TRUE);
$result = array_intersect($defaultParts, $givenParts);
if ($defaultParts !== $result) {
$warnings['file_deny_pattern'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_pattern_partsNotPresent'), '<br /><pre>' . htmlspecialchars(FILE_DENY_PATTERN_DEFAULT) . '</pre><br />');
}
// Check if fileDenyPattern allows to upload .htaccess files which is dangerous on Apache
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && \TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern('.htaccess')) {
$warnings['file_deny_htaccess'] = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.file_deny_htaccess');
}
// Check if there are still updates to perform
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::compat_version(TYPO3_branch)) {
$url = 'install/index.php?redirect_url=index.php' . urlencode('?TYPO3_INSTALL[type]=update');
$warnings['install_update'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.install_update'), '<a href="' . $url . '">', '</a>');
}
// Check if sys_refindex is empty
$count = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'sys_refindex');
$registry = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Registry');
$lastRefIndexUpdate = $registry->get('core', 'sys_refindex_lastUpdate');
if (!$count && $lastRefIndexUpdate) {
$url = 'sysext/lowlevel/dbint/index.php?&id=0&SET[function]=refindex';
$warnings['backend_reference'] = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:warning.backend_reference_index'), '<a href="' . $url . '">', '</a>', self::dateTime($lastRefIndexUpdate));
}
// Check for memcached if configured
$memCacheUse = FALSE;
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'] as $table => $conf) {
if (is_array($conf)) {
foreach ($conf as $key => $value) {
if (!is_array($value) && $value === 'TYPO3\\CMS\\Core\\Cache\\Backend\\MemcachedBackend') {
$servers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations'][$table]['options']['servers'];
$memCacheUse = TRUE;
break;
}
}
}
}
if ($memCacheUse) {
$failed = array();
$defaultPort = ini_get('memcache.default_port');
if (function_exists('memcache_connect')) {
if (is_array($servers)) {
foreach ($servers as $testServer) {
$configuredServer = $testServer;
if (substr($testServer, 0, 7) == 'unix://') {
$host = $testServer;
$port = 0;
} else {
if (substr($testServer, 0, 6) === 'tcp://') {
$testServer = substr($testServer, 6);
}
if (strstr($testServer, ':') !== FALSE) {
list($host, $port) = explode(':', $testServer, 2);
//.........這裏部分代碼省略.........
示例6: verifyFilenameAgainstDenyPatternDetectsNullCharacter
/**
* Tests whether verifyFilenameAgainstDenyPattern detects the NULL character.
*
* @test
*/
public function verifyFilenameAgainstDenyPatternDetectsNullCharacter()
{
$this->assertFalse(Utility\GeneralUtility::verifyFilenameAgainstDenyPattern('image.gif'));
}
示例7: getHtaccessUploadStatus
/**
* Checks if fileDenyPattern allows to upload .htaccess files which is
* dangerous on Apache.
*
* @return \TYPO3\CMS\Reports\Status An object representing whether it's possible to upload .htaccess files
*/
protected function getHtaccessUploadStatus()
{
$value = $GLOBALS['LANG']->getLL('status_ok');
$message = '';
$severity = \TYPO3\CMS\Reports\Status::OK;
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] != FILE_DENY_PATTERN_DEFAULT && GeneralUtility::verifyFilenameAgainstDenyPattern('.htaccess')) {
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = \TYPO3\CMS\Reports\Status::ERROR;
$message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.file_deny_htaccess');
}
return GeneralUtility::makeInstance('TYPO3\\CMS\\Reports\\Status', $GLOBALS['LANG']->getLL('status_htaccessUploadProtection'), $value, $message, $severity);
}
示例8: checkFileExtensionPermission
/**
* If the fileName is given, checks it against the
* TYPO3_CONF_VARS[BE][fileDenyPattern] + and if the file extension is allowed.
*
* @param string $fileName full filename
* @return bool TRUE if extension/filename is allowed
*/
protected function checkFileExtensionPermission($fileName)
{
if (!$this->evaluatePermissions) {
return true;
}
$fileName = $this->driver->sanitizeFileName($fileName);
$isAllowed = GeneralUtility::verifyFilenameAgainstDenyPattern($fileName);
if ($isAllowed) {
$fileExtension = strtolower(PathUtility::pathinfo($fileName, PATHINFO_EXTENSION));
// Set up the permissions for the file extension
$fileExtensionPermissions = $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']['webspace'];
$fileExtensionPermissions['allow'] = GeneralUtility::uniqueList(strtolower($fileExtensionPermissions['allow']));
$fileExtensionPermissions['deny'] = GeneralUtility::uniqueList(strtolower($fileExtensionPermissions['deny']));
if ($fileExtension !== '') {
// If the extension is found amongst the allowed types, we return TRUE immediately
if ($fileExtensionPermissions['allow'] === '*' || GeneralUtility::inList($fileExtensionPermissions['allow'], $fileExtension)) {
return true;
}
// If the extension is found amongst the denied types, we return FALSE immediately
if ($fileExtensionPermissions['deny'] === '*' || GeneralUtility::inList($fileExtensionPermissions['deny'], $fileExtension)) {
return false;
}
// If no match we return TRUE
return true;
} else {
if ($fileExtensionPermissions['allow'] === '*') {
return true;
}
if ($fileExtensionPermissions['deny'] === '*') {
return false;
}
return true;
}
}
return false;
}
示例9: checkExtension
/**
* Check extension of given filename
*
* @param string $filename Filename like (upload.png)
* @return bool If Extension is allowed
*/
public static function checkExtension($filename)
{
$extensionList = 'jpg,jpeg,png,gif,bmp';
if (!empty($GLOBALS['TSFE']->tmpl->setup['plugin.']['tx_femanager.']['settings.']['misc.']['uploadFileExtension'])) {
$extensionList = $GLOBALS['TSFE']->tmpl->setup['plugin.']['tx_femanager.']['settings.']['misc.']['uploadFileExtension'];
$extensionList = str_replace(' ', '', $extensionList);
}
$fileInfo = pathinfo($filename);
if (!empty($fileInfo['extension']) && GeneralUtility::inList($extensionList, strtolower($fileInfo['extension'])) && GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && GeneralUtility::validPathStr($filename)) {
return TRUE;
}
return FALSE;
}
示例10: uploadAvatar
/**
* Uploads a new avatar to the server.
* @author Martin Helmich <m.helmich@mittwald.de>
* @author Georg Ringer <typo3@ringerge.org>
* @version 2007-10-03
* @param string $content The plugin content
* @return string The content
*/
function uploadAvatar($content)
{
$avatarFile = $_FILES[$this->prefixId];
if (isset($this->piVars['del_avatar'])) {
$this->user->removeAvatar($this->conf['path_avatar']);
$this->user->updateDatabase();
return $content;
}
$fI = GeneralUtility::split_fileref($avatarFile['name']['file']);
$fileExt = $fI['fileext'];
if (!GeneralUtility::verifyFilenameAgainstDenyPattern($avatarFile['name']['file']) || !GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $fileExt)) {
return '';
}
if (isset($this->piVars['upload'])) {
$uploaddir = $this->conf['path_avatar'];
/*
* Load the allowed file size for avatar image from the TCA and
* check against the size of the uploaded image.
*/
if (filesize($avatarFile['tmp_name']['file']) > $GLOBALS['TCA']['fe_users']['columns']['tx_mmforum_avatar']['config']['max_size'] * 1024) {
return '';
}
$file = $this->user->getUid() . '_' . $GLOBALS['EXEC_TIME'] . '.' . $fileExt;
$uploadfile = $uploaddir . $file;
if (GeneralUtility::upload_copy_move($avatarFile['tmp_name']['file'], $uploadfile)) {
$this->user->setAvatar($file);
$this->user->updateDatabase();
}
}
return $content;
}
示例11: uploadForm
/**
* Makes an upload form for uploading files to the filemount the user is browsing.
* The files are uploaded to the tce_file.php script in the core which will handle the upload.
*
* @param Folder $folderObject
* @return string HTML for an upload form.
*/
public function uploadForm(Folder $folderObject)
{
if (!$folderObject->checkActionPermission('write')) {
return '';
}
// Read configuration of upload field count
$userSetting = $this->getBackendUser()->getTSConfigVal('options.folderTree.uploadFieldsInLinkBrowser');
$count = isset($userSetting) ? (int) $userSetting : 1;
if ($count === 0) {
return '';
}
$pArr = explode('|', $this->bparams);
$allowedExtensions = isset($pArr[3]) ? GeneralUtility::trimExplode(',', $pArr[3], true) : [];
$count = (int) $count === 0 ? 1 : (int) $count;
// Create header, showing upload path:
$header = $folderObject->getIdentifier();
$lang = $this->getLanguageService();
// Create a list of allowed file extensions with the readable format "youtube, vimeo" etc.
$fileExtList = array();
foreach ($allowedExtensions as $fileExt) {
if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt)) {
$fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
}
}
$code = '
<br />
<!--
Form, for uploading files:
-->
<form action="' . htmlspecialchars(BackendUtility::getModuleUrl('tce_file')) . '" method="post" name="editform"' . ' id="typo3-uplFilesForm" enctype="multipart/form-data">
<table border="0" cellpadding="0" cellspacing="0" id="typo3-uplFiles">
<tr>
<td>' . $this->barheader($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.pagetitle', true) . ':') . '</td>
</tr>
<tr>
<td class="c-wCell c-hCell"><strong>' . $lang->getLL('path', true) . ':</strong> ' . htmlspecialchars($header) . '</td>
</tr>
<tr>
<td class="c-wCell c-hCell">';
// Traverse the number of upload fields:
$combinedIdentifier = $folderObject->getCombinedIdentifier();
for ($a = 1; $a <= $count; $a++) {
$code .= '<input type="file" multiple="multiple" name="upload_' . $a . '[]"' . $this->doc->formWidth(35) . ' size="50" />
<input type="hidden" name="file[upload][' . $a . '][target]" value="' . htmlspecialchars($combinedIdentifier) . '" />
<input type="hidden" name="file[upload][' . $a . '][data]" value="' . $a . '" /><br />';
}
// Make footer of upload form, including the submit button:
$redirectValue = $this->getThisScript() . 'act=' . $this->act . '&mode=' . $this->mode . '&expandFolder=' . rawurlencode($combinedIdentifier) . '&bparams=' . rawurlencode($this->bparams) . (is_array($this->P) ? GeneralUtility::implodeArrayForUrl('P', $this->P) : '');
$code .= '<input type="hidden" name="redirect" value="' . htmlspecialchars($redirectValue) . '" />';
if (!empty($fileExtList)) {
$code .= '
<div class="help-block">
' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions', true) . '<br>
' . implode(' ', $fileExtList) . '
</div>
';
}
$code .= '
<div id="c-override">
<label>
<input type="checkbox" name="overwriteExistingFiles" id="overwriteExistingFiles" value="1" /> ' . $lang->sL('LLL:EXT:lang/locallang_misc.xlf:overwriteExistingFiles', true) . '
</label>
</div>
<input class="btn btn-default" type="submit" name="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit', true) . '" />
';
$code .= '</td>
</tr>
</table>
</form>';
// Add online media
// Create a list of allowed file extensions in a readable format "youtube, vimeo" etc.
$fileExtList = array();
$onlineMediaFileExt = OnlineMediaHelperRegistry::getInstance()->getSupportedFileExtensions();
foreach ($onlineMediaFileExt as $fileExt) {
if (GeneralUtility::verifyFilenameAgainstDenyPattern($fileExt) && (empty($allowedExtensions) || in_array($fileExt, $allowedExtensions, true))) {
$fileExtList[] = '<span class="label label-success">' . strtoupper(htmlspecialchars($fileExt)) . '</span>';
}
}
if (!empty($fileExtList)) {
$code .= '
<!--
Form, adding online media urls:
-->
<form action="' . htmlspecialchars(BackendUtility::getModuleUrl('online_media')) . '" method="post" name="editform1"' . ' id="typo3-addMediaForm">
<table border="0" cellpadding="0" cellspacing="0" id="typo3-uplFiles">
<tr>
<td>' . $this->barheader($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media', true) . ':') . '</td>
</tr>
<tr>
<td class="c-wCell c-hCell"><strong>' . $lang->getLL('path', true) . ':</strong> ' . htmlspecialchars($header) . '</td>
</tr>
<tr>
<td class="c-wCell c-hCell">
//.........這裏部分代碼省略.........
示例12: jumpUrl
/**
* Sends a header "Location" to jumpUrl, if jumpurl is set.
* Will exit if a location header is sent (for instance if jumpUrl was triggered)
*
* "jumpUrl" is a concept where external links are redirected from the index_ts.php script, which first logs the URL.
*
* @return void
* @todo Define visibility
*/
public function jumpUrl()
{
if ($this->jumpurl) {
if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('juSecure')) {
$locationData = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('locationData');
// Need a type cast here because mimeType is optional!
$mimeType = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('mimeType');
$hArr = array($this->jumpurl, $locationData, $mimeType);
$calcJuHash = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(serialize($hArr));
$juHash = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('juHash');
if ($juHash === $calcJuHash) {
if ($this->locDataCheck($locationData)) {
// 211002 - goes with cObj->filelink() rawurlencode() of filenames so spaces can be allowed.
$this->jumpurl = rawurldecode($this->jumpurl);
// Deny access to files that match TYPO3_CONF_VARS[SYS][fileDenyPattern] and whose parent directory is typo3conf/ (there could be a backup file in typo3conf/ which does not match against the fileDenyPattern)
$absoluteFileName = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName(\TYPO3\CMS\Core\Utility\GeneralUtility::resolveBackPath($this->jumpurl), FALSE);
if (\TYPO3\CMS\Core\Utility\GeneralUtility::isAllowedAbsPath($absoluteFileName) && \TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern($absoluteFileName) && !\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($absoluteFileName, PATH_site . 'typo3conf')) {
if (@is_file($absoluteFileName)) {
$mimeType = $mimeType ? $mimeType : 'application/octet-stream';
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Type: ' . $mimeType);
header('Content-Disposition: attachment; filename="' . basename($absoluteFileName) . '"');
readfile($absoluteFileName);
die;
} else {
throw new \Exception('jumpurl Secure: "' . $this->jumpurl . '" was not a valid file!', 1294585193);
}
} else {
throw new \Exception('jumpurl Secure: The requested file was not allowed to be accessed through jumpUrl (path or file not allowed)!', 1294585194);
}
} else {
throw new \Exception('jumpurl Secure: locationData, ' . $locationData . ', was not accessible.', 1294585195);
}
} else {
throw new \Exception('jumpurl Secure: Calculated juHash did not match the submitted juHash.', 1294585196);
}
} else {
$TSConf = $this->getPagesTSconfig();
if ($TSConf['TSFE.']['jumpUrl_transferSession']) {
$uParts = parse_url($this->jumpurl);
$params = '&FE_SESSION_KEY=' . rawurlencode($this->fe_user->id . '-' . md5($this->fe_user->id . '/' . $this->TYPO3_CONF_VARS['SYS']['encryptionKey']));
// Add the session parameter ...
$this->jumpurl .= ($uParts['query'] ? '' : '?') . $params;
}
if ($TSConf['TSFE.']['jumpURL_HTTPStatusCode']) {
switch (intval($TSConf['TSFE.']['jumpURL_HTTPStatusCode'])) {
case 301:
$statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_301;
break;
case 302:
$statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_302;
break;
case 307:
$statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_307;
break;
case 303:
default:
$statusCode = \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_303;
break;
}
}
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->jumpurl, $statusCode);
}
}
}
示例13: checkIncludeLines
/**
* Checks the input string (un-parsed TypoScript) for include-commands ("<INCLUDE_TYPOSCRIPT: ....")
* Use: t3lib_TSparser::checkIncludeLines()
*
* @param string $string Unparsed TypoScript
* @param integer $cycle_counter Counter for detecting endless loops
* @param boolean $returnFiles When set an array containing the resulting typoscript and all included files will get returned
* @return string Complete TypoScript with includes added.
* @static
*/
public static function checkIncludeLines($string, $cycle_counter = 1, $returnFiles = FALSE)
{
$includedFiles = array();
if ($cycle_counter > 100) {
\TYPO3\CMS\Core\Utility\GeneralUtility::sysLog('It appears like TypoScript code is looping over itself. Check your templates for "<INCLUDE_TYPOSCRIPT: ..." tags', 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
if ($returnFiles) {
return array('typoscript' => '', 'files' => $includedFiles);
}
return '
###
### ERROR: Recursion!
###
';
}
$splitStr = '<INCLUDE_TYPOSCRIPT:';
if (strstr($string, $splitStr)) {
$newString = '';
// Adds line break char before/after
$allParts = explode($splitStr, LF . $string . LF);
foreach ($allParts as $c => $v) {
// First goes through
if (!$c) {
$newString .= $v;
} elseif (preg_match('/\\r?\\n\\s*$/', $allParts[$c - 1])) {
$subparts = explode('>', $v, 2);
// There must be a line-break char after
if (preg_match('/^\\s*\\r?\\n/', $subparts[1])) {
// SO, the include was positively recognized:
$newString .= '### ' . $splitStr . $subparts[0] . '> BEGIN:' . LF;
$params = \TYPO3\CMS\Core\Utility\GeneralUtility::get_tag_attributes($subparts[0]);
if ($params['source']) {
$sourceParts = explode(':', $params['source'], 2);
switch (strtolower(trim($sourceParts[0]))) {
case 'file':
$filename = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName(trim($sourceParts[1]));
// Must exist and must not contain '..' and must be relative
if (strcmp($filename, '')) {
// Check for allowed files
if (\TYPO3\CMS\Core\Utility\GeneralUtility::verifyFilenameAgainstDenyPattern($filename)) {
if (@is_file($filename)) {
// Check for includes in included text
$includedFiles[] = $filename;
$included_text = self::checkIncludeLines(\TYPO3\CMS\Core\Utility\GeneralUtility::getUrl($filename), $cycle_counter + 1, $returnFiles);
// If the method also has to return all included files, merge currently included
// files with files included by recursively calling itself
if ($returnFiles && is_array($included_text)) {
$includedFiles = array_merge($includedFiles, $included_text['files']);
$included_text = $included_text['typoscript'];
}
$newString .= $included_text . LF;
} else {
$newString .= '
###
### ERROR: File "' . $filename . '" was not was not found.
###
';
\TYPO3\CMS\Core\Utility\GeneralUtility::sysLog('File "' . $filename . '" was not found.', 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
}
} else {
$newString .= '
###
### ERROR: File "' . $filename . '" was not included since it is not allowed due to fileDenyPattern
###
';
\TYPO3\CMS\Core\Utility\GeneralUtility::sysLog('File "' . $filename . '" was not included since it is not allowed due to fileDenyPattern', 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
}
}
break;
}
}
$newString .= '### ' . $splitStr . $subparts[0] . '> END:' . LF;
$newString .= $subparts[1];
} else {
$newString .= $splitStr . $v;
}
} else {
$newString .= $splitStr . $v;
}
}
// Not the first/last linebreak char.
$string = substr($newString, 1, -1);
}
// When all included files should get returned, simply return an compound array containing
// the TypoScript with all "includes" processed and the files which got included
if ($returnFiles) {
return array('typoscript' => $string, 'files' => $includedFiles);
}
return $string;
//.........這裏部分代碼省略.........
示例14: extractIncludes
/**
* Search for commented INCLUDE_TYPOSCRIPT statements
* and save the content between the BEGIN and the END line to the specified file
*
* @param string $string Template content
* @param int $cycle_counter Counter for detecting endless loops
* @param array $extractedFileNames
* @param string $parentFilenameOrPath
*
* @throws \RuntimeException
* @throws \UnexpectedValueException
* @return string Template content with uncommented include statements
*/
public static function extractIncludes($string, $cycle_counter = 1, array $extractedFileNames = array(), $parentFilenameOrPath = '')
{
if ($cycle_counter > 10) {
GeneralUtility::sysLog('It appears like TypoScript code is looping over itself. Check your templates for "<INCLUDE_TYPOSCRIPT: ..." tags', 'Core', GeneralUtility::SYSLOG_SEVERITY_WARNING);
return '
###
### ERROR: Recursion!
###
';
}
$expectedEndTag = '';
$fileContent = array();
$restContent = array();
$fileName = NULL;
$inIncludePart = FALSE;
$lines = preg_split("/\r\n|\n|\r/", $string);
$skipNextLineIfEmpty = FALSE;
$openingCommentedIncludeStatement = NULL;
$optionalProperties = '';
foreach ($lines as $line) {
// \TYPO3\CMS\Core\TypoScript\Parser\TypoScriptParser::checkIncludeLines inserts
// an additional empty line, remove this again
if ($skipNextLineIfEmpty) {
if (trim($line) === '') {
continue;
}
$skipNextLineIfEmpty = FALSE;
}
// Outside commented include statements
if (!$inIncludePart) {
// Search for beginning commented include statements
if (preg_match('/###\\s*<INCLUDE_TYPOSCRIPT:\\s*source\\s*=\\s*"\\s*((?i)file|dir)\\s*:\\s*([^"]*)"(.*)>\\s*BEGIN/i', $line, $matches)) {
// Found a commented include statement
// Save this line in case there is no ending tag
$openingCommentedIncludeStatement = trim($line);
$openingCommentedIncludeStatement = preg_replace('/\\s*### Warning: .*###\\s*/', '', $openingCommentedIncludeStatement);
// type of match: FILE or DIR
$inIncludePart = strtoupper($matches[1]);
$fileName = $matches[2];
$optionalProperties = $matches[3];
$expectedEndTag = '### <INCLUDE_TYPOSCRIPT: source="' . $inIncludePart . ':' . $fileName . '"' . $optionalProperties . '> END';
// Strip all whitespace characters to make comparison safer
$expectedEndTag = strtolower(preg_replace('/\\s/', '', $expectedEndTag));
} else {
// If this is not a beginning commented include statement this line goes into the rest content
$restContent[] = $line;
}
//if (is_array($matches)) GeneralUtility::devLog('matches', 'TypoScriptParser', 0, $matches);
} else {
// Inside commented include statements
// Search for the matching ending commented include statement
$strippedLine = preg_replace('/\\s/', '', $line);
if (stripos($strippedLine, $expectedEndTag) !== FALSE) {
// Found the matching ending include statement
$fileContentString = implode(PHP_EOL, $fileContent);
// Write the content to the file
// Resolve a possible relative paths if a parent file is given
if ($parentFilenameOrPath !== '' && $fileName[0] === '.') {
$realFileName = PathUtility::getAbsolutePathOfRelativeReferencedFileOrPath($parentFilenameOrPath, $fileName);
} else {
$realFileName = $fileName;
}
$realFileName = GeneralUtility::getFileAbsFileName($realFileName);
if ($inIncludePart === 'FILE') {
// Some file checks
if (!GeneralUtility::verifyFilenameAgainstDenyPattern($realFileName)) {
throw new \UnexpectedValueException(sprintf('File "%s" was not included since it is not allowed due to fileDenyPattern.', $fileName), 1382651858);
}
if (empty($realFileName)) {
throw new \UnexpectedValueException(sprintf('"%s" is not a valid file location.', $fileName), 1294586441);
}
if (!is_writable($realFileName)) {
throw new \RuntimeException(sprintf('"%s" is not writable.', $fileName), 1294586442);
}
if (in_array($realFileName, $extractedFileNames)) {
throw new \RuntimeException(sprintf('Recursive/multiple inclusion of file "%s"', $realFileName), 1294586443);
}
$extractedFileNames[] = $realFileName;
// Recursive call to detected nested commented include statements
$fileContentString = self::extractIncludes($fileContentString, $cycle_counter + 1, $extractedFileNames, $realFileName);
// Write the content to the file
if (!GeneralUtility::writeFile($realFileName, $fileContentString)) {
throw new \RuntimeException(sprintf('Could not write file "%s"', $realFileName), 1294586444);
}
// Insert reference to the file in the rest content
$restContent[] = '<INCLUDE_TYPOSCRIPT: source="FILE:' . $fileName . '"' . $optionalProperties . '>';
} else {
//.........這裏部分代碼省略.........
示例15: checkExtension
/**
* Is file-extension allowed for uploading?
*
* @param string $filename Filename like (upload_03.txt)
* @param string $fileExtensions allowed file extensions
* @return bool
*/
public static function checkExtension($filename, $fileExtensions = '')
{
$fileInfo = pathinfo($filename);
if (!empty($fileInfo['extension']) && !empty($fileExtensions) && GeneralUtility::inList($fileExtensions, $fileInfo['extension']) && GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && GeneralUtility::validPathStr($filename)) {
return true;
}
return false;
}