BasicFileUtility.php

Go to the documentation of this file.

<?php
namespace TYPO3\CMS\Core\Utility\File;

/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Utility\PathUtility;

class BasicFileUtility
{
    const UNSAFE_FILENAME_CHARACTER_EXPRESSION = '\\x00-\\x2C\\/\\x3A-\\x3F\\x5B-\\x60\\x7B-\\xBF';

    public $getUniqueNamePrefix = '';

    public $maxNumber = 99;

    public $uniquePrecision = 6;

    public $maxInputNameLen = 60;

    public $tempFN = '_temp_';

    public $f_ext = array();

    public $mounts = array();

    public $webPath = '';

    public $isInit = 0;

    public $csConvObj;

    /**********************************
     *
     * Checking functions
     *
     **********************************/
    public function init($mounts, $f_ext)
    {
        $this->f_ext['webspace']['allow'] = GeneralUtility::uniqueList(strtolower($f_ext['webspace']['allow']));
        $this->f_ext['webspace']['deny'] = GeneralUtility::uniqueList(strtolower($f_ext['webspace']['deny']));
        $this->f_ext['ftpspace']['allow'] = GeneralUtility::uniqueList(strtolower($f_ext['ftpspace']['allow']));
        $this->f_ext['ftpspace']['deny'] = GeneralUtility::uniqueList(strtolower($f_ext['ftpspace']['deny']));

        $this->mounts = (!empty($mounts) ? $mounts : array());
        $this->webPath = GeneralUtility::getIndpEnv('TYPO3_DOCUMENT_ROOT');
        $this->isInit = 1;
        $this->maxInputNameLen = $GLOBALS['TYPO3_CONF_VARS']['SYS']['maxFileNameLength'] ?: $this->maxInputNameLen;
    }

    public function is_allowed($iconkey, $type)
    {
        if (isset($this->f_ext[$type])) {
            $ik = strtolower($iconkey);
            if ($ik) {
                // If the extension is found amongst the allowed types, we return TRUE immediately
                if ($this->f_ext[$type]['allow'] == '*' || GeneralUtility::inList($this->f_ext[$type]['allow'], $ik)) {
                    return true;
                }
                // If the extension is found amongst the denied types, we return FALSE immediately
                if ($this->f_ext[$type]['deny'] == '*' || GeneralUtility::inList($this->f_ext[$type]['deny'], $ik)) {
                    return false;
                }
                // If no match we return TRUE
                return true;
            } else {
                // If no extension:
                if ($this->f_ext[$type]['allow'] == '*') {
                    return true;
                }
                if ($this->f_ext[$type]['deny'] == '*') {
                    return false;
                }
                return true;
            }
        }
        return false;
    }

    public function checkIfFullAccess($theDest)
    {
        $type = $this->is_webpath($theDest) ? 'webspace' : 'ftpspace';
        if (isset($this->f_ext[$type])) {
            if ((string)$this->f_ext[$type]['deny'] == '' || $this->f_ext[$type]['allow'] == '*') {
                return true;
            }
        }
    }

    public function is_webpath($path)
    {
        if ($this->isInit) {
            $testPath = $this->slashPath($path);
            $testPathWeb = $this->slashPath($this->webPath);
            if ($testPathWeb && $testPath) {
                return GeneralUtility::isFirstPartOfStr($testPath, $testPathWeb);
            }
        }
        return true;
    }

    public function checkIfAllowed($ext, $theDest, $filename = '')
    {
        return GeneralUtility::verifyFilenameAgainstDenyPattern($filename) && $this->is_allowed($ext, ($this->is_webpath($theDest) ? 'webspace' : 'ftpspace'));
    }

    public function is_directory($theDir)
    {
        // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
        if (GeneralUtility::validPathStr($theDir)) {
            $theDir = PathUtility::getCanonicalPath($theDir);
            if (@is_dir($theDir)) {
                return $theDir;
            }
        }
        return false;
    }

    public function getUniqueName($theFile, $theDest, $dontCheckForUnique = 0)
    {
        // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
        $theDest = $this->is_directory($theDest);
        // $theDest is cleaned up
        $origFileInfo = GeneralUtility::split_fileref($theFile);
        // Fetches info about path, name, extension of $theFile
        if ($theDest) {
            if ($this->getUniqueNamePrefix) {
                // Adds prefix
                $origFileInfo['file'] = $this->getUniqueNamePrefix . $origFileInfo['file'];
                $origFileInfo['filebody'] = $this->getUniqueNamePrefix . $origFileInfo['filebody'];
            }
            // Check if the file exists and if not - return the filename...
            $fileInfo = $origFileInfo;
            $theDestFile = $theDest . '/' . $fileInfo['file'];
            // The destinations file
            if (!file_exists($theDestFile) || $dontCheckForUnique) {
                // If the file does NOT exist we return this filename
                return $theDestFile;
            }
            // Well the filename in its pure form existed. Now we try to append numbers / unique-strings and see if we can find an available filename...
            $theTempFileBody = preg_replace('/_[0-9][0-9]$/', '', $origFileInfo['filebody']);
            // This removes _xx if appended to the file
            $theOrigExt = $origFileInfo['realFileext'] ? '.' . $origFileInfo['realFileext'] : '';
            for ($a = 1; $a <= $this->maxNumber + 1; $a++) {
                if ($a <= $this->maxNumber) {
                    // First we try to append numbers
                    $insert = '_' . sprintf('%02d', $a);
                } else {
                    // .. then we try unique-strings...
                    $insert = '_' . substr(md5(uniqid('', true)), 0, $this->uniquePrecision);
                }
                $theTestFile = $theTempFileBody . $insert . $theOrigExt;
                $theDestFile = $theDest . '/' . $theTestFile;
                // The destinations file
                if (!file_exists($theDestFile)) {
                    // If the file does NOT exist we return this filename
                    return $theDestFile;
                }
            }
        }
    }

    public function checkPathAgainstMounts($thePath)
    {
        if ($thePath && GeneralUtility::validPathStr($thePath) && is_array($this->mounts)) {
            foreach ($this->mounts as $k => $val) {
                if (GeneralUtility::isFirstPartOfStr($thePath, $val['path'])) {
                    return $k;
                }
            }
        }
    }

    public function findFirstWebFolder()
    {
        // @todo: where and when to use this function?
        if (is_array($this->mounts)) {
            foreach ($this->mounts as $k => $val) {
                if (GeneralUtility::isFirstPartOfStr($val['path'], PATH_site . $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])) {
                    return $k;
                }
            }
        }
    }

    /*********************
     *
     * Cleaning functions
     *
     *********************/
    public function slashPath($path)
    {
        // @todo: should go into the LocalDriver in a protected way (not important to the outside world)
        // @todo: should be done with rtrim($path, '/') . '/';
        if (substr($path, -1) != '/') {
            return $path . '/';
        }
        return $path;
    }

    public function cleanFileName($fileName, $charset = '')
    {
        // Handle UTF-8 characters
        if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['UTF8filesystem']) {
            // allow ".", "-", 0-9, a-z, A-Z and everything beyond U+C0 (latin capital letter a with grave)
            $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . ']/u', '_', trim($fileName));
        } else {
            // Get conversion object or initialize if needed
            if (!is_object($this->csConvObj)) {
                if (TYPO3_MODE == 'FE') {
                    $this->csConvObj = $GLOBALS['TSFE']->csConvObj;
                } elseif (is_object($GLOBALS['LANG'])) {
                    // BE assumed:
                    $this->csConvObj = $GLOBALS['LANG']->csConvObj;
                } else {
                    // The object may not exist yet, so we need to create it now. Happens in the Install Tool for example.
                    $this->csConvObj = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Charset\CharsetConverter::class);
                }
            }
            // Define character set
            if (!$charset) {
                if (TYPO3_MODE == 'FE') {
                    $charset = $GLOBALS['TSFE']->renderCharset;
                } else {
                    // Backend
                    $charset = 'utf-8';
                }
            }
            // If a charset was found, convert filename
            if ($charset) {
                $fileName = $this->csConvObj->specCharsToASCII($charset, $fileName);
            }
            // Replace unwanted characters by underscores
            $cleanFileName = preg_replace('/[' . self::UNSAFE_FILENAME_CHARACTER_EXPRESSION . '\\xC0-\\xFF]/', '_', trim($fileName));
        }
        // Strip trailing dots and return
        return rtrim($cleanFileName, '.');
    }
}