/**
* Check whether the vote exists or not.
*
* @param Vote $vote
* @return void
*/
public function isValid($vote)
{
if ($this->getVoteRepository()->exists($vote)) {
print 'Sorry, a vote already exists for this object.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
}
}
/**
* Send the content type header and the right file extension in front of the content
*
* @param $contentType
* @param $fileExtension
*/
protected function sendHeaderAndFilename($contentType, $fileExtension)
{
$testMode = (bool) $this->settings['feed']['debugMode'];
if ($testMode) {
header('Content-Type: text/plain; charset=utf-8');
} else {
header('Content-Type: ' . $contentType . '; charset=utf-8');
header('Content-Disposition: inline; filename=calendar.' . $fileExtension);
}
echo $this->response->getContent();
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_200);
}
/**
* Check if $columns is valid. If it is not valid, throw an exception.
*
* @param Vote $vote
* @return void
*/
public function isValid($vote)
{
// Check if User is logged in
if (!$this->getUserService()->isAuthenticated()) {
print 'Authentication required.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_401);
}
if (!$vote instanceof Vote) {
print 'I could not instantiate the Vote object.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_400);
}
if (empty($vote->getVotedObject()->getContentType())) {
print 'I miss a valid content type.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_400);
}
$object = $this->getVotedObjectRepository()->findOne($vote);
if (empty($object)) {
print 'I could not retrieve the voted object.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
}
// Check the content element that contains the voting meta information.
$contentElementIdentifier = (int) GeneralUtility::_GP('contentElement');
if ($contentElementIdentifier < 1) {
print 'Invalid or missing content element parameter.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_400);
}
$content = $this->getContentElementService()->get($contentElementIdentifier);
if (empty($content)) {
print 'I could not retrieve this content element: ' . $contentElementIdentifier;
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
}
$settings = $this->getContentElementService()->getSettings($contentElementIdentifier);
if ((int) $settings['closingDate'] > 0 && (int) $settings['closingDate'] < time()) {
print 'Sorry, the vote is closed for this content element: ' . $contentElementIdentifier;
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
}
$allowedFrequency = (int) $settings['allowedFrequency'];
$userIdentifier = $vote->getUser();
$lastVote = $this->getVoteRepository()->findLastVote($settings['contentType'], $userIdentifier);
if ($allowedFrequency > 0 && !empty($lastVote)) {
if ($allowedFrequency === self::ALLOWED_ONLY_ONCE_PER_24 && time() - $lastVote['time'] < 86400) {
print 'Sorry, you can not vote for this type of object today, please come back.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
} elseif ($allowedFrequency === self::ALLOWED_ONLY_ONCE) {
print 'Sorry, you can vote only once for this type of object.';
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
}
}
}
/**
* Main method to dump a file
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @return NULL|ResponseInterface
*
* @throws \InvalidArgumentException
* @throws \RuntimeException
* @throws \TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException
* @throws \UnexpectedValueException
*/
public function dumpAction(ServerRequestInterface $request, ResponseInterface $response)
{
$parameters = array('eID' => 'dumpFile');
$t = $this->getGetOrPost($request, 't');
if ($t) {
$parameters['t'] = $t;
}
$f = $this->getGetOrPost($request, 'f');
if ($f) {
$parameters['f'] = $f;
}
$p = $this->getGetOrPost($request, 'p');
if ($p) {
$parameters['p'] = $p;
}
if (GeneralUtility::hmac(implode('|', $parameters), 'resourceStorageDumpFile') === $this->getGetOrPost($request, 'token')) {
if (isset($parameters['f'])) {
$file = ResourceFactory::getInstance()->getFileObject($parameters['f']);
if ($file->isDeleted() || $file->isMissing()) {
$file = null;
}
} else {
$file = GeneralUtility::makeInstance(ProcessedFileRepository::class)->findByUid($parameters['p']);
if ($file->isDeleted()) {
$file = null;
}
}
if ($file === null) {
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
}
// Hook: allow some other process to do some security/access checks. Hook should issue 403 if access is rejected
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'] as $classRef) {
$hookObject = GeneralUtility::getUserObj($classRef);
if (!$hookObject instanceof FileDumpEIDHookInterface) {
throw new \UnexpectedValueException('FileDump hook object must implement interface ' . FileDumpEIDHookInterface::class, 1394442417);
}
$hookObject->checkFileAccess($file);
}
}
$file->getStorage()->dumpFileContents($file);
// @todo Refactor FAL to not echo directly, but to implement a stream for output here and use response
return null;
} else {
return $response->withStatus(403);
}
}
/**
* Dump file content
* Copy from /sysext/core/Resources/PHP/FileDumpEID.php
*
* @param array $params
* @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj
*/
public function dumpFile($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj = null)
{
$parameters = array('eID' => 'dumpFile');
if (GeneralUtility::_GP('t')) {
$parameters['t'] = GeneralUtility::_GP('t');
}
if (GeneralUtility::_GP('f')) {
$parameters['f'] = (int) GeneralUtility::_GP('f');
}
if (GeneralUtility::_GP('p')) {
$parameters['p'] = (int) GeneralUtility::_GP('p');
}
if (GeneralUtility::hmac(implode('|', $parameters), 'BeResourceStorageDumpFile') === GeneralUtility::_GP('token')) {
if (isset($parameters['f'])) {
$file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileObject($parameters['f']);
if ($file->isDeleted() || $file->isMissing()) {
$file = null;
}
$orgFile = $file;
} else {
/** @var \TYPO3\CMS\Core\Resource\ProcessedFile $file */
$file = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Resource\\ProcessedFileRepository')->findByUid($parameters['p']);
if ($file->isDeleted()) {
$file = null;
}
$orgFile = $file->getOriginalFile();
}
// Check file read permissions
if (!$orgFile->getStorage()->checkFileActionPermission('read', $orgFile)) {
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
}
if ($file === null) {
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404);
}
ob_start();
$file->getStorage()->dumpFileContents($file);
exit;
} else {
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
}
}
/**
* Returns the html for the AJAX API
*
* @param array $params
* @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxRequestHandler
* @return void
*/
public function getHtmlForImageManipulationWizard($params, $ajaxRequestHandler) {
if (!$this->checkHmacToken()) {
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403);
}
$fileUid = GeneralUtility::_GET('file');
$image = NULL;
if (MathUtility::canBeInterpretedAsInteger($fileUid)) {
try {
$image = ResourceFactory::getInstance()->getFileObject($fileUid);
} catch (FileDoesNotExistException $e) {}
}
$view = $this->getFluidTemplateObject($this->templatePath . 'Wizards/ImageManipulationWizard.html');
$view->assign('image', $image);
$view->assign('zoom', (bool)GeneralUtility::_GET('zoom'));
$view->assign('ratios', $this->getRatiosArray());
$content = $view->render();
$ajaxRequestHandler->addContent('content', $content);
$ajaxRequestHandler->setContentFormat('html');
}
/**
* Init function, setting the input vars in the global space.
*
* @return void
* @todo Define visibility
*/
public function init()
{
// Loading internal vars with the GET/POST parameters from outside:
$this->file = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('file');
$parametersArray = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('parameters');
$this->frame = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('frame');
$this->md5 = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('md5');
// Check parameters
// If no file-param or parameters are given, we must exit
if (!$this->file || !isset($parametersArray) || !is_array($parametersArray)) {
\TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_410);
}
$this->parametersEncoded = implode('', $parametersArray);
// Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters
$md5_value = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(implode('|', array($this->file, $this->parametersEncoded)));
if ($md5_value !== $this->md5) {
\TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_410);
}
$parameters = unserialize(base64_decode($this->parametersEncoded));
foreach ($parameters as $parameterName => $parameterValue) {
$this->{$parameterName} = $parameterValue;
}
// Check the file. If must be in a directory beneath the dir of this script...
// $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path
$test_file = PATH_site . $this->file;
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::validPathStr($test_file)) {
\TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_410);
}
if (!@is_file($test_file)) {
\TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_404);
}
}
$parameters['p'] = (int) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('p');
}
if (\TYPO3\CMS\Core\Utility\GeneralUtility::hmac(implode('|', $parameters), 'resourceStorageDumpFile') === \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('token')) {
if (isset($parameters['f'])) {
$file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileObject($parameters['f']);
if ($file->isDeleted() || $file->isMissing()) {
$file = NULL;
}
} else {
$file = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Resource\\ProcessedFileRepository')->findByUid($parameters['p']);
if ($file->isDeleted()) {
$file = NULL;
}
}
if ($file === NULL) {
\TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_404);
}
// Hook: allow some other process to do some security/access checks. Hook should issue 403 if access is rejected
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'] as $classRef) {
$hookObject = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($classRef);
if (!$hookObject instanceof \TYPO3\CMS\Core\Resource\Hook\FileDumpEIDHookInterface) {
throw new \UnexpectedValueException('$hookObject must implement interface TYPO3\\CMS\\Core\\Resource\\FileDumpEIDHookInterface', 1394442417);
}
$hookObject->checkFileAccess($file);
}
}
$file->getStorage()->dumpFileContents($file);
} else {
\TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_403);
}
/**
* Outputs the content from $this->content
*
* @return void
*/
public function printContent()
{
echo $this->content;
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_200);
}
/**
* Skips the HTTP response body, sends an according
* header (status 204) and stops script execution
*
* @return void
*/
public function skipBodyAndExit()
{
HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_204);
}
