/** * Import a resource and respect configuration given for properties * * @param array $uploadInfo * @param PropertyMappingConfigurationInterface $configuration * @return \TYPO3\CMS\Extbase\Domain\Model\FileReference * @throws TypeConverterException * @throws ExistingTargetFileNameException */ protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration) { if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) { throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1399312430); } $allowedFileExtensions = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_ALLOWED_EXTENSIONS); if ($allowedFileExtensions !== null) { $filePathInfo = PathUtility::pathinfo($uploadInfo['name']); if (!GeneralUtility::inList($allowedFileExtensions, strtolower($filePathInfo['extension']))) { throw new TypeConverterException('File extension is not allowed!', 1399312430); } } $uploadFolderId = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder; $conflictMode = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode; $uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId); $uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode); $resourcePointer = null; if (isset($uploadInfo['submittedFile']['resourcePointer'])) { $submittedResourcePointer = $uploadInfo['submittedFile']['resourcePointer']; if (strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === false) { $resourcePointer = $this->hashService->validateAndStripHmac($submittedResourcePointer); } } $fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer); return $fileReferenceModel; }
/** * @test */ public function validateAndStripHmacReturnsTheStringWithoutHmac() { $string = ' Some arbitrary string with special characters: öäüß!"§$ '; $hashedString = $this->hashService->appendHmac($string); $actualResult = $this->hashService->validateAndStripHmac($hashedString); $this->assertSame($string, $actualResult); }
/** * Import a resource and respect configuration given for properties * * @param array $uploadInfo * @param PropertyMappingConfigurationInterface $configuration * @return ExtbaseFileReference * @throws TypeConverterException */ protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration) : ExtbaseFileReference { if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) { throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1471710357); } $uploadFolderId = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder; $conflictMode = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode; $uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId); $uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode); $validators = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_FILE_VALIDATORS); if (is_array($validators)) { foreach ($validators as $validator) { if ($validator instanceof AbstractValidator) { $validationResult = $validator->validate($uploadedFile); if ($validationResult->hasErrors()) { $uploadedFile->getStorage()->deleteFile($uploadedFile); throw new TypeConverterException($validationResult->getErrors()[0]->getMessage(), 1471708999); } } } } $resourcePointer = isset($uploadInfo['submittedFile']['resourcePointer']) && strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === false ? $this->hashService->validateAndStripHmac($uploadInfo['submittedFile']['resourcePointer']) : null; $fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer); return $fileReferenceModel; }
/** * Retrieve fileReference UID from hmac * @param string $hmac * @return integer */ protected function retrieveFileReferenceUid($hmac) { try { return (int) $this->hashService->validateAndStripHmac($hmac); } catch (Exception $e) { return $this->returnStatus(500, $e->getMessage()); } }
/** * Get a freshly built request object pointing to the Referrer. * * @return ReferringRequest the referring request, or null if no referrer found */ public function getReferringRequest() { if (isset($this->internalArguments['__referrer']['@request'])) { $referrerArray = unserialize($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request'])); $arguments = []; if (isset($this->internalArguments['__referrer']['arguments'])) { // This case is kept for compatibility in 7.6 and 6.2, but will be removed in 8 $arguments = unserialize(base64_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['arguments']))); } $referringRequest = new ReferringRequest(); $referringRequest->setArguments(array_replace_recursive($arguments, $referrerArray)); return $referringRequest; } return null; }
/** * Initialize the property mapping configuration in $controllerArguments if * the trusted properties are set inside the request. * * @param \TYPO3\CMS\Extbase\Mvc\Request $request * @param \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments * * @return void */ public function initializePropertyMappingConfigurationFromRequest(\TYPO3\CMS\Extbase\Mvc\Request $request, \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments) { $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties'); if (!is_string($trustedPropertiesToken)) { return; } $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken); $trustedProperties = unserialize($serializedTrustedProperties); foreach ($trustedProperties as $propertyName => $propertyConfiguration) { if (!$controllerArguments->hasArgument($propertyName)) { continue; } $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration(); $this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration); } }
/** * Get a freshly built request object pointing to the Referrer. * * @return Request the referring request, or NULL if no referrer found */ public function getReferringRequest() { if (isset($this->internalArguments['__referrer']) && is_array($this->internalArguments['__referrer'])) { $referrerArray = $this->internalArguments['__referrer']; $referringRequest = new \TYPO3\CMS\Extbase\Mvc\Web\Request(); $arguments = array(); if (isset($referrerArray['arguments'])) { $serializedArgumentsWithHmac = $referrerArray['arguments']; $serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac); $arguments = unserialize(base64_decode($serializedArguments)); unset($referrerArray['arguments']); } $referringRequest->setArguments(\TYPO3\CMS\Extbase\Utility\ArrayUtility::arrayMergeRecursiveOverrule($arguments, $referrerArray)); return $referringRequest; } return NULL; }
/** * @return void */ protected function initializeFormStateFromRequest() { $serializedFormStateWithHmac = $this->request->getInternalArgument('__state'); if ($serializedFormStateWithHmac === null) { $this->formState = GeneralUtility::makeInstance(FormState::class); } else { $serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac); $this->formState = unserialize(base64_decode($serializedFormState)); } }