/**
* Import a resource and respect configuration given for properties
*
* @param array $uploadInfo
* @param PropertyMappingConfigurationInterface $configuration
* @return \TYPO3\CMS\Extbase\Domain\Model\FileReference
* @throws TypeConverterException
* @throws ExistingTargetFileNameException
*/
protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration)
{
if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) {
throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1399312430);
}
$allowedFileExtensions = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_ALLOWED_EXTENSIONS);
if ($allowedFileExtensions !== null) {
$filePathInfo = PathUtility::pathinfo($uploadInfo['name']);
if (!GeneralUtility::inList($allowedFileExtensions, strtolower($filePathInfo['extension']))) {
throw new TypeConverterException('File extension is not allowed!', 1399312430);
}
}
$uploadFolderId = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder;
$conflictMode = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode;
$uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId);
$uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode);
$resourcePointer = null;
if (isset($uploadInfo['submittedFile']['resourcePointer'])) {
$submittedResourcePointer = $uploadInfo['submittedFile']['resourcePointer'];
if (strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === false) {
$resourcePointer = $this->hashService->validateAndStripHmac($submittedResourcePointer);
}
}
$fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer);
return $fileReferenceModel;
}
/**
* @test
*/
public function validateAndStripHmacReturnsTheStringWithoutHmac()
{
$string = ' Some arbitrary string with special characters: öäüß!"§$ ';
$hashedString = $this->hashService->appendHmac($string);
$actualResult = $this->hashService->validateAndStripHmac($hashedString);
$this->assertSame($string, $actualResult);
}
/**
* Import a resource and respect configuration given for properties
*
* @param array $uploadInfo
* @param PropertyMappingConfigurationInterface $configuration
* @return ExtbaseFileReference
* @throws TypeConverterException
*/
protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration) : ExtbaseFileReference
{
if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) {
throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1471710357);
}
$uploadFolderId = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder;
$conflictMode = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode;
$uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId);
$uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode);
$validators = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_FILE_VALIDATORS);
if (is_array($validators)) {
foreach ($validators as $validator) {
if ($validator instanceof AbstractValidator) {
$validationResult = $validator->validate($uploadedFile);
if ($validationResult->hasErrors()) {
$uploadedFile->getStorage()->deleteFile($uploadedFile);
throw new TypeConverterException($validationResult->getErrors()[0]->getMessage(), 1471708999);
}
}
}
}
$resourcePointer = isset($uploadInfo['submittedFile']['resourcePointer']) && strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === false ? $this->hashService->validateAndStripHmac($uploadInfo['submittedFile']['resourcePointer']) : null;
$fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer);
return $fileReferenceModel;
}
/**
* Retrieve fileReference UID from hmac
* @param string $hmac
* @return integer
*/
protected function retrieveFileReferenceUid($hmac)
{
try {
return (int) $this->hashService->validateAndStripHmac($hmac);
} catch (Exception $e) {
return $this->returnStatus(500, $e->getMessage());
}
}
/**
* Get a freshly built request object pointing to the Referrer.
*
* @return ReferringRequest the referring request, or null if no referrer found
*/
public function getReferringRequest()
{
if (isset($this->internalArguments['__referrer']['@request'])) {
$referrerArray = unserialize($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request']));
$arguments = [];
if (isset($this->internalArguments['__referrer']['arguments'])) {
// This case is kept for compatibility in 7.6 and 6.2, but will be removed in 8
$arguments = unserialize(base64_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['arguments'])));
}
$referringRequest = new ReferringRequest();
$referringRequest->setArguments(array_replace_recursive($arguments, $referrerArray));
return $referringRequest;
}
return null;
}
/**
* Initialize the property mapping configuration in $controllerArguments if
* the trusted properties are set inside the request.
*
* @param \TYPO3\CMS\Extbase\Mvc\Request $request
* @param \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments
*
* @return void
*/
public function initializePropertyMappingConfigurationFromRequest(\TYPO3\CMS\Extbase\Mvc\Request $request, \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments)
{
$trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
if (!is_string($trustedPropertiesToken)) {
return;
}
$serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
$trustedProperties = unserialize($serializedTrustedProperties);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
}
/**
* Get a freshly built request object pointing to the Referrer.
*
* @return Request the referring request, or NULL if no referrer found
*/
public function getReferringRequest() {
if (isset($this->internalArguments['__referrer']) && is_array($this->internalArguments['__referrer'])) {
$referrerArray = $this->internalArguments['__referrer'];
$referringRequest = new \TYPO3\CMS\Extbase\Mvc\Web\Request();
$arguments = array();
if (isset($referrerArray['arguments'])) {
$serializedArgumentsWithHmac = $referrerArray['arguments'];
$serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac);
$arguments = unserialize(base64_decode($serializedArguments));
unset($referrerArray['arguments']);
}
$referringRequest->setArguments(\TYPO3\CMS\Extbase\Utility\ArrayUtility::arrayMergeRecursiveOverrule($arguments, $referrerArray));
return $referringRequest;
}
return NULL;
}
/**
* @return void
*/
protected function initializeFormStateFromRequest()
{
$serializedFormStateWithHmac = $this->request->getInternalArgument('__state');
if ($serializedFormStateWithHmac === null) {
$this->formState = GeneralUtility::makeInstance(FormState::class);
} else {
$serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac);
$this->formState = unserialize(base64_decode($serializedFormState));
}
}
