/** * Returns a URL parameter array containing parameters for secure downloads by "jumpurl". * Helper function for filelink() * * The array returned has the following structure: * juSecure => is always 1, * locationData => information about the record that created the jumpUrl, * juHash => the hash that will be checked before the file is downloadable * [mimeType => the mime type of the file] * * @param string $jumpUrl The URL to jump to, basically the filepath * @param array $configuration TypoScript properties for the "jumpurl.secure" property of "filelink" * @return array URL parameters required for jumpUrl secure * */ protected function getParametersForSecureFile($jumpUrl, array $configuration) { $parameters = array('juSecure' => 1, 'locationData' => $this->getTypoScriptFrontendController()->id . ':' . $this->getContentObjectRenderer()->currentRecord); $pathInfo = pathinfo($jumpUrl); if (!empty($pathInfo['extension'])) { $mimeTypes = GeneralUtility::trimExplode(',', $configuration['mimeTypes'], true); foreach ($mimeTypes as $mimeType) { list($fileExtension, $mimeType) = GeneralUtility::trimExplode('=', $mimeType, false, 2); if (strtolower($pathInfo['extension']) === strtolower($fileExtension)) { $parameters['mimeType'] = $mimeType; break; } } } $parameters['juHash'] = JumpUrlUtility::calculateHashSecure($jumpUrl, $parameters['locationData'], $parameters['mimeType']); return $parameters; }
/** * Validate the jumpUrl hash against the GET/POST parameter "juHash". * * @param string $jumpUrl The URL to check against. * @return bool */ protected function isJumpUrlHashValid($jumpUrl) { return GeneralUtility::_GP('juHash') === JumpUrlUtility::calculateHash($jumpUrl); }
/** * @test * @dataProvider jumpUrlSecureFailsOnForbiddenFileLocationDataProvider * @expectedException \Exception * @expectedExceptionCode 1294585194 * @param string $path * @param string $path */ public function jumpUrlSecureFailsOnForbiddenFileLocation($path) { $this->jumpUrlHandler->expects($this->once())->method('isLocationDataValid')->with('')->will($this->returnValue(true)); $hash = \FoT3\Jumpurl\JumpUrlUtility::calculateHashSecure($path, '', ''); $_GET['jumpurl'] = $path; $_GET['juSecure'] = '1'; $_GET['juHash'] = $hash; $_GET['locationData'] = ''; $this->jumpUrlHandler->canHandleCurrentUrl(); $this->jumpUrlHandler->handle(); }