/** * Check whether the vote exists or not. * * @param Vote $vote * @return void */ public function isValid($vote) { if ($this->getVoteRepository()->exists($vote)) { print 'Sorry, a vote already exists for this object.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } }
/** * Send the content type header and the right file extension in front of the content * * @param $contentType * @param $fileExtension */ protected function sendHeaderAndFilename($contentType, $fileExtension) { $testMode = (bool) $this->settings['feed']['debugMode']; if ($testMode) { header('Content-Type: text/plain; charset=utf-8'); } else { header('Content-Type: ' . $contentType . '; charset=utf-8'); header('Content-Disposition: inline; filename=calendar.' . $fileExtension); } echo $this->response->getContent(); HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_200); }
/** * Check if $columns is valid. If it is not valid, throw an exception. * * @param Vote $vote * @return void */ public function isValid($vote) { // Check if User is logged in if (!$this->getUserService()->isAuthenticated()) { print 'Authentication required.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_401); } if (!$vote instanceof Vote) { print 'I could not instantiate the Vote object.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_400); } if (empty($vote->getVotedObject()->getContentType())) { print 'I miss a valid content type.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_400); } $object = $this->getVotedObjectRepository()->findOne($vote); if (empty($object)) { print 'I could not retrieve the voted object.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404); } // Check the content element that contains the voting meta information. $contentElementIdentifier = (int) GeneralUtility::_GP('contentElement'); if ($contentElementIdentifier < 1) { print 'Invalid or missing content element parameter.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_400); } $content = $this->getContentElementService()->get($contentElementIdentifier); if (empty($content)) { print 'I could not retrieve this content element: ' . $contentElementIdentifier; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404); } $settings = $this->getContentElementService()->getSettings($contentElementIdentifier); if ((int) $settings['closingDate'] > 0 && (int) $settings['closingDate'] < time()) { print 'Sorry, the vote is closed for this content element: ' . $contentElementIdentifier; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } $allowedFrequency = (int) $settings['allowedFrequency']; $userIdentifier = $vote->getUser(); $lastVote = $this->getVoteRepository()->findLastVote($settings['contentType'], $userIdentifier); if ($allowedFrequency > 0 && !empty($lastVote)) { if ($allowedFrequency === self::ALLOWED_ONLY_ONCE_PER_24 && time() - $lastVote['time'] < 86400) { print 'Sorry, you can not vote for this type of object today, please come back.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } elseif ($allowedFrequency === self::ALLOWED_ONLY_ONCE) { print 'Sorry, you can vote only once for this type of object.'; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } } }
/** * Main method to dump a file * * @param ServerRequestInterface $request * @param ResponseInterface $response * @return NULL|ResponseInterface * * @throws \InvalidArgumentException * @throws \RuntimeException * @throws \TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException * @throws \UnexpectedValueException */ public function dumpAction(ServerRequestInterface $request, ResponseInterface $response) { $parameters = array('eID' => 'dumpFile'); $t = $this->getGetOrPost($request, 't'); if ($t) { $parameters['t'] = $t; } $f = $this->getGetOrPost($request, 'f'); if ($f) { $parameters['f'] = $f; } $p = $this->getGetOrPost($request, 'p'); if ($p) { $parameters['p'] = $p; } if (GeneralUtility::hmac(implode('|', $parameters), 'resourceStorageDumpFile') === $this->getGetOrPost($request, 'token')) { if (isset($parameters['f'])) { $file = ResourceFactory::getInstance()->getFileObject($parameters['f']); if ($file->isDeleted() || $file->isMissing()) { $file = null; } } else { $file = GeneralUtility::makeInstance(ProcessedFileRepository::class)->findByUid($parameters['p']); if ($file->isDeleted()) { $file = null; } } if ($file === null) { HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404); } // Hook: allow some other process to do some security/access checks. Hook should issue 403 if access is rejected if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'] as $classRef) { $hookObject = GeneralUtility::getUserObj($classRef); if (!$hookObject instanceof FileDumpEIDHookInterface) { throw new \UnexpectedValueException('FileDump hook object must implement interface ' . FileDumpEIDHookInterface::class, 1394442417); } $hookObject->checkFileAccess($file); } } $file->getStorage()->dumpFileContents($file); // @todo Refactor FAL to not echo directly, but to implement a stream for output here and use response return null; } else { return $response->withStatus(403); } }
/** * Dump file content * Copy from /sysext/core/Resources/PHP/FileDumpEID.php * * @param array $params * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj */ public function dumpFile($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj = null) { $parameters = array('eID' => 'dumpFile'); if (GeneralUtility::_GP('t')) { $parameters['t'] = GeneralUtility::_GP('t'); } if (GeneralUtility::_GP('f')) { $parameters['f'] = (int) GeneralUtility::_GP('f'); } if (GeneralUtility::_GP('p')) { $parameters['p'] = (int) GeneralUtility::_GP('p'); } if (GeneralUtility::hmac(implode('|', $parameters), 'BeResourceStorageDumpFile') === GeneralUtility::_GP('token')) { if (isset($parameters['f'])) { $file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileObject($parameters['f']); if ($file->isDeleted() || $file->isMissing()) { $file = null; } $orgFile = $file; } else { /** @var \TYPO3\CMS\Core\Resource\ProcessedFile $file */ $file = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Resource\\ProcessedFileRepository')->findByUid($parameters['p']); if ($file->isDeleted()) { $file = null; } $orgFile = $file->getOriginalFile(); } // Check file read permissions if (!$orgFile->getStorage()->checkFileActionPermission('read', $orgFile)) { HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } if ($file === null) { HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_404); } ob_start(); $file->getStorage()->dumpFileContents($file); exit; } else { HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } }
/** * Returns the html for the AJAX API * * @param array $params * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxRequestHandler * @return void */ public function getHtmlForImageManipulationWizard($params, $ajaxRequestHandler) { if (!$this->checkHmacToken()) { HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_403); } $fileUid = GeneralUtility::_GET('file'); $image = NULL; if (MathUtility::canBeInterpretedAsInteger($fileUid)) { try { $image = ResourceFactory::getInstance()->getFileObject($fileUid); } catch (FileDoesNotExistException $e) {} } $view = $this->getFluidTemplateObject($this->templatePath . 'Wizards/ImageManipulationWizard.html'); $view->assign('image', $image); $view->assign('zoom', (bool)GeneralUtility::_GET('zoom')); $view->assign('ratios', $this->getRatiosArray()); $content = $view->render(); $ajaxRequestHandler->addContent('content', $content); $ajaxRequestHandler->setContentFormat('html'); }
/** * Init function, setting the input vars in the global space. * * @return void * @todo Define visibility */ public function init() { // Loading internal vars with the GET/POST parameters from outside: $this->file = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('file'); $parametersArray = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('parameters'); $this->frame = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('frame'); $this->md5 = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('md5'); // Check parameters // If no file-param or parameters are given, we must exit if (!$this->file || !isset($parametersArray) || !is_array($parametersArray)) { \TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_410); } $this->parametersEncoded = implode('', $parametersArray); // Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters $md5_value = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(implode('|', array($this->file, $this->parametersEncoded))); if ($md5_value !== $this->md5) { \TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_410); } $parameters = unserialize(base64_decode($this->parametersEncoded)); foreach ($parameters as $parameterName => $parameterValue) { $this->{$parameterName} = $parameterValue; } // Check the file. If must be in a directory beneath the dir of this script... // $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path $test_file = PATH_site . $this->file; if (!\TYPO3\CMS\Core\Utility\GeneralUtility::validPathStr($test_file)) { \TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_410); } if (!@is_file($test_file)) { \TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_404); } }
$parameters['p'] = (int) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('p'); } if (\TYPO3\CMS\Core\Utility\GeneralUtility::hmac(implode('|', $parameters), 'resourceStorageDumpFile') === \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('token')) { if (isset($parameters['f'])) { $file = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFileObject($parameters['f']); if ($file->isDeleted() || $file->isMissing()) { $file = NULL; } } else { $file = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Resource\\ProcessedFileRepository')->findByUid($parameters['p']); if ($file->isDeleted()) { $file = NULL; } } if ($file === NULL) { \TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_404); } // Hook: allow some other process to do some security/access checks. Hook should issue 403 if access is rejected if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['FileDumpEID.php']['checkFileAccess'] as $classRef) { $hookObject = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($classRef); if (!$hookObject instanceof \TYPO3\CMS\Core\Resource\Hook\FileDumpEIDHookInterface) { throw new \UnexpectedValueException('$hookObject must implement interface TYPO3\\CMS\\Core\\Resource\\FileDumpEIDHookInterface', 1394442417); } $hookObject->checkFileAccess($file); } } $file->getStorage()->dumpFileContents($file); } else { \TYPO3\CMS\Core\Utility\HttpUtility::setResponseCodeAndExit(\TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_403); }
/** * Outputs the content from $this->content * * @return void */ public function printContent() { echo $this->content; HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_200); }
/** * Skips the HTTP response body, sends an according * header (status 204) and stops script execution * * @return void */ public function skipBodyAndExit() { HttpUtility::setResponseCodeAndExit(HttpUtility::HTTP_STATUS_204); }