[RELEASE] 1.0.1

.gitattributes

@@ -0,0 +1,3 @@
+/Tests/ export-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore

.gitignore

@@ -1,10 +1,13 @@
+.DS_Store
+.build
 .idea/
 /out/
+vendor/
 .idea_modules/
 atlassian-ide-plugin.xml
 com_crashlytics_export_strings.xml
 crashlytics.properties
 crashlytics-build.properties
+composer.lock
 composer.phar
-/vendor/
 

Classes/Hooks/DataHandlerHook.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace T3G\SvgSanitizer\Hooks;
+
+/*
+ * This file is part of the TYPO3 extension svg_sanitizer.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use T3G\SvgSanitizer\Service\SvgSanitizerService;
+use TYPO3\CMS\Core\DataHandling\DataHandler;
+use TYPO3\CMS\Core\DataHandling\DataHandlerProcessUploadHookInterface;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
+/**
+ * Class DataHandlerHook
+ */
+class DataHandlerHook implements DataHandlerProcessUploadHookInterface
+{
+
+    /**
+     * Post-process a file upload.
+     *
+     * @param string $filename The uploaded file
+     * @param DataHandler $parentObject
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function processUpload_postProcessAction(&$filename, DataHandler $parentObject)
+    {
+        $svgService = GeneralUtility::makeInstance(SvgSanitizerService::class);
+        if ($svgService->isSvgFile($filename)) {
+            $svgService->sanitizeSvgFile($filename);
+        }
+    }
+}

Classes/Hooks/GeneralUtilityHook.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace T3G\SvgSanitizer\Hooks;
+
+/*
+ * This file is part of the TYPO3 extension svg_sanitizer.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use T3G\SvgSanitizer\Service\SvgSanitizerService;
+use TYPO3\CMS\Core\DataHandling\DataHandler;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
+/**
+ * Class GeneralUtitilityHook
+ * @package T3G\SvgSanitizer\Hooks
+ */
+class GeneralUtilityHook
+{
+
+    /**
+     * Post-process a file upload.
+     *
+     * @param string $filename The uploaded file
+     * @param DataHandler $parentObject
+     *
+     * @throws \InvalidArgumentException
+     */
+    /**
+     * @param array $params
+     * @param mixed $ref
+     */
+    public function processMoveUploadedFile(array &$params, &$ref)
+    {
+        $filename = $params['source'];
+        $svgService = GeneralUtility::makeInstance(SvgSanitizerService::class);
+        if ($svgService->isSvgFile($filename)) {
+            $svgService->sanitizeSvgFile($filename);
+        }
+    }
+}

Classes/Service/SvgSanitizerService.php

@@ -0,0 +1,72 @@
+<?php
+
+namespace T3G\SvgSanitizer\Service;
+
+/*
+ * This file is part of the TYPO3 extension svg_sanitizer.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use enshrined\svgSanitize\Sanitizer;
+use TYPO3\CMS\Core\Type\File\FileInfo;
+use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
+/**
+ * Class SvgSanitizerService
+ */
+class SvgSanitizerService
+{
+    /**
+     * @param string $fileNameAndPath
+     * @return bool
+     * @throws \InvalidArgumentException
+     */
+    public function isSvgFile($fileNameAndPath)
+    {
+        $fileInfo = GeneralUtility::makeInstance(FileInfo::class, $fileNameAndPath);
+        return \in_array($fileInfo->getMimeType(), ['image/svg+xml', 'application/svg+xml'], true);
+    }
+
+    /**
+     * @param string $fileNameAndPath
+     * @param string $outputFileNameAndPath
+     * @throws \BadFunctionCallException
+     */
+    public function sanitizeSvgFile($fileNameAndPath, $outputFileNameAndPath = null)
+    {
+        if ($outputFileNameAndPath === null) {
+            $outputFileNameAndPath = $fileNameAndPath;
+        }
+        $dirtySVG = file_get_contents($fileNameAndPath);
+        $cleanSVG = $this->sanitizeAndReturnSvgContent($dirtySVG);
+        if ($cleanSVG !== $dirtySVG) {
+            file_put_contents($outputFileNameAndPath, $cleanSVG);
+        }
+    }
+
+    /**
+     * @param string $dirtySVG
+     *
+     * @return string
+     * @throws \BadFunctionCallException
+     */
+    public function sanitizeAndReturnSvgContent($dirtySVG)
+    {
+        $extensionBasePath = ExtensionManagementUtility::extPath('svg_sanitizer');
+        if (!class_exists(Sanitizer::class)) {
+            @include 'phar://' . $extensionBasePath . 'Libraries/enshrined-svg-sanitize.phar/vendor/autoload.php';
+        }
+        $sanitizer = new Sanitizer();
+        $sanitizer->removeRemoteReferences(true);
+        return $sanitizer->sanitize($dirtySVG);
+    }
+}

Classes/Service/UpdateService.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace T3G\SvgSanitizer\Service;
+
+/*
+ * This file is part of the TYPO3 extension svg_sanitizer.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Core\Database\ConnectionPool;
+use TYPO3\CMS\Core\Resource\Filter\FileExtensionFilter;
+use TYPO3\CMS\Core\Resource\ResourceFactory;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
+class UpdateService
+{
+    public function executeUpdate(): bool
+    {
+        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
+            ->getQueryBuilderForTable('sys_file_storage');
+        $rows = $queryBuilder
+            ->select('uid')
+            ->from('sys_file_storage')
+            ->where($queryBuilder->expr()->eq('is_writable', 1))
+            ->execute()
+            ->fetchAll();
+
+        $resourceFactory = ResourceFactory::getInstance();
+        foreach ($rows as $row) {
+            $filter = GeneralUtility::makeInstance(FileExtensionFilter::class);
+            $filter->setAllowedFileExtensions(['svg']);
+
+            $storage = $resourceFactory->getStorageObject((int)$row['uid']);
+            $storage->setFileAndFolderNameFilters([[$filter, 'filterFileList']]);
+            $files = $storage->getFilesInFolder($storage->getRootLevelFolder(), 0, 0, true, true);
+
+            $svgSanitizerService = GeneralUtility::makeInstance(SvgSanitizerService::class);
+            foreach ($files as $file) {
+                $oldFileContent = $file->getContents();
+                $newFileContent = $svgSanitizerService->sanitizeAndReturnSvgContent($oldFileContent);
+                if ($oldFileContent !== $newFileContent) {
+                    $file->setContents($newFileContent);
+                }
+            }
+        }
+        return true;
+    }
+}

Classes/SignalSlot/ResourceStorage.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace T3G\SvgSanitizer\SignalSlot;
+
+/*
+ * This file is part of the TYPO3 extension svg_sanitizer.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use T3G\SvgSanitizer\Service\SvgSanitizerService;
+use TYPO3\CMS\Core\Resource\Driver\DriverInterface;
+use TYPO3\CMS\Core\Resource\FileInterface;
+use TYPO3\CMS\Core\Resource\Folder;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
+/**
+ * Class ResourceStorage
+ */
+class ResourceStorage
+{
+
+    /**
+     * @param string $targetFileName
+     * @param Folder $targetFolder
+     * @param string $sourceFilePath
+     * @param \TYPO3\CMS\Core\Resource\ResourceStorage $parentObject
+     * @param DriverInterface $driver
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function preFileAdd(&$targetFileName, $targetFolder, $sourceFilePath, $parentObject, $driver)
+    {
+        $svgService = GeneralUtility::makeInstance(SvgSanitizerService::class);
+        if ($svgService->isSvgFile($sourceFilePath)) {
+            $svgService->sanitizeSvgFile($sourceFilePath);
+        }
+    }
+
+    /**
+     * @param FileInterface $file
+     * @param string $localFilePath
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function preFileReplace($file, $localFilePath)
+    {
+        $svgService = GeneralUtility::makeInstance(SvgSanitizerService::class);
+        if ($svgService->isSvgFile($localFilePath)) {
+            $svgService->sanitizeSvgFile($localFilePath);
+        }
+    }
+
+    /**
+     * @param FileInterface $file
+     * @param string $content
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function postFileSetContents($file, $content)
+    {
+        $svgService = GeneralUtility::makeInstance(SvgSanitizerService::class);
+        if ($svgService->isSvgFile($file->getForLocalProcessing(false))) {
+            $newContent = $svgService->sanitizeAndReturnSvgContent($content);
+            // prevent endless loop because this hook is called again and again and again and...
+            if ($newContent !== $content) {
+                $file->setContents($newContent);
+            }
+        }
+    }
+}