• This repository has been archived on 21/May/2021
  • Stars
    star
    102
  • Rank 333,598 (Top 7 %)
  • Language
    PHP
  • Created over 10 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

File Upload using Extbase and FAL

File Upload using Extbase and FAL in TYPO3 6.2

.. post::
   :tags: TYPO3, Extbase


Project:

TYPO3 CMS extension ext:upload_example for TYPO3 >= 6.2.4

Author:

Helmut Hummel

Repository:

At Github helhum/upload_example

Blogpost:

File Upload using Extbase and FAL in TYPO3 6.2

Credit:

Overview:

What does it do?

Version 6.2 of the Extbase framework has no support for file upload and image upload at all. This is a complete and working example claiming to do it it the right way.

How does it work?

  • The heart of the extension is the UploadedFileReferenceConverter
  • an extended FileReference model is needed
  • an extended ObjectStorageConverter is needed
  • an extended UploadViewHelper is needed

Everything else in this example extension is more or less plain code as generated by the extension builder.

What needs to be done?

TypeConverter

We want to have a custom TypeConverter to:

  • evaluate the file upload array
  • move the uploaded file to a FAL storage using the FAL API
  • and have the result persisted in the database using the Extbase persistence.

Error handling

We don't want to just throw exceptions but use the TypeConverter API to return useful error messages to the user.

Configurability

Things should be configurable, especially the TypeConverter. It needs to know about

  1. the folder to upload to
  2. what to do in case of a name conflict for the uploaded file
  3. the allowed file extensions
  4. how to deal with an already attached resource.

The actual configuration is done through by PropertyMappingConfiguration.

Some configuration options:

<?php
class UploadedFileReferenceConverter extends \TYPO3\CMS\Extbase\Property\TypeConverter\AbstractTypeConverter {

   /**
    * Folder where the file upload should go to
    * (including storage).
    */
   const CONFIGURATION_UPLOAD_FOLDER = 1;

   /**
    * How to handle an upload when the name
    * of the uploaded file conflicts.
    */
   const CONFIGURATION_UPLOAD_CONFLICT_MODE = 2;

   /**
    * Whether to replace an already present resource.
    * Useful for "maxitems = 1" fields and properties
    * with no ObjectStorage annotation.
    */
   const CONFIGURATION_ALLOWED_FILE_EXTENSIONS = 4;
}

Handle validation errors and already attached resources

Different cases need to be handled.

Case: A file is already attached

  • When editing an entity that has already an image attached to it, through a previous upload for example, saving the entity without re-uploading a file should keep the attached resource.

Knowing about an already attached resource is not only in the domain of the TypeConverter. Therefore the UploadViewHelper assigns such values to a hidden input and protects it by an hash value (hmac).

Additionally the viewhhelper accept child nodes and provides an object "resource". This means that you can render the attached resource if you like to. In this example a preview of the image is shown:

<h:form.upload property="image" >
   <f:if condition="{resource}">
      <f:image image="{resource}" alt="" width="50"/>
   </f:if>
</h:form.upload><br />

Case: Upload succeeds, validation fails

In this case the file upload succeeds but due to validation errors in some other fields the whole form isn't accepted. This also means it isn't persisted yet but we nevertheless want to keep the uploaded file as a resource as we don't want to upload it again.

Security

To make file upload secure the TypeConverter needs at least needs to care about these two issues:

  1. Deny upload of PHP files!

    <?php
    if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) {
       throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1399312430);
    }
    ?>

    It cannot be stressed enough how important these three lines of code are!

    Important

    • These lines are mandatory and NOT optional.
    • These lines are independent from the configurable allowed file extensions.

Install

  1. Get from Github, install as extension
  2. Create folder ./fileadmin/content
  3. No extra TypoScript needs to be included
  4. Create a page, insert the plugin as a content element
  5. Start playing in the frontend.

Adaptation

  • Look into the controller to get an idea about how how to configure the type converter.
  • Look into the TCA to see how to properly set the match_fields so that Extbase Persistence does the right thing.
  • ...

Contribute

Enjoy!

More Repositories

1

dotenv-connector

Makes values from a .env file available as environment variables for composer based projects
PHP
150
star
2

TYPO3-Distribution

A distribution package for TYPO3 CMS with added typo3_console support
PHP
81
star
3

typoscript_rendering

Render a TypoScript path by URL, especially useful for Ajax dispatching
PHP
66
star
4

typo3-secure-web

Secure your TYPO3 installation by only exposing public files
PHP
60
star
5

ext_scaffold

Extension skeleton for TYPO3 >= 7.4.0 including complete test setup
PHP
38
star
6

typo3-config-handling

Manage TYPO3 configuration for multiple environments or contexts with ease
PHP
35
star
7

realurl

TYPO3 CMS Extension RealURL fork
PHP
35
star
8

typo3-crontab

Improved command scheduling for TYPO3
PHP
31
star
9

config-loader

PHP
28
star
10

sentry-typo3

TYPO3 Sentry integration
PHP
20
star
11

ajax_example

PHP
18
star
12

typo3-composer-step-by-step-example

Shell
14
star
13

typo3-composer-setup

PHP
13
star
14

typo3-frontend-request

PHP
13
star
15

minimal-typo3-distribution

PHP
12
star
16

Surf.CMS

A TYPO3 Surf distribution featuring additional tools for TYPO3 CMS deployments
PHP
11
star
17

deprecated-class-alias-loader

This project is abandoned in favor of its successor: https://github.com/TYPO3/class-alias-loader
PHP
7
star
18

ter-client

PHP
7
star
19

typo3-deployer-recipe

PHP
6
star
20

TYPO3SurfCms.SurfTools

PHP
5
star
21

env-ts

PHP
4
star
22

TYPO3.IHS

Incident Handling System
CSS
4
star
23

t3satis

Repository Generator with support for TYPO3 CMS extension (git) repositories
PHP
4
star
24

ext-tools

PHP
3
star
25

fluid_security

Demo TYPO Extension which only features some tests for presentation purposes
PHP
3
star
26

image_cropper_test

PHP
2
star
27

typo3-env-enabled-patch

2
star
28

php-error-reporting

PHP
2
star
29

typo3-no-symlink-install

PHP
2
star
30

TYPO3.Surf.Distribution

TYPO3 Surf Distribution featuring tools to accomodate TYPO3 CMS deployments
1
star
31

easydb-typo3-integration

easydb integration for TYPO3
PHP
1
star