class PharExtensionInterceptor
Same name in other branches
- 7.x misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php \TYPO3\PharStreamWrapper\Interceptor\PharExtensionInterceptor
- 7.x misc/typo3/drupal-security/PharExtensionInterceptor.php \Drupal\Core\Security\PharExtensionInterceptor
- 8.9.x core/lib/Drupal/Core/Security/PharExtensionInterceptor.php \Drupal\Core\Security\PharExtensionInterceptor
An alternate PharExtensionInterceptor to support phar-based CLI tools.
@internal
Hierarchy
- class \Drupal\Core\Security\PharExtensionInterceptor implements \TYPO3\PharStreamWrapper\Assertable
Expanded class hierarchy of PharExtensionInterceptor
Deprecated
in drupal:9.4.0 and is removed from drupal:10.0.0. No replacement is provided.
See also
https://www.drupal.org/project/drupal/issues/3252439
\TYPO3\PharStreamWrapper\Interceptor\PharExtensionInterceptor
1 file declares its use of PharExtensionInterceptor
- DrupalKernel.php in core/
lib/ Drupal/ Core/ DrupalKernel.php
File
-
core/
lib/ Drupal/ Core/ Security/ PharExtensionInterceptor.php, line 20
Namespace
Drupal\Core\SecurityView source
class PharExtensionInterceptor implements Assertable {
/**
* Determines whether phar file is allowed to execute.
*
* The phar file is allowed to execute if:
* - the base file name has a ".phar" suffix.
* - it is the CLI tool that has invoked the interceptor.
*
* @param string $path
* The path of the phar file to check.
* @param string $command
* The command being carried out.
*
* @return bool
* TRUE if the phar file is allowed to execute.
*
* @throws \TYPO3\PharStreamWrapper\Exception
* Thrown when the file is not allowed to execute.
*/
public function assert(string $path, string $command) : bool {
if ($this->baseFileContainsPharExtension($path)) {
return TRUE;
}
throw new Exception(sprintf('Unexpected file extension in "%s"', $path), 1535198703);
}
/**
* Determines if a path has a .phar extension or invoked execution.
*
* @param string $path
* The path of the phar file to check.
*
* @return bool
* TRUE if the file has a .phar extension or if the execution has been
* invoked by the phar file.
*/
private function baseFileContainsPharExtension($path) {
$baseFile = Helper::determineBaseFile($path);
if ($baseFile === NULL) {
return FALSE;
}
// If the stream wrapper is registered by invoking a phar file that does
// not have .phar extension then this should be allowed. For example, some
// CLI tools recommend removing the extension.
$backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
// Find the last entry in the backtrace containing a 'file' key as
// sometimes the last caller is executed outside the scope of a file. For
// example, this occurs with shutdown functions.
do {
$caller = array_pop($backtrace);
} while (empty($caller['file']) && !empty($backtrace));
if (isset($caller['file']) && $baseFile === Helper::determineBaseFile($caller['file'])) {
return TRUE;
}
$fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION);
return strtolower($fileExtension) === 'phar';
}
}
Members
Title Sort descending | Modifiers | Object type | Summary |
---|---|---|---|
PharExtensionInterceptor::assert | public | function | Determines whether phar file is allowed to execute. |
PharExtensionInterceptor::baseFileContainsPharExtension | private | function | Determines if a path has a .phar extension or invoked execution. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.