From 9b710aa921e9432ade54a12f5ad5f73c468ea9d1 Mon Sep 17 00:00:00 2001 From: Daniel Huf Date: Thu, 14 Dec 2017 19:08:22 +0100 Subject: [PATCH] [TASK] Escape and clean code --- Classes/View/MjmlBasedView.php | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/Classes/View/MjmlBasedView.php b/Classes/View/MjmlBasedView.php index bfbd673..53fcce3 100644 --- a/Classes/View/MjmlBasedView.php +++ b/Classes/View/MjmlBasedView.php @@ -3,12 +3,13 @@ namespace Saccas\Mjml\View; use TYPO3\CMS\Core\Utility\GeneralUtility; +use TYPO3\CMS\Extbase\Mvc\Cli\Command; use TYPO3\CMS\Fluid\View\StandaloneView; use TYPO3\CMS\Core\Utility\CommandUtility; class MjmlBasedView extends StandaloneView { - function render() + function render($actionName = null) { return $this->getHtmlFromMjml(parent::render()); } @@ -18,17 +19,34 @@ class MjmlBasedView extends StandaloneView $configuration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['mjml']); $temporaryMjmlFileWithPath = GeneralUtility::tempnam('mjml_', '.mjml'); - $mjmlFile = fopen($temporaryMjmlFileWithPath, 'w'); - fwrite($mjmlFile, $mjml); - fclose($mjmlFile); + + GeneralUtility::writeFileToTypo3tempDir($temporaryMjmlFileWithPath, $mjml); // see https://mjml.io/download and https://www.npmjs.com/package/mjml-cli - $cmd = $configuration['nodeBinaryPath'] . ' ' . $configuration['mjmlBinaryPath'] . $configuration['mjmlBinary'] .' ' . $configuration['mjmlParams'] . ' ' . $temporaryMjmlFileWithPath; + $cmd = $configuration['nodeBinaryPath'] . ' ' . $configuration['mjmlBinaryPath'] . $configuration['mjmlBinary']; + $args = $configuration['mjmlParams'] . ' ' . $temporaryMjmlFileWithPath; $result = []; $returnValue = ''; - CommandUtility::exec($cmd, $result, $returnValue); + CommandUtility::exec($this->getEscapedCommand($cmd, $args), $result, $returnValue); + + GeneralUtility::unlink_tempfile($temporaryMjmlFileWithPath); return implode('',$result); } + + /** + * @param string $cmd + * @param string $args + * @return string + */ + private function getEscapedCommand(string $cmd, string $args) { + $escapedCmd = escapeshellcmd($cmd); + + $argsArray = explode(' ', $args); + $escapedArgsArray = CommandUtility::escapeShellArguments($argsArray); + $escapedArgs = implode(' ', $escapedArgsArray); + + return $escapedCmd . ' ' . $escapedArgs; + } }