[TASK] Escape and clean code

This commit is contained in:
Daniel Huf 2017-12-14 19:08:22 +01:00
parent 26aa55e3ff
commit 9b710aa921

View file

@ -3,12 +3,13 @@
namespace Saccas\Mjml\View; namespace Saccas\Mjml\View;
use TYPO3\CMS\Core\Utility\GeneralUtility; use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Extbase\Mvc\Cli\Command;
use TYPO3\CMS\Fluid\View\StandaloneView; use TYPO3\CMS\Fluid\View\StandaloneView;
use TYPO3\CMS\Core\Utility\CommandUtility; use TYPO3\CMS\Core\Utility\CommandUtility;
class MjmlBasedView extends StandaloneView class MjmlBasedView extends StandaloneView
{ {
function render() function render($actionName = null)
{ {
return $this->getHtmlFromMjml(parent::render()); return $this->getHtmlFromMjml(parent::render());
} }
@ -18,17 +19,34 @@ class MjmlBasedView extends StandaloneView
$configuration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['mjml']); $configuration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['mjml']);
$temporaryMjmlFileWithPath = GeneralUtility::tempnam('mjml_', '.mjml'); $temporaryMjmlFileWithPath = GeneralUtility::tempnam('mjml_', '.mjml');
$mjmlFile = fopen($temporaryMjmlFileWithPath, 'w');
fwrite($mjmlFile, $mjml); GeneralUtility::writeFileToTypo3tempDir($temporaryMjmlFileWithPath, $mjml);
fclose($mjmlFile);
// see https://mjml.io/download and https://www.npmjs.com/package/mjml-cli // see https://mjml.io/download and https://www.npmjs.com/package/mjml-cli
$cmd = $configuration['nodeBinaryPath'] . ' ' . $configuration['mjmlBinaryPath'] . $configuration['mjmlBinary'] .' ' . $configuration['mjmlParams'] . ' ' . $temporaryMjmlFileWithPath; $cmd = $configuration['nodeBinaryPath'] . ' ' . $configuration['mjmlBinaryPath'] . $configuration['mjmlBinary'];
$args = $configuration['mjmlParams'] . ' ' . $temporaryMjmlFileWithPath;
$result = []; $result = [];
$returnValue = ''; $returnValue = '';
CommandUtility::exec($cmd, $result, $returnValue); CommandUtility::exec($this->getEscapedCommand($cmd, $args), $result, $returnValue);
GeneralUtility::unlink_tempfile($temporaryMjmlFileWithPath);
return implode('',$result); return implode('',$result);
} }
/**
* @param string $cmd
* @param string $args
* @return string
*/
private function getEscapedCommand(string $cmd, string $args) {
$escapedCmd = escapeshellcmd($cmd);
$argsArray = explode(' ', $args);
$escapedArgsArray = CommandUtility::escapeShellArguments($argsArray);
$escapedArgs = implode(' ', $escapedArgsArray);
return $escapedCmd . ' ' . $escapedArgs;
}
} }