[TASK] Make extbase/Tests/Unit/Mvc/Web/RequestBuilderTest.php notice free
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Utility / GeneralUtility.php
1 <?php
2 namespace TYPO3\CMS\Core\Utility;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use GuzzleHttp\Exception\RequestException;
18 use Psr\Log\LoggerAwareInterface;
19 use Psr\Log\LoggerInterface;
20 use TYPO3\CMS\Core\Cache\CacheManager;
21 use TYPO3\CMS\Core\Core\ApplicationContext;
22 use TYPO3\CMS\Core\Core\ClassLoadingInformation;
23 use TYPO3\CMS\Core\Core\Environment;
24 use TYPO3\CMS\Core\Http\RequestFactory;
25 use TYPO3\CMS\Core\Log\LogLevel;
26 use TYPO3\CMS\Core\Log\LogManager;
27 use TYPO3\CMS\Core\Service\OpcodeCacheService;
28 use TYPO3\CMS\Core\SingletonInterface;
29 use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
30
31 /**
32 * The legendary "t3lib_div" class - Miscellaneous functions for general purpose.
33 * Most of the functions do not relate specifically to TYPO3
34 * However a section of functions requires certain TYPO3 features available
35 * See comments in the source.
36 * You are encouraged to use this library in your own scripts!
37 *
38 * USE:
39 * The class is intended to be used without creating an instance of it.
40 * So: Don't instantiate - call functions with "\TYPO3\CMS\Core\Utility\GeneralUtility::" prefixed the function name.
41 * So use \TYPO3\CMS\Core\Utility\GeneralUtility::[method-name] to refer to the functions, eg. '\TYPO3\CMS\Core\Utility\GeneralUtility::milliseconds()'
42 */
43 class GeneralUtility
44 {
45 // Severity constants used by \TYPO3\CMS\Core\Utility\GeneralUtility::devLog()
46 // @deprecated since TYPO3 CMS 9, will be removed in TYPO3 CMS 10.
47 const SYSLOG_SEVERITY_INFO = 0;
48 const SYSLOG_SEVERITY_NOTICE = 1;
49 const SYSLOG_SEVERITY_WARNING = 2;
50 const SYSLOG_SEVERITY_ERROR = 3;
51 const SYSLOG_SEVERITY_FATAL = 4;
52
53 const ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*';
54 const ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME';
55
56 /**
57 * State of host header value security check
58 * in order to avoid unnecessary multiple checks during one request
59 *
60 * @var bool
61 */
62 protected static $allowHostHeaderValue = false;
63
64 /**
65 * Singleton instances returned by makeInstance, using the class names as
66 * array keys
67 *
68 * @var array<\TYPO3\CMS\Core\SingletonInterface>
69 */
70 protected static $singletonInstances = [];
71
72 /**
73 * Instances returned by makeInstance, using the class names as array keys
74 *
75 * @var array<array><object>
76 */
77 protected static $nonSingletonInstances = [];
78
79 /**
80 * Cache for makeInstance with given class name and final class names to reduce number of self::getClassName() calls
81 *
82 * @var array Given class name => final class name
83 */
84 protected static $finalClassNameCache = [];
85
86 /**
87 * The application context
88 *
89 * @var \TYPO3\CMS\Core\Core\ApplicationContext
90 */
91 protected static $applicationContext = null;
92
93 /**
94 * IDNA string cache
95 *
96 * @var array<string>
97 */
98 protected static $idnaStringCache = [];
99
100 /**
101 * IDNA converter
102 *
103 * @var \Mso\IdnaConvert\IdnaConvert
104 */
105 protected static $idnaConverter = null;
106
107 /**
108 * A list of supported CGI server APIs
109 * NOTICE: This is a duplicate of the SAME array in SystemEnvironmentBuilder
110 * @var array
111 */
112 protected static $supportedCgiServerApis = [
113 'fpm-fcgi',
114 'cgi',
115 'isapi',
116 'cgi-fcgi',
117 'srv', // HHVM with fastcgi
118 ];
119
120 /**
121 * @var array
122 */
123 protected static $indpEnvCache = [];
124
125 /*************************
126 *
127 * GET/POST Variables
128 *
129 * Background:
130 * Input GET/POST variables in PHP may have their quotes escaped with "\" or not depending on configuration.
131 * TYPO3 has always converted quotes to BE escaped if the configuration told that they would not be so.
132 * But the clean solution is that quotes are never escaped and that is what the functions below offers.
133 * Eventually TYPO3 should provide this in the global space as well.
134 * In the transitional phase (or forever..?) we need to encourage EVERY to read and write GET/POST vars through the API functions below.
135 * This functionality was previously needed to normalize between magic quotes logic, which was removed from PHP 5.4,
136 * so these methods are still in use, but not tackle the slash problem anymore.
137 *
138 *************************/
139 /**
140 * Returns the 'GLOBAL' value of incoming data from POST or GET, with priority to POST (that is equalent to 'GP' order)
141 * To enhance security in your scripts, please consider using GeneralUtility::_GET or GeneralUtility::_POST if you already
142 * know by which method your data is arriving to the scripts!
143 *
144 * @param string $var GET/POST var to return
145 * @return mixed POST var named $var and if not set, the GET var of the same name.
146 */
147 public static function _GP($var)
148 {
149 if (empty($var)) {
150 return;
151 }
152 if (isset($_POST[$var])) {
153 $value = $_POST[$var];
154 } elseif (isset($_GET[$var])) {
155 $value = $_GET[$var];
156 } else {
157 $value = null;
158 }
159 // This is there for backwards-compatibility, in order to avoid NULL
160 if (isset($value) && !is_array($value)) {
161 $value = (string)$value;
162 }
163 return $value;
164 }
165
166 /**
167 * Returns the global arrays $_GET and $_POST merged with $_POST taking precedence.
168 *
169 * @param string $parameter Key (variable name) from GET or POST vars
170 * @return array Returns the GET vars merged recursively onto the POST vars.
171 */
172 public static function _GPmerged($parameter)
173 {
174 $postParameter = isset($_POST[$parameter]) && is_array($_POST[$parameter]) ? $_POST[$parameter] : [];
175 $getParameter = isset($_GET[$parameter]) && is_array($_GET[$parameter]) ? $_GET[$parameter] : [];
176 $mergedParameters = $getParameter;
177 ArrayUtility::mergeRecursiveWithOverrule($mergedParameters, $postParameter);
178 return $mergedParameters;
179 }
180
181 /**
182 * Returns the global $_GET array (or value from) normalized to contain un-escaped values.
183 * ALWAYS use this API function to acquire the GET variables!
184 * This function was previously used to normalize between magic quotes logic, which was removed from PHP 5.5
185 *
186 * @param string $var Optional pointer to value in GET array (basically name of GET var)
187 * @return mixed If $var is set it returns the value of $_GET[$var]. If $var is NULL (default), returns $_GET itself. In any case *slashes are stipped from the output!*
188 * @see _POST(), _GP(), _GETset()
189 */
190 public static function _GET($var = null)
191 {
192 $value = $var === null ? $_GET : (empty($var) ? null : $_GET[$var]);
193 // This is there for backwards-compatibility, in order to avoid NULL
194 if (isset($value) && !is_array($value)) {
195 $value = (string)$value;
196 }
197 return $value;
198 }
199
200 /**
201 * Returns the global $_POST array (or value from) normalized to contain un-escaped values.
202 * ALWAYS use this API function to acquire the $_POST variables!
203 *
204 * @param string $var Optional pointer to value in POST array (basically name of POST var)
205 * @return mixed If $var is set it returns the value of $_POST[$var]. If $var is NULL (default), returns $_POST itself. In any case *slashes are stipped from the output!*
206 * @see _GET(), _GP()
207 */
208 public static function _POST($var = null)
209 {
210 $value = $var === null ? $_POST : (empty($var) || !isset($_POST[$var]) ? null : $_POST[$var]);
211 // This is there for backwards-compatibility, in order to avoid NULL
212 if (isset($value) && !is_array($value)) {
213 $value = (string)$value;
214 }
215 return $value;
216 }
217
218 /**
219 * Writes input value to $_GET.
220 *
221 * @param mixed $inputGet
222 * @param string $key
223 */
224 public static function _GETset($inputGet, $key = '')
225 {
226 if ($key != '') {
227 if (strpos($key, '|') !== false) {
228 $pieces = explode('|', $key);
229 $newGet = [];
230 $pointer = &$newGet;
231 foreach ($pieces as $piece) {
232 $pointer = &$pointer[$piece];
233 }
234 $pointer = $inputGet;
235 $mergedGet = $_GET;
236 ArrayUtility::mergeRecursiveWithOverrule($mergedGet, $newGet);
237 $_GET = $mergedGet;
238 $GLOBALS['HTTP_GET_VARS'] = $mergedGet;
239 } else {
240 $_GET[$key] = $inputGet;
241 $GLOBALS['HTTP_GET_VARS'][$key] = $inputGet;
242 }
243 } elseif (is_array($inputGet)) {
244 $_GET = $inputGet;
245 $GLOBALS['HTTP_GET_VARS'] = $inputGet;
246 }
247 }
248
249 /*************************
250 *
251 * STRING FUNCTIONS
252 *
253 *************************/
254 /**
255 * Truncates a string with appended/prepended "..." and takes current character set into consideration.
256 *
257 * @param string $string String to truncate
258 * @param int $chars Must be an integer with an absolute value of at least 4. if negative the string is cropped from the right end.
259 * @param string $appendString Appendix to the truncated string
260 * @return string Cropped string
261 */
262 public static function fixed_lgd_cs($string, $chars, $appendString = '...')
263 {
264 if ((int)$chars === 0 || mb_strlen($string, 'utf-8') <= abs($chars)) {
265 return $string;
266 }
267 if ($chars > 0) {
268 $string = mb_substr($string, 0, $chars, 'utf-8') . $appendString;
269 } else {
270 $string = $appendString . mb_substr($string, $chars, mb_strlen($string, 'utf-8'), 'utf-8');
271 }
272 return $string;
273 }
274
275 /**
276 * Match IP number with list of numbers with wildcard
277 * Dispatcher method for switching into specialised IPv4 and IPv6 methods.
278 *
279 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
280 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168). If list is "*" no check is done and the function returns TRUE immediately. An empty list always returns FALSE.
281 * @return bool TRUE if an IP-mask from $list matches $baseIP
282 */
283 public static function cmpIP($baseIP, $list)
284 {
285 $list = trim($list);
286 if ($list === '') {
287 return false;
288 }
289 if ($list === '*') {
290 return true;
291 }
292 if (strpos($baseIP, ':') !== false && self::validIPv6($baseIP)) {
293 return self::cmpIPv6($baseIP, $list);
294 }
295 return self::cmpIPv4($baseIP, $list);
296 }
297
298 /**
299 * Match IPv4 number with list of numbers with wildcard
300 *
301 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
302 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168), could also contain IPv6 addresses
303 * @return bool TRUE if an IP-mask from $list matches $baseIP
304 */
305 public static function cmpIPv4($baseIP, $list)
306 {
307 $IPpartsReq = explode('.', $baseIP);
308 if (count($IPpartsReq) === 4) {
309 $values = self::trimExplode(',', $list, true);
310 foreach ($values as $test) {
311 $testList = explode('/', $test);
312 if (count($testList) === 2) {
313 list($test, $mask) = $testList;
314 } else {
315 $mask = false;
316 }
317 if ((int)$mask) {
318 // "192.168.3.0/24"
319 $lnet = ip2long($test);
320 $lip = ip2long($baseIP);
321 $binnet = str_pad(decbin($lnet), 32, '0', STR_PAD_LEFT);
322 $firstpart = substr($binnet, 0, $mask);
323 $binip = str_pad(decbin($lip), 32, '0', STR_PAD_LEFT);
324 $firstip = substr($binip, 0, $mask);
325 $yes = $firstpart === $firstip;
326 } else {
327 // "192.168.*.*"
328 $IPparts = explode('.', $test);
329 $yes = 1;
330 foreach ($IPparts as $index => $val) {
331 $val = trim($val);
332 if ($val !== '*' && $IPpartsReq[$index] !== $val) {
333 $yes = 0;
334 }
335 }
336 }
337 if ($yes) {
338 return true;
339 }
340 }
341 }
342 return false;
343 }
344
345 /**
346 * Match IPv6 address with a list of IPv6 prefixes
347 *
348 * @param string $baseIP Is the current remote IP address for instance
349 * @param string $list Is a comma-list of IPv6 prefixes, could also contain IPv4 addresses
350 * @return bool TRUE If an baseIP matches any prefix
351 */
352 public static function cmpIPv6($baseIP, $list)
353 {
354 // Policy default: Deny connection
355 $success = false;
356 $baseIP = self::normalizeIPv6($baseIP);
357 $values = self::trimExplode(',', $list, true);
358 foreach ($values as $test) {
359 $testList = explode('/', $test);
360 if (count($testList) === 2) {
361 list($test, $mask) = $testList;
362 } else {
363 $mask = false;
364 }
365 if (self::validIPv6($test)) {
366 $test = self::normalizeIPv6($test);
367 $maskInt = (int)$mask ?: 128;
368 // Special case; /0 is an allowed mask - equals a wildcard
369 if ($mask === '0') {
370 $success = true;
371 } elseif ($maskInt == 128) {
372 $success = $test === $baseIP;
373 } else {
374 $testBin = self::IPv6Hex2Bin($test);
375 $baseIPBin = self::IPv6Hex2Bin($baseIP);
376 $success = true;
377 // Modulo is 0 if this is a 8-bit-boundary
378 $maskIntModulo = $maskInt % 8;
379 $numFullCharactersUntilBoundary = (int)($maskInt / 8);
380 if (substr($testBin, 0, $numFullCharactersUntilBoundary) !== substr($baseIPBin, 0, $numFullCharactersUntilBoundary)) {
381 $success = false;
382 } elseif ($maskIntModulo > 0) {
383 // If not an 8-bit-boundary, check bits of last character
384 $testLastBits = str_pad(decbin(ord(substr($testBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
385 $baseIPLastBits = str_pad(decbin(ord(substr($baseIPBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
386 if (strncmp($testLastBits, $baseIPLastBits, $maskIntModulo) != 0) {
387 $success = false;
388 }
389 }
390 }
391 }
392 if ($success) {
393 return true;
394 }
395 }
396 return false;
397 }
398
399 /**
400 * Transform a regular IPv6 address from hex-representation into binary
401 *
402 * @param string $hex IPv6 address in hex-presentation
403 * @return string Binary representation (16 characters, 128 characters)
404 * @see IPv6Bin2Hex()
405 */
406 public static function IPv6Hex2Bin($hex)
407 {
408 return inet_pton($hex);
409 }
410
411 /**
412 * Transform an IPv6 address from binary to hex-representation
413 *
414 * @param string $bin IPv6 address in hex-presentation
415 * @return string Binary representation (16 characters, 128 characters)
416 * @see IPv6Hex2Bin()
417 */
418 public static function IPv6Bin2Hex($bin)
419 {
420 return inet_ntop($bin);
421 }
422
423 /**
424 * Normalize an IPv6 address to full length
425 *
426 * @param string $address Given IPv6 address
427 * @return string Normalized address
428 * @see compressIPv6()
429 */
430 public static function normalizeIPv6($address)
431 {
432 $normalizedAddress = '';
433 $stageOneAddress = '';
434 // According to RFC lowercase-representation is recommended
435 $address = strtolower($address);
436 // Normalized representation has 39 characters (0000:0000:0000:0000:0000:0000:0000:0000)
437 if (strlen($address) === 39) {
438 // Already in full expanded form
439 return $address;
440 }
441 // Count 2 if if address has hidden zero blocks
442 $chunks = explode('::', $address);
443 if (count($chunks) === 2) {
444 $chunksLeft = explode(':', $chunks[0]);
445 $chunksRight = explode(':', $chunks[1]);
446 $left = count($chunksLeft);
447 $right = count($chunksRight);
448 // Special case: leading zero-only blocks count to 1, should be 0
449 if ($left === 1 && strlen($chunksLeft[0]) === 0) {
450 $left = 0;
451 }
452 $hiddenBlocks = 8 - ($left + $right);
453 $hiddenPart = '';
454 $h = 0;
455 while ($h < $hiddenBlocks) {
456 $hiddenPart .= '0000:';
457 $h++;
458 }
459 if ($left === 0) {
460 $stageOneAddress = $hiddenPart . $chunks[1];
461 } else {
462 $stageOneAddress = $chunks[0] . ':' . $hiddenPart . $chunks[1];
463 }
464 } else {
465 $stageOneAddress = $address;
466 }
467 // Normalize the blocks:
468 $blocks = explode(':', $stageOneAddress);
469 $divCounter = 0;
470 foreach ($blocks as $block) {
471 $tmpBlock = '';
472 $i = 0;
473 $hiddenZeros = 4 - strlen($block);
474 while ($i < $hiddenZeros) {
475 $tmpBlock .= '0';
476 $i++;
477 }
478 $normalizedAddress .= $tmpBlock . $block;
479 if ($divCounter < 7) {
480 $normalizedAddress .= ':';
481 $divCounter++;
482 }
483 }
484 return $normalizedAddress;
485 }
486
487 /**
488 * Compress an IPv6 address to the shortest notation
489 *
490 * @param string $address Given IPv6 address
491 * @return string Compressed address
492 * @see normalizeIPv6()
493 */
494 public static function compressIPv6($address)
495 {
496 return inet_ntop(inet_pton($address));
497 }
498
499 /**
500 * Validate a given IP address.
501 *
502 * Possible format are IPv4 and IPv6.
503 *
504 * @param string $ip IP address to be tested
505 * @return bool TRUE if $ip is either of IPv4 or IPv6 format.
506 */
507 public static function validIP($ip)
508 {
509 return filter_var($ip, FILTER_VALIDATE_IP) !== false;
510 }
511
512 /**
513 * Validate a given IP address to the IPv4 address format.
514 *
515 * Example for possible format: 10.0.45.99
516 *
517 * @param string $ip IP address to be tested
518 * @return bool TRUE if $ip is of IPv4 format.
519 */
520 public static function validIPv4($ip)
521 {
522 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
523 }
524
525 /**
526 * Validate a given IP address to the IPv6 address format.
527 *
528 * Example for possible format: 43FB::BB3F:A0A0:0 | ::1
529 *
530 * @param string $ip IP address to be tested
531 * @return bool TRUE if $ip is of IPv6 format.
532 */
533 public static function validIPv6($ip)
534 {
535 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
536 }
537
538 /**
539 * Match fully qualified domain name with list of strings with wildcard
540 *
541 * @param string $baseHost A hostname or an IPv4/IPv6-address (will by reverse-resolved; typically REMOTE_ADDR)
542 * @param string $list A comma-list of domain names to match with. *-wildcard allowed but cannot be part of a string, so it must match the full host name (eg. myhost.*.com => correct, myhost.*domain.com => wrong)
543 * @return bool TRUE if a domain name mask from $list matches $baseIP
544 */
545 public static function cmpFQDN($baseHost, $list)
546 {
547 $baseHost = trim($baseHost);
548 if (empty($baseHost)) {
549 return false;
550 }
551 if (self::validIPv4($baseHost) || self::validIPv6($baseHost)) {
552 // Resolve hostname
553 // Note: this is reverse-lookup and can be randomly set as soon as somebody is able to set
554 // the reverse-DNS for his IP (security when for example used with REMOTE_ADDR)
555 $baseHostName = gethostbyaddr($baseHost);
556 if ($baseHostName === $baseHost) {
557 // Unable to resolve hostname
558 return false;
559 }
560 } else {
561 $baseHostName = $baseHost;
562 }
563 $baseHostNameParts = explode('.', $baseHostName);
564 $values = self::trimExplode(',', $list, true);
565 foreach ($values as $test) {
566 $hostNameParts = explode('.', $test);
567 // To match hostNameParts can only be shorter (in case of wildcards) or equal
568 $hostNamePartsCount = count($hostNameParts);
569 $baseHostNamePartsCount = count($baseHostNameParts);
570 if ($hostNamePartsCount > $baseHostNamePartsCount) {
571 continue;
572 }
573 $yes = true;
574 foreach ($hostNameParts as $index => $val) {
575 $val = trim($val);
576 if ($val === '*') {
577 // Wildcard valid for one or more hostname-parts
578 $wildcardStart = $index + 1;
579 // Wildcard as last/only part always matches, otherwise perform recursive checks
580 if ($wildcardStart < $hostNamePartsCount) {
581 $wildcardMatched = false;
582 $tempHostName = implode('.', array_slice($hostNameParts, $index + 1));
583 while ($wildcardStart < $baseHostNamePartsCount && !$wildcardMatched) {
584 $tempBaseHostName = implode('.', array_slice($baseHostNameParts, $wildcardStart));
585 $wildcardMatched = self::cmpFQDN($tempBaseHostName, $tempHostName);
586 $wildcardStart++;
587 }
588 if ($wildcardMatched) {
589 // Match found by recursive compare
590 return true;
591 }
592 $yes = false;
593 }
594 } elseif ($baseHostNameParts[$index] !== $val) {
595 // In case of no match
596 $yes = false;
597 }
598 }
599 if ($yes) {
600 return true;
601 }
602 }
603 return false;
604 }
605
606 /**
607 * Checks if a given URL matches the host that currently handles this HTTP request.
608 * Scheme, hostname and (optional) port of the given URL are compared.
609 *
610 * @param string $url URL to compare with the TYPO3 request host
611 * @return bool Whether the URL matches the TYPO3 request host
612 */
613 public static function isOnCurrentHost($url)
614 {
615 return stripos($url . '/', self::getIndpEnv('TYPO3_REQUEST_HOST') . '/') === 0;
616 }
617
618 /**
619 * Check for item in list
620 * Check if an item exists in a comma-separated list of items.
621 *
622 * @param string $list Comma-separated list of items (string)
623 * @param string $item Item to check for
624 * @return bool TRUE if $item is in $list
625 */
626 public static function inList($list, $item)
627 {
628 return strpos(',' . $list . ',', ',' . $item . ',') !== false;
629 }
630
631 /**
632 * Removes an item from a comma-separated list of items.
633 *
634 * If $element contains a comma, the behaviour of this method is undefined.
635 * Empty elements in the list are preserved.
636 *
637 * @param string $element Element to remove
638 * @param string $list Comma-separated list of items (string)
639 * @return string New comma-separated list of items
640 */
641 public static function rmFromList($element, $list)
642 {
643 $items = explode(',', $list);
644 foreach ($items as $k => $v) {
645 if ($v == $element) {
646 unset($items[$k]);
647 }
648 }
649 return implode(',', $items);
650 }
651
652 /**
653 * Expand a comma-separated list of integers with ranges (eg 1,3-5,7 becomes 1,3,4,5,7).
654 * Ranges are limited to 1000 values per range.
655 *
656 * @param string $list Comma-separated list of integers with ranges (string)
657 * @return string New comma-separated list of items
658 */
659 public static function expandList($list)
660 {
661 $items = explode(',', $list);
662 $list = [];
663 foreach ($items as $item) {
664 $range = explode('-', $item);
665 if (isset($range[1])) {
666 $runAwayBrake = 1000;
667 for ($n = $range[0]; $n <= $range[1]; $n++) {
668 $list[] = $n;
669 $runAwayBrake--;
670 if ($runAwayBrake <= 0) {
671 break;
672 }
673 }
674 } else {
675 $list[] = $item;
676 }
677 }
678 return implode(',', $list);
679 }
680
681 /**
682 * Makes a positive integer hash out of the first 7 chars from the md5 hash of the input
683 *
684 * @param string $str String to md5-hash
685 * @return int Returns 28bit integer-hash
686 */
687 public static function md5int($str)
688 {
689 return hexdec(substr(md5($str), 0, 7));
690 }
691
692 /**
693 * Returns the first 10 positions of the MD5-hash (changed from 6 to 10 recently)
694 *
695 * @param string $input Input string to be md5-hashed
696 * @param int $len The string-length of the output
697 * @return string Substring of the resulting md5-hash, being $len chars long (from beginning)
698 */
699 public static function shortMD5($input, $len = 10)
700 {
701 return substr(md5($input), 0, $len);
702 }
703
704 /**
705 * Returns a proper HMAC on a given input string and secret TYPO3 encryption key.
706 *
707 * @param string $input Input string to create HMAC from
708 * @param string $additionalSecret additionalSecret to prevent hmac being used in a different context
709 * @return string resulting (hexadecimal) HMAC currently with a length of 40 (HMAC-SHA-1)
710 */
711 public static function hmac($input, $additionalSecret = '')
712 {
713 $hashAlgorithm = 'sha1';
714 $hashBlocksize = 64;
715 $secret = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . $additionalSecret;
716 if (extension_loaded('hash') && function_exists('hash_hmac') && function_exists('hash_algos') && in_array($hashAlgorithm, hash_algos())) {
717 $hmac = hash_hmac($hashAlgorithm, $input, $secret);
718 } else {
719 // Outer padding
720 $opad = str_repeat(chr(92), $hashBlocksize);
721 // Inner padding
722 $ipad = str_repeat(chr(54), $hashBlocksize);
723 if (strlen($secret) > $hashBlocksize) {
724 // Keys longer than block size are shorten
725 $key = str_pad(pack('H*', call_user_func($hashAlgorithm, $secret)), $hashBlocksize, chr(0));
726 } else {
727 // Keys shorter than block size are zero-padded
728 $key = str_pad($secret, $hashBlocksize, chr(0));
729 }
730 $hmac = call_user_func($hashAlgorithm, ($key ^ $opad) . pack('H*', call_user_func(
731 $hashAlgorithm,
732 ($key ^ $ipad) . $input
733 )));
734 }
735 return $hmac;
736 }
737
738 /**
739 * Takes comma-separated lists and arrays and removes all duplicates
740 * If a value in the list is trim(empty), the value is ignored.
741 *
742 * @param string $in_list Accept multiple parameters which can be comma-separated lists of values and arrays.
743 * @param mixed $secondParameter Dummy field, which if set will show a warning!
744 * @return string Returns the list without any duplicates of values, space around values are trimmed
745 */
746 public static function uniqueList($in_list, $secondParameter = null)
747 {
748 if (is_array($in_list)) {
749 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support array arguments anymore! Only string comma lists!', 1270853885);
750 }
751 if (isset($secondParameter)) {
752 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support more than a single argument value anymore. You have specified more than one!', 1270853886);
753 }
754 return implode(',', array_unique(self::trimExplode(',', $in_list, true)));
755 }
756
757 /**
758 * Splits a reference to a file in 5 parts
759 *
760 * @param string $fileNameWithPath File name with path to be analysed (must exist if open_basedir is set)
761 * @return array Contains keys [path], [file], [filebody], [fileext], [realFileext]
762 */
763 public static function split_fileref($fileNameWithPath)
764 {
765 $reg = [];
766 if (preg_match('/(.*\\/)(.*)$/', $fileNameWithPath, $reg)) {
767 $info['path'] = $reg[1];
768 $info['file'] = $reg[2];
769 } else {
770 $info['path'] = '';
771 $info['file'] = $fileNameWithPath;
772 }
773 $reg = '';
774 // If open_basedir is set and the fileName was supplied without a path the is_dir check fails
775 if (!is_dir($fileNameWithPath) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {
776 $info['filebody'] = $reg[1];
777 $info['fileext'] = strtolower($reg[2]);
778 $info['realFileext'] = $reg[2];
779 } else {
780 $info['filebody'] = $info['file'];
781 $info['fileext'] = '';
782 }
783 reset($info);
784 return $info;
785 }
786
787 /**
788 * Returns the directory part of a path without trailing slash
789 * If there is no dir-part, then an empty string is returned.
790 * Behaviour:
791 *
792 * '/dir1/dir2/script.php' => '/dir1/dir2'
793 * '/dir1/' => '/dir1'
794 * 'dir1/script.php' => 'dir1'
795 * 'd/script.php' => 'd'
796 * '/script.php' => ''
797 * '' => ''
798 *
799 * @param string $path Directory name / path
800 * @return string Processed input value. See function description.
801 */
802 public static function dirname($path)
803 {
804 $p = self::revExplode('/', $path, 2);
805 return count($p) === 2 ? $p[0] : '';
806 }
807
808 /**
809 * Returns TRUE if the first part of $str matches the string $partStr
810 *
811 * @param string $str Full string to check
812 * @param string $partStr Reference string which must be found as the "first part" of the full string
813 * @return bool TRUE if $partStr was found to be equal to the first part of $str
814 */
815 public static function isFirstPartOfStr($str, $partStr)
816 {
817 return $partStr != '' && strpos((string)$str, (string)$partStr, 0) === 0;
818 }
819
820 /**
821 * Formats the input integer $sizeInBytes as bytes/kilobytes/megabytes (-/K/M)
822 *
823 * @param int $sizeInBytes Number of bytes to format.
824 * @param string $labels Binary unit name "iec", decimal unit name "si" or labels for bytes, kilo, mega, giga, and so on separated by vertical bar (|) and possibly encapsulated in "". Eg: " | K| M| G". Defaults to "iec".
825 * @param int $base The unit base if not using a unit name. Defaults to 1024.
826 * @return string Formatted representation of the byte number, for output.
827 */
828 public static function formatSize($sizeInBytes, $labels = '', $base = 0)
829 {
830 $defaultFormats = [
831 'iec' => ['base' => 1024, 'labels' => [' ', ' Ki', ' Mi', ' Gi', ' Ti', ' Pi', ' Ei', ' Zi', ' Yi']],
832 'si' => ['base' => 1000, 'labels' => [' ', ' k', ' M', ' G', ' T', ' P', ' E', ' Z', ' Y']],
833 ];
834 // Set labels and base:
835 if (empty($labels)) {
836 $labels = 'iec';
837 }
838 if (isset($defaultFormats[$labels])) {
839 $base = $defaultFormats[$labels]['base'];
840 $labelArr = $defaultFormats[$labels]['labels'];
841 } else {
842 $base = (int)$base;
843 if ($base !== 1000 && $base !== 1024) {
844 $base = 1024;
845 }
846 $labelArr = explode('|', str_replace('"', '', $labels));
847 }
848 // @todo find out which locale is used for current BE user to cover the BE case as well
849 $oldLocale = setlocale(LC_NUMERIC, 0);
850 $newLocale = isset($GLOBALS['TSFE']) ? $GLOBALS['TSFE']->config['config']['locale_all'] : '';
851 if ($newLocale) {
852 setlocale(LC_NUMERIC, $newLocale);
853 }
854 $localeInfo = localeconv();
855 if ($newLocale) {
856 setlocale(LC_NUMERIC, $oldLocale);
857 }
858 $sizeInBytes = max($sizeInBytes, 0);
859 $multiplier = floor(($sizeInBytes ? log($sizeInBytes) : 0) / log($base));
860 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
861 if ($sizeInUnits > ($base * .9)) {
862 $multiplier++;
863 }
864 $multiplier = min($multiplier, count($labelArr) - 1);
865 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
866 return number_format($sizeInUnits, (($multiplier > 0) && ($sizeInUnits < 20)) ? 2 : 0, $localeInfo['decimal_point'], '') . $labelArr[$multiplier];
867 }
868
869 /**
870 * This splits a string by the chars in $operators (typical /+-*) and returns an array with them in
871 *
872 * @param string $string Input string, eg "123 + 456 / 789 - 4
873 * @param string $operators Operators to split by, typically "/+-*
874 * @return array Array with operators and operands separated.
875 * @see \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::calc(), \TYPO3\CMS\Frontend\Imaging\GifBuilder::calcOffset()
876 */
877 public static function splitCalc($string, $operators)
878 {
879 $res = [];
880 $sign = '+';
881 while ($string) {
882 $valueLen = strcspn($string, $operators);
883 $value = substr($string, 0, $valueLen);
884 $res[] = [$sign, trim($value)];
885 $sign = substr($string, $valueLen, 1);
886 $string = substr($string, $valueLen + 1);
887 }
888 reset($res);
889 return $res;
890 }
891
892 /**
893 * Checking syntax of input email address
894 *
895 * http://tools.ietf.org/html/rfc3696
896 * International characters are allowed in email. So the whole address needs
897 * to be converted to punicode before passing it to filter_var(). We convert
898 * the user- and domain part separately to increase the chance of hitting an
899 * entry in self::$idnaStringCache.
900 *
901 * Also the @ sign may appear multiple times in an address. If not used as
902 * a boundary marker between the user- and domain part, it must be escaped
903 * with a backslash: \@. This mean we can not just explode on the @ sign and
904 * expect to get just two parts. So we pop off the domain and then glue the
905 * rest together again.
906 *
907 * @param string $email Input string to evaluate
908 * @return bool Returns TRUE if the $email address (input string) is valid
909 */
910 public static function validEmail($email)
911 {
912 // Early return in case input is not a string
913 if (!is_string($email)) {
914 return false;
915 }
916 $atPosition = strrpos($email, '@');
917 if (!$atPosition || $atPosition + 1 === strlen($email)) {
918 // Return if no @ found or it is placed at the very beginning or end of the email
919 return false;
920 }
921 $domain = substr($email, $atPosition + 1);
922 $user = substr($email, 0, $atPosition);
923 if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
924 try {
925 $domain = self::idnaEncode($domain);
926 } catch (\InvalidArgumentException $exception) {
927 return false;
928 }
929 }
930 return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== false;
931 }
932
933 /**
934 * Returns an ASCII string (punicode) representation of $value
935 *
936 * @param string $value
937 * @return string An ASCII encoded (punicode) string
938 */
939 public static function idnaEncode($value)
940 {
941 if (isset(self::$idnaStringCache[$value])) {
942 return self::$idnaStringCache[$value];
943 }
944 if (!self::$idnaConverter) {
945 self::$idnaConverter = new \Mso\IdnaConvert\IdnaConvert(['idn_version' => 2008]);
946 }
947 self::$idnaStringCache[$value] = self::$idnaConverter->encode($value);
948 return self::$idnaStringCache[$value];
949 }
950
951 /**
952 * Returns a given string with underscores as UpperCamelCase.
953 * Example: Converts blog_example to BlogExample
954 *
955 * @param string $string String to be converted to camel case
956 * @return string UpperCamelCasedWord
957 */
958 public static function underscoredToUpperCamelCase($string)
959 {
960 return str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string))));
961 }
962
963 /**
964 * Returns a given string with underscores as lowerCamelCase.
965 * Example: Converts minimal_value to minimalValue
966 *
967 * @param string $string String to be converted to camel case
968 * @return string lowerCamelCasedWord
969 */
970 public static function underscoredToLowerCamelCase($string)
971 {
972 return lcfirst(str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string)))));
973 }
974
975 /**
976 * Returns a given CamelCasedString as an lowercase string with underscores.
977 * Example: Converts BlogExample to blog_example, and minimalValue to minimal_value
978 *
979 * @param string $string String to be converted to lowercase underscore
980 * @return string lowercase_and_underscored_string
981 */
982 public static function camelCaseToLowerCaseUnderscored($string)
983 {
984 $value = preg_replace('/(?<=\\w)([A-Z])/', '_\\1', $string);
985 return mb_strtolower($value, 'utf-8');
986 }
987
988 /**
989 * Checks if a given string is a Uniform Resource Locator (URL).
990 *
991 * On seriously malformed URLs, parse_url may return FALSE and emit an
992 * E_WARNING.
993 *
994 * filter_var() requires a scheme to be present.
995 *
996 * http://www.faqs.org/rfcs/rfc2396.html
997 * Scheme names consist of a sequence of characters beginning with a
998 * lower case letter and followed by any combination of lower case letters,
999 * digits, plus ("+"), period ("."), or hyphen ("-"). For resiliency,
1000 * programs interpreting URI should treat upper case letters as equivalent to
1001 * lower case in scheme names (e.g., allow "HTTP" as well as "http").
1002 * scheme = alpha *( alpha | digit | "+" | "-" | "." )
1003 *
1004 * Convert the domain part to punicode if it does not look like a regular
1005 * domain name. Only the domain part because RFC3986 specifies the the rest of
1006 * the url may not contain special characters:
1007 * http://tools.ietf.org/html/rfc3986#appendix-A
1008 *
1009 * @param string $url The URL to be validated
1010 * @return bool Whether the given URL is valid
1011 */
1012 public static function isValidUrl($url)
1013 {
1014 $parsedUrl = parse_url($url);
1015 if (!$parsedUrl || !isset($parsedUrl['scheme'])) {
1016 return false;
1017 }
1018 // HttpUtility::buildUrl() will always build urls with <scheme>://
1019 // our original $url might only contain <scheme>: (e.g. mail:)
1020 // so we convert that to the double-slashed version to ensure
1021 // our check against the $recomposedUrl is proper
1022 if (!self::isFirstPartOfStr($url, $parsedUrl['scheme'] . '://')) {
1023 $url = str_replace($parsedUrl['scheme'] . ':', $parsedUrl['scheme'] . '://', $url);
1024 }
1025 $recomposedUrl = HttpUtility::buildUrl($parsedUrl);
1026 if ($recomposedUrl !== $url) {
1027 // The parse_url() had to modify characters, so the URL is invalid
1028 return false;
1029 }
1030 if (isset($parsedUrl['host']) && !preg_match('/^[a-z0-9.\\-]*$/i', $parsedUrl['host'])) {
1031 try {
1032 $parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
1033 } catch (\InvalidArgumentException $exception) {
1034 return false;
1035 }
1036 }
1037 return filter_var(HttpUtility::buildUrl($parsedUrl), FILTER_VALIDATE_URL) !== false;
1038 }
1039
1040 /*************************
1041 *
1042 * ARRAY FUNCTIONS
1043 *
1044 *************************/
1045
1046 /**
1047 * Explodes a $string delimited by $delimiter and casts each item in the array to (int).
1048 * Corresponds to \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(), but with conversion to integers for all values.
1049 *
1050 * @param string $delimiter Delimiter string to explode with
1051 * @param string $string The string to explode
1052 * @param bool $removeEmptyValues If set, all empty values (='') will NOT be set in output
1053 * @param int $limit If positive, the result will contain a maximum of limit elements,
1054 * @return array Exploded values, all converted to integers
1055 */
1056 public static function intExplode($delimiter, $string, $removeEmptyValues = false, $limit = 0)
1057 {
1058 $result = explode($delimiter, $string);
1059 foreach ($result as $key => &$value) {
1060 if ($removeEmptyValues && ($value === '' || trim($value) === '')) {
1061 unset($result[$key]);
1062 } else {
1063 $value = (int)$value;
1064 }
1065 }
1066 unset($value);
1067 if ($limit !== 0) {
1068 if ($limit < 0) {
1069 $result = array_slice($result, 0, $limit);
1070 } elseif (count($result) > $limit) {
1071 $lastElements = array_slice($result, $limit - 1);
1072 $result = array_slice($result, 0, $limit - 1);
1073 $result[] = implode($delimiter, $lastElements);
1074 }
1075 }
1076 return $result;
1077 }
1078
1079 /**
1080 * Reverse explode which explodes the string counting from behind.
1081 *
1082 * Note: The delimiter has to given in the reverse order as
1083 * it is occurring within the string.
1084 *
1085 * GeneralUtility::revExplode('[]', '[my][words][here]', 2)
1086 * ==> array('[my][words', 'here]')
1087 *
1088 * @param string $delimiter Delimiter string to explode with
1089 * @param string $string The string to explode
1090 * @param int $count Number of array entries
1091 * @return array Exploded values
1092 */
1093 public static function revExplode($delimiter, $string, $count = 0)
1094 {
1095 // 2 is the (currently, as of 2014-02) most-used value for $count in the core, therefore we check it first
1096 if ($count === 2) {
1097 $position = strrpos($string, strrev($delimiter));
1098 if ($position !== false) {
1099 return [substr($string, 0, $position), substr($string, $position + strlen($delimiter))];
1100 }
1101 return [$string];
1102 }
1103 if ($count <= 1) {
1104 return [$string];
1105 }
1106 $explodedValues = explode($delimiter, strrev($string), $count);
1107 $explodedValues = array_map('strrev', $explodedValues);
1108 return array_reverse($explodedValues);
1109 }
1110
1111 /**
1112 * Explodes a string and trims all values for whitespace in the end.
1113 * If $onlyNonEmptyValues is set, then all blank ('') values are removed.
1114 *
1115 * @param string $delim Delimiter string to explode with
1116 * @param string $string The string to explode
1117 * @param bool $removeEmptyValues If set, all empty values will be removed in output
1118 * @param int $limit If limit is set and positive, the returned array will contain a maximum of limit elements with
1119 * the last element containing the rest of string. If the limit parameter is negative, all components
1120 * except the last -limit are returned.
1121 * @return array Exploded values
1122 */
1123 public static function trimExplode($delim, $string, $removeEmptyValues = false, $limit = 0)
1124 {
1125 $result = explode($delim, $string);
1126 if ($removeEmptyValues) {
1127 $temp = [];
1128 foreach ($result as $value) {
1129 if (trim($value) !== '') {
1130 $temp[] = $value;
1131 }
1132 }
1133 $result = $temp;
1134 }
1135 if ($limit > 0 && count($result) > $limit) {
1136 $lastElements = array_splice($result, $limit - 1);
1137 $result[] = implode($delim, $lastElements);
1138 } elseif ($limit < 0) {
1139 $result = array_slice($result, 0, $limit);
1140 }
1141 $result = array_map('trim', $result);
1142 return $result;
1143 }
1144
1145 /**
1146 * Implodes a multidim-array into GET-parameters (eg. &param[key][key2]=value2&param[key][key3]=value3)
1147 *
1148 * @param string $name Name prefix for entries. Set to blank if you wish none.
1149 * @param array $theArray The (multidimensional) array to implode
1150 * @param string $str (keep blank)
1151 * @param bool $skipBlank If set, parameters which were blank strings would be removed.
1152 * @param bool $rawurlencodeParamName If set, the param name itself (for example "param[key][key2]") would be rawurlencoded as well.
1153 * @return string Imploded result, fx. &param[key][key2]=value2&param[key][key3]=value3
1154 * @see explodeUrl2Array()
1155 */
1156 public static function implodeArrayForUrl($name, array $theArray, $str = '', $skipBlank = false, $rawurlencodeParamName = false)
1157 {
1158 foreach ($theArray as $Akey => $AVal) {
1159 $thisKeyName = $name ? $name . '[' . $Akey . ']' : $Akey;
1160 if (is_array($AVal)) {
1161 $str = self::implodeArrayForUrl($thisKeyName, $AVal, $str, $skipBlank, $rawurlencodeParamName);
1162 } else {
1163 if (!$skipBlank || (string)$AVal !== '') {
1164 $str .= '&' . ($rawurlencodeParamName ? rawurlencode($thisKeyName) : $thisKeyName) . '=' . rawurlencode($AVal);
1165 }
1166 }
1167 }
1168 return $str;
1169 }
1170
1171 /**
1172 * Explodes a string with GETvars (eg. "&id=1&type=2&ext[mykey]=3") into an array
1173 *
1174 * @param string $string GETvars string
1175 * @param bool $multidim If set, the string will be parsed into a multidimensional array if square brackets are used in variable names (using PHP function parse_str())
1176 * @return array Array of values. All values AND keys are rawurldecoded() as they properly should be. But this means that any implosion of the array again must rawurlencode it!
1177 * @see implodeArrayForUrl()
1178 */
1179 public static function explodeUrl2Array($string, $multidim = false)
1180 {
1181 $output = [];
1182 if ($multidim) {
1183 parse_str($string, $output);
1184 } else {
1185 $p = explode('&', $string);
1186 foreach ($p as $v) {
1187 if ($v !== '') {
1188 list($pK, $pV) = explode('=', $v, 2);
1189 $output[rawurldecode($pK)] = rawurldecode($pV);
1190 }
1191 }
1192 }
1193 return $output;
1194 }
1195
1196 /**
1197 * Returns an array with selected keys from incoming data.
1198 * (Better read source code if you want to find out...)
1199 *
1200 * @param string $varList List of variable/key names
1201 * @param array $getArray Array from where to get values based on the keys in $varList
1202 * @param bool $GPvarAlt If set, then \TYPO3\CMS\Core\Utility\GeneralUtility::_GP() is used to fetch the value if not found (isset) in the $getArray
1203 * @return array Output array with selected variables.
1204 */
1205 public static function compileSelectedGetVarsFromArray($varList, array $getArray, $GPvarAlt = true)
1206 {
1207 $keys = self::trimExplode(',', $varList, true);
1208 $outArr = [];
1209 foreach ($keys as $v) {
1210 if (isset($getArray[$v])) {
1211 $outArr[$v] = $getArray[$v];
1212 } elseif ($GPvarAlt) {
1213 $outArr[$v] = self::_GP($v);
1214 }
1215 }
1216 return $outArr;
1217 }
1218
1219 /**
1220 * Removes dots "." from end of a key identifier of TypoScript styled array.
1221 * array('key.' => array('property.' => 'value')) --> array('key' => array('property' => 'value'))
1222 *
1223 * @param array $ts TypoScript configuration array
1224 * @return array TypoScript configuration array without dots at the end of all keys
1225 */
1226 public static function removeDotsFromTS(array $ts)
1227 {
1228 $out = [];
1229 foreach ($ts as $key => $value) {
1230 if (is_array($value)) {
1231 $key = rtrim($key, '.');
1232 $out[$key] = self::removeDotsFromTS($value);
1233 } else {
1234 $out[$key] = $value;
1235 }
1236 }
1237 return $out;
1238 }
1239
1240 /*************************
1241 *
1242 * HTML/XML PROCESSING
1243 *
1244 *************************/
1245 /**
1246 * Returns an array with all attributes of the input HTML tag as key/value pairs. Attributes are only lowercase a-z
1247 * $tag is either a whole tag (eg '<TAG OPTION ATTRIB=VALUE>') or the parameter list (ex ' OPTION ATTRIB=VALUE>')
1248 * If an attribute is empty, then the value for the key is empty. You can check if it existed with isset()
1249 *
1250 * @param string $tag HTML-tag string (or attributes only)
1251 * @return array Array with the attribute values.
1252 */
1253 public static function get_tag_attributes($tag)
1254 {
1255 $components = self::split_tag_attributes($tag);
1256 // Attribute name is stored here
1257 $name = '';
1258 $valuemode = false;
1259 $attributes = [];
1260 foreach ($components as $key => $val) {
1261 // Only if $name is set (if there is an attribute, that waits for a value), that valuemode is enabled. This ensures that the attribute is assigned it's value
1262 if ($val !== '=') {
1263 if ($valuemode) {
1264 if ($name) {
1265 $attributes[$name] = $val;
1266 $name = '';
1267 }
1268 } else {
1269 if ($key = strtolower(preg_replace('/[^[:alnum:]_\\:\\-]/', '', $val))) {
1270 $attributes[$key] = '';
1271 $name = $key;
1272 }
1273 }
1274 $valuemode = false;
1275 } else {
1276 $valuemode = true;
1277 }
1278 }
1279 return $attributes;
1280 }
1281
1282 /**
1283 * Returns an array with the 'components' from an attribute list from an HTML tag. The result is normally analyzed by get_tag_attributes
1284 * Removes tag-name if found
1285 *
1286 * @param string $tag HTML-tag string (or attributes only)
1287 * @return array Array with the attribute values.
1288 */
1289 public static function split_tag_attributes($tag)
1290 {
1291 $tag_tmp = trim(preg_replace('/^<[^[:space:]]*/', '', trim($tag)));
1292 // Removes any > in the end of the string
1293 $tag_tmp = trim(rtrim($tag_tmp, '>'));
1294 $value = [];
1295 // Compared with empty string instead , 030102
1296 while ($tag_tmp !== '') {
1297 $firstChar = $tag_tmp[0];
1298 if ($firstChar === '"' || $firstChar === '\'') {
1299 $reg = explode($firstChar, $tag_tmp, 3);
1300 $value[] = $reg[1];
1301 $tag_tmp = trim($reg[2]);
1302 } elseif ($firstChar === '=') {
1303 $value[] = '=';
1304 // Removes = chars.
1305 $tag_tmp = trim(substr($tag_tmp, 1));
1306 } else {
1307 // There are '' around the value. We look for the next ' ' or '>'
1308 $reg = preg_split('/[[:space:]=]/', $tag_tmp, 2);
1309 $value[] = trim($reg[0]);
1310 $tag_tmp = trim(substr($tag_tmp, strlen($reg[0]), 1) . $reg[1]);
1311 }
1312 }
1313 reset($value);
1314 return $value;
1315 }
1316
1317 /**
1318 * Implodes attributes in the array $arr for an attribute list in eg. and HTML tag (with quotes)
1319 *
1320 * @param array $arr Array with attribute key/value pairs, eg. "bgcolor"=>"red", "border"=>0
1321 * @param bool $xhtmlSafe If set the resulting attribute list will have a) all attributes in lowercase (and duplicates weeded out, first entry taking precedence) and b) all values htmlspecialchar()'ed. It is recommended to use this switch!
1322 * @param bool $dontOmitBlankAttribs If TRUE, don't check if values are blank. Default is to omit attributes with blank values.
1323 * @return string Imploded attributes, eg. 'bgcolor="red" border="0"'
1324 */
1325 public static function implodeAttributes(array $arr, $xhtmlSafe = false, $dontOmitBlankAttribs = false)
1326 {
1327 if ($xhtmlSafe) {
1328 $newArr = [];
1329 foreach ($arr as $p => $v) {
1330 if (!isset($newArr[strtolower($p)])) {
1331 $newArr[strtolower($p)] = htmlspecialchars($v);
1332 }
1333 }
1334 $arr = $newArr;
1335 }
1336 $list = [];
1337 foreach ($arr as $p => $v) {
1338 if ((string)$v !== '' || $dontOmitBlankAttribs) {
1339 $list[] = $p . '="' . $v . '"';
1340 }
1341 }
1342 return implode(' ', $list);
1343 }
1344
1345 /**
1346 * Wraps JavaScript code XHTML ready with <script>-tags
1347 * Automatic re-indenting of the JS code is done by using the first line as indent reference.
1348 * This is nice for indenting JS code with PHP code on the same level.
1349 *
1350 * @param string $string JavaScript code
1351 * @return string The wrapped JS code, ready to put into a XHTML page
1352 */
1353 public static function wrapJS($string)
1354 {
1355 if (trim($string)) {
1356 // remove nl from the beginning
1357 $string = ltrim($string, LF);
1358 // re-ident to one tab using the first line as reference
1359 $match = [];
1360 if (preg_match('/^(\\t+)/', $string, $match)) {
1361 $string = str_replace($match[1], TAB, $string);
1362 }
1363 return '<script type="text/javascript">
1364 /*<![CDATA[*/
1365 ' . $string . '
1366 /*]]>*/
1367 </script>';
1368 }
1369 return '';
1370 }
1371
1372 /**
1373 * Parses XML input into a PHP array with associative keys
1374 *
1375 * @param string $string XML data input
1376 * @param int $depth Number of element levels to resolve the XML into an array. Any further structure will be set as XML.
1377 * @param array $parserOptions Options that will be passed to PHP's xml_parser_set_option()
1378 * @return mixed The array with the parsed structure unless the XML parser returns with an error in which case the error message string is returned.
1379 */
1380 public static function xml2tree($string, $depth = 999, $parserOptions = [])
1381 {
1382 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1383 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1384 $parser = xml_parser_create();
1385 $vals = [];
1386 $index = [];
1387 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1388 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1389 foreach ($parserOptions as $option => $value) {
1390 xml_parser_set_option($parser, $option, $value);
1391 }
1392 xml_parse_into_struct($parser, $string, $vals, $index);
1393 libxml_disable_entity_loader($previousValueOfEntityLoader);
1394 if (xml_get_error_code($parser)) {
1395 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1396 }
1397 xml_parser_free($parser);
1398 $stack = [[]];
1399 $stacktop = 0;
1400 $startPoint = 0;
1401 $tagi = [];
1402 foreach ($vals as $key => $val) {
1403 $type = $val['type'];
1404 // open tag:
1405 if ($type === 'open' || $type === 'complete') {
1406 $stack[$stacktop++] = $tagi;
1407 if ($depth == $stacktop) {
1408 $startPoint = $key;
1409 }
1410 $tagi = ['tag' => $val['tag']];
1411 if (isset($val['attributes'])) {
1412 $tagi['attrs'] = $val['attributes'];
1413 }
1414 if (isset($val['value'])) {
1415 $tagi['values'][] = $val['value'];
1416 }
1417 }
1418 // finish tag:
1419 if ($type === 'complete' || $type === 'close') {
1420 $oldtagi = $tagi;
1421 $tagi = $stack[--$stacktop];
1422 $oldtag = $oldtagi['tag'];
1423 unset($oldtagi['tag']);
1424 if ($depth == $stacktop + 1) {
1425 if ($key - $startPoint > 0) {
1426 $partArray = array_slice($vals, $startPoint + 1, $key - $startPoint - 1);
1427 $oldtagi['XMLvalue'] = self::xmlRecompileFromStructValArray($partArray);
1428 } else {
1429 $oldtagi['XMLvalue'] = $oldtagi['values'][0];
1430 }
1431 }
1432 $tagi['ch'][$oldtag][] = $oldtagi;
1433 unset($oldtagi);
1434 }
1435 // cdata
1436 if ($type === 'cdata') {
1437 $tagi['values'][] = $val['value'];
1438 }
1439 }
1440 return $tagi['ch'];
1441 }
1442
1443 /**
1444 * Converts a PHP array into an XML string.
1445 * The XML output is optimized for readability since associative keys are used as tag names.
1446 * This also means that only alphanumeric characters are allowed in the tag names AND only keys NOT starting with numbers (so watch your usage of keys!). However there are options you can set to avoid this problem.
1447 * Numeric keys are stored with the default tag name "numIndex" but can be overridden to other formats)
1448 * The function handles input values from the PHP array in a binary-safe way; All characters below 32 (except 9,10,13) will trigger the content to be converted to a base64-string
1449 * The PHP variable type of the data IS preserved as long as the types are strings, arrays, integers and booleans. Strings are the default type unless the "type" attribute is set.
1450 * The output XML has been tested with the PHP XML-parser and parses OK under all tested circumstances with 4.x versions. However, with PHP5 there seems to be the need to add an XML prologue a la <?xml version="1.0" encoding="[charset]" standalone="yes" ?> - otherwise UTF-8 is assumed! Unfortunately, many times the output from this function is used without adding that prologue meaning that non-ASCII characters will break the parsing!! This suchs of course! Effectively it means that the prologue should always be prepended setting the right characterset, alternatively the system should always run as utf-8!
1451 * However using MSIE to read the XML output didn't always go well: One reason could be that the character encoding is not observed in the PHP data. The other reason may be if the tag-names are invalid in the eyes of MSIE. Also using the namespace feature will make MSIE break parsing. There might be more reasons...
1452 *
1453 * @param array $array The input PHP array with any kind of data; text, binary, integers. Not objects though.
1454 * @param string $NSprefix tag-prefix, eg. a namespace prefix like "T3:"
1455 * @param int $level Current recursion level. Don't change, stay at zero!
1456 * @param string $docTag Alternative document tag. Default is "phparray".
1457 * @param int $spaceInd If greater than zero, then the number of spaces corresponding to this number is used for indenting, if less than zero - no indentation, if zero - a single TAB is used
1458 * @param array $options Options for the compilation. Key "useNindex" => 0/1 (boolean: whether to use "n0, n1, n2" for num. indexes); Key "useIndexTagForNum" => "[tag for numerical indexes]"; Key "useIndexTagForAssoc" => "[tag for associative indexes"; Key "parentTagMap" => array('parentTag' => 'thisLevelTag')
1459 * @param array $stackData Stack data. Don't touch.
1460 * @return string An XML string made from the input content in the array.
1461 * @see xml2array()
1462 */
1463 public static function array2xml(array $array, $NSprefix = '', $level = 0, $docTag = 'phparray', $spaceInd = 0, array $options = [], array $stackData = [])
1464 {
1465 // The list of byte values which will trigger binary-safe storage. If any value has one of these char values in it, it will be encoded in base64
1466 $binaryChars = chr(0) . chr(1) . chr(2) . chr(3) . chr(4) . chr(5) . chr(6) . chr(7) . chr(8) . chr(11) . chr(12) . chr(14) . chr(15) . chr(16) . chr(17) . chr(18) . chr(19) . chr(20) . chr(21) . chr(22) . chr(23) . chr(24) . chr(25) . chr(26) . chr(27) . chr(28) . chr(29) . chr(30) . chr(31);
1467 // Set indenting mode:
1468 $indentChar = $spaceInd ? ' ' : TAB;
1469 $indentN = $spaceInd > 0 ? $spaceInd : 1;
1470 $nl = $spaceInd >= 0 ? LF : '';
1471 // Init output variable:
1472 $output = '';
1473 // Traverse the input array
1474 foreach ($array as $k => $v) {
1475 $attr = '';
1476 $tagName = $k;
1477 // Construct the tag name.
1478 // Use tag based on grand-parent + parent tag name
1479 if (isset($options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']])) {
1480 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1481 $tagName = (string)$options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']];
1482 } elseif (isset($options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM']) && MathUtility::canBeInterpretedAsInteger($tagName)) {
1483 // Use tag based on parent tag name + if current tag is numeric
1484 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1485 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM'];
1486 } elseif (isset($options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName])) {
1487 // Use tag based on parent tag name + current tag
1488 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1489 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName];
1490 } elseif (isset($options['parentTagMap'][$stackData['parentTagName']])) {
1491 // Use tag based on parent tag name:
1492 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1493 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName']];
1494 } elseif (MathUtility::canBeInterpretedAsInteger($tagName)) {
1495 // If integer...;
1496 if ($options['useNindex']) {
1497 // If numeric key, prefix "n"
1498 $tagName = 'n' . $tagName;
1499 } else {
1500 // Use special tag for num. keys:
1501 $attr .= ' index="' . $tagName . '"';
1502 $tagName = $options['useIndexTagForNum'] ?: 'numIndex';
1503 }
1504 } elseif ($options['useIndexTagForAssoc']) {
1505 // Use tag for all associative keys:
1506 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1507 $tagName = $options['useIndexTagForAssoc'];
1508 }
1509 // The tag name is cleaned up so only alphanumeric chars (plus - and _) are in there and not longer than 100 chars either.
1510 $tagName = substr(preg_replace('/[^[:alnum:]_-]/', '', $tagName), 0, 100);
1511 // If the value is an array then we will call this function recursively:
1512 if (is_array($v)) {
1513 // Sub elements:
1514 if ($options['alt_options'][$stackData['path'] . '/' . $tagName]) {
1515 $subOptions = $options['alt_options'][$stackData['path'] . '/' . $tagName];
1516 $clearStackPath = $subOptions['clearStackPath'];
1517 } else {
1518 $subOptions = $options;
1519 $clearStackPath = false;
1520 }
1521 if (empty($v)) {
1522 $content = '';
1523 } else {
1524 $content = $nl . self::array2xml($v, $NSprefix, $level + 1, '', $spaceInd, $subOptions, [
1525 'parentTagName' => $tagName,
1526 'grandParentTagName' => $stackData['parentTagName'],
1527 'path' => $clearStackPath ? '' : $stackData['path'] . '/' . $tagName
1528 ]) . ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '');
1529 }
1530 // Do not set "type = array". Makes prettier XML but means that empty arrays are not restored with xml2array
1531 if ((int)$options['disableTypeAttrib'] != 2) {
1532 $attr .= ' type="array"';
1533 }
1534 } else {
1535 // Just a value:
1536 // Look for binary chars:
1537 $vLen = strlen($v);
1538 // Go for base64 encoding if the initial segment NOT matching any binary char has the same length as the whole string!
1539 if ($vLen && strcspn($v, $binaryChars) != $vLen) {
1540 // If the value contained binary chars then we base64-encode it an set an attribute to notify this situation:
1541 $content = $nl . chunk_split(base64_encode($v));
1542 $attr .= ' base64="1"';
1543 } else {
1544 // Otherwise, just htmlspecialchar the stuff:
1545 $content = htmlspecialchars($v);
1546 $dType = gettype($v);
1547 if ($dType === 'string') {
1548 if ($options['useCDATA'] && $content != $v) {
1549 $content = '<![CDATA[' . $v . ']]>';
1550 }
1551 } elseif (!$options['disableTypeAttrib']) {
1552 $attr .= ' type="' . $dType . '"';
1553 }
1554 }
1555 }
1556 if ((string)$tagName !== '') {
1557 // Add the element to the output string:
1558 $output .= ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '')
1559 . '<' . $NSprefix . $tagName . $attr . '>' . $content . '</' . $NSprefix . $tagName . '>' . $nl;
1560 }
1561 }
1562 // If we are at the outer-most level, then we finally wrap it all in the document tags and return that as the value:
1563 if (!$level) {
1564 $output = '<' . $docTag . '>' . $nl . $output . '</' . $docTag . '>';
1565 }
1566 return $output;
1567 }
1568
1569 /**
1570 * Converts an XML string to a PHP array.
1571 * This is the reverse function of array2xml()
1572 * This is a wrapper for xml2arrayProcess that adds a two-level cache
1573 *
1574 * @param string $string XML content to convert into an array
1575 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1576 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1577 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1578 * @see array2xml(),xml2arrayProcess()
1579 */
1580 public static function xml2array($string, $NSprefix = '', $reportDocTag = false)
1581 {
1582 $runtimeCache = static::makeInstance(CacheManager::class)->getCache('cache_runtime');
1583 $firstLevelCache = $runtimeCache->get('generalUtilityXml2Array') ?: [];
1584 $identifier = md5($string . $NSprefix . ($reportDocTag ? '1' : '0'));
1585 // Look up in first level cache
1586 if (empty($firstLevelCache[$identifier])) {
1587 $firstLevelCache[$identifier] = self::xml2arrayProcess(trim($string), $NSprefix, $reportDocTag);
1588 $runtimeCache->set('generalUtilityXml2Array', $firstLevelCache);
1589 }
1590 return $firstLevelCache[$identifier];
1591 }
1592
1593 /**
1594 * Converts an XML string to a PHP array.
1595 * This is the reverse function of array2xml()
1596 *
1597 * @param string $string XML content to convert into an array
1598 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1599 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1600 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1601 * @see array2xml()
1602 */
1603 protected static function xml2arrayProcess($string, $NSprefix = '', $reportDocTag = false)
1604 {
1605 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1606 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1607 // Create parser:
1608 $parser = xml_parser_create();
1609 $vals = [];
1610 $index = [];
1611 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1612 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1613 // Default output charset is UTF-8, only ASCII, ISO-8859-1 and UTF-8 are supported!!!
1614 $match = [];
1615 preg_match('/^[[:space:]]*<\\?xml[^>]*encoding[[:space:]]*=[[:space:]]*"([^"]*)"/', substr($string, 0, 200), $match);
1616 $theCharset = $match[1] ?? 'utf-8';
1617 // us-ascii / utf-8 / iso-8859-1
1618 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $theCharset);
1619 // Parse content:
1620 xml_parse_into_struct($parser, $string, $vals, $index);
1621 libxml_disable_entity_loader($previousValueOfEntityLoader);
1622 // If error, return error message:
1623 if (xml_get_error_code($parser)) {
1624 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1625 }
1626 xml_parser_free($parser);
1627 // Init vars:
1628 $stack = [[]];
1629 $stacktop = 0;
1630 $current = [];
1631 $tagName = '';
1632 $documentTag = '';
1633 // Traverse the parsed XML structure:
1634 foreach ($vals as $key => $val) {
1635 // First, process the tag-name (which is used in both cases, whether "complete" or "close")
1636 $tagName = $val['tag'];
1637 if (!$documentTag) {
1638 $documentTag = $tagName;
1639 }
1640 // Test for name space:
1641 $tagName = $NSprefix && substr($tagName, 0, strlen($NSprefix)) == $NSprefix ? substr($tagName, strlen($NSprefix)) : $tagName;
1642 // Test for numeric tag, encoded on the form "nXXX":
1643 $testNtag = substr($tagName, 1);
1644 // Closing tag.
1645 $tagName = $tagName[0] === 'n' && MathUtility::canBeInterpretedAsInteger($testNtag) ? (int)$testNtag : $tagName;
1646 // Test for alternative index value:
1647 if ((string)($val['attributes']['index'] ?? '') !== '') {
1648 $tagName = $val['attributes']['index'];
1649 }
1650 // Setting tag-values, manage stack:
1651 switch ($val['type']) {
1652 case 'open':
1653 // If open tag it means there is an array stored in sub-elements. Therefore increase the stackpointer and reset the accumulation array:
1654 // Setting blank place holder
1655 $current[$tagName] = [];
1656 $stack[$stacktop++] = $current;
1657 $current = [];
1658 break;
1659 case 'close':
1660 // If the tag is "close" then it is an array which is closing and we decrease the stack pointer.
1661 $oldCurrent = $current;
1662 $current = $stack[--$stacktop];
1663 // Going to the end of array to get placeholder key, key($current), and fill in array next:
1664 end($current);
1665 $current[key($current)] = $oldCurrent;
1666 unset($oldCurrent);
1667 break;
1668 case 'complete':
1669 // If "complete", then it's a value. If the attribute "base64" is set, then decode the value, otherwise just set it.
1670 if (!empty($val['attributes']['base64'])) {
1671 $current[$tagName] = base64_decode($val['value']);
1672 } else {
1673 // Had to cast it as a string - otherwise it would be evaluate FALSE if tested with isset()!!
1674 $current[$tagName] = (string)($val['value'] ?? '');
1675 // Cast type:
1676 switch ((string)($val['attributes']['type'] ?? '')) {
1677 case 'integer':
1678 $current[$tagName] = (int)$current[$tagName];
1679 break;
1680 case 'double':
1681 $current[$tagName] = (double)$current[$tagName];
1682 break;
1683 case 'boolean':
1684 $current[$tagName] = (bool)$current[$tagName];
1685 break;
1686 case 'NULL':
1687 $current[$tagName] = null;
1688 break;
1689 case 'array':
1690 // MUST be an empty array since it is processed as a value; Empty arrays would end up here because they would have no tags inside...
1691 $current[$tagName] = [];
1692 break;
1693 }
1694 }
1695 break;
1696 }
1697 }
1698 if ($reportDocTag) {
1699 $current[$tagName]['_DOCUMENT_TAG'] = $documentTag;
1700 }
1701 // Finally return the content of the document tag.
1702 return $current[$tagName];
1703 }
1704
1705 /**
1706 * This implodes an array of XML parts (made with xml_parse_into_struct()) into XML again.
1707 *
1708 * @param array $vals An array of XML parts, see xml2tree
1709 * @return string Re-compiled XML data.
1710 */
1711 public static function xmlRecompileFromStructValArray(array $vals)
1712 {
1713 $XMLcontent = '';
1714 foreach ($vals as $val) {
1715 $type = $val['type'];
1716 // Open tag:
1717 if ($type === 'open' || $type === 'complete') {
1718 $XMLcontent .= '<' . $val['tag'];
1719 if (isset($val['attributes'])) {
1720 foreach ($val['attributes'] as $k => $v) {
1721 $XMLcontent .= ' ' . $k . '="' . htmlspecialchars($v) . '"';
1722 }
1723 }
1724 if ($type === 'complete') {
1725 if (isset($val['value'])) {
1726 $XMLcontent .= '>' . htmlspecialchars($val['value']) . '</' . $val['tag'] . '>';
1727 } else {
1728 $XMLcontent .= '/>';
1729 }
1730 } else {
1731 $XMLcontent .= '>';
1732 }
1733 if ($type === 'open' && isset($val['value'])) {
1734 $XMLcontent .= htmlspecialchars($val['value']);
1735 }
1736 }
1737 // Finish tag:
1738 if ($type === 'close') {
1739 $XMLcontent .= '</' . $val['tag'] . '>';
1740 }
1741 // Cdata
1742 if ($type === 'cdata') {
1743 $XMLcontent .= htmlspecialchars($val['value']);
1744 }
1745 }
1746 return $XMLcontent;
1747 }
1748
1749 /**
1750 * Minifies JavaScript
1751 *
1752 * @param string $script Script to minify
1753 * @param string $error Error message (if any)
1754 * @return string Minified script or source string if error happened
1755 */
1756 public static function minifyJavaScript($script, &$error = '')
1757 {
1758 $fakeThis = false;
1759 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_div.php']['minifyJavaScript'] ?? [] as $hookMethod) {
1760 try {
1761 $parameters = ['script' => $script];
1762 $script = static::callUserFunction($hookMethod, $parameters, $fakeThis);
1763 } catch (\Exception $e) {
1764 $errorMessage = 'Error minifying java script: ' . $e->getMessage();
1765 $error .= $errorMessage;
1766 static::getLogger()->warning($errorMessage, [
1767 'JavaScript' => $script,
1768 'hook' => $hookMethod,
1769 'exception' => $e,
1770 ]);
1771 }
1772 }
1773 return $script;
1774 }
1775
1776 /*************************
1777 *
1778 * FILES FUNCTIONS
1779 *
1780 *************************/
1781 /**
1782 * Reads the file or url $url and returns the content
1783 * If you are having trouble with proxies when reading URLs you can configure your way out of that with settings within $GLOBALS['TYPO3_CONF_VARS']['HTTP'].
1784 *
1785 * @param string $url File/URL to read
1786 * @param int $includeHeader Whether the HTTP header should be fetched or not. 0=disable, 1=fetch header+content, 2=fetch header only
1787 * @param array $requestHeaders HTTP headers to be used in the request
1788 * @param array $report Error code/message and, if $includeHeader is 1, response meta data (HTTP status and content type)
1789 * @return mixed The content from the resource given as input. FALSE if an error has occurred.
1790 */
1791 public static function getUrl($url, $includeHeader = 0, $requestHeaders = null, &$report = null)
1792 {
1793 if (isset($report)) {
1794 $report['error'] = 0;
1795 $report['message'] = '';
1796 }
1797 // Looks like it's an external file, use Guzzle by default
1798 if (preg_match('/^(?:http|ftp)s?|s(?:ftp|cp):/', $url)) {
1799 /** @var RequestFactory $requestFactory */
1800 $requestFactory = static::makeInstance(RequestFactory::class);
1801 if (is_array($requestHeaders)) {
1802 // Check is $requestHeaders is an associative array or not
1803 if (count(array_filter(array_keys($requestHeaders), 'is_string')) === 0) {
1804 trigger_error('Request headers as colon-separated string are deprecated, use an associative array instead.', E_USER_DEPRECATED);
1805 // Convert cURL style lines of headers to Guzzle key/value(s) pairs.
1806 $requestHeaders = static::splitHeaderLines($requestHeaders);
1807 }
1808 $configuration = ['headers' => $requestHeaders];
1809 } else {
1810 $configuration = [];
1811 }
1812
1813 try {
1814 if (isset($report)) {
1815 $report['lib'] = 'GuzzleHttp';
1816 }
1817 $response = $requestFactory->request($url, 'GET', $configuration);
1818 } catch (RequestException $exception) {
1819 if (isset($report)) {
1820 $report['error'] = $exception->getCode() ?: 1518707554;
1821 $report['message'] = $exception->getMessage();
1822 $report['exception'] = $exception;
1823 }
1824 return false;
1825 }
1826
1827 $content = '';
1828
1829 // Add the headers to the output
1830 $includeHeader = (int)$includeHeader;
1831 if ($includeHeader) {
1832 $parsedURL = parse_url($url);
1833 $method = $includeHeader === 2 ? 'HEAD' : 'GET';
1834 $content = $method . ' ' . ($parsedURL['path'] ?? '/')
1835 . (!empty($parsedURL['query']) ? '?' . $parsedURL['query'] : '') . ' HTTP/1.0' . CRLF
1836 . 'Host: ' . $parsedURL['host'] . CRLF
1837 . 'Connection: close' . CRLF;
1838 if (is_array($requestHeaders)) {
1839 $content .= implode(CRLF, $requestHeaders) . CRLF;
1840 }
1841 foreach ($response->getHeaders() as $headerName => $headerValues) {
1842 $content .= $headerName . ': ' . implode(', ', $headerValues) . CRLF;
1843 }
1844 // Headers are separated from the body with two CRLFs
1845 $content .= CRLF;
1846 }
1847 // If not just headers are requested, add the body
1848 if ($includeHeader !== 2) {
1849 $content .= $response->getBody()->getContents();
1850 }
1851 if (isset($report)) {
1852 if ($response->getStatusCode() >= 300 && $response->getStatusCode() < 400) {
1853 $report['http_code'] = $response->getStatusCode();
1854 $report['content_type'] = $response->getHeaderLine('Content-Type');
1855 $report['error'] = $response->getStatusCode();
1856 $report['message'] = $response->getReasonPhrase();
1857 } elseif (empty($content)) {
1858 $report['error'] = $response->getStatusCode();
1859 $report['message'] = $response->getReasonPhrase();
1860 } elseif ($includeHeader) {
1861 // Set only for $includeHeader to work exactly like PHP variant
1862 $report['http_code'] = $response->getStatusCode();
1863 $report['content_type'] = $response->getHeaderLine('Content-Type');
1864 }
1865 }
1866 } else {
1867 if (isset($report)) {
1868 $report['lib'] = 'file';
1869 }
1870 $content = @file_get_contents($url);
1871 if ($content === false && isset($report)) {
1872 $report['error'] = -1;
1873 $report['message'] = 'Couldn\'t get URL: ' . $url;
1874 }
1875 }
1876 return $content;
1877 }
1878
1879 /**
1880 * Split an array of MIME header strings into an associative array.
1881 * Multiple headers with the same name have their values merged as an array.
1882 *
1883 * @static
1884 * @param array $headers List of headers, eg. ['Foo: Bar', 'Foo: Baz']
1885 * @return array Key/Value(s) pairs of headers, eg. ['Foo' => ['Bar', 'Baz']]
1886 */
1887 protected static function splitHeaderLines(array $headers): array
1888 {
1889 $newHeaders = [];
1890 foreach ($headers as $header) {
1891 $parts = preg_split('/:[ \t]*/', $header, 2, PREG_SPLIT_NO_EMPTY);
1892 if (count($parts) !== 2) {
1893 continue;
1894 }
1895 $key = &$parts[0];
1896 $value = &$parts[1];
1897 if (array_key_exists($key, $newHeaders)) {
1898 if (is_array($newHeaders[$key])) {
1899 $newHeaders[$key][] = $value;
1900 } else {
1901 $prevValue = &$newHeaders[$key];
1902 $newHeaders[$key] = [$prevValue, $value];
1903 }
1904 } else {
1905 $newHeaders[$key] = $value;
1906 }
1907 }
1908 return $newHeaders;
1909 }
1910
1911 /**
1912 * Writes $content to the file $file
1913 *
1914 * @param string $file Filepath to write to
1915 * @param string $content Content to write
1916 * @param bool $changePermissions If TRUE, permissions are forced to be set
1917 * @return bool TRUE if the file was successfully opened and written to.
1918 */
1919 public static function writeFile($file, $content, $changePermissions = false)
1920 {
1921 if (!@is_file($file)) {
1922 $changePermissions = true;
1923 }
1924 if ($fd = fopen($file, 'wb')) {
1925 $res = fwrite($fd, $content);
1926 fclose($fd);
1927 if ($res === false) {
1928 return false;
1929 }
1930 // Change the permissions only if the file has just been created
1931 if ($changePermissions) {
1932 static::fixPermissions($file);
1933 }
1934 return true;
1935 }
1936 return false;
1937 }
1938
1939 /**
1940 * Sets the file system mode and group ownership of a file or a folder.
1941 *
1942 * @param string $path Path of file or folder, must not be escaped. Path can be absolute or relative
1943 * @param bool $recursive If set, also fixes permissions of files and folders in the folder (if $path is a folder)
1944 * @return mixed TRUE on success, FALSE on error, always TRUE on Windows OS
1945 */
1946 public static function fixPermissions($path, $recursive = false)
1947 {
1948 if (Environment::isWindows()) {
1949 return true;
1950 }
1951 $result = false;
1952 // Make path absolute
1953 if (!static::isAbsPath($path)) {
1954 $path = static::getFileAbsFileName($path);
1955 }
1956 if (static::isAllowedAbsPath($path)) {
1957 if (@is_file($path)) {
1958 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] ?? '0644';
1959 } elseif (@is_dir($path)) {
1960 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] ?? '0755';
1961 }
1962 if (!empty($targetPermissions)) {
1963 // make sure it's always 4 digits
1964 $targetPermissions = str_pad($targetPermissions, 4, 0, STR_PAD_LEFT);
1965 $targetPermissions = octdec($targetPermissions);
1966 // "@" is there because file is not necessarily OWNED by the user
1967 $result = @chmod($path, $targetPermissions);
1968 }
1969 // Set createGroup if not empty
1970 if (
1971 isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'])
1972 && $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'] !== ''
1973 ) {
1974 // "@" is there because file is not necessarily OWNED by the user
1975 $changeGroupResult = @chgrp($path, $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']);
1976 $result = $changeGroupResult ? $result : false;
1977 }
1978 // Call recursive if recursive flag if set and $path is directory
1979 if ($recursive && @is_dir($path)) {
1980 $handle = opendir($path);
1981 if (is_resource($handle)) {
1982 while (($file = readdir($handle)) !== false) {
1983 $recursionResult = null;
1984 if ($file !== '.' && $file !== '..') {
1985 if (@is_file($path . '/' . $file)) {
1986 $recursionResult = static::fixPermissions($path . '/' . $file);
1987 } elseif (@is_dir($path . '/' . $file)) {
1988 $recursionResult = static::fixPermissions($path . '/' . $file, true);
1989 }
1990 if (isset($recursionResult) && !$recursionResult) {
1991 $result = false;
1992 }
1993 }
1994 }
1995 closedir($handle);
1996 }
1997 }
1998 }
1999 return $result;
2000 }
2001
2002 /**
2003 * Writes $content to a filename in the typo3temp/ folder (and possibly one or two subfolders...)
2004 * Accepts an additional subdirectory in the file path!
2005 *
2006 * @param string $filepath Absolute file path to write to inside "typo3temp/". First part of this string must match PATH_site."typo3temp/"
2007 * @param string $content Content string to write
2008 * @return string Returns NULL on success, otherwise an error string telling about the problem.
2009 */
2010 public static function writeFileToTypo3tempDir($filepath, $content)
2011 {
2012 // Parse filepath into directory and basename:
2013 $fI = pathinfo($filepath);
2014 $fI['dirname'] .= '/';
2015 // Check parts:
2016 if (!static::validPathStr($filepath) || !$fI['basename'] || strlen($fI['basename']) >= 60) {
2017 return 'Input filepath "' . $filepath . '" was generally invalid!';
2018 }
2019
2020 // Setting main temporary directory name (standard)
2021 $allowedPathPrefixes = [
2022 PATH_site . 'typo3temp' => 'PATH_site + "typo3temp/"'
2023 ];
2024 // Also allow project-path + /var/
2025 if (Environment::getVarPath() !== PATH_site . 'typo3temp/var') {
2026 $relPath = substr(Environment::getVarPath(), strlen(Environment::getProjectPath()) + 1);
2027 $allowedPathPrefixes[Environment::getVarPath()] = 'ProjectPath + ' . $relPath;
2028 }
2029
2030 $errorMessage = null;
2031 foreach ($allowedPathPrefixes as $pathPrefix => $prefixLabel) {
2032 $dirName = $pathPrefix . '/';
2033 // Invalid file path, let's check for the other path, if it exists
2034 if (!static::isFirstPartOfStr($fI['dirname'], $dirName)) {
2035 if ($errorMessage === null) {
2036 $errorMessage = '"' . $fI['dirname'] . '" was not within directory ' . $prefixLabel;
2037 }
2038 continue;
2039 }
2040 // This resets previous error messages from the first path
2041 $errorMessage = null;
2042
2043 if (!@is_dir($dirName)) {
2044 $errorMessage = $prefixLabel . ' was not a directory!';
2045 // continue and see if the next iteration resets the errorMessage above
2046 continue;
2047 }
2048 // Checking if the "subdir" is found
2049 $subdir = substr($fI['dirname'], strlen($dirName));
2050 if ($subdir) {
2051 if (preg_match('#^(?:[[:alnum:]_]+/)+$#', $subdir)) {
2052 $dirName .= $subdir;
2053 if (!@is_dir($dirName)) {
2054 static::mkdir_deep($pathPrefix . '/' . $subdir);
2055 }
2056 } else {
2057 $errorMessage = 'Subdir, "' . $subdir . '", was NOT on the form "[[:alnum:]_]/+"';
2058 break;
2059 }
2060 }
2061 // Checking dir-name again (sub-dir might have been created)
2062 if (@is_dir($dirName)) {
2063 if ($filepath === $dirName . $fI['basename']) {
2064 static::writeFile($filepath, $content);
2065 if (!@is_file($filepath)) {
2066 $errorMessage = 'The file was not written to the disk. Please, check that you have write permissions to the ' . $prefixLabel . ' directory.';
2067 break;
2068 }
2069 } else {
2070 $errorMessage = 'Calculated file location didn\'t match input "' . $filepath . '".';
2071 break;
2072 }
2073 } else {
2074 $errorMessage = '"' . $dirName . '" is not a directory!';
2075 break;
2076 }
2077 }
2078 return $errorMessage;
2079 }
2080
2081 /**
2082 * Wrapper function for mkdir.
2083 * Sets folder permissions according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']
2084 * and group ownership according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']
2085 *
2086 * @param string $newFolder Absolute path to folder, see PHP mkdir() function. Removes trailing slash internally.
2087 * @return bool TRUE if @mkdir went well!
2088 */
2089 public static function mkdir($newFolder)
2090 {
2091 $result = @mkdir($newFolder, octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']));
2092 if ($result) {
2093 static::fixPermissions($newFolder);
2094 }
2095 return $result;
2096 }
2097
2098 /**
2099 * Creates a directory - including parent directories if necessary and
2100 * sets permissions on newly created directories.
2101 *
2102 * @param string $directory Target directory to create. Must a have trailing slash
2103 * @param string $deepDirectory Directory to create. This second parameter is deprecated since TYPO3 v9, and will be removed in TYPO3 v10.
2104 * @throws \InvalidArgumentException If $directory or $deepDirectory are not strings
2105 * @throws \RuntimeException If directory could not be created
2106 */
2107 public static function mkdir_deep($directory, $deepDirectory = '')
2108 {
2109 if (!is_string($directory)) {
2110 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($directory) . '" but a string is expected.', 1303662955);
2111 }
2112 if (!is_string($deepDirectory)) {
2113 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($deepDirectory) . '" but a string is expected.', 1303662956);
2114 }
2115 // Ensure there is only one slash
2116 $fullPath = rtrim($directory, '/') . '/';
2117 if ($deepDirectory !== '') {
2118 trigger_error('Second argument $deepDirectory of GeneralUtility::mkdir_deep() will be removed in TYPO3 v10.0, use a combined string as first argument instead.', E_USER_DEPRECATED);
2119 $fullPath .= ltrim($deepDirectory, '/');
2120 }
2121 if ($fullPath !== '/' && !is_dir($fullPath)) {
2122 $firstCreatedPath = static::createDirectoryPath($fullPath);
2123 if ($firstCreatedPath !== '') {
2124 static::fixPermissions($firstCreatedPath, true);
2125 }
2126 }
2127 }
2128
2129 /**
2130 * Creates directories for the specified paths if they do not exist. This
2131 * functions sets proper permission mask but does not set proper user and
2132 * group.
2133 *
2134 * @static
2135 * @param string $fullDirectoryPath
2136 * @return string Path to the the first created directory in the hierarchy
2137 * @see \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir_deep
2138 * @throws \RuntimeException If directory could not be created
2139 */
2140 protected static function createDirectoryPath($fullDirectoryPath)
2141 {
2142 $currentPath = $fullDirectoryPath;
2143 $firstCreatedPath = '';
2144 $permissionMask = octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']);
2145 if (!@is_dir($currentPath)) {
2146 do {
2147 $firstCreatedPath = $currentPath;
2148 $separatorPosition = strrpos($currentPath, DIRECTORY_SEPARATOR);
2149 $currentPath = substr($currentPath, 0, $separatorPosition);
2150 } while (!is_dir($currentPath) && $separatorPosition !== false);
2151 $result = @mkdir($fullDirectoryPath, $permissionMask, true);
2152 // Check existence of directory again to avoid race condition. Directory could have get created by another process between previous is_dir() and mkdir()
2153 if (!$result && !@is_dir($fullDirectoryPath)) {
2154 throw new \RuntimeException('Could not create directory "' . $fullDirectoryPath . '"!', 1170251401);
2155 }
2156 }
2157 return $firstCreatedPath;
2158 }
2159
2160 /**
2161 * Wrapper function for rmdir, allowing recursive deletion of folders and files
2162 *
2163 * @param string $path Absolute path to folder, see PHP rmdir() function. Removes trailing slash internally.
2164 * @param bool $removeNonEmpty Allow deletion of non-empty directories
2165 * @return bool TRUE if @rmdir went well!
2166 */
2167 public static function rmdir($path, $removeNonEmpty = false)
2168 {
2169 $OK = false;
2170 // Remove trailing slash
2171 $path = preg_replace('|/$|', '', $path);
2172 if (file_exists($path)) {
2173 $OK = true;
2174 if (!is_link($path) && is_dir($path)) {
2175 if ($removeNonEmpty == true && ($handle = @opendir($path))) {
2176 while ($OK && false !== ($file = readdir($handle))) {
2177 if ($file === '.' || $file === '..') {
2178 continue;
2179 }
2180 $OK = static::rmdir($path . '/' . $file, $removeNonEmpty);
2181 }
2182 closedir($handle);
2183 }
2184 if ($OK) {
2185 $OK = @rmdir($path);
2186 }
2187 } elseif (is_link($path) && is_dir($path) && Environment::isWindows()) {
2188 $OK = @rmdir($path);
2189 } else {
2190 // If $path is a file, simply remove it
2191 $OK = @unlink($path);
2192 }
2193 clearstatcache();
2194 } elseif (is_link($path)) {
2195 $OK = @unlink($path);
2196 if (!$OK && Environment::isWindows()) {
2197 // Try to delete dead folder links on Windows systems
2198 $OK = @rmdir($path);
2199 }
2200 clearstatcache();
2201 }
2202 return $OK;
2203 }
2204
2205 /**
2206 * Flushes a directory by first moving to a temporary resource, and then
2207 * triggering the remove process. This way directories can be flushed faster
2208 * to prevent race conditions on concurrent processes accessing the same directory.
2209 *
2210 * @param string $directory The directory to be renamed and flushed
2211 * @param bool $keepOriginalDirectory Whether to only empty the directory and not remove it
2212 * @param bool $flushOpcodeCache Also flush the opcode cache right after renaming the directory.
2213 * @return bool Whether the action was successful
2214 */
2215 public static function flushDirectory($directory, $keepOriginalDirectory = false, $flushOpcodeCache = false)
2216 {
2217 $result = false;
2218
2219 if (is_dir($directory)) {
2220 $temporaryDirectory = rtrim($directory, '/') . '.' . StringUtility::getUniqueId('remove') . '/';
2221 if (rename($directory, $temporaryDirectory)) {
2222 if ($flushOpcodeCache) {
2223 self::makeInstance(OpcodeCacheService::class)->clearAllActive($directory);
2224 }
2225 if ($keepOriginalDirectory) {
2226 static::mkdir($directory);
2227 }
2228 clearstatcache();
2229 $result = static::rmdir($temporaryDirectory, true);
2230 }
2231 }
2232
2233 return $result;
2234 }
2235
2236 /**
2237 * Returns an array with the names of folders in a specific path
2238 * Will return 'error' (string) if there were an error with reading directory content.
2239 *
2240 * @param string $path Path to list directories from
2241 * @return array Returns an array with the directory entries as values. If no path, the return value is nothing.
2242 */
2243 public static function get_dirs($path)
2244 {
2245 $dirs = null;
2246 if ($path) {
2247 if (is_dir($path)) {
2248 $dir = scandir($path);
2249 $dirs = [];
2250 foreach ($dir as $entry) {
2251 if (is_dir($path . '/' . $entry) && $entry !== '..' && $entry !== '.') {
2252 $dirs[] = $entry;
2253 }
2254 }
2255 } else {
2256 $dirs = 'error';
2257 }
2258 }
2259 return $dirs;
2260 }
2261
2262 /**
2263 * Finds all files in a given path and returns them as an array. Each
2264 * array key is a md5 hash of the full path to the file. This is done because
2265 * 'some' extensions like the import/export extension depend on this.
2266 *
2267 * @param string $path The path to retrieve the files from.
2268 * @param string $extensionList A comma-separated list of file extensions. Only files of the specified types will be retrieved. When left blank, files of any type will be retrieved.
2269 * @param bool $prependPath If TRUE, the full path to the file is returned. If FALSE only the file name is returned.
2270 * @param string $order The sorting order. The default sorting order is alphabetical. Setting $order to 'mtime' will sort the files by modification time.
2271 * @param string $excludePattern A regular expression pattern of file names to exclude. For example: 'clear.gif' or '(clear.gif|.htaccess)'. The pattern will be wrapped with: '/^' and '$/'.
2272 * @return array|string Array of the files found, or an error message in case the path could not be opened.
2273 */
2274 public static function getFilesInDir($path, $extensionList = '', $prependPath = false, $order = '', $excludePattern = '')
2275 {
2276 $excludePattern = (string)$excludePattern;
2277 $path = rtrim($path, '/');
2278 if (!@is_dir($path)) {
2279 return [];
2280 }
2281
2282 $rawFileList = scandir($path);
2283 if ($rawFileList === false) {
2284 return 'error opening path: "' . $path . '"';
2285 }
2286
2287 $pathPrefix = $path . '/';
2288 $allowedFileExtensionArray = self::trimExplode(',', $extensionList);
2289 $extensionList = ',' . str_replace(' ', '', $extensionList) . ',';
2290 $files = [];
2291 foreach ($rawFileList as $entry) {
2292 $completePathToEntry = $pathPrefix . $entry;
2293 if (!@is_file($completePathToEntry)) {
2294 continue;
2295 }
2296
2297 foreach ($allowedFileExtensionArray as $allowedFileExtension) {
2298 if (
2299 ($extensionList === ',,' || stripos($extensionList, ',' . substr($entry, strlen($allowedFileExtension) * -1, strlen($allowedFileExtension)) . ',') !== false)
2300 && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $entry))
2301 ) {
2302 if ($order !== 'mtime') {
2303 $files[] = $entry;
2304 } else {
2305 // Store the value in the key so we can do a fast asort later.
2306 $files[$entry] = filemtime($completePathToEntry);
2307 }
2308 }
2309 }
2310 }
2311
2312 $valueName = 'value';
2313 if ($order === 'mtime') {
2314 asort($files);
2315 $valueName = 'key';
2316 }
2317
2318 $valuePathPrefix = $prependPath ? $pathPrefix : '';
2319 $foundFiles = [];
2320 foreach ($files as $key => $value) {
2321 // Don't change this ever - extensions may depend on the fact that the hash is an md5 of the path! (import/export extension)
2322 $foundFiles[md5($pathPrefix . ${$valueName})] = $valuePathPrefix . ${$valueName};
2323 }
2324
2325 return $foundFiles;
2326 }
2327
2328 /**
2329 * Recursively gather all files and folders of a path.
2330 *
2331 * @param array $fileArr Empty input array (will have files added to it)
2332 * @param string $path The path to read recursively from (absolute) (include trailing slash!)
2333 * @param string $extList Comma list of file extensions: Only files with extensions in this list (if applicable) will be selected.
2334 * @param bool $regDirs If set, directories are also included in output.
2335 * @param int $recursivityLevels The number of levels to dig down...
2336 * @param string $excludePattern regex pattern of files/directories to exclude
2337 * @return array An array with the found files/directories.
2338 */
2339 public static function getAllFilesAndFoldersInPath(array $fileArr, $path, $extList = '', $regDirs = false, $recursivityLevels = 99, $excludePattern = '')
2340 {
2341 if ($regDirs) {
2342 $fileArr[md5($path)] = $path;
2343 }
2344 $fileArr = array_merge($fileArr, self::getFilesInDir($path, $extList, 1, 1, $excludePattern));
2345 $dirs = self::get_dirs($path);
2346 if ($recursivityLevels > 0 && is_array($dirs)) {
2347 foreach ($dirs as $subdirs) {
2348 if ((string)$subdirs !== '' && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $subdirs))) {
2349 $fileArr = self::getAllFilesAndFoldersInPath($fileArr, $path . $subdirs . '/', $extList, $regDirs, $recursivityLevels - 1, $excludePattern);
2350 }
2351 }
2352 }
2353 return $fileArr;
2354 }
2355
2356 /**
2357 * Removes the absolute part of all files/folders in fileArr
2358 *
2359 * @param array $fileArr The file array to remove the prefix from
2360 * @param string $prefixToRemove The prefix path to remove (if found as first part of string!)
2361 * @return array|string The input $fileArr processed, or a string with an error message, when an error occurred.
2362 */
2363 public static function removePrefixPathFromList(array $fileArr, $prefixToRemove)
2364 {
2365 foreach ($fileArr as $k => &$absFileRef) {
2366 if (self::isFirstPartOfStr($absFileRef, $prefixToRemove)) {
2367 $absFileRef = substr($absFileRef, strlen($prefixToRemove));
2368 } else {
2369 return 'ERROR: One or more of the files was NOT prefixed with the prefix-path!';
2370 }
2371 }
2372 unset($absFileRef);
2373 return $fileArr;
2374 }
2375
2376 /**
2377 * Fixes a path for windows-backslashes and reduces double-slashes to single slashes
2378 *
2379 * @param string $theFile File path to process
2380 * @return string
2381 */
2382 public static function fixWindowsFilePath($theFile)
2383 {
2384 return str_replace(['\\', '//'], '/', $theFile);
2385 }
2386
2387 /**
2388 * Resolves "../" sections in the input path string.
2389 * For example "fileadmin/directory/../other_directory/" will be resolved to "fileadmin/other_directory/"
2390 *
2391 * @param string $pathStr File path in which "/../" is resolved
2392 * @return string
2393 */
2394 public static function resolveBackPath($pathStr)
2395 {
2396 if (strpos($pathStr, '..') === false) {
2397 return $pathStr;
2398 }
2399 $parts = explode('/', $pathStr);
2400 $output = [];
2401 $c = 0;
2402 foreach ($parts as $part) {
2403 if ($part === '..') {
2404 if ($c) {
2405 array_pop($output);
2406 --$c;
2407 } else {
2408 $output[] = $part;
2409 }
2410 } else {
2411 ++$c;
2412 $output[] = $part;
2413 }
2414 }
2415 return implode('/', $output);
2416 }
2417
2418 /**
2419 * Prefixes a URL used with 'header-location' with 'http://...' depending on whether it has it already.
2420 * - If already having a scheme, nothing is prepended
2421 * - If having REQUEST_URI slash '/', then prefixing 'http://[host]' (relative to host)
2422 * - Otherwise prefixed with TYPO3_REQUEST_DIR (relative to current dir / TYPO3_REQUEST_DIR)
2423 *
2424 * @param string $path URL / path to prepend full URL addressing to.
2425 * @return string
2426 */
2427 public static function locationHeaderUrl($path)
2428 {
2429 $uI = parse_url($path);
2430 // relative to HOST
2431 if ($path[0] === '/') {
2432 $path = self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
2433 } elseif (!$uI['scheme']) {
2434 // No scheme either
2435 $path = self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
2436 }
2437 return $path;
2438 }
2439
2440 /**
2441 * Returns the maximum upload size for a file that is allowed. Measured in KB.
2442 * This might be handy to find out the real upload limit that is possible for this
2443 * TYPO3 installation.
2444 *
2445 * @return int The maximum size of uploads that are allowed (measured in kilobytes)
2446 */
2447 public static function getMaxUploadFileSize()
2448 {
2449 // Check for PHP restrictions of the maximum size of one of the $_FILES
2450 $phpUploadLimit = self::getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
2451 // Check for PHP restrictions of the maximum $_POST size
2452 $phpPostLimit = self::getBytesFromSizeMeasurement(ini_get('post_max_size'));
2453 // If the total amount of post data is smaller (!) than the upload_max_filesize directive,
2454 // then this is the real limit in PHP
2455 $phpUploadLimit = $phpPostLimit > 0 && $phpPostLimit < $phpUploadLimit ? $phpPostLimit : $phpUploadLimit;
2456 return floor($phpUploadLimit) / 1024;
2457 }
2458
2459 /**
2460 * Gets the bytes value from a measurement string like "100k".
2461 *
2462 * @param string $measurement The measurement (e.g. "100k")
2463 * @return int The bytes value (e.g. 102400)
2464 */
2465 public static function getBytesFromSizeMeasurement($measurement)
2466 {
2467 $bytes = (float)$measurement;
2468 if (stripos($measurement, 'G')) {
2469 $bytes *= 1024 * 1024 * 1024;
2470 } elseif (stripos($measurement, 'M')) {
2471 $bytes *= 1024 * 1024;
2472 } elseif (stripos($measurement, 'K')) {
2473 $bytes *= 1024;
2474 }
2475 return $bytes;
2476 }
2477
2478 /**
2479 * Function for static version numbers on files, based on the filemtime
2480 *
2481 * This will make the filename automatically change when a file is
2482 * changed, and by that re-cached by the browser. If the file does not
2483 * exist physically the original file passed to the function is
2484 * returned without the timestamp.
2485 *
2486 * Behaviour is influenced by the setting
2487 * TYPO3_CONF_VARS[TYPO3_MODE][versionNumberInFilename]
2488 * = TRUE (BE) / "embed" (FE) : modify filename
2489 * = FALSE (BE) / "querystring" (FE) : add timestamp as parameter
2490 *
2491 * @param string $file Relative path to file including all potential query parameters (not htmlspecialchared yet)
2492 * @return string Relative path with version filename including the timestamp
2493 */
2494 public static function createVersionNumberedFilename($file)
2495 {
2496 $lookupFile = explode('?', $file);
2497 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $lookupFile[0]);
2498
2499 $doNothing = false;
2500 if (TYPO3_MODE === 'FE') {
2501 $mode = strtolower($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename']);
2502 if ($mode === 'embed') {
2503 $mode = true;
2504 } else {
2505 if ($mode === 'querystring') {
2506 $mode = false;
2507 } else {
2508 $doNothing = true;
2509 }
2510 }
2511 } else {
2512 $mode = $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename'];
2513 }
2514 if ($doNothing || !file_exists($path)) {
2515 // File not found, return filename unaltered
2516 $fullName = $file;
2517 } else {
2518 if (!$mode) {
2519 // If use of .htaccess rule is not configured,
2520 // we use the default query-string method
2521 if (!empty($lookupFile[1])) {
2522 $separator = '&';
2523 } else {
2524 $separator = '?';
2525 }
2526 $fullName = $file . $separator . filemtime($path);
2527 } else {
2528 // Change the filename
2529 $name = explode('.', $lookupFile[0]);
2530 $extension = array_pop($name);
2531 array_push($name, filemtime($path), $extension);
2532 $fullName = implode('.', $name);
2533 // Append potential query string
2534 $fullName .= $lookupFile[1] ? '?' . $lookupFile[1] : '';
2535 }
2536 }
2537 return $fullName;
2538 }
2539
2540 /*************************
2541 *
2542 * SYSTEM INFORMATION
2543 *
2544 *************************/
2545
2546 /**
2547 * Returns the link-url to the current script.
2548 * In $getParams you can set associative keys corresponding to the GET-vars you wish to add to the URL. If you set them empty, they will remove existing GET-vars from the current URL.
2549 * REMEMBER to always use htmlspecialchars() for content in href-properties to get ampersands converted to entities (XHTML requirement and XSS precaution)
2550 *
2551 * @param array $getParams Array of GET parameters to include
2552 * @return string
2553 */
2554 public static function linkThisScript(array $getParams = [])
2555 {
2556 $parts = self::getIndpEnv('SCRIPT_NAME');
2557 $params = self::_GET();
2558 foreach ($getParams as $key => $value) {
2559 if ($value !== '') {
2560 $params[$key] = $value;
2561 } else {
2562 unset($params[$key]);
2563 }
2564 }
2565 $pString = self::implodeArrayForUrl('', $params);
2566 return $pString ? $parts . '?' . ltrim($pString, '&') : $parts;
2567 }
2568
2569 /**
2570 * Takes a full URL, $url, possibly with a querystring and overlays the $getParams arrays values onto the quirystring, packs it all together and returns the URL again.
2571 * So basically it adds the parameters in $getParams to an existing URL, $url
2572 *
2573 * @param string $url URL string
2574 * @param array $getParams Array of key/value pairs for get parameters to add/overrule with. Can be multidimensional.
2575 * @return string Output URL with added getParams.
2576 */
2577 public static function linkThisUrl($url, array $getParams = [])
2578 {
2579 $parts = parse_url($url);
2580 $getP = [];
2581 if ($parts['query']) {
2582 parse_str($parts['query'], $getP);
2583 }
2584 ArrayUtility::mergeRecursiveWithOverrule($getP, $getParams);
2585 $uP = explode('?', $url);
2586 $params = self::implodeArrayForUrl('', $getP);
2587 $outurl = $uP[0] . ($params ? '?' . substr($params, 1) : '');
2588 return $outurl;
2589 }
2590
2591 /**
2592 * Abstraction method which returns System Environment Variables regardless of server OS, CGI/MODULE version etc. Basically this is SERVER variables for most of them.
2593 * This should be used instead of getEnv() and $_SERVER/ENV_VARS to get reliable values for all situations.
2594 *
2595 * @param string $getEnvName Name of the "environment variable"/"server variable" you wish to use. Valid values are SCRIPT_NAME, SCRIPT_FILENAME, REQUEST_URI, PATH_INFO, REMOTE_ADDR, REMOTE_HOST, HTTP_REFERER, HTTP_HOST, HTTP_USER_AGENT, HTTP_ACCEPT_LANGUAGE, QUERY_STRING, TYPO3_DOCUMENT_ROOT, TYPO3_HOST_ONLY, TYPO3_HOST_ONLY, TYPO3_REQUEST_HOST, TYPO3_REQUEST_URL, TYPO3_REQUEST_SCRIPT, TYPO3_REQUEST_DIR, TYPO3_SITE_URL, _ARRAY
2596 * @return string Value based on the input key, independent of server/os environment.
2597 * @throws \UnexpectedValueException
2598 */
2599 public static function getIndpEnv($getEnvName)
2600 {
2601 if (isset(self::$indpEnvCache[$getEnvName])) {
2602 return self::$indpEnvCache[$getEnvName];
2603 }
2604
2605 /*
2606 Conventions:
2607 output from parse_url():
2608 URL: http://username:password@192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value#link1
2609 [scheme] => 'http'
2610 [user] => 'username'
2611 [pass] => 'password'
2612 [host] => '192.168.1.4'
2613 [port] => '8080'
2614 [path] => '/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/'
2615 [query] => 'arg1,arg2,arg3&p1=parameter1&p2[key]=value'
2616 [fragment] => 'link1'Further definition: [path_script] = '/typo3/32/temp/phpcheck/index.php'
2617 [path_dir] = '/typo3/32/temp/phpcheck/'
2618 [path_info] = '/arg1/arg2/arg3/'
2619 [path] = [path_script/path_dir][path_info]Keys supported:URI______:
2620 REQUEST_URI = [path]?[query] = /typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2621 HTTP_HOST = [host][:[port]] = 192.168.1.4:8080
2622 SCRIPT_NAME = [path_script]++ = /typo3/32/temp/phpcheck/index.php // NOTICE THAT SCRIPT_NAME will return the php-script name ALSO. [path_script] may not do that (eg. '/somedir/' may result in SCRIPT_NAME '/somedir/index.php')!
2623 PATH_INFO = [path_info] = /arg1/arg2/arg3/
2624 QUERY_STRING = [query] = arg1,arg2,arg3&p1=parameter1&p2[key]=value
2625 HTTP_REFERER = [scheme]://[host][:[port]][path] = http://192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2626 (Notice: NO username/password + NO fragment)CLIENT____:
2627 REMOTE_ADDR = (client IP)
2628 REMOTE_HOST = (client host)
2629 HTTP_USER_AGENT = (client user agent)
2630 HTTP_ACCEPT_LANGUAGE = (client accept language)SERVER____:
2631 SCRIPT_FILENAME = Absolute filename of script (Differs between windows/unix). On windows 'C:\\blabla\\blabl\\' will be converted to 'C:/blabla/blabl/'Special extras:
2632 TYPO3_HOST_ONLY = [host] = 192.168.1.4
2633 TYPO3_PORT = [port] = 8080 (blank if 80, taken from host value)
2634 TYPO3_REQUEST_HOST = [scheme]://[host][:[port]]
2635 TYPO3_REQUEST_URL = [scheme]://[host][:[port]][path]?[query] (scheme will by default be "http" until we can detect something different)
2636 TYPO3_REQUEST_SCRIPT = [scheme]://[host][:[port]][path_script]
2637 TYPO3_REQUEST_DIR = [scheme]://[host][:[port]][path_dir]
2638 TYPO3_SITE_URL = [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
2639 TYPO3_SITE_PATH = [path_dir] of the TYPO3 website frontend
2640 TYPO3_SITE_SCRIPT = [script / Speaking URL] of the TYPO3 website
2641 TYPO3_DOCUMENT_ROOT = Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
2642 TYPO3_SSL = Returns TRUE if this session uses SSL/TLS (https)
2643 TYPO3_PROXY = Returns TRUE if this session runs over a well known proxyNotice: [fragment] is apparently NEVER available to the script!Testing suggestions:
2644 - Output all the values.
2645 - In the script, make a link to the script it self, maybe add some parameters and click the link a few times so HTTP_REFERER is seen
2646 - ALSO TRY the script from the ROOT of a site (like 'http://www.mytest.com/' and not 'http://www.mytest.com/test/' !!)
2647 */
2648 $retVal = '';
2649 switch ((string)$getEnvName) {
2650 case 'SCRIPT_NAME':
2651 $retVal = self::isRunningOnCgiServerApi()
2652 && (($_SERVER['ORIG_PATH_INFO'] ?? false) ?: ($_SERVER['PATH_INFO'] ?? false))
2653 ? (($_SERVER['ORIG_PATH_INFO'] ?? '') ?: ($_SERVER['PATH_INFO'] ?? ''))
2654 : (($_SERVER['ORIG_SCRIPT_NAME'] ?? '') ?: ($_SERVER['SCRIPT_NAME'] ?? ''));
2655 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2656 if (self::cmpIP(($_SERVER['REMOTE_ADDR'] ?? ''), $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2657 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2658 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2659 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2660 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2661 }
2662 }
2663 break;
2664 case 'SCRIPT_FILENAME':
2665 $retVal = Environment::getCurrentScript();
2666 break;
2667 case 'REQUEST_URI':
2668 // Typical application of REQUEST_URI is return urls, forms submitting to itself etc. Example: returnUrl='.rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))
2669 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar'])) {
2670 // This is for URL rewriters that store the original URI in a server variable (eg ISAPI_Rewriter for IIS: HTTP_X_REWRITE_URL)
2671 list($v, $n) = explode('|', $GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar']);
2672 $retVal = $GLOBALS[$v][$n];
2673 } elseif (empty($_SERVER['REQUEST_URI'])) {
2674 // This is for ISS/CGI which does not have the REQUEST_URI available.
2675 $retVal = '/' . ltrim(self::getIndpEnv('SCRIPT_NAME'), '/') . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
2676 } else {
2677 $retVal = '/' . ltrim($_SERVER['REQUEST_URI'], '/');
2678 }
2679 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2680 if (isset($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])
2681 && self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])
2682 ) {
2683 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2684 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2685 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2686 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2687 }
2688 }
2689 break;
2690 case 'PATH_INFO':
2691 // $_SERVER['PATH_INFO'] != $_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI)
2692 // are seen to set PATH_INFO equal to script_name
2693 // Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense.
2694 // IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers,
2695 // then 'PHP_SAPI=='cgi'' might be a better check.
2696 // Right now strcmp($_SERVER['PATH_INFO'], GeneralUtility::getIndpEnv('SCRIPT_NAME')) will always
2697 // return FALSE for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO
2698 // because of PHP_SAPI=='cgi' (see above)
2699 if (!self::isRunningOnCgiServerApi()) {
2700 $retVal = $_SERVER['PATH_INFO'];
2701 }
2702 break;
2703 case 'TYPO3_REV_PROXY':
2704 $retVal = self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']);
2705 break;
2706 case 'REMOTE_ADDR':
2707 $retVal = $_SERVER['REMOTE_ADDR'] ?? null;
2708 if (self::cmpIP($retVal, $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) {
2709 $ip = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
2710 // Choose which IP in list to use
2711 if (!empty($ip)) {
2712 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2713 case 'last':
2714 $ip = array_pop($ip);
2715 break;
2716 case 'first':
2717 $ip = array_shift($ip);
2718 break;
2719 case 'none':
2720
2721 default:
2722 $ip = '';
2723 }
2724 }
2725 if (self::validIP($ip)) {
2726 $retVal = $ip;
2727 }
2728 }
2729 break;
2730 case 'HTTP_HOST':
2731 // if it is not set we're most likely on the cli
2732 $retVal = $_SERVER['HTTP_HOST'] ?? null;
2733 if (isset($_SERVER['REMOTE_ADDR']) && static::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2734 $host = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
2735 // Choose which host in list to use
2736 if (!empty($host)) {
2737 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2738 case 'last':
2739 $host = array_pop($host);
2740 break;
2741 case 'first':
2742 $host = array_shift($host);
2743 break;
2744 case 'none':
2745
2746 default:
2747 $host = '';
2748 }
2749 }
2750 if ($host) {
2751 $retVal = $host;
2752 }
2753 }
2754 if (!static::isAllowedHostHeaderValue($retVal)) {
2755 throw new \UnexpectedValueException(
2756 'The current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'trustedHostsPattern\'] and adapt it, if you want to allow the current host header \'' . $retVal . '\' for your installation.',
2757 1396795884
2758 );
2759 }
2760 break;
2761 case 'HTTP_REFERER':
2762
2763 case 'HTTP_USER_AGENT':
2764
2765 case 'HTTP_ACCEPT_ENCODING':
2766
2767 case 'HTTP_ACCEPT_LANGUAGE':
2768
2769 case 'REMOTE_HOST':
2770
2771 case 'QUERY_STRING':
2772 $retVal = $_SERVER[$getEnvName] ?? '';
2773 break;
2774 case 'TYPO3_DOCUMENT_ROOT':
2775 // Get the web root (it is not the root of the TYPO3 installation)
2776 // The absolute path of the script can be calculated with TYPO3_DOCUMENT_ROOT + SCRIPT_FILENAME
2777 // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can disturb this as well.
2778 // Therefore the DOCUMENT_ROOT is now always calculated as the SCRIPT_FILENAME minus the end part shared with SCRIPT_NAME.
2779 $SFN = self::getIndpEnv('SCRIPT_FILENAME');
2780 $SN_A = explode('/', strrev(self::getIndpEnv('SCRIPT_NAME')));
2781 $SFN_A = explode('/', strrev($SFN));
2782 $acc = [];
2783 foreach ($SN_A as $kk => $vv) {
2784 if ((string)$SFN_A[$kk] === (string)$vv) {
2785 $acc[] = $vv;
2786 } else {
2787 break;
2788 }
2789 }
2790 $commonEnd = strrev(implode('/', $acc));
2791 if ((string)$commonEnd !== '') {
2792 $retVal = substr($SFN, 0, -(strlen($commonEnd) + 1));
2793 }
2794 break;
2795 case 'TYPO3_HOST_ONLY':
2796 $httpHost = self::getIndpEnv('HTTP_HOST');
2797 $httpHostBracketPosition = strpos($httpHost, ']');
2798 $httpHostParts = explode(':', $httpHost);
2799 $retVal = $httpHostBracketPosition !== false ? substr($httpHost, 0, $httpHostBracketPosition + 1) : array_shift($httpHostParts);
2800 break;
2801 case 'TYPO3_PORT':
2802 $httpHost = self::getIndpEnv('HTTP_HOST');
2803 $httpHostOnly = self::getIndpEnv('TYPO3_HOST_ONLY');
2804 $retVal = strlen($httpHost) > strlen($httpHostOnly) ? substr($httpHost, strlen($httpHostOnly) + 1) : '';
2805 break;
2806 case 'TYPO3_REQUEST_HOST':
2807 $retVal = (self::getIndpEnv('TYPO3_SSL') ? 'https://' : 'http://') . self::getIndpEnv('HTTP_HOST');
2808 break;
2809 case 'TYPO3_REQUEST_URL':
2810 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('REQUEST_URI');
2811 break;
2812 case 'TYPO3_REQUEST_SCRIPT':
2813 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('SCRIPT_NAME');
2814 break;
2815 case 'TYPO3_REQUEST_DIR':
2816 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::dirname(self::getIndpEnv('SCRIPT_NAME')) . '/';
2817 break;
2818 case 'TYPO3_SITE_URL':
2819 $url = self::getIndpEnv('TYPO3_REQUEST_DIR');
2820 // This can only be set by external entry scripts
2821 if (defined('TYPO3_PATH_WEB')) {
2822 $retVal = $url;
2823 } elseif (Environment::getCurrentScript() && defined('PATH_site')) {
2824 $lPath = PathUtility::stripPathSitePrefix(PathUtility::dirnameDuringBootstrap(Environment::getCurrentScript())) . '/';
2825 $siteUrl = substr($url, 0, -strlen($lPath));
2826 if (substr($siteUrl, -1) !== '/') {
2827 $siteUrl .= '/';
2828 }
2829 $retVal = $siteUrl;
2830 }
2831 break;
2832 case 'TYPO3_SITE_PATH':
2833 $retVal = substr(self::getIndpEnv('TYPO3_SITE_URL'), strlen(self::getIndpEnv('TYPO3_REQUEST_HOST')));
2834 break;
2835 case 'TYPO3_SITE_SCRIPT':
2836 $retVal = substr(self::getIndpEnv('TYPO3_REQUEST_URL'), strlen(self::getIndpEnv('TYPO3_SITE_URL')));
2837 break;
2838 case 'TYPO3_SSL':
2839 $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL']);
2840 if ($proxySSL === '*') {
2841 $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
2842 }
2843 if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $proxySSL)) {
2844 $retVal = true;
2845 } else {
2846 // https://secure.php.net/manual/en/reserved.variables.server.php
2847 // "Set to a non-empty value if the script was queried through the HTTPS protocol."
2848 $retVal = !empty($_SERVER['SSL_SESSION_ID'])
2849 || (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off');
2850 }
2851 break;
2852 case '_ARRAY':
2853 $out = [];
2854 // Here, list ALL possible keys to this function for debug display.
2855 $envTestVars = [
2856 'HTTP_HOST',
2857 'TYPO3_HOST_ONLY',
2858 'TYPO3_PORT',
2859 'PATH_INFO',
2860 'QUERY_STRING',
2861 'REQUEST_URI',
2862 'HTTP_REFERER',
2863 'TYPO3_REQUEST_HOST',
2864 'TYPO3_REQUEST_URL',
2865 'TYPO3_REQUEST_SCRIPT',
2866 'TYPO3_REQUEST_DIR',
2867 'TYPO3_SITE_URL',
2868 'TYPO3_SITE_SCRIPT',
2869 'TYPO3_SSL',
2870 'TYPO3_REV_PROXY',
2871 'SCRIPT_NAME',
2872 'TYPO3_DOCUMENT_ROOT',
2873 'SCRIPT_FILENAME',
2874 'REMOTE_ADDR',
2875 'REMOTE_HOST',
2876 'HTTP_USER_AGENT',
2877 'HTTP_ACCEPT_LANGUAGE'
2878 ];
2879 foreach ($envTestVars as $v) {
2880 $out[$v] = self::getIndpEnv($v);
2881 }
2882 reset($out);
2883 $retVal = $out;
2884 break;
2885 }
2886 self::$indpEnvCache[$getEnvName] = $retVal;
2887 return $retVal;
2888 }
2889
2890 /**
2891 * Checks if the provided host header value matches the trusted hosts pattern.
2892 * If the pattern is not defined (which only can happen early in the bootstrap), deny any value.
2893 * The result is saved, so the check needs to be executed only once.
2894 *
2895 * @param string $hostHeaderValue HTTP_HOST header value as sent during the request (may include port)
2896 * @return bool
2897 */
2898 public static function isAllowedHostHeaderValue($hostHeaderValue)
2899 {
2900 if (static::$allowHostHeaderValue === true) {
2901 return true;
2902 }
2903
2904 if (static::isInternalRequestType()) {
2905 return static::$allowHostHeaderValue = true;
2906 }
2907
2908 // Deny the value if trusted host patterns is empty, which means we are early in the bootstrap
2909 if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'])) {
2910 return false;
2911 }
2912
2913 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL) {
2914 static::$allowHostHeaderValue = true;
2915 } else {
2916 static::$allowHostHeaderValue = static::hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue);
2917 }
2918
2919 return static::$allowHostHeaderValue;
2920 }
2921
2922 /**
2923 * Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.
2924 *
2925 * @param string $hostHeaderValue
2926 * @return bool
2927 * @internal
2928 */
2929 public static function hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue)
2930 {
2931 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME) {
2932 // Allow values that equal the server name
2933 // Note that this is only secure if name base virtual host are configured correctly in the webserver
2934 $defaultPort = self::getIndpEnv('TYPO3_SSL') ? '443' : '80';
2935 $parsedHostValue = parse_url('http://' . $hostHeaderValue);
2936 if (isset($parsedHostValue['port'])) {
2937 $hostMatch = (strtolower($parsedHostValue['host']) === strtolower($_SERVER['SERVER_NAME']) && (string)$parsedHostValue['port'] === $_SERVER['SERVER_PORT']);
2938 } else {
2939 $hostMatch = (strtolower($hostHeaderValue) === strtolower($_SERVER['SERVER_NAME']) && $defaultPort === $_SERVER['SERVER_PORT']);
2940 }
2941 } else {
2942 // In case name based virtual hosts are not possible, we allow setting a trusted host pattern
2943 // See https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ for further details
2944 $hostMatch = (bool)preg_match('/^' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] . '$/i', $hostHeaderValue);
2945 }
2946
2947 return $hostMatch;
2948 }
2949
2950 /**
2951 * Allows internal requests to the install tool and from the command line.
2952 * We accept this risk to have the install tool always available.
2953 * Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray()
2954 * accesses HTTP_HOST without reason on CLI
2955 * Additionally, allows requests when no REQUESTTYPE is set, which can happen quite early in the
2956 * Bootstrap. See Application.php in EXT:backend/Classes/Http/.
2957 *
2958 * @return bool
2959 */
2960 protected static function isInternalRequestType()
2961 {
2962 return Environment::isCli() || !defined('TYPO3_REQUESTTYPE') || (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL);
2963 }
2964
2965 /**
2966 * Gets the unixtime as milliseconds.
2967 *
2968 * @return int The unixtime as milliseconds
2969 */
2970 public static function milliseconds()
2971 {
2972 return round(microtime(true) * 1000);
2973 }
2974
2975 /**
2976 * Client Browser Information
2977 *
2978 * @param string $useragent Alternative User Agent string (if empty, \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('HTTP_USER_AGENT') is used)
2979 * @return array Parsed information about the HTTP_USER_AGENT in categories BROWSER, VERSION, SYSTEM
2980 */
2981 public static function clientInfo($useragent = '')
2982 {
2983 if (!$useragent) {
2984 $useragent = self::getIndpEnv('HTTP_USER_AGENT');
2985 }
2986 $bInfo = [];
2987 // Which browser?
2988 if (strpos($useragent, 'Konqueror') !== false) {
2989 $bInfo['BROWSER'] = 'konqu';
2990 } elseif (strpos($useragent, 'Opera') !== false) {
2991 $bInfo['BROWSER'] = 'opera';
2992 } elseif (strpos($useragent, 'MSIE') !== false) {
2993 $bInfo['BROWSER'] = 'msie';
2994 } elseif (strpos($useragent, 'Mozilla') !== false) {
2995 $bInfo['BROWSER'] = 'net';
2996 } elseif (strpos($useragent, 'Flash') !== false) {
2997 $bInfo['BROWSER'] = 'flash';
2998 }
2999 if (isset($bInfo['BROWSER'])) {
3000 // Browser version
3001 switch ($bInfo['BROWSER']) {
3002 case 'net':